elasticmachine
commented
3 months ago Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)
Open gsomers opened 3 months ago
elasticmachine
commented
3 months ago Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)
Integration Name
Defend for Containers [cloud_defend]
Dataset Name
No response
Integration Version
1.2.5
Agent Version
8.13.4
Agent Output Type
elasticsearch
Elasticsearch Version
8.13.4
OS Version and Architecture
Local Kubernetes Cluster
Software/API Version
No response
Error Message
[elastic_agent.cloud_defend][error] elasticsearch index error: flush: tls: failed to verify certificate: x509: certificate signed by unknown authority
Event Original
No response
What did you do?
Trying to integrate defend for containers with a local K8 cluster. We're using internal PKI certs and CA, for the other integrations we have the CA thumbprint set in the outputs and this works fine. However for this integration it seems to ignore that and instead fails with the cert error.
What did you see?
Integration installs and appers ok in Fleet node overview, however logs show it is constantly failing due to the cert error.
What did you expect to see?
Expected the integration to use the custom output which has the CA cert thumbprint. This same output works fine for the other integrations (Kubernetes, Security Posture Management etc.)
Anything else?
I opened a case with Support on this and they confirmed the behaviour, so this is a feature request more so than a bug report.