I'm currently working on securing communication between Elasticsearch and Fluent Bit in my Kubernetes environment. I want to implement Mutual TLS (mTLS) to enhance the security of the communication between these two components. However, I'm encountering some challenges in configuring mTLS correctly.
I would greatly appreciate any insights, suggestions, or examples on how to properly configure Mutual TLS for Elasticsearch and Fluent Bit in a Kubernetes environment. Thank you in advance for your assistance!
Note: Elasticsearch Service is exposed on LoadBalancer, and Fluent Bit will be sending logs to remote Elasticsearch.
Configuring Elasticsearch for mTLS and Configuring Fluent Bit for mTLS
"My current approach might not be optimal. Please provide guidance on how to ensure that Fluent Bit pods in Cluster East, North, and South forward their logs securely to Elasticsearch in Cluster West, utilizing Mutual Transport Layer Security (MTLS)."
Elasticsearch Service is exposed on LoadBalancerwhat sort of LoadBalancer? If you're terminating TLS at the load balancer then it's not possible to have mTLS between FluentBit and ES (though you can have mTLS between FB & the LB, and then the LB and ES)