Graylog tls, how to add cert and key as serverFiles (Kubernetes Helm Chart)

Long story short, how to add custom cert and key as serverFiles to graylog pod/container?

Trying to enable tls for https, using helm charts (stable/graylog/README.md · 6fe62a0c61901f4ec294615b20c3c02c88723201 · Lennart Nordgreen / helm-charts · GitLab)

I need the cert and key for enabling the tls, I have them stored to kubenetes secrets. On above it is documented that I could add these files for graylog using ‘graylog.serverFiles’.
" The certificates will be mounted into the /etc/graylog/server"
and I could configure graylog to use them as: ‘tls_cert_file: /etc/graylog/server/server.cert’

But I’m having trouble to add them. I have the helm chart on .ps1 script, so first I get them as strings from secrets and the try to add them to the pod/container like:
–set graylog.serverFiles:server.cert=$FLUX_INGRESS_TLS_CRT `

But when I look to the container the graylog folder is missing.

So, How to add the files with helm to graylog pod/container?

Edit: I got little further with:
–set graylog.serverFiles[0]=server.cert:$FLUX_INGRESS_TLS_CRT `
But the files are not okay when looking on the container (/etc/graylog/server/), there are names like: ‘0 → …data/0’ and dates…

have you try to spedify it in the value file, like below

graylog:
  serverFiles:
    server.cert: |
      -----BEGIN CERTIFICATE-----
      MIIFYTCCA0mgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVEgx
      EDAOBgNVBAgMB0Jhbmdrb2sxEDAOBgNVBAcMB0Jhbmdrb2sxGDAWBgNVBAoMD09t
      aXNlIENvLiwgTHRkLjEPMA0GA1UECwwGRGV2b3BzMRQwEgYDVQQDDAtjYS5vbWlz
      ZS5jbzAeFw0xNzA2MDEwOTQ0NTJaFw0xOTA2MjEwOTQ0NTJaMHkxCzAJBgNVBAYT
      AlRIMRAwDgYDVQQIDAdCYW5na29rMRAwDgYDVQQHDAdCYW5na29rMRgwFgYDVQQK
      DA9PbWlzZSBDby4sIEx0ZC4xDzANBgNVBAsMBkRldm9wczEbMBkGA1UEAwwSZ3Jh
      4YE6FOKJmiDV7KsmoSO2JTEaZAK6sdxI7zFJJH0TNFIuKewEBsVH/W5RccjwK/z/
      BHwoTQc95zbfFjt1JwDiq8jGTVnQoXH99wAIW+HDYq6hqHyqW3YuQ8QvXfi/ebAs
      rn0urmEC7JhsZIg92AqVYEgdp5H6uFqPIK1U6aYrz5zzZpRfEA==
      -----END CERTIFICATE-----
    server.key: |
      -----BEGIN PRIVATE KEY-----
      MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC1zwgrnurQGlwe
      ZcKe2RXLs9XzQo4PzNsbxRQXSZef/siUZ/X3phd7Tt7QbQv8sxoZFR1/R4neN3KV
      tsWJ6YL3CY1IwqzxtR6SHzkg/CgUFgP4Jq9NDodOFRlmkZBK9iO9x/VITxLZPBQt
      f+ygeNhfG/oZZxlLSWNC/adlFfUGI8TujCGGyydxAegyWRYmhkLM7F3vRqMXiUn2
      UP/nPEMasHiHS7r99RzJILbU494aNYTxprfBAoGAdWwO/4I/r3Zo672AvCs2s/P6
      G85cX2hKMFy3B4/Ww53jFA3bsWTOyXBv4srl3v9C3xkQmDwUxPDshEN45JX1AMIc
      vxQkW5cm2IaPHB1BsuQpAuW6qIBT/NZqLmexb4jipAjTN4wQ2dkjI/zK2/SST5wb
      vNufGafZ1IpvkUsDkA0=
      -----END PRIVATE KEY-----

