Overview of enabling TLS for Tanzu Developer Portal

Many users want inbound traffic to Tanzu Developer Portal to be properly encrypted. These topics tell you how to enable TLS encryption either with an existing certificate or by using the included cert-manager instance.

Concepts

The two key concepts are certificate delegation and the relationship between cert-manager, certificates, and ClusterIssuers.

Certificate delegation

Tanzu Developer Portal uses the established shared Contour ingress for TLS termination.

This enables you to store the certificate in a Kubernetes secret and then pass that secret and namespace to the httpProxy that was created during installation. To do this, see Configuring a TLS certificate by using an existing certificate.

TLS diagram showing the relationships between Tanzu Developer Portal, the certificate, and Contour Shared Ingress.

cert-manager, certificates, and ClusterIssuers

Tanzu Developer Portal can also use the cert-manager package that is installed when the profile was installed.

This tool allows cert-manager to automatically acquire a certificate from a clusterIssuer entity.

This external entity can be an external certificate authority, such as Let’s Encrypt, or a self-signed certificate.

TLS diagram showing the relationships between Tanzu Developer Portal, the cert dash manager, and Contour Shared Ingress.

Guides

The following topics describe different ways to configure TLS:

check-circle-line exclamation-circle-line close-line
Scroll to top icon