TLS at transport layer in kubernetes cluster

Hi everyone, we have been working on deploying opensearch on an on-prem kubernetes environment, facing an issue with setting up TLS at the transport layer.

In the transport layer, we have enabled hostname and verification and this is causing nodes to not only verify name of the node they are connecting to but also the IP of the node, this is the error we are getting in the logs of one of the nodes:

oss1 (2) is the pod IP of one of the master nodes, the concern is we are running this cluster as pods and pod IPs keep changing, one way around would be to generate a san file with pod ip and certificate every time a pod restarts but not sure if this is a good idea, is there any way around this we would like to have TLS with hostname verification in transport layer, maybe we are missing something,
any help would be much appreciated.


@karthik Could you share your config.yml and OpenSearch.yml files?