-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DO NOT MERGE][8.16](backport #4042) update elastic-agent-libs #4049
base: 8.16
Are you sure you want to change the base?
Conversation
Cherry-pick of 7d77467 has failed:
To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally |
This pull request has not been merged yet. Could you please review and merge it @AndersonQ? 🙏 |
we'll wait 8.16.0 to be release, then we can merge it |
I updated the title and the description to make it clear. |
elastic-agent-libs v0.14.0 sets the server side certificate verification mode to 'certificate' by default (cherry picked from commit 7d77467)
b6018d8
to
a694d14
Compare
Quality Gate passedIssues Measures |
Wait until 8.16.0 is released before merging
What is the problem this PR solves?
fleet-server using an outdated version of elastic-agent-libs
How does this PR solve the problem?
by updating
elastic-agent-libs
ot its latest versionHow to test this PR locally
Ensure mTLS is still working
adjust the IPs/hostnames as needed
build a fleet-server out of this PR
you might need to build an 8.16 agent out of main:
add your fleet server built to the agent package
tar -xf elastic-agent-8.16.0-SNAPSHOT-linux-x86_64.tar.gz cp path/tp/your/fleet-server ./elastic-agent-8.16.0-SNAPSHOT-linux-x86_64/data/elastic-agent-*/components/fleet-server
create 2 TLS certificates
elastic-agent-libs/testing/certutil/cmd
to create the certificates. Make sure to useelastic-agent-libs
with this PR merged or use the PR branchfleet-server
or change-name fleet-server
to a valid DNS for your fleet-server.you should have:
start an elastic stack (considering elastic-cloud)
add a fleet server with mTLS
create a policy with Elastic Defend
add an agent to that policy
Design Checklist
[ ] I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.[ ] I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.[ ] I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.Checklist
[ ] I have commented my code, particularly in hard-to-understand areas[ ] I have made corresponding changes to the documentation[ ] I have made corresponding change to the default configuration files[ ] I have added tests that prove my fix is effective or that my feature works./changelog/fragments
using the changelog toolRelated issues
This is an automatic backport of pull request #4042 done by [Mergify](https://mergify.com).