Configuring SSL Certificate for Tanzu Application Platform GUI

When you setup TAP for the first time, you will not have SSL certificate configured for TAP GUI. In this blog post, I will demonstrate the step by step instructions to configure SSL certificate.

Pre-requirements

  • TAP Is installed and TAP UI is accessible with http
  • You have SSL certificate created for TAP GUI. e.g. using Let’s encrypt
  • SSL Certificate and Private Key file

Configure SSL Certificate for TAP GUI

  • Create a secret for SSL certificate in tap-gui namespace
kubectl create secret tls tap-gui-secret --cert fullchain.pem --key privkey.pem -n tap-gui
secret/tap-gui-secret created
  • Validate the secret is successfully created
kubectl get secret -n tap-gui
NAME                           TYPE                                  DATA   AGE
app-config-ver-9               Opaque                                1      36m
default-token-6wsml            kubernetes.io/service-account-token   3      25h
private-registry-credentials   kubernetes.io/dockerconfigjson        1      25h
tap-gui-secret                 kubernetes.io/tls                     2      44m
  • Modify the tap-values.yaml file and add parameters for SSL certificate secret. You need to edit under tap_gui section. Look for bold texts.
tap_gui:
  service_type: ClusterIP
  ingressEnabled: "true"
  ingressDomain: "your-ingress-domain"
  tls:
    namespace: tap-gui
    secretName: tap-gui-secret
  app_config:
   app:
      baseUrl: https://tap-gui.your-ingress-domain
   catalog:
      locations:
        - type: url
          target: http://github.com/dineshtripathi30/tanzuapp/blob/main/blank/catalog-info.yaml
   backend:
      baseUrl: https://tap-gui.your-ingress-domain
      cors:
        origin: https://tap-gui.your-ingress-domain
  • Update the tap package
tanzu package installed update tap -p tap.tanzu.vmware.com -v 1.1.0 --values-file tap11-values.yaml -n tap-install
 Updating installed package 'tap' 
/ Getting package install for 'tap' 
/ Getting package metadata for 'tap.tanzu.vmware.com' 
- Updating secret 'tap-tap-install-values' 
- Updating package install for 'tap' 
\ Waiting for 'PackageInstall' reconciliation for 'tap' 

| 'PackageInstall' resource successfully reconciled 
Updated installed package 'tap' in namespace 'tap-install'
  • Open a browser and hit the TAP GUI url with https
  • Now, you can access GUI over https.

One thought on “Configuring SSL Certificate for Tanzu Application Platform GUI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s