Skip to content

Commit b40ea3b

Browse files
committed
relocate note and reorder steps
1 parent d6ecddf commit b40ea3b

File tree

2 files changed

+5
-6
lines changed

2 files changed

+5
-6
lines changed

deploy-manage/security/different-ca.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,7 @@ products:
1212

1313
# Different CA [update-node-certs-different]
1414

15-
16-
If you have to trust a new CA from your organization, or you need to generate a new CA yourself, use this new CA to sign the new node certificates and instruct your nodes to trust the new CA.
15+
If you have to trust a new CA from your organization, or you need to generate a new CA yourself, instruct your nodes to trust the new CA and then use this new CA to sign the new node certificates.
1716

1817
:::{include} ./_snippets/own-ca-warning.md
1918
:::

deploy-manage/security/k8s-transport-settings.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,10 @@ products:
1010

1111
# Manage transport certificates on ECK [k8s-transport-settings]
1212

13-
The transport module in {{es}} is used for internal communication between nodes within the cluster as well as communication between remote clusters. Check the [{{es}} documentation](elasticsearch://reference/elasticsearch/configuration-reference/networking-settings.md) for details. For customization options of the HTTP layer, check [Access services](../deploy/cloud-on-k8s/accessing-services.md) and [HTTP TLS certificates](./k8s-https-settings.md).
13+
The transport module in {{es}} is used for internal communication between nodes within the cluster as well as communication between remote clusters. Check the [{{es}} documentation](elasticsearch://reference/elasticsearch/configuration-reference/networking-settings.md) for details. For customization options of the HTTP layer, refer to [Access services](../deploy/cloud-on-k8s/accessing-services.md) and [HTTP TLS certificates](./k8s-https-settings.md).
14+
15+
:::{include} ./_snippets/own-ca-warning.md
16+
:::
1417

1518
## Customize the Transport Service [k8s_customize_the_transport_service]
1619

@@ -75,9 +78,6 @@ spec:
7578

7679
## Issue node transport certificates with third-party tools [k8s-transport-third-party-tools]
7780

78-
:::{include} ./_snippets/own-ca-warning.md
79-
:::
80-
8181
When following the instructions in [Configure a custom Certificate Authority](#k8s-transport-ca) the issuance of certificates is orchestrated by the ECK operator and the operator needs access to the CAs private key. If this is undesirable it is also possible to configure node transport certificates without involving the ECK operator. The following two pre-requisites apply:
8282

8383
1. The tooling used must be able to issue individual certificates for each {{es}} node and dynamically add or remove certificates as the cluster scales up and down.

0 commit comments

Comments
 (0)