Use Official Certificate Authority#

In production, ESS should run with certificates from an official Certificate Authority (CA) for all external facing services rather than self-signed certificates.

The following customization example uses Let’s Encrypt as the Certificate Authority. Specifically, the customization directs all your Ingress resources to use Let’s Encrypt.

Example Customization#

  1. Create an overlay structure as described in Customize ESS.

  2. Add the customization overlay:

      - target:
          kind: Ingress
        patch: |-
          - op: replace
            path: /metadata/annotations/
            value: letsencrypt-prod