Skip to content

TLS Configuration

This guide demonstrates how to configure TLS termination for an Ingress resource.

Kubernetes namespace

The following section(s) presume the Immuta Enterprise Helm chart was deployed into namespace immuta and that the current namespace is immuta.

Prerequisite

The Ingress configuration must be completed before proceeding.

Ingress-NGINX Controller

  1. Edit immuta-values.yaml to include the following Helm values.

    immuta-values.yaml
    secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      nginx.ingress.kubernetes.io/auth-tls-secret: <namespace>/<secret-name>

  2. Create a TLS secret from a given public/private PEM formatted key pair.

    kubectl create secret tls <secret-name> --cert=path/to/tls.cert --key=path/to/tls.key

  3. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> immuta/immuta-enterprise --values immuta-values.yaml

Additional resources

Refer to the Ingress-Nginx Controller documentation for further assistance.

GKE Ingress Controller

  1. Edit immuta-values.yaml to include the following Helm values.

    immuta-values.yaml
    secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      ingress.gcp.kubernetes.io/pre-shared-cert: <certificate-name>

  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> immuta/immuta-enterprise --values immuta-values.yaml

Additional resources

Refer to the GKE Ingress Controller documentation for further assistance.

AWS Load Balancer Controller

  1. Edit immuta-values.yaml to include the following Helm values.

    immuta-values.yaml
    secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      alb.ingress.kubernetes.io/certificate-arn: <certificate-arn>

  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> immuta/immuta-enterprise --values immuta-values.yaml

Additional resources

Refer to the AWS Load Balancer Controller documentation for further assistance.

AKS Application Gateway Ingress Controller

  1. Edit immuta-values.yaml to include the following Helm values.

    immuta-values.yaml
    secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      appgw.ingress.kubernetes.io/appgw-ssl-certificate: <certificate-name>

  2. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> immuta/immuta-enterprise --values immuta-values.yaml

Additional resources

Refer to the Application Gateway Ingress Controller documentation for further assistance.

Traefik

  1. Edit immuta-values.yaml to include the following Helm values.

    immuta-values.yaml
    secure:
  ingress:
    hostname: <immuta-fqdn>
    tls: <secret-name>

  2. Create a TLS secret with the name <hostname>-tls from a given public/private PEM formatted key pair.

    kubectl create secret tls <hostname>-tls --cert=path/to/tls.cert --key=path/to/tls.key

  3. Perform a Helm upgrade to apply the changes made to immuta-values.yaml.

    helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.3

Additional resources

Refer to the Traefik documentation for further assistance.