A newer version is available. For the latest information, see the
current release documentation.
Custom HTTP certificate
editCustom HTTP certificateedit
You can provide your own CA and certificates instead of the self-signed certificate to connect to Elastic stack applications via HTTPS using a Kubernetes secret.
See Setup your own certificate to learn how to do that.
Custom self-signed certificate using OpenSSLedit
This example illustrates how to create your own self-signed certificate for the quickstart Elasticsearch cluster using the OpenSSL command line utility. Note the subject alternative name (SAN) entry for quickstart-es-http.default.svc
.
$ openssl req -x509 -sha256 -nodes -newkey rsa:4096 -days 365 -subj "/CN=quickstart-es-http" -addext "subjectAltName=DNS:quickstart-es-http.default.svc" -keyout tls.key -out tls.crt $ kubectl create secret generic quickstart-es-cert --from-file=ca.crt=tls.crt --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key
Custom self-signed certificate using cert-manageredit
This example illustrates how to issue a self-signed certificate for the quickstart Elasticsearch cluster using a cert-manager self-signed issuer.
--- apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: selfsigned-issuer spec: selfSigned: {} --- apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: quickstart-es-cert spec: isCA: true dnsNames: - quickstart-es-http - quickstart-es-http.default.svc - quickstart-es-http.default.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer secretName: quickstart-es-cert