You can provide your own CA and certificates instead of the self-signed certificate to connect to Elasticsearch via HTTPS using a Kubernetes secret.
You need to reference the name of a secret that contains a TLS private key and a certificate (or a chain), in the
spec: http: tls: certificate: secretName: my-cert
This is an example on how create a Kubernetes TLS secret with a self-signed certificate:
$ openssl req -x509 -newkey rsa:4096 -keyout tls.key -out tls.crt -days 365 -nodes $ kubectl create secret tls my-cert --cert tls.crt --key tls.key