Open mschaefer-gresham opened 9 months ago
UPDATE:
I solved this issue by grabbing the Elastic CA secret (name-es-http-ca-internal) out of Kubernetes and adding it to my ca-certificates.crt file in my applications docker file:
# add ca cert
COPY docker/ca-certs/elastic.crt /app/elastic.crt
RUN cat /app/elastic.crt >> /etc/ssl/certs/ca-certificates.crt
crtBytes above was obtained from the public crt secret value (name-es-http-certs-public)
byte[] crtBytes = Encoding.ASCII.GetBytes("-----BEGIN CERTIFICATE-----\nMIIEqDCCA5CgA.....");
However, I think I will take the approach of disabling tls all together so I don't have to manage these certs.
https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-tls-certificates.html#k8s-disable-tls
I've upgraded to Elastic 8.x from 7.x. Now my elastic endpoint requires connecting using https with a username, password and a tls cert.
See examples here.
If I use this approach within my kubernetes cluster just to test connectivity, I can curl the Elastic service from my application's container. First, I have to export the tls cert and copy the cert into my container. Then I can curl the service (per the link above):
curl --cacert tls.crt -u elastic:password https://elasticsearch-cluster-es-http.eck:9200
How can I now update my dotnet logger configuration to handle the new https, username:password, and cert requirements? I've tried the following without success:
I see the following errors in my app:
dotnet 8 serilog.sinks.elasticsearch: 9.0.3 elasticsearch eck: 8.11.2