Secured beats in a docker container

Elastic Stack Beats
, ,
1

Hi there,
how is the approach to create a secured metricbeat docker container to send data to a secured elastick stack?

Background:
I have a secured stack, with self signed certificate authority in place.
Now I would like to have a metricbeat that also uses this CA and sends data securely to the stack.

Technicall it goes like this (metricbaet.docker.yml):
...
output.elasticsearch:
enabled: true
protocol: "https"
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'

CA certificate

ssl.certificate_authorities: ["/usr/share/ca/ca.crt"]
ssl.certificate: "/usr/share/instance/instance.crt"
ssl.key: "/usr/share/instance/instance.key"
username: '{ELASTICSEARCH_USERNAME:}' password: '{ELASTICSEARCH_PASSWORD:}'

AND:
This is how I would create an instance certificate if not in a docker environment:
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-cert /usr/share/elasticsearch/ca/ca.crt --ca-key /usr/share/elasticsearch/ca/ca.key --ip 192.168.56.112 --pem

But how I do create in a docker instance a certificate since:
a) I do not know the IP, since the container is volatile - perhpas an IP range? Possible?
Since docker IPs are not fixed, can I (running on Ubuntu 20.04) build some 'general', not ip fixed docker certificates?
b) In a metricbet container I do not have a elasticsearch-certutil?

Does someone has a working / step-by-step solution for this case?
This is not documented in the elastic docs so far.
kind regards and big thanks
Stefano

2

It works now - I got it.

docker run
--rm
--net host
--name=metricbeat
--user=root
--volume="(pwd)/metricbeat.docker.yml:/usr/share/metricbeat/metricbeat.yml:ro" \ --volume="(pwd)/ca/ca.crt:/usr/share/metricbeat/ca.crt:ro"
--volume="(pwd)/instance/instance.crt:/usr/share/metricbeat/instance.crt:ro" \ --volume="(pwd)/instance/instance.key:/usr/share/metricbeat/instance.key:ro"
--volume="/var/run/docker.sock:/var/run/docker.sock:ro"
--volume="/sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro"
--volume="/proc:/hostfs/proc:ro"
--volume="/:/hostfs:ro"
docker.elastic.co/beats/metricbeat:7.8.1 metricbeat --strict.perms=false -e
-E output.elasticsearch.hosts=["https://192.168.56.112:9200"]
-E output.elasticsearch.username=elastic
-E output.elasticsearch.password=password

metricbeat.docker.yml

....
output.elasticsearch:
enabled: true
protocol: "https"
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'

CA certificate

ssl.certificate_authorities: ["/usr/share/metricbeat/ca.crt"]
ssl.certificate: "/usr/share/metricbeat/instance.crt"
ssl.key: "/usr/share/metricbeat/instance.key"
username: '{ELASTICSEARCH_USERNAME:}' password: '{ELASTICSEARCH_PASSWORD:}'

AND for the docker container:
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-cert /usr/share/elasticsearch/ca/ca.crt --ca-key /usr/share/elasticsearch/ca/ca.key --pem

cheers
Stefano

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.