Many users want inbound traffic to Tanzu Developer Portal (formerly called Tanzu Application Platform GUI) to be properly encrypted. These topics tell you how to enable TLS encryption either with an existing certificate or by using the included cert-manager instance.
The two key concepts are certificate delegation and the relationship between cert-manager, certificates, and ClusterIssuers.
Tanzu Developer Portal uses the established shared Contour ingress for TLS termination.
This enables you to store the certificate in a Kubernetes
secret and then pass that
namespace to the
httpProxy that was created during installation. To do this, see Configuring a TLS certificate by using an existing certificate.
Tanzu Developer Portal can also use the
cert-manager package that is installed when the profile was installed.
This tool allows cert-manager to automatically acquire a certificate from a
This external entity can be an external certificate authority, such as Let’s Encrypt, or a self-signed certificate.
The following topics describe different ways to configure TLS: