Use Official Certificate Authority

In production, ESS should run with certificates from an official Certificate Authority (CA) for all external facing services rather than self-signed certificates.

The following customization example uses Let’s Encrypt as the Certificate Authority. Specifically, the customization directs all your Ingress resources to use Let’s Encrypt.

Example Customization

  1. Create an overlay structure as described in Customize ESS.

  2. Add the customization overlay:

    #kustomization.yaml
    ---
    patches:
      - target:
          kind: Ingress
        patch: |-
          - op: replace
            path: /metadata/annotations/cert-manager.io~1issuer
            value: letsencrypt-prod