A newer version is available. For the latest information, see the
current release documentation.
Custom HTTP certificate
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Custom HTTP certificate
editYou can provide your own CA and certificates instead of the self-signed certificate to connect to Elastic stack applications via HTTPS using a Kubernetes secret.
See Setup your own certificate to learn how to do that.
Custom self-signed certificate using OpenSSL
editThis example illustrates how to create your own self-signed certificate for the quickstart Elasticsearch cluster using the OpenSSL command line utility. Note the subject alternative name (SAN) entry for quickstart-es-http.default.svc.
$ openssl req -x509 -sha256 -nodes -newkey rsa:4096 -days 365 -subj "/CN=quickstart-es-http" -addext "subjectAltName=DNS:quickstart-es-http.default.svc" -keyout tls.key -out tls.crt $ kubectl create secret generic quickstart-es-cert --from-file=ca.crt=tls.crt --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key
Custom self-signed certificate using cert-manager
editThis example illustrates how to issue a self-signed certificate for the quickstart Elasticsearch cluster using a cert-manager self-signed issuer.
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: quickstart-es-cert
spec:
isCA: true
dnsNames:
- quickstart-es-http
- quickstart-es-http.default.svc
- quickstart-es-http.default.svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: quickstart-es-cert