I have one fleet server, and 3 elastic agents in a K8S cluster.
server:
--env FLEET_ENROLL=1\
--env FLEET_SERVER_ENABLE=1\
--env FLEET_SERVER_ELASTICSEARCH_HOST=$(ELASTICSEARCHHOST)\
--env FLEET_SERVER_SERVICE_TOKEN=$(SERVICETOKEN)\
--env FLEET_SERVER_POLICY_ID=$(POLICYID)\
--env FLEET_SERVER_INSECURE_HTTP=true\
--env FLEET_INSECURE=true\
--env ELASTICSEARCH_USERNAME=user\
--env ELASTICSEARCH_PASSWORD=pass\
--env ELASTICSEARCH_CA=/usr/share/elastic-agent/2.crt\
--env FLEET_SERVER_ELASTICSEARCH_CA=/usr/share/elastic-agent/2.crt\
--volume /opt/elasticsearch/certs/ca.crt:/usr/share/elastic-agent/ca.crt:ro\
--volume /home/user/fleet/1.crt:/usr/share/elastic-agent/1.crt:ro\
--volume /home/user/fleet/2.crt:/usr/share/elastic-agent/2.crt:ro\
agent:
env:
16 - name: FLEET_ENROLL
15 value: "1"
14 # Set to true in case of insecure or unverified HTTP
13 - name: FLEET_INSECURE
12 value: "true"
11 # The ip:port pair of fleet server
10 - name: FLEET_URL
9 value: "http://10.252.28.70:8220"
8 # If left empty KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed
7 - name: FLEET_ENROLLMENT_TOKEN
6 value: "NWhCQm8zMEJMeGhVbEM1cDlnMUY6bFg0dTE3NElRMGEyQmVhRFllUm1xUQ=="
5 - name: KIBANA_HOST
4 value: ""
3 - name: KIBANA_FLEET_USERNAME
2 value: ""
1 - name: KIBANA_FLEET_PASSWORD
43 value: ""
1 - name: ELASTICSEARCH_CA
2 value: "/tmp/2.crt"
3 - name: FLEET_SERVER_ELASTICSEARCH_CA
4 value: "/tmp/2.crt"
error:
{"log.level":"error","@timestamp":"2022-02-24T11:51:42.959Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://xlog:9200)): Get \"https://xlog:9200\": x509: certificate signed by unknown authority","service.name":"metricbeat","ecs.version":"1.6.0"}
what im missing ?
from the fleet server i dont have any error related with certs.