When deploying or configuring a pipeline you may need to receive messages that are encrypted. Calyptia Core supports the ability to configure TLS over TCP and Forward protocol for a pipeline's endpoint.
This allows you to send data securely from Fluent Bit and Fluentd to Calyptia Core.
We use the Calyptia Cloud CLI to add TLS to an existing pipeline endpoint. First, we retrieve the endpoint ID and then update it with the following.
This will modify the existing pipeline and keep the current bound ports and server addresses.
calyptia get endpoints --pipeline <PIPELINE_ID> --show-ids calyptia update endpoint <ENDPOINT_ID> --protocol tcps
Calyptia Core also allows for the use of custom certificates that be used for mutual TLS. These certificates must follow the format below and make use of the frontend port for the pipeline.
This port can be found in the pipeline configuration you are sending data to as the port used in the [INPUT]
For example, in the following configuration
[INPUT] Name forward Port 5555 Tag fluentd
The FRONTEND_PORT = 5555
Custom Certificate component
Certificate File in PEM Format
Key File in PEM Format
In the following configuration file for Fluent Bit we use the forward plugin with the option
tls.verify set to
off which will not make use of the certificate or key file. We can configure additional parameters for the certificate or key file as well.
[SERVICE] Flush 5 Daemon off Log_Level info [INPUT] Name cpu Tag cpu_usage [OUTPUT] Name forward Match * Host 127.0.0.1 Port 24284 Self_Hostname flb.local tls on tls.verify off
Updated 28 days ago