elasticmachine
commented
2 years ago Pinging @elastic/fleet (Team:Fleet)
Open nchaulet opened 2 years ago
elasticmachine
commented
2 years ago Pinging @elastic/fleet (Team:Fleet)
jen-huang
commented
2 years ago @nchaulet Thanks for finding the issue! Do we know why this does not work on ECE?
nchaulet
commented
2 years ago @nchaulet Thanks for finding the issue! Do we know why this does not work on ECE?
It's not possible to run Kibana with custom environment variable in ECE
jguay
commented
1 year ago It's not possible to run Kibana with custom environment variable in ECE
I think this should be possible in ECE, there are 2 parts to this question :
It is possible to add environment variable:
ENV Dockerfile command) or better : {
"containerEnv": [
"NODE_EXTRA_CA_CERTS=/app/config/certs/internal_tls_ca.crt"
],# find the container name on the allocator
docker ps | grep -F '<kibana_cluster_id>'
# delete the container
docker rm -f fac-af61dfd75df54fbd81ccb94c0c205547-instance-0000000000Add the PEM file to the docker image (ECE offline installation with or without custom docker registry)
docker exec fac-af61dfd75df54fbd81ccb94c0c205547-instance-0000000000 openssl x509 -in /app/config/certs/internal_tls_ca.crt -text | grep Issuer, we will need to add the CA certificate to the docker images similar to https://www.elastic.co/guide/en/cloud-enterprise/3.6/ece-include-additional-kibana-plugin.html#ece-create-modified-docker-image using the COPY command in Dockerfile (best to use another location in this case as /app/config is likely overwritten in the containers)
FROM docker.elastic.co/cloud-assets/kibana:7.10.0-0COPY custom-ca.pem /ca-cert/custom-ca.pem
Description
Currently if you need to use a custom package registry with a custom ssl certificate you may have to run Kibana with an environment variable
NODE_EXTRA_CA_CERTS="/etc/kibana/root_ca_chain.pem"to provide a custom CA.This does not work in ECE it will be a good improvement to allow user to configure this through a config variable.