Open nchaulet opened 2 years ago
Pinging @elastic/fleet (Team:Fleet)
@nchaulet Thanks for finding the issue! Do we know why this does not work on ECE?
@nchaulet Thanks for finding the issue! Do we know why this does not work on ECE?
It's not possible to run Kibana with custom environment variable in ECE
It's not possible to run Kibana with custom environment variable in ECE
I think this should be possible in ECE, there are 2 parts to this question :
It is possible to add environment variable:
ENV
Dockerfile command) or better : {
"containerEnv": [
"NODE_EXTRA_CA_CERTS=/app/config/certs/internal_tls_ca.crt"
],
# find the container name on the allocator
docker ps | grep -F '<kibana_cluster_id>'
# delete the container
docker rm -f fac-af61dfd75df54fbd81ccb94c0c205547-instance-0000000000
Add the PEM file to the docker image (ECE offline installation with or without custom docker registry)
docker exec fac-af61dfd75df54fbd81ccb94c0c205547-instance-0000000000 openssl x509 -in /app/config/certs/internal_tls_ca.crt -text | grep Issuer
, we will need to add the CA certificate to the docker images similar to https://www.elastic.co/guide/en/cloud-enterprise/3.6/ece-include-additional-kibana-plugin.html#ece-create-modified-docker-image using the COPY command in Dockerfile (best to use another location in this case as /app/config
is likely overwritten in the containers)
FROM docker.elastic.co/cloud-assets/kibana:7.10.0-0
COPY custom-ca.pem /ca-cert/custom-ca.pem
Description
Currently if you need to use a custom package registry with a custom ssl certificate you may have to run Kibana with an environment variable
NODE_EXTRA_CA_CERTS="/etc/kibana/root_ca_chain.pem"
to provide a custom CA.This does not work in ECE it will be a good improvement to allow user to configure this through a config variable.