HTTP: configuration option for a Custom CA #359
Comments
|
Good catch, I could rewrite it for v2 |
|
If you provide a nightly image, I would be happy to test it for you. |
|
Thanks in advance, it would sure be a huge help! Right now, I am still waiting for @kuskoman to finally merge my I honestly can't wait to start working on it, I have the right mood and motivation to do it 😄 |
|
Done in #382 |
|
I will provide feedback upcoming week.After I got back from vacation.On 30. Oct 2024, at 23:08, Adam Satko ***@***.***> wrote:
Done #382
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
Chill, relax on your holidays ;) We first have to provide a nightly image for that and merge the PR. |
|
@pvogler Did you managed to check it? If it works, I could just close this issue heh 😅 |
|
@satk0 Looks like the direct port from version. As a workaround the possibility to disable the TLS verification is a good starting point and does work as expected. But to transform this exporter in a really secure one, it should be possible to specify a custom ca file provide to the exporter. If you think this would be a good option as well, we could also close this issue and open a new one, concentrating on the custom ca. And sorry for the late reply. Got some different business to finish first. |
|
Yeah, it is indeed a workaround. I see what you mean, for me it looks like a proper improvement. @kuskoman wdyt? |
|
As I said. For me it is also valid to proceed like this, as a first step. Thanks for your effort.On 29. Nov 2024, at 18:56, Adam Satko ***@***.***> wrote:
Yeah, it is indeed a workaround. I see what you mean, for me it looks like a proper improvement. @kuskoman wdyt?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
@pvogler me and kuskoman agreed on this idea, and I'd be working on it. Could you just let me know, is it about setting specifically root certificate authority (RootCA)? |
|
@kuskoman You mean this? chanyongkit@3f7679a This implements HTTP TLS but I think there is the need to specify custom root ca to tls.config for each logstash instance instead of merely using HttpInsecure var, wdyt? |
|
yep, but i believe this needs some testing, you can copy the branch to your repo, so that the commit will have its original author |
|
I will just rewrite it, I am not that git-savy 😛 |
|
Do we need this commit for v1, or should I implement it only for v2? |
|
@satk0 @kuskoman I want to talk TLS with the Logstash API. So 393 is not a duplicate And for me v2 would be sufficient. Does this help in clarification? |
|
Yeah, sure it helps, thanks for being so active ;) I've already started working here #401 on encrypting the exporter, when I finish writing tests for it, I will start resolving this one so stay tuned 😸 |
Feature Description
With issue report #337 HTTP tls verification for v1 was implemented.
In fact this feature is missing in version 2 and the master branch.
Easy way would be to upstream the verification skipping, but I would prefer to allow an option to configure a custom ca or disable verification manually.
Version of logstash-exporter this feature request applies to
v2
Motivation and Goals
Motivation is, to get the exporter working out of the box also with the ECK operator deployment.
Alternatives Considered
Disabling TLS on Logstash side would work as well, but from security perspective this is not a good way.
Additional Context
No response
The text was updated successfully, but these errors were encountered: