Use Official Certificate Authority#

In production, ESS should run with certificates from an official Certificate Authority (CA) for all external facing services rather than self-signed certificates.

Example Customization#

The following customization example uses Let’s Encrypt as the Certificate Authority. Specifically, the customization directs all your Ingress resources to use Let’s Encrypt.

  1. Go to your ESS installation directory:

    cd ${HOME}/ess

  2. Modify the kustomization.yaml (i.e., step 3 of the Applying Your Customizations procedure).

    Specifically, add the highlighted content to the kustomization.yaml file under the patches key:

    Tip

    If patches key does not exist in kustomization.yaml, add the key patches as well.

    # kustomization.yaml in your ESS installation directory

# ...  Preceding content omitted for brevity 
# ...

patches:
  - target:
      kind: Ingress
    patch: |-
      - op: replace
        path: /metadata/annotations/cert-manager.io~1issuer
        value: letsencrypt-prod

  3. Continue with the rest of the Applying Your Customizations procedure.

On this page