Best practice LE certs #646
-
Hi, Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Hi @b-thiswatch. Since you are talking about LetsEncrypt I assume you are using an official domain to expose your REST API and not the k8s internal stuff? For cluster-internal access the safe way is to provide the certs (in a keystore or as pem) in a secret and mount that in any container that wants to access the opensearch API. Of course you can also put an internal ingress in front of opensearch but then need another way to generate valid certs as LE will not hand out any for cluster-internal domains. |
Beta Was this translation helpful? Give feedback.
As long as you have control over your services, that of course works and is not a bad solution.