Natalia Szakiel
--- a/templates/elasticsearch.yaml

+ 44

− 19
+++ b/templates/elasticsearch.yaml

+ 44

− 19
 @@ -113,23 +113,6 @@ spec:
                port:
                  number: 9200
 ---
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name:  {{ .Release.Name }}-elasticsearch-http-cert
-spec:
-  dnsNames:
-    -  {{ template "elasticsearch.dns" . }}
-    -  {{ .Release.Name }}-elasticsearch-es-http.{{  .Release.Namespace   }}
-    -  {{ .Release.Name }}-elasticsearch-es-http.{{  .Release.Namespace   }}.svc
-  secretName: {{ .Release.Name }}-elasticsearch-http-cert-secret
-  duration: {{ .Values.elasticsearch.cert.duration }}
-  renewBefore: {{ .Values.elasticsearch.cert.renewBefore }}
-  commonName: {{ template "elasticsearch.dns" . }}
-  issuerRef:
-    name: dev-staging
-    kind: ClusterIssuer
---
 apiVersion: v1
 kind: Secret
 metadata:
 @@ -155,5 +138,47 @@ stringData:
      indices:
      - names: [ '*' ]
        privileges:  ["read","write","create","create_index","manage","manage_ilm"]
-
-
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-ca
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: internal-ca
+spec:
+  isCA: true
+  commonName: internal-ca
+  secretName: internal-ca
+  issuerRef:
+    name: selfsigned-ca
+    kind: ClusterIssuer
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: internal-issuer
+spec:
+  ca:
+    secretName: internal-ca
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: elasticsearch-certificate
+spec:
+  secretName: {{ .Release.Name }}-elasticsearch-http-cert-secret
+  duration: {{ .Values.elasticsearch.cert.duration }}
+  renewBefore: {{ .Values.elasticsearch.cert.renewBefore }}
+  commonName: {{ template "elasticsearch.dns" . }}
+  dnsNames:
+    -  {{ template "elasticsearch.dns" . }}
+    -  {{ .Release.Name }}-elasticsearch-es-http.{{  .Release.Namespace   }}
+    -  {{ .Release.Name }}-elasticsearch-es-http.{{  .Release.Namespace   }}.svc
+  issuerRef:
+    name: internal-issuer
+    kind: Issuer