openstack-helm-infra/fluentd/values_overrides/tls.yaml

---
conf:
  fluentd:
    conf:
      output: |
        <label @output>
          <match **>
            <buffer>
              chunk_limit_size 512K
              flush_interval 5s
              flush_thread_count 8
              queue_limit_length 32
              retry_forever false
              retry_max_interval 30
            </buffer>
            host "#{ENV['ELASTICSEARCH_HOST']}"
            reload_connections false
            reconnect_on_error true
            reload_on_failure true
            include_tag_key true
            logstash_format true
            password "#{ENV['ELASTICSEARCH_PASSWORD']}"
            port "#{ENV['ELASTICSEARCH_PORT']}"
            scheme "#{ENV['ELASTICSEARCH_SCHEME']}"
            @type elasticsearch
            user "#{ENV['ELASTICSEARCH_USERNAME']}"
            ssl_verify true
            ssl_version TLSv1_2
            ca_file /etc/elasticsearch/certs/ca.crt
          </match>
        </label>        
endpoints:
  elasticsearch:
    scheme:
      default: "https"
    port:
      http:
        default: 443
manifests:
  certificates: true
...