We are using .ps1 files to deploy the applications, using helm commands.
I have set up variable like:

$test2=‘server.cert: |
-----BEGIN CERTIFICATE-----
MIIFYTCCA0mgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVEgx
EDAOBgNVBAgMB0Jhbmdrb2sxEDAOBgNVBAcMB0Jhbmdrb2sxGDAWBgNVBAoMD09t
aXNlIENvLiwgTHRkLjEPMA0GA1UECwwGRGV2b3BzMRQwEgYDVQQDDAtjYS5vbWlz
ZS5jbzAeFw0xNzA2MDEwOTQ0NTJaFw0xOTA2MjEwOTQ0NTJaMHkxCzAJBgNVBAYT
AlRIMRAwDgYDVQQIDAdCYW5na29rMRAwDgYDVQQHDAdCYW5na29rMRgwFgYDVQQK
DA9PbWlzZSBDby4sIEx0ZC4xDzANBgNVBAsMBkRldm9wczEbMBkGA1UEAwwSZ3Jh
4YE6FOKJmiDV7KsmoSO2JTEaZAK6sdxI7zFJJH0TNFIuKewEBsVH/W5RccjwK/z/
BHwoTQc95zbfFjt1JwDiq8jGTVnQoXH99wAIW+HDYq6hqHyqW3YuQ8QvXfi/ebAs
rn0urmEC7JhsZIg92AqVYEgdp5H6uFqPIK1U6aYrz5zzZpRfEA==
-----END CERTIFICATE-----
server.key: |
-----BEGIN PRIVATE KEY-----
MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQC1zwgrnurQGlwe
ZcKe2RXLs9XzQo4PzNsbxRQXSZef/siUZ/X3phd7Tt7QbQv8sxoZFR1/R4neN3KV
tsWJ6YL3CY1IwqzxtR6SHzkg/CgUFgP4Jq9NDodOFRlmkZBK9iO9x/VITxLZPBQt
f+ygeNhfG/oZZxlLSWNC/adlFfUGI8TujCGGyydxAegyWRYmhkLM7F3vRqMXiUn2
UP/nPEMasHiHS7r99RzJILbU494aNYTxprfBAoGAdWwO/4I/r3Zo672AvCs2s/P6
G85cX2hKMFy3B4/Ww53jFA3bsWTOyXBv4srl3v9C3xkQmDwUxPDshEN45JX1AMIc
vxQkW5cm2IaPHB1BsuQpAuW6qIBT/NZqLmexb4jipAjTN4wQ2dkjI/zK2/SST5wb
vNufGafZ1IpvkUsDkA0=
-----END PRIVATE KEY-----’

and the trying to set it like:

–set graylog.serverFiles=$test2`

But that gives an error: “Overwriting table item ‘serverFiles’, with non table value: server.cert” and " range can’t iterate over server.cert"

I have also tried several variations, closest I get when I set [0], like ($FLUX_INGRESS_TLS_KEY = string):

–set graylog.serverFiles[0]=server.key:$FLUX_INGRESS_TLS_KEY

But that gives files like: /etc/graylog/server/0 → …data/0

And:

--set graylog.serverFiles.serverCert=$FLUX_INGRESS_TLS_CRT

files are: /etc/graylog/server/serverCert → …data/serverCert

I guess its about the syntax, but how?

I didin’t use variable for these settings, I write it to the value file, and for different stages, using different value file.

But you can try helm template command print out the rendered yaml file and check the server files.

I managed to add them. The trouble was infact the file type .cert, to be more exact the dot between the file name and type. This issue is solved. Not a Graylog issue, but I’ll post my solution, just in case someone is wondering the same.

Also make sure that $cert_in_variable has the line breaks!

–set graylog.serverFiles.server\.cert=$cert_in_variable

and then

–set graylog.tls.certFile=/etc/graylog/server/server.cert `

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.