TLS Configuration

This guide demonstrates how to configure TLS termination for an Ingress resource.

Kubernetes namespace

The following section(s) presume the Immuta Enterprise Helm chart was deployed into namespace immuta and that the current namespace is immuta.

Prerequisite

The Ingress configuration must be completed before proceeding.

Ingress-NGINX Controller

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      nginx.ingress.kubernetes.io/auth-tls-secret: <namespace>/<secret-name>

Create a TLS secret from a given public/private PEM formatted key pair.

kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

Refer to the Ingress-Nginx Controller documentation for further assistance.

GKE Ingress Controller

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      ingress.gcp.kubernetes.io/pre-shared-cert: <certificate-name>

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

Refer to the GKE Ingress Controller documentation for further assistance.

AWS Load Balancer Controller

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      alb.ingress.kubernetes.io/certificate-arn: <certificate-arn>

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

Refer to the AWS Load Balancer Controller documentation for further assistance.

AKS Application Gateway Ingress Controller

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      appgw.ingress.kubernetes.io/appgw-ssl-certificate: <certificate-name>

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

Refer to the Application Gateway Ingress Controller documentation for further assistance.

Traefik

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    annotations:
      traefik.ingress.kubernetes.io/router.tls: "true"
    hostname: <immuta-fqdn>
    tls: true
    # If left unset the TLS secret name defaults to <hostname>-tls
    secretName: <secret-name>

Create a TLS secret from a given public/private PEM formatted key pair.

kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

Refer to the Traefik documentation for further assistance.

PreviousCosign Verification NextImmuta in Production

Last updated 6 days ago

Was this helpful?

Ingress-NGINX Controller

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      nginx.ingress.kubernetes.io/auth-tls-secret: <namespace>/<secret-name>

Create a TLS secret from a given public/private PEM formatted key pair.

kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

GKE Ingress Controller

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      ingress.gcp.kubernetes.io/pre-shared-cert: <certificate-name>

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

AWS Load Balancer Controller

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      alb.ingress.kubernetes.io/certificate-arn: <certificate-arn>

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

AKS Application Gateway Ingress Controller

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      appgw.ingress.kubernetes.io/appgw-ssl-certificate: <certificate-name>

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

Traefik

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    annotations:
      traefik.ingress.kubernetes.io/router.tls: "true"
    hostname: <immuta-fqdn>
    tls: true
    # If left unset the TLS secret name defaults to <hostname>-tls
    secretName: <secret-name>

Create a TLS secret from a given public/private PEM formatted key pair.

kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.16

Refer to the Traefik documentation for further assistance.