You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/vendor/replicated-sdk-customizing.md
+26-7Lines changed: 26 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -502,21 +502,40 @@ replicated:
502
502
custom.company.io/pod-label: value
503
503
```
504
504
505
-
## Enable SSL
505
+
## Serve SDK API Endpoints Over HTTPS {#enable-ssl}
506
506
507
-
With the Replicated SDK version 1.6.0 and later, you can serve traffic from the Replicated SDK pod by setting the `replicated.tlsCertSecretName` Helm value in your Helm chart.
507
+
By default, the Replicated SDK serves its API over HTTP. With the Replicated SDK version 1.6.0 and later, you can serve the SDK API endpoints over HTTPS by providing a TLS certificate and key through the `tlsCertSecretName` value. This is useful if any of your enterprise customers require that communication between Kubernetes Pods occurs over HTTPS.
508
508
509
-
To configure the Replicated SDK pod to serve traffic over SSL:
509
+
**Requirement:** Serving the SDK API over HTTPS requires version 1.6.0 or later of the SDK.
510
510
511
-
1. Ensure a secret exists in the namespace with keys `tls.crt` and `tls.key` containing the TLS certificate and key.
512
-
This is the format produced by `kubectl create secret tls <secret_name> --cert=<cert_file> --key=<key_file>`.
511
+
To serve SDK API endpoints over HTTPS:
513
512
514
-
1. Set `tlsCertSecretName` to the name of the secret, as shown below:
513
+
1. In the same namespace as the Replicated SDK, create a Kubernetes Secret with `tls.crt` and `tls.key` fields that contain the TLS certificate and key, respectively.
514
+
515
+
**Example**:
516
+
517
+
```yaml
518
+
apiVersion: v1
519
+
kind: Secret
520
+
metadata:
521
+
name: tls-secret
522
+
namespace: default
523
+
type: kubernetes.io/tls
524
+
data:
525
+
tls.crt: ...(your certificate data)...
526
+
tls.key: ...(your private key data)...
527
+
```
528
+
529
+
:::note
530
+
This is the Secret format produced by `kubectl create secret tls <secret_name> --cert=path/to/tls.crt --key=path/to/tls.key`. For more information, see [kubectl create secret tls](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls/) in the Kubernetes documentation.
531
+
:::
532
+
533
+
1. Set the Replicated SDK `tlsCertSecretName` Helm value to the name of the Secret, as shown below:
515
534
516
535
```yaml
517
536
# Helm chart values.yaml
518
537
519
538
replicated:
520
539
tlsCertSecretName: YOUR_TLS_SECRET
521
540
```
522
-
Where `YOUR_TLS_SECRET` is the secret in the namespace containing the TLS certificate and key.
541
+
Where `YOUR_TLS_SECRET` is the name of the Secret in the namespace containing the TLS certificate and key.
0 commit comments