You are looking at the documentation for a beta release.
« Virtual memory Secure settings »
Elastic Docs Elastic Cloud on Kubernetes [1.0-beta] Running Elasticsearch on ECK

Custom HTTP certificate

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Custom HTTP certificate

edit

You can provide your own CA and certificates instead of the self-signed certificate to connect to Elasticsearch via HTTPS using a Kubernetes secret. The certificate must be stored under tls.crt and the private key must be stored under tls.key. If your certificate was not issued by a well-known CA, you must include the trust chain under ca.crt as well.

You need to reference the name of a secret that contains a TLS private key and a certificate (and optionally, a trust chain), in the spec.http.tls.certificate section.

spec:
  http:
    tls:
      certificate:
        secretName: my-cert

This is an example on how to create a Kubernetes TLS secret with a self-signed certificate:

$ openssl req -x509 -sha256 -nodes -newkey rsa:4096 -days 365 -subj "/CN=quickstart-es-http" -addext "subjectAltName=DNS:quickstart-es-http.default.svc" -keyout tls.key -out tls.crt
$ kubectl create secret generic my-cert --from-file=ca.crt=tls.crt --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key
« Virtual memory Secure settings »