Book a demo

TLS Configuration

This guide demonstrates how to configure TLS termination for an Ingress resource.

Kubernetes namespace

The following section(s) presume the Immuta Enterprise Helm chart was deployed into namespace immuta and that the current namespace is immuta.

Prerequisite

The Ingress configuration must be completed before proceeding.

Ingress-NGINX Controller

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      nginx.ingress.kubernetes.io/auth-tls-secret: <namespace>/<secret-name>

  2. Create a TLS secret from a given public/private PEM formatted key pair.

    kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key

  3. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19

Refer to the Ingress-Nginx Controller documentation for further assistance.

GKE Ingress Controller

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      ingress.gcp.kubernetes.io/pre-shared-cert: <certificate-name>

  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19

Refer to the GKE Ingress Controller documentation for further assistance.

AWS Load Balancer Controller

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      alb.ingress.kubernetes.io/certificate-arn: <certificate-arn>

  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19

Refer to the AWS Load Balancer Controller documentation for further assistance.

AKS Application Gateway Ingress Controller

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      appgw.ingress.kubernetes.io/appgw-ssl-certificate: <certificate-name>

  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19

Refer to the Application Gateway Ingress Controller documentation for further assistance.

Traefik

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
  ingress:
    annotations:
      traefik.ingress.kubernetes.io/router.tls: "true"
    hostname: <immuta-fqdn>
    tls: true
    # If left unset the TLS secret name defaults to <hostname>-tls
    secretName: <secret-name>

  2. Create a TLS secret from a given public/private PEM formatted key pair.

    kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key

  3. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19

Refer to the Traefik documentation for further assistance.

PreviousCosign VerificationNextImmuta in Production

Last updated

Was this helpful?