TLS Configuration

This guide demonstrates how to configure TLS termination for an Ingress resource.

Kubernetes namespace

The following section(s) presume the Immuta Enterprise Helm chart was deployed into namespace immuta and that the current namespace is immuta.

Prerequisite

The Ingress configuration must be completed before proceeding.

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
      ingress:
        hostname: <immuta-fqdn>
        annotations:
          nginx.ingress.kubernetes.io/auth-tls-secret: <namespace>/<secret-name>
  2. Create a TLS secret from a given public/private PEM formatted key pair.

    kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key
  3. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.12

Refer to the Ingress-Nginx Controller documentation for further assistance.

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
      ingress:
        hostname: <immuta-fqdn>
        annotations:
          ingress.gcp.kubernetes.io/pre-shared-cert: <certificate-name>
  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.12

Refer to the GKE Ingress Controller documentation for further assistance.

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
      ingress:
        hostname: <immuta-fqdn>
        annotations:
          alb.ingress.kubernetes.io/certificate-arn: <certificate-arn>
  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.12

Refer to the AWS Load Balancer Controller documentation for further assistance.

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
      ingress:
        hostname: <immuta-fqdn>
        annotations:
          appgw.ingress.kubernetes.io/appgw-ssl-certificate: <certificate-name>
  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.12

Refer to the Application Gateway Ingress Controller documentation for further assistance.

  1. Edit immuta-values.yaml to include the following Helm values.

    secure:
      ingress:
        annotations:
          traefik.ingress.kubernetes.io/router.tls: "true"
        hostname: <immuta-fqdn>
        tls: true
        # If left unset the TLS secret name defaults to <hostname>-tls
        secretName: <secret-name>
  2. Create a TLS secret from a given public/private PEM formatted key pair.

    kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key
  3. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.12

Refer to the Traefik documentation for further assistance.

Last updated

Other versions

SaaS2024.32024.1

Copyright © 2014-2024 Immuta Inc. All rights reserved.