Skip to main content
Version: 1.42

Configure TLS

To enable users to access the web applications required to manage Deeploy, you'll need a TLS certificate that covers the domains you've configured in the previous step. These domains are:

  • deeploy.example.com
  • api.deeploy.example.com

To obtain a TLS certificate, complete one of the following setups:

The easiest way to create your certificate is using Certbot with Docker:

  1. Change your your-local-path in the code snippets below. Note: You don't have to create the Let's Encrypt folder in this path, this folder will be created automatically.
  2. Run the snippets for both domains and follow the instructions in the terminal. Note: You'll need access to your DNS provider in order to add a TXT record that Let's Encrypt can validate.

deeploy.example.com snippet

docker run -it --rm --name letsencrypt \
-v /Your-local-path/letsencrypt1:/etc/letsencrypt \
-v /Your-local-path/letsencrypt2:/var/lib/letsencrypt \
certbot/certbot:latest certonly -d "deeploy.example.com" \
--manual --preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory

api.deeploy.example.com snippet

docker run -it --rm --name letsencrypt \
-v /Your-local-path/letsencrypt1:/etc/letsencrypt \
-v /Your-local-path/letsencrypt2:/var/lib/letsencrypt \
certbot/certbot:latest certonly -d "api.deeploy.example.com" \
--manual --preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory

After completing the certificate creation 3 files have been created in the /Your-local-path/letsencrypt1/live/deeploy.example.com/ folder. You need the fullchain.pem and privkey.pem files.

  1. Create the deeploy-cert Kubernetes TLS Secret:
kubectl create secret tls deeploy-cert \
--cert /Your-local-path/letsencrypt1/live/deeploy.example.com/fullchain.pem \
--key /Your-local-path/letsencrypt1/live/deeploy.example.com/privkey.pem \
-n istio-system
  1. Create the deeploy-api-cert Kubernetes TLS Secret :
kubectl create secret tls deeploy-api-cert \
--cert /Your-local-path/letsencrypt1/live/deeploy.example.com-0001/fullchain.pem \
--key /Your-local-path/letsencrypt1/live/deeploy.example.com-0001/privkey.pem \
-n istion-system