-
Bug
-
Resolution: Done
-
Major
-
None
-
quay-v3.9.0
-
False
-
None
-
False
-
-
Description:
This is a doc issue of Quay 3.9.0, in this new release Quay will support configuring forward Quay Action logs to Splunk Server, but when the Splunk Server is using self-signed SSL Cert, need update docs to guide how to configure the SSL CA Cert, so Quay can verify SSL and trust the self-signed Certificate.
Here when specify "--from-file splunkserver.crt=./splunkserver.crt", then the ssl_ca_path is the relative path "conf/stack/splunkserver.crt"
Quay DEV's updates:
Splunk ssl cert is not setup globally (i.e via extra_ca_certs dir). you instead would have to specify the relative container path in the ssl_ca_path . In your case it would be set toconf/stack/extra+ca_cert/<cert-name> - I would suggest you to place the cert outside of extra_ca_cert dir since the dir is used by certs_install.sh to install certs container wide
Create Quay config bundle Secret including the CA Cert of Splunk Server:
oc create secret generic --from-file config.yaml=./config.yaml --from-file splunkserver.crt=./splunkserver.crt config-bundle-secret
LOGS_MODEL: splunk LOGS_MODEL_CONFIG: producer: splunk splunk_config: host: ec2-18-191-73-230.us-east-2.compute.amazonaws.com port: 8089 bearer_token: 'eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnIjoiSFM1MTIiLCJ2ZXIiOiJ2MiIsInR0eXAiOiJzdGF0aWMifQ.eyJpc3MiOiJhZG1pbiBmcm9tIGlwLTEwLTAtMS0xMDYudXMtZWFzdC0yLmNvbXB1dGUuaW50ZXJuYWwiLCJzdWIiOiJhZG1pbiIsImF1ZCI6InRlc3QgcXVheSAzOTAiLCJpZHAiOiJTcGx1bmsiLCJqdGkiOiI4NTVlMjU4ZTM4OTdkOTBhYmQ4NTU2ZDM5ZGU2YmYzNTEzMTcyMTc4ZmQ5YjczYzZiNjM3NjBmODQyOTZhZTg4IiwiaWF0IjoxNjg0OTE1MDczLCJleHAiOjE2ODc1MDcwNzMsIm5iciI6MTY4NDkxNTA3M30.zCHBWs8Iune9dxG9pTWDw1Y-bd5V4LlLkXFyFiQ7DMC_J2GF7Y0VtQw6XwwHTH7a8kfYGlKP9U-LP13TAvGaeg' url_scheme: https verify_ssl: true index_prefix: quay39083 ssl_ca_path: conf/stack/splunkserver.crt