Skip to content

edit enable ssl for sdk steps #3338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 26, 2025
Merged

edit enable ssl for sdk steps #3338

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 26 additions & 7 deletions docs/vendor/replicated-sdk-customizing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -502,21 +502,40 @@ replicated:
custom.company.io/pod-label: value
```

## Enable SSL
## Serve SDK API Endpoints Over HTTPS {#enable-ssl}

With the Replicated SDK version 1.6.0 and later, you can serve traffic from the Replicated SDK pod by setting the `replicated.tlsCertSecretName` Helm value in your Helm chart.
By default, the Replicated SDK serves its API over HTTP. With the Replicated SDK version 1.6.0 and later, you can serve the SDK API endpoints over HTTPS by providing a TLS certificate and key through the `tlsCertSecretName` value. This is useful if any of your enterprise customers require that communication between Kubernetes Pods occurs over HTTPS.

To configure the Replicated SDK pod to serve traffic over SSL:
**Requirement:** Serving the SDK API over HTTPS requires version 1.6.0 or later of the SDK.

1. Ensure a secret exists in the namespace with keys `tls.crt` and `tls.key` containing the TLS certificate and key.
This is the format produced by `kubectl create secret tls <secret_name> --cert=<cert_file> --key=<key_file>`.
To serve SDK API endpoints over HTTPS:

1. Set `tlsCertSecretName` to the name of the secret, as shown below:
1. In the same namespace as the Replicated SDK, create a Kubernetes Secret with `tls.crt` and `tls.key` fields that contain the TLS certificate and key, respectively.

**Example**:

```yaml
apiVersion: v1
kind: Secret
metadata:
name: tls-secret
namespace: default
type: kubernetes.io/tls
data:
tls.crt: ...(your certificate data)...
tls.key: ...(your private key data)...
```

:::note
This is the Secret format produced by `kubectl create secret tls <secret_name> --cert=path/to/tls.crt --key=path/to/tls.key`. For more information, see [kubectl create secret tls](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls/) in the Kubernetes documentation.
:::

1. Set the Replicated SDK `tlsCertSecretName` Helm value to the name of the Secret, as shown below:

```yaml
# Helm chart values.yaml

replicated:
tlsCertSecretName: YOUR_TLS_SECRET
```
Where `YOUR_TLS_SECRET` is the secret in the namespace containing the TLS certificate and key.
Where `YOUR_TLS_SECRET` is the name of the Secret in the namespace containing the TLS certificate and key.