docs: describe mTLS encryption

splunk · May 8, 2024 · 7e4733f · 7e4733f
1 parent c4ffcfd
commit 7e4733f
Showing 1 changed file with 73 additions and 2 deletions.
diff --git a/docs/edge_processor.md b/docs/edge_processor.md
@@ -35,5 +35,76 @@ stateDiagram
 
 ## Basic Setup
 
- 1. Use IP of EP instance as HEC URL
- 2. Use token from EP Global Settings
+### Docker / Podman
+
+Setup on your `env_file` HEC URL as IP of EP worker EC2 instance.
+Token you can find in EP "global settings" page.
+
+```
+SC4S_DEST_SPLUNK_HEC_{EP1}_URL=http://x.x.x.x:8088
+SC4S_DEST_SPLUNK_HEC_{EP1}_TOKEN=secret
+```
+
+### Kubernetes
+
+Setup on your `values.yaml` HEC URL as IP of EP worker EC2 instance.
+Token you can find in EP "global settings"page.
+
+```
+splunk:
+  hec_url: "https://x.x.x.x:8088"
+  hec_token: "secret"
+```
+
+## mTLS encryption
+
+### Preparing certs
+
+Before setup you need to [generate mTLS certificates](https://docs.splunk.com/Documentation/SplunkCloud/9.1.2308/EdgeProcessor/SecureForwarders). Server mTLS certificates should be uploaded to `Edge Processor` and client certifcates should be used with `SC4S`.
+
+Please rename your files, we expcting such filenames for client mTLS cerificates:
+
+  * `key.pem` - client certificate key
+  * `cert.pem` - client certificate
+  * `ca_cert.pem` - certificate authority
+
+### Docker / Podman
+
+  1. Use HTTPS in HEC url: `SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=https://x.x.x.x:8088`
+  2. Move your clients mTLS certificates to `/opt/sc4s/tls/hec`
+  3. Mount `/opt/sc4s/tls/hec` to `/etc/syslog-ng/tls/hec` using docker/podman volumes.
+  4. Define mounting mTLS point for HEC: `SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT=/etc/syslog-ng/tls/hec`
+  5. Start/Restart SC4S
+
+### Kubernetes
+
+  1. Add secret name of mTLS certs at `values.yaml`:
+
+```
+splunk:
+  hec_url: "https://x.x.x.x:8088"
+  hec_token: "secret"
+  hec_tls: "secret-name"
+```
+
+  2. Add your mtls certs at `secrets.yaml`:
+
+```
+hec_tls:
+  key: |
+    -----BEGIN PRIVATE KEY-----
+    Exmaple key
+    -----END PRIVATE KEY-----
+  cert: |
+    -----BEGIN CERTIFICATE-----
+    Exmaple cert
+    -----END CERTIFICATE-----
+  ca: |
+    -----BEGIN CERTIFICATE-----
+    Example ca
+    -----END CERTIFICATE-----
+```
+
+  3. Encrypt your `secrets.yaml` using `ansible-vault`.
+  4. Add IP of cluster nodes to inventoey file `ansible/inventory/inventory_microk8s_ha.yaml`
+  5. Deploy ansible playbook `ansible/playbooks/microk8s_ha.yml`