Why OpenSearch Operator Should Not Manage Certificates Independently"

[CoderYellow]

When deploying OpenSearch in an enterprise environment, it is common to use a custom enterprise CA for certificate management. However, the OpenSearch Operator has several issues with handling custom HTTP CAs. Additionally, managing certificates (e.g., signing, rotating, and distributing the OpenSearch-generated CA to clients for trust) is a complex and error-prone process.

To address this, I believe it’s better to leverage specialized frameworks like Cert-Manager or AutoCert for certificate management. These tools are designed to handle the lifecycle of certificates more efficiently and reliably, aligning with enterprise standards.

Thoughts?