So now I know how to upload a certificate authority pem to Elastic Cloud, good.
As a proof of concept, I now created a VPS with a super basic Elasticsearch and Kibana 8.3.3 downloaded via apt-get.
I used the automatically created certificates, and got Kibana working using an enrollment token, so Elasticsearch (single node) and Kibana listen to the public interface, and are working correctly.
Now, I would like to upload the certificate authority PEM automatically generated for this cluster, but under the /etc/elasticsearch/certs I can only see:
ls /etc/elasticsearch/certs
http_ca.crt http.p12 transport.p12
I proceed to upload to Elastic Cloud the http_ca.crt, it works, but: is this the correct file?
This is literally brand new functionality release a couple weeks ago... specifically CCS Self Managed to ESS the trust stuff is pretty low level.
BUT Apologies It is pretty hard but can be done, and I don't think you would be able to do it with the current docs and errors messages.,, I could not,.
One of the PMs walked through the steps it is non-trivial I will need to try to repeat them.
Unfortunately I am away from the office till next week.., after I try it I can get back OR you can contact sales and get a Solution Architect (which I am as well but probably not your account) ,,, but I would be surprised if that turn around would be quicker ...
From our side, we can handle until next week. The important part for today is that you can confirm this integration model is something that is possible, and you intend to support as part of the Elastic Cloud offer in the future.
From a consultancy standpoint, knowing we have this route available is a breath of fresh air, as it opens up the route for hybrid systems where:
Elastic takes care of keeping the data safe, fast, and available
The customer has virtually no switching cost in migrating to the cloud, as we can keep the custom access-control plugins with years worth of configuration in place.
We will use this time to create a docker-compose PoC, where we simulate Elastic Cloud as a regular single-node cluster (with SSL enabled).
Next week, with some more guidance on Elastic Cloud "trust with self-managed clusters" feature, we will hopefully be just "swapping cables" and everything should work as with our docker stub🤞
Our PoC were successful: simulating Elastic Cloud with a vanilla ES cluster with SSL enabled worked like a charm. We are now ready to jump onboard your cloud offering as soon as we get some assistance with the certificates.
It's OK if an engineer or solution architect contacts me via email.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.