Use Official Certificate Authority

In production, ESS should run with certificates from an official Certificate Authority (CA) for all external facing services rather than self-signed certificates.

The following customization example uses Let’s Encrypt as the Certificate Authority. Specifically, the customization directs all your Ingress resources to use Let’s Encrypt.

Example Customization

1. Create an overlay structure as described in Customize ESS.

2. Add the customization overlay:

   #kustomization.yaml
   ---
   patches:
     - target:
         kind: Ingress
       patch: |-
         - op: replace
           path: /metadata/annotations/cert-manager.io~1issuer
           value: letsencrypt-prod