-
Notifications
You must be signed in to change notification settings - Fork 7
/
certificates-create.yml
43 lines (41 loc) · 1.44 KB
/
certificates-create.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Create the certificates for the stack:
#
# docker-compose --file certificates-create.yml up
#
# See: https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#docker-compose-file
version: "3.7"
services:
create_certs:
image: docker.elastic.co/elasticsearch/elasticsearch:${VERSION}
container_name: certificates_generator
user: root
working_dir: /usr/share/elasticsearch
command: >
bash -c '
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
mkdir -p config/certs/;
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [[ ! -f config/certs/certs.zip ]]; then
echo "Creating certificates";
bin/elasticsearch-certutil cert \
--pem \
--days 365 \
--in config/certs/instances.yml \
--out config/certs/certs.zip \
--ca-cert config/certs/ca/ca.crt \
--ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
chown -R 1000:0 config/certs;
'
volumes:
- ./certificates:/usr/share/elasticsearch/config/certs
- ./certificates-config.yml:/usr/share/elasticsearch/config/certs/instances.yml
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
interval: 1s
timeout: 5s
retries: 120