4

New elastic kubernetes script – deploy-elastick8s.sh

Changelogs 2023/02/26 Added legacy APM server integration The old deploy-eck.sh script have grown and matured a bit and now it encompasses helm charts and native installs. I renamed the script to be more inclusive of its features. All of the older articles will reference this post. The new script is located deploy-elastick8s.sh This script was designed to easily stand up elastic and its stack on kubernetes in various modes to easily test and replicate issues for troubleshooting and to setup examples for various workloads. The deployments that this script creates is not for production use but to be used as… Continue Reading

1

ECE(elastic cloud enterprise) snapshot repository using object storage(minio) with self-signed TLS

Just FYI this is a complete rewrite of the previous article. It should be better organized and more closely align with real world situations. We will stand up a minio server with self-signed or internally signed SSL certificate that is not publicly trusted. This guide will work with any s3 compliant object storage not just minio. The certificate that we will create will be for internal use but you can and should create a more secure certificate to be used in your environment. If you have s3 compliant object storage with publicly trusted signed SSL certificate then all you would… Continue Reading

0

Creating a custom CA and certificates with SAN signed by the CA for testing

There are endless guides on the internet that uses endless methods to generate certificates and CA but I have not found one that is simple to use to create a custom CA and CA signed certificate with SAN (Subject Alternative Name) to perform some testing. So I created simple set of steps: Create a ca.key ❯ openssl genrsa -out ca.key 2048 Generating RSA private key, 2048 bit long modulus …………………………………………………………………………….+++ …………….+++ e is 65537 (0x10001) ❯ ls ca.key ❯ cat ca.key —–BEGIN RSA PRIVATE KEY—– MIIEowIBAAKCAQEArTBn8M9NBHmmVKOCcKl75EYZqv2LvNvNQjSJ0YDHLrXt2CpL x3N7IDgriLU4TbFVb13yQCPXESQOOBuzNJMqG8Ca5K56RYNBY6QP5k8z195385Qd QJODgut3A+ACjkWB9iVMHuN+KVXyEcPhl4/UFvYW6+ybvSSmUgfZJ/u3fCh6YaWN 15nVWRI40yDAgvM8EKuPew734ENF1GdSVF+S+m2QhDKR2gn8NkpdvYjKDtKFN2Rh VjREEb3TuQqttZNykkCira93dr3/ILdTGVxOIkXhdESFdiRMZ9dXOUqozQSALGfw cXKY2MlrkN+20F/ojoh3IqZs2gJS05udJOaarQIDAQABAoIBADdnBckmN6gX1lq7 F848mZJzzmBBzcLzuZzVO8VWYeGSd2ywUx+R1LCA54RLHKDV+tOuhQF5taIZG6dd TR2jelP4cFR5cEnubCuY3zE44wfKdiroldcDmY13D9KghZDHsYRxeAFlmwVUJiUC uZcHfrx9quV8AnImWEJjmldNEexYa94tLM+SahbNEG3H6s2hQE+GvshoVp+IoPPg sIVZo7AyEj/Z6sdY67YX92aNHeFr1TvSO/knxAryBW1knui8ZlmpFIroEZ8eR/Cn 1SYIWaJZpzz5pmbKIOWHc2uM7rUJzW3Rm8hFzjOCiUgmmYjQROVvLKFMTtiV6mcl IATnsqECgYEA0pR5fjqdf9NG3C+k8bh/PxKX2MzBmaFMjMdini081l9oN6D1Hjiz Pw3NZ0iVb+pQceeVLss8v/mX/zhkQ0P+rbiz4Lh191few5/uAxhqVJUVbMPjCYMz qxTTK3pcpui4PPM8pfFOBFbuXc4QqUf5HYW6HUq0eWWy86U9cB0W0wUCgYEA0otU r8LlxclOYZkcxqbYe+0/8xxCXaYw5slTbyxlh40wX2vgjmSkeOli8peGfMD07Cfm… Continue Reading

1

ECE(Elasticsearch Cloud Enterprise) snapshots with minio – TLS!

PLEASE use THIS POST instead, as many items were updated and changed. Configuring snapshots for ECE(Elasticsearch Cloud Enterprise) or deployments for ECE from a S3 object storage or on a s3 compliant storage with publicly trusted certificates are easy but how do you configure the snapshot repository if you are using self-signed or internally signed certificates ? There are 2 ways of configuring snapshot repository and snapshots on ECE. First you can configure the snapshot repository on ECE. Once you configure the snapshot repository in the Admin UI, you can configure found-snapshots for each deployment via the Admin UI. Unfortunately,… Continue Reading

0

wildcard certificates

How to create wildcard certificate the right way to use for home so that you wouldn’t get the not trusted thingy for your site. Use my script on https://github.com/jlim0930/scripts/blob/master/wildcard.sh to generate the CA,CA key, & the certificate. Use the certificate to encrypt your devices and sites like synology,esxi,others and import the CA into your computer so that it will verify the cert! enjoy!