Use Official Certificate Authority#
In production, ESS should run with certificates from an official Certificate Authority (CA) for all external facing services rather than self-signed certificates.
The following customization example uses Let’s Encrypt as the Certificate Authority. Specifically, the customization directs all your Ingress resources to use Let’s Encrypt.
Go to your ESS installation directory:
Specifically, add the highlighted content to the
kustomization.yamlfile under the
patcheskey does not exist in
kustomization.yaml, add the key
# kustomization.yaml in your ESS installation directory # ... Preceding content omitted for brevity # ... patches: - target: kind: Ingress patch: |- - op: replace path: /metadata/annotations/cert-manager.io~1issuer value: letsencrypt-prod