This topic tells you how to use the certificate information from your external certificate authority to encrypt inbound traffic to Tanzu Developer Portal (formerly called Tanzu Application Platform GUI).
Your certificate authority gave you a certificate file, of the form CERTIFICATE-FILE-NAME.crt
, and a signing key, of the form KEY-FILE-NAME.key
. Ensure that these files are present on the host from which you run the CLI commands.
To configure Tanzu Developer Portal with an existing certificate:
Create the Kubernetes secret by running:
kubectl create secret tls tap-gui-cert --key="KEY-FILE-NAME.key" --cert="CERTIFICATE-FILE-NAME.crt" -n tap-gui
Where:
KEY-FILE-NAME
is the name of the key
file that your certificate issuer gave youCERTIFICATE-FILE-NAME
is the name of the crt
file that your certificate issuer gave youConfigure Tanzu Developer Portal to use the newly created secret. Do so by editing the tap-values.yaml
file that you used during installation to include the following under the tap-gui
section:
tls
key with subkeys for namespace
and secretName
secretName
value defined earlierExample:
tap_gui:
tls:
namespace: tap-gui
secretName: tap-gui-cert
# Additional configuration below this line as needed
Update the Tanzu Application Platform package with the new values in tap-values.yaml
by running:
tanzu package installed update tap -p tap.tanzu.vmware.com -v TAP-VERSION --values-file tap-values.yaml -n tap-install
Where TAP-VERSION
is the version number that matches the values you used when you installed your profile.