1 files changed, 13 insertions, 5 deletions

diff --git a/app/telemetry/deploy/telemetry-system.hcl b/app/telemetry/deploy/telemetry-system.hcl
index cb39bac..d5a7241 100644
--- a/app/telemetry/deploy/telemetry-system.hcl
+++ b/app/telemetry/deploy/telemetry-system.hcl
@@ -15,10 +15,11 @@ job "telemetry-system" {
     task "elastic" {
       driver = "docker"
       config {
-        image = "docker.elastic.co/elasticsearch/elasticsearch:7.17.0"
+        image = "docker.elastic.co/elasticsearch/elasticsearch:8.2.0"
         network_mode = "host"
         volumes = [
           "/mnt/ssd/telemetry/es_data:/usr/share/elasticsearch/data",
+          "secrets/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12",
         ]
         ports = [ "elastic", "elastic_internal" ]
         sysctl = {
@@ -29,12 +30,19 @@ job "telemetry-system" {
         }
       }
 
+      user = "1000"
+
       resources {
         memory = 1500
         cpu = 500
       }
 
       template {
+        data = "{{ key \"secrets/telemetry/elasticsearch/elastic-certificates.p12\" }}"
+        destination = "secrets/elastic-certificates.p12"
+      }
+
+      template {
         data = <<EOH
 node.name={{ env "attr.unique.hostname" }}
 http.port=9200
@@ -48,8 +56,8 @@ xpack.security.authc.api_key.enabled=true
 xpack.security.transport.ssl.enabled=true
 xpack.security.transport.ssl.verification_mode=certificate
 xpack.security.transport.ssl.client_authentication=required
-xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/data/elastic-certificates.p12
-xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/data/elastic-certificates.p12
+xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
+xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
 cluster.routing.allocation.disk.watermark.high=75%
 cluster.routing.allocation.disk.watermark.low=65%
 ES_JAVA_OPTS=-Xms512M -Xmx512M
@@ -101,7 +109,7 @@ EOH
     task "apm" {
       driver = "docker"
       config {
-        image = "docker.elastic.co/apm/apm-server:7.17.1"
+        image = "docker.elastic.co/apm/apm-server:8.2.0"
         network_mode = "host"
         ports = [ "apm" ]
         args = [ "--strict.perms=false" ]
@@ -144,7 +152,7 @@ EOH
     task "filebeat" {
       driver = "docker"
       config {
-        image = "docker.elastic.co/beats/filebeat:7.17.1"
+        image = "docker.elastic.co/beats/filebeat:8.2.0"
         network_mode = "host"
         volumes = [
           "/mnt/ssd/telemetry/filebeat:/usr/share/filebeat/data",