I am setting up searchguard elastic stack on kubernetes (Azure Kubernetes Service). Search guard version sg-sgadmin:7.1.0-35.0.0. I want to expose search guard kibana through ingress. How should I use the same ingress certificate as the Node, Admin, REST certificate? Is this possible? Please provide detailed answer on the steps that will help in achieving the same.
I recommend to have a look how we do it in our helm charts: https://github.com/floragunncom/search-guard-helm
That said you can have the same certificates for nodes and REST but the admin certificvate needs to be a different one. If you update the certs you must restart the pod.
Pls refer to the documentation where the various certificate types are explained:
And yes, in the helm charts we regenerate the node certificates because the hostname is different for every unique pod. The root-ca will only created once of course.
Thanks for the response. I went through it but I am still unclear where and how should I put my generated certificates (generated from Lets encrypt certbot) so that they are picked up by kubernetes on helm install. I did not see any key in the values.yml file that hold certificates. 1. Are they to be placed in install_demo_configuration.sh, which then requires creating the docker image for elasticsearch+search guard elastic search plugin or 2. Should I edit the respective secrets and run sgadmin.sh or is there some other correct way of doing it ? Please help. Request you to be elaborative.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.