I have done the setup of elastic stack using search guard plugin in a kubernetes environment. Now, I want to replace these demo certificates with my own certificate. And also I want the search guard kibana dashboard to be exposed through the ingress proxy with a secured SSL/TLS connection. For the time being, even I am able to use the Ingress certificate as searchguard node, admin and REST certificates then it will be fine for me. I don't want different certificate for nodes, admin and REST. How can I achieve this? I tried by updating the kubernetes secrets but I am not sure whether the running pod mounts the updated secret without a pod restart. But when I am doing pod restart the Pods never come back into running stage. What is the right way to achieve this? Can someone please provide detailed steps?
Asked
Active
Viewed 304 times
1 Answers
1
I recommend to have a look how we do it in our helm charts: https://github.com/floragunncom/search-guard-helm
That said you can have the same certificates for nodes and REST but the admin certificvate needs to be a different one. If you update the certs you must restart the pod.
Search Guard
- 395
- 1
- 7