Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Load fleet.ssl.certificate and fleet.ssl.key from agent policy #2248

Closed
joshdover opened this issue Feb 9, 2023 · 5 comments · Fixed by #4770
Closed

Load fleet.ssl.certificate and fleet.ssl.key from agent policy #2248

joshdover opened this issue Feb 9, 2023 · 5 comments · Fixed by #4770
Assignees
@pchila
Labels
enhancement New feature or request Team:Elastic-Agent Label for the Agent team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Comments

@joshdover
Copy link
Contributor

joshdover commented Feb 9, 2023
edited
Loading

Similar to #2172 we need to support respecting the certificate and key values provided in an agent policy from Fleet which will be added in elastic/kibana#150709 for the next release. This is to support mTLS with proxies when connecting to Fleet.

The policy from Fleet will have the form:

fleet:
  hosts:
    - 'https://test-fs.com:8220/'
  proxy_url: 'https://my-proxy'
  ssl:
    certificate_authorities:
      - my-ca
    certificate: my-cert
    key: my-key

See the parent (private) issue for more details.
@joshdover joshdover added enhancement New feature or request Team:Elastic-Agent Label for the Agent team labels Feb 9, 2023
@cmacknz
Copy link
Member

cmacknz commented Sep 20, 2023

We will need to use the same precedence rules defined in #2304 (comment) to avoid problems, we need to ensure that if the certificate_authorities received from Fleet are empty or invalid we fall back to the ones used at enrollment if possible.

@AndersonQ AndersonQ mentioned this issue Mar 11, 2024
Closed
4 tasks
@AndersonQ AndersonQ mentioned this issue Mar 18, 2024
Closed
3 tasks
@AndersonQ AndersonQ mentioned this issue Mar 28, 2024
Closed
@pierrehilbert pierrehilbert assigned pchila and unassigned AndersonQ Apr 25, 2024
@ycombinator ycombinator added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Apr 26, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@ycombinator
Copy link
Contributor

The PR that might resolve this issue is currently blocked on #4497.

@nimarezainia
Copy link
Contributor

The PR that might resolve this issue is currently blocked on #4497.

@ycombinator @pierrehilbert can I assume they both can be completed in sp29?

@ycombinator
Copy link
Contributor

The PR that might resolve this issue is currently blocked on #4497.

@ycombinator @pierrehilbert can I assume they both can be completed in sp29?

I'm reasonably confident you can, given the time left in the sprint and where @pchila is pretty much done with #3090. But let's wait for @pchila to give us a better assessment once he's had a chance to look into all the mTLS issues and PRs on his plate this sprint.

@pchila pchila mentioned this issue May 16, 2024
Merged
5 tasks
@ycombinator ycombinator mentioned this issue Jun 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pchila pchila

Labels
enhancement New feature or request Team:Elastic-Agent Label for the Agent team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
7 participants
@ycombinator @AndersonQ @joshdover @cmacknz @nimarezainia @elasticmachine @pchila