Use Official Certificate Authority#

In production, ESS should run with certificates from an official Certificate Authority (CA) for all external facing services rather than self-signed certificates.

Example Customization#

The following customization example uses Let’s Encrypt as the Certificate Authority. Specifically, the customization directs all your Ingress resources to use Let’s Encrypt.

Go to your ESS installation directory:
```
cd ${HOME}/ess
```

Modify the kustomization.yaml (i.e., step 3 of the Applying Your Customizations procedure).

Specifically, add the highlighted content to the kustomization.yaml file under the patches key:

Tip

If patches key does not exist in kustomization.yaml, add the key patches as well.

# kustomization.yaml in your ESS installation directory

# ...  Preceding content omitted for brevity 
# ...

patches:
  - target:
      kind: Ingress
    patch: |-
      - op: replace
        path: /metadata/annotations/cert-manager.io~1issuer
        value: letsencrypt-prod

Continue with the rest of the Applying Your Customizations procedure.