bsantanna · May 15, 2024 08:47
diff --git a/elastic-stack-8.yml b/elastic-stack-8.yml
 version: '3.8'

 # Cluster starts with Basic License: https://www.elastic.co/subscriptions

 services:
    elasticsearch_setup:
        container_name: elasticsearch_setup
        image: docker.elastic.co/elasticsearch/elasticsearch:8.13.2
        volumes:
            - ./tmp/certs:/usr/share/elasticsearch/config/certs
        user: "0"
        command: >
            bash -c '
              echo "Creating ES certs directory..."
              [[ -d config/certs ]] || mkdir config/certs
              # Check if CA certificate exists
              if [ ! -f config/certs/ca/ca.crt ]; then
                echo "Generating Wildcard SSL certs for ES (in PEM format)..."
                bin/elasticsearch-certutil ca --pem --days 3650 --out config/certs/elkstack-ca.zip
                unzip -d config/certs config/certs/elkstack-ca.zip
                bin/elasticsearch-certutil cert \
                  --out config/certs/elkstack-certs.zip \
                  --name elkstack-certs \
                  --ca-cert config/certs/ca/ca.crt \
                  --ca-key config/certs/ca/ca.key \
                  --pem \
                  --dns "elasticsearch" \
                  --days 3650
                unzip -d config/certs config/certs/elkstack-certs.zip
              else
                echo "CA certificate already exists. Skipping Certificates generation."
              fi
            
              echo "Setup is done!"
            '
        networks:
            - elastic
        healthcheck:
            test: [ "CMD-SHELL", "[ -f config/certs/elkstack-certs/elkstack-certs.crt ]" ]
            interval: 1s
            timeout: 5s
            retries: 120

    kibana_setup:
        depends_on:
            elasticsearch:
                condition: service_healthy
        container_name: kibana_setup
        image: docker.elastic.co/elasticsearch/elasticsearch:8.13.2
        volumes:
            - ./tmp/certs:/usr/share/elasticsearch/config/certs
        user: "0"
        command: >
            bash -c '
              echo "Setting up Kibana Password..."
              curl -v -XPOST --cacert config/certs/ca/ca.crt -u "elastic:elastic" -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"kibana\"}"
              echo "Setup is done!"
            '
        networks:
            - elastic

    elasticsearch:
        depends_on:
            elasticsearch_setup:
                condition: service_completed_successfully
        container_name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:8.13.2
        environment:
            - "node.name=single-node"
            - "cluster.name=poc-cluster"
            - "bootstrap.memory_lock=true"
            - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
            - "ELASTIC_USERNAME=elastic"
            - "ELASTIC_PASSWORD=elastic"
            - "xpack.security.enabled=true"
            - "xpack.security.http.ssl.enabled=true"
            - "xpack.security.transport.ssl.enabled=true"
            - "xpack.security.http.ssl.key=certs/elkstack-certs/elkstack-certs.key"
            - "xpack.security.http.ssl.certificate=certs/elkstack-certs/elkstack-certs.crt"
            - "xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt"
            - "xpack.security.transport.ssl.key=certs/elkstack-certs/elkstack-certs.key"
            - "xpack.security.transport.ssl.certificate=certs/elkstack-certs/elkstack-certs.crt"
            - "xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt"
            - "cluster.initial_master_nodes=single-node"
            - "KIBANA_USERNAME=kibana_system"
            - "KIBANA_PASSWORD=kibana"
        ulimits:
            memlock:
                soft: -1
                hard: -1
        volumes:
            - ./tmp/certs:/usr/share/elasticsearch/config/certs
        ports:
            - 9200:9200
            - 9300:9300
        networks:
            - elastic
        healthcheck:
            test: [ "CMD-SHELL", "curl --fail -k -s -u elastic:elastic --cacert config/certs/ca/ca.crt https://elasticsearch:9200" ]
            interval: 30s
            timeout: 10s
            retries: 5
        restart: unless-stopped

    enterprise-search:
        depends_on:
            elasticsearch:
                condition: service_healthy
        image: docker.elastic.co/enterprise-search/enterprise-search:8.13.2
        container_name: enterprise-search
        environment:
            - "secret_management.encryption_keys=[4965881c7ec05d87ab8f8d33ec112448d1175cd58efeeb492eb2d574dcf1571f]"
            - "allow_es_settings_modification=true"
            - "elasticsearch.host=https://elasticsearch:9200"
            - "elasticsearch.username=elastic"
            - "elasticsearch.password=elastic"
            - "elasticsearch.ssl.enabled=true"
            - "elasticsearch.ssl.certificate_authority=/usr/share/enterprise-search/config/certs/ca/ca.crt"
            - "kibana.external_url=http://kibana:5601"
        volumes:
            - ./tmp/certs:/usr/share/enterprise-search/config/certs
        ports:
            - 3002:3002
        networks:
            - elastic
        restart: unless-stopped

    kibana:
        depends_on:
            elasticsearch:
                condition: service_healthy
            kibana_setup:
                condition: service_completed_successfully
        image: docker.elastic.co/kibana/kibana:8.13.2
        container_name: kibana
        environment:
            - "SERVER_NAME=kibana"
            - "ELASTICSEARCH_HOSTS=https://elasticsearch:9200"
            - "ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt"
            - "ELASTICSEARCH_USERNAME=kibana_system"
            - "ELASTICSEARCH_PASSWORD=kibana"
            - "ENTERPRISESEARCH_HOST=http://enterprise-search:3002"
            - "XPACK_REPORTING_ROLES_ENABLED=false"
        volumes:
            - ./tmp/certs:/usr/share/kibana/config/certs
        ports:
            - 5601:5601
        networks:
            - elastic
        restart: unless-stopped

 volumes:
    certs:
        driver: local

 networks:
    elastic:
        name: elastic
	version: '3.8'

