Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Fleet] Show SSL options for fleet server host in UI #207322

Open
4 of 5 tasks
criamico opened this issue Jan 21, 2025 · 3 comments · May be fixed by #208091
Open
4 of 5 tasks

[Fleet] Show SSL options for fleet server host in UI #207322

criamico opened this issue Jan 21, 2025 · 3 comments · May be fixed by #208091
Assignees
@criamico
Labels
Team:Fleet Team label for Observability Data Collection Fleet team

Comments

@criamico
Copy link
Contributor

criamico commented Jan 21, 2025
edited
Loading

Fleet Server currently allows some options to be configured on the CLI during bootstrapping of the agent in fleet server mode. These fields need to also be available in the UI so that the users can modify them during the life-cycle of the agent:

  • Elasticsearch Certificate Authorities (optional)
  • SSL certificate for Elasticsearch
  • SSL certificate key for Elasticsearch
  • Server SSL certificate authorities (optional)
  • Client SSL certificate
  • Client SSL certificate key

These options correspond to the following options sent to elastic agent:

FLAG Description
–fleet-server-es-ca CA to use for Elasticsearch connection
-fleet-server-es-cert Fleet Server certificate to present to Elasticsearch
-fleet-server-es-cert-key Fleet Server certificate key to present to Elasticsearch
–certificate-authorities List of CA certificates that are trusted for when Elastic Agents connect to the fleet server
–fleet-server-cert Fleet Server certificate to present to Elastic Agents during authentication
–fleet-server-cert-key Fleet Server certificate key to present to Elastic Agents

Todo

  • Store these settings in the fleet server host SO
  • Show the new settings in the fleet server flyout (both when creating and editing a new fleet server host)
    • Ensure that a path to the cert (instead of cert itself) is inserted in the textbox
  • Ensure that a warning is displayed any time a change is made to these UI elements, as changing the certificates can be disruptive for the user environment
  • Ensure that a changed certificate/CA/key is reflected on the agent config
@criamico criamico added the Team:Fleet Team label for Observability Data Collection Fleet team label Jan 21, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@criamico criamico self-assigned this Jan 21, 2025
@criamico
Copy link
Contributor Author

@nimarezainia here's a preview of the new fields in the fleet server host "edit" flyout:

Image

I am also working out a way to show these additional fields on the "add fleet server host" flyout and thought to add the new form fields inside a collapsible to avoid cluttering the flyout too much:

Image Image

@simosilvestri what do you think about it?

@nimarezainia
Copy link
Contributor

Looks good to me @criamico

@juliaElastic juliaElastic linked a pull request Jan 28, 2025 that will close this issue
[Fleet] Add SSL options to fleet server hosts settings #208091
Open
3 tasks
This was referenced Feb 10, 2025
Open
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@criamico criamico

Labels
Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Fleet] Add SSL options to fleet server hosts settings criamico/kibana
3 participants
@nimarezainia @elasticmachine @criamico