A newer version is available. For the latest information, see the
current release documentation.
Custom HTTP certificate
editCustom HTTP certificate
editYou can provide your own CA and certificates instead of the self-signed certificate to connect to Elastic stack applications via HTTPS using a Kubernetes secret.
See Setup your own certificate to learn how to do that.
Custom self-signed certificate using OpenSSL
editThis example illustrates how to create your own self-signed certificate for the quickstart Elasticsearch cluster using the OpenSSL command line utility. Note the subject alternative name (SAN) entry for quickstart-es-http.default.svc
.
$ openssl req -x509 -sha256 -nodes -newkey rsa:4096 -days 365 -subj "/CN=quickstart-es-http" -addext "subjectAltName=DNS:quickstart-es-http.default.svc" -keyout tls.key -out tls.crt $ kubectl create secret generic quickstart-es-cert --from-file=ca.crt=tls.crt --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key
Custom self-signed certificate using cert-manager
editThis example illustrates how to issue a self-signed certificate for the quickstart Elasticsearch cluster using a cert-manager self-signed issuer.
--- apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: selfsigned-issuer spec: selfSigned: {} --- apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: quickstart-es-cert spec: isCA: true dnsNames: - quickstart-es-http - quickstart-es-http.default.svc - quickstart-es-http.default.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer secretName: quickstart-es-cert