Enable mTLS for Elastic Metrics
Currently the PeerAuthentications
in logging only cover the elastic/kibana pods (see the podSelectors
here). We will need to add an additional PeerAuthentication
that restricts the the exporter to mTLS STRICT mode by default. Once this is in place we will also have to add the bits and pieces in Big Bang to modify the service monitor.
Acceptance Criteria:
-
New PeerAuthentication
in place with selector on the exporter pod -
ServiceMonitor configuration in Big Bang to handle usage of Istio's certs -
Metrics endpoint and all Elastic "services" healthy
Edited by Micah Nagel