	# Cluster starts with Basic License: https://www.elastic.co/subscriptions

	services:
	elasticsearch_setup:
	container_name: elasticsearch_setup
	image: docker.elastic.co/elasticsearch/elasticsearch:8.13.2
	volumes:
	- ./tmp/certs:/usr/share/elasticsearch/config/certs
	user: "0"
	command: >
	bash -c '
	echo "Creating ES certs directory..."
	[[ -d config/certs ]] \|\| mkdir config/certs
	# Check if CA certificate exists
	if [ ! -f config/certs/ca/ca.crt ]; then
	echo "Generating Wildcard SSL certs for ES (in PEM format)..."
	bin/elasticsearch-certutil ca --pem --days 3650 --out config/certs/elkstack-ca.zip
	unzip -d config/certs config/certs/elkstack-ca.zip
	bin/elasticsearch-certutil cert \
	--out config/certs/elkstack-certs.zip \
	--name elkstack-certs \
	--ca-cert config/certs/ca/ca.crt \
	--ca-key config/certs/ca/ca.key \
	--pem \
	--dns "elasticsearch" \
	--days 3650
	unzip -d config/certs config/certs/elkstack-certs.zip
	else
	echo "CA certificate already exists. Skipping Certificates generation."
	fi

	echo "Setup is done!"
	'
	networks:
	- elastic
	healthcheck:
	test: [ "CMD-SHELL", "[ -f config/certs/elkstack-certs/elkstack-certs.crt ]" ]
	interval: 1s
	timeout: 5s
	retries: 120

	kibana_setup:
	depends_on:
	elasticsearch:
	condition: service_healthy
	container_name: kibana_setup
	image: docker.elastic.co/elasticsearch/elasticsearch:8.13.2
	volumes:
	- ./tmp/certs:/usr/share/elasticsearch/config/certs
	user: "0"
	command: >
	bash -c '
	echo "Setting up Kibana Password..."
	curl -v -XPOST --cacert config/certs/ca/ca.crt -u "elastic:elastic" -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"kibana\"}"
	echo "Setup is done!"
	'
	networks:
	- elastic

	elasticsearch:
	depends_on:
	elasticsearch_setup:
	condition: service_completed_successfully
	container_name: elasticsearch
	image: docker.elastic.co/elasticsearch/elasticsearch:8.13.2
	environment:
	- "node.name=single-node"
	- "cluster.name=poc-cluster"
	- "bootstrap.memory_lock=true"
	- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
	- "ELASTIC_USERNAME=elastic"
	- "ELASTIC_PASSWORD=elastic"
	- "xpack.security.enabled=true"
	- "xpack.security.http.ssl.enabled=true"
	- "xpack.security.transport.ssl.enabled=true"
	- "xpack.security.http.ssl.key=certs/elkstack-certs/elkstack-certs.key"
	- "xpack.security.http.ssl.certificate=certs/elkstack-certs/elkstack-certs.crt"
	- "xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt"
	- "xpack.security.transport.ssl.key=certs/elkstack-certs/elkstack-certs.key"
	- "xpack.security.transport.ssl.certificate=certs/elkstack-certs/elkstack-certs.crt"
	- "xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt"
	- "cluster.initial_master_nodes=single-node"
	- "KIBANA_USERNAME=kibana_system"
	- "KIBANA_PASSWORD=kibana"
	ulimits:
	memlock:
	soft: -1
	hard: -1
	volumes:
	- ./tmp/certs:/usr/share/elasticsearch/config/certs
	ports:
	- 9200:9200
	- 9300:9300
	networks:
	- elastic
	healthcheck:
	test: [ "CMD-SHELL", "curl --fail -k -s -u elastic:elastic --cacert config/certs/ca/ca.crt https://elasticsearch:9200" ]
	interval: 30s
	timeout: 10s
	retries: 5
	restart: unless-stopped

	enterprise-search:
	depends_on:
	elasticsearch:
	condition: service_healthy
	image: docker.elastic.co/enterprise-search/enterprise-search:8.13.2
	container_name: enterprise-search
	environment:
	- "secret_management.encryption_keys=[4965881c7ec05d87ab8f8d33ec112448d1175cd58efeeb492eb2d574dcf1571f]"
	- "allow_es_settings_modification=true"
	- "elasticsearch.host=https://elasticsearch:9200"
	- "elasticsearch.username=elastic"
	- "elasticsearch.password=elastic"
	- "elasticsearch.ssl.enabled=true"
	- "elasticsearch.ssl.certificate_authority=/usr/share/enterprise-search/config/certs/ca/ca.crt"
	- "kibana.external_url=http://kibana:5601"
	volumes:
	- ./tmp/certs:/usr/share/enterprise-search/config/certs
	ports:
	- 3002:3002
	networks:
	- elastic
	restart: unless-stopped

	kibana:
	depends_on:
	elasticsearch:
	condition: service_healthy
	kibana_setup:
	condition: service_completed_successfully
	image: docker.elastic.co/kibana/kibana:8.13.2
	container_name: kibana
	environment:
	- "SERVER_NAME=kibana"
	- "ELASTICSEARCH_HOSTS=https://elasticsearch:9200"
	- "ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt"
	- "ELASTICSEARCH_USERNAME=kibana_system"
	- "ELASTICSEARCH_PASSWORD=kibana"
	- "ENTERPRISESEARCH_HOST=http://enterprise-search:3002"
	- "XPACK_REPORTING_ROLES_ENABLED=false"
	volumes:
	- ./tmp/certs:/usr/share/kibana/config/certs
	ports:
	- 5601:5601
	networks:
	- elastic
	restart: unless-stopped

	volumes:
	certs:
	driver: local

	networks:
	elastic:
	name: elastic