Use Official Certificate Authority#
In production, ESS should run with certificates from an official Certificate Authority (CA) for all external facing services rather than self-signed certificates.
The following customization example uses Let’s Encrypt as the Certificate Authority. Specifically, the customization directs all your Ingress resources to use Let’s Encrypt.
Create an overlay structure as described in Customize ESS.
Add the customization overlay:
#kustomization.yaml --- patches: - target: kind: Ingress patch: |- - op: replace path: /metadata/annotations/cert-manager.io~1issuer value: letsencrypt-prod