[Feature Request] Support for authenticated TLS Elasticsearch in Docker entrypoint #1988
Labels
Comments
|
I've split the Elasticsearch authentication and CA cert changes I made in Cortex out into their own PR. TheHive-Project/Cortex#362 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request Type
Feature Request
Feature Description
The Docker entrypoint does not gather configuration needed to support authenticating to Elasticsearch, nor to support TLS by trusting whatever arbitrary CA has signed the Elasticsearch server's certificate. Gathering these and putting them into the configuration is necessary to support Elastic Cloud on Kubernetes (ECK), an easy and well-supported means of deploying Elasticsearch.
Possible Solutions
TheHive-Project/Cortex@d28faac (part of TheHive-Project/Cortex#349) adds this capability to Cortex's Docker entrypoint. It was implemented incidentally on the way to the larger goal of Kubernetes support, and didn't get its own issue and pull request.
I propose perpetrating the same change to TheHive's entrypoint.
There is one hack in the Cortex entrypoint change: I figured out that elastic4play wouldn't pay attention to my trustStore setting unless I also set a keyStore. So I just jammed the trust store in as the keystore, since it's a JKS file. This precludes mutual TLS authentication with Elasticsearch, but I've never seen that yet. I don't know whether this hack will end up being necessary in TheHive 4: I haven't investigated whether elastic4play is in play here.
The text was updated successfully, but these errors were encountered: