Synthetics service has implemented dual auth strategy using credentials or Mtls, kibana is using credentials and Basic auth to communicate with synthetics service currently.
We need to read ssl certificates used by kibana to communicate with elasticsearch on cloud within uptime plugin and use those existing certificates to create an HttpAgent , that will be provided to axios client to communicate with Synthetics service.
We need to add a new key in uptime service config
xpack.uptime.unsafe.service.tls:
we will uses existing schema type exposed by @kbn/server-http-tools for this new new tls key
import { sslSchema } from '@kbn/server-http-tools';
Cloud needs to populate this new key and it's attributes while the instances are being created, that's being tracked in a separate ticket in cloud.
Meanwhile for tech preview, we will manually set those keys in the CFT region.
Synthetics service has implemented dual auth strategy using credentials or Mtls, kibana is using credentials and Basic auth to communicate with synthetics service currently.
We need to read ssl certificates used by kibana to communicate with elasticsearch on cloud within uptime plugin and use those existing certificates to create an HttpAgent , that will be provided to axios client to communicate with Synthetics service.
We need to add a new key in uptime service config
xpack.uptime.unsafe.service.tls:we will uses existing schema type exposed by @kbn/server-http-tools for this new new
tlskeyimport { sslSchema } from '@kbn/server-http-tools';Cloud needs to populate this new key and it's attributes while the instances are being created, that's being tracked in a separate ticket in cloud.
Meanwhile for tech preview, we will manually set those keys in the CFT region.
Once these keys are read by uptime, they will be passed to axios client via httpsAgent.