Configure a TLS certificate by using a self-signed certificate

This topic tells you how to use cert-manager to create a self-signed certificate issuer and then generate a certificate for Tanzu Developer Portal (formerly named Tanzu Application Platform GUI) to use based on that issuer.

Some browsers and corporate policies do not allow you to visit webpages that have self-signed certificates. You might need to navigate through a series of error messages to visit the page.

TLS diagram showing the relationships between Tanzu Developer Portal, cert dash manager, and Contour Shared Ingress.

Prerequisite

Install a Tanzu Application Platform profile that includes cert-manager. Verify you did this by running the following command to detect the cert-manager namespace:

kubectl get ns

Procedure

To configure a self-signed TLS certificate for Tanzu Developer Portal:

  1. Create a certificate.yaml file that defines an issuer and a certificate. For example:

    apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: ca-issuer
  namespace: tap-gui
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: tap-gui-cert
  namespace: tap-gui
spec:
  secretName: tap-gui-cert
  dnsNames:
  - tap-gui.INGRESS-DOMAIN
  issuerRef:
    name: ca-issuer

    Where INGRESS-DOMAIN is your domain value that matches the values you used when you installed the profile.

  2. Add the issuer and certificate to your cluster by running:

    kubectl apply -f certificate.yaml

  3. Configure Tanzu Developer Portal to use the newly created certificate. Update the tap-values.yaml file used during installation to include the following under the tap-gui section:

    • A top-level tls key with subkeys for namespace and secretName
    • A namespace referring to the namespace containing the Certificate object mentioned earlier
    • A secret name referring to the secretName value defined in your Certificate resource earlier

    Example:

    tap_gui:
  tls:
    namespace: tap-gui
    secretName: tap-gui-cert
 # Additional configuration below this line as needed

  4. Update the Tanzu Application Platform package with the new values in tap-values.yaml:

    tanzu package installed update tap -p tap.tanzu.vmware.com -v TAP-VERSION  --values-file tap-values.yaml -n tap-install

    Where TAP-VERSION is the version that matches the values you used when you installed the profile.

check-circle-line exclamation-circle-line close-line
Scroll to top icon