Add a diagram for CAs and Certs usage between agent, fleet-server and ES

[AndersonQ]

What does this PR do?

Add a diagram showing the certificates and CAs used between the Elastic Agent, Fleet Server and Elasticsearch and their respective cli flag.

Why is it important?

Given the number of possible CAs and certificates and their respective cli options, it's often confusing which one is used on each connection. This diagram helps to explain that.

Checklist

• [ ] My code follows the style guidelines of this project
• [ ] I have commented my code, particularly in hard-to-understand areas
• [ ] I have made corresponding changes to the documentation
• [ ] I have made corresponding change to the default configuration files
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added an entry in ./changelog/fragments using the changelog tool
• [ ] I have added an integration test or an E2E test

Disruptive User Impact

None

How to test this PR locally

N/A

Related issues

• N/A

Questions to ask yourself

• How are we going to support this in production?
• How are we going to measure its adoption?
• How are we going to debug this?
• What are the metrics I should take care of?
• ...

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

[mergify]

This pull request does not have a backport label. Could you fix it @AndersonQ? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

[blakerouse]

This is a really good addition to the documentation. What tool did you use to generate this PDF? If the diagrams are created by code, it would be great to include that in the PR as well. Make it easier for others to update.

That is really the only negative I have with this PR is that updating the PDF if anything changes will not be as simple as updating some code and regenerating the graphs.

[ycombinator]

Thanks for adding this to the docs, @AndersonQ. As Blake said, this is a really useful addition.

Have you considered using something like https://github.blog/developer-skills/github/include-diagrams-markdown-files-mermaid/ to generate the diagrams with code? That will solve the update issue that Blake mentioned as well.

[AndersonQ]

I was a "quick" thing I did for Nima, wasn't really intended to be in our docs, but Creaig pointed out that it's better than nothing. I did it on Miro. I can pass it to mermaid

[nimarezainia]

thanks for doing this. I was also using it in the other doc we are preparing for CA changes.

[cmacknz]

We can probably put this in the user facing documentation in https://github.com/elastic/ingest-docs. CC @kilfoyle

+1 to committing the source somewhere or having this in a place we can more easily maintain (shared Whimsical space?). That said I'd rather have hard to maintain documentation than no documentation.

[michel-laterman]

I agree with the need to add whatever was used to generate the image.
Thanks for making the diagram!

[AndersonQ]

I used miro to make this diagram, nothing special and anyone on platform ingest should be able to access it

[nimarezainia]

We can probably put this in the user facing documentation in https://github.com/elastic/ingest-docs. CC @kilfoyle

+1 to committing the source somewhere or having this in a place we can more easily maintain (shared Whimsical space?). That said I'd rather have hard to maintain documentation than no documentation.

yeah will add some version of it in to the docs along with the other CA related sections Anderson helped out with.

[blakerouse]

Awesome! Really appreciate adjusting this to be code based, this is great!

[ycombinator]

Thanks for recreating the diagrams in Mermaid, @AndersonQ. These are super useful!

[jlind23]

Sonarqube is expected but will never be triggered as there was no code change, force merging this to unblock @AndersonQ.