Adding TLS Certificates to Your TrueFoundry Deployment
This guide explains how to configure TLS certificates to enable HTTPS access to your TrueFoundry deployments. We’ll cover multiple approaches based on your cloud and DNS provider.- AWS
- GCP
- Azure
- Cert files
When running TrueFoundry on AWS EKS, you have two options for TLS termination:
Terminate TLS at the Network Load Balancer using AWS cert-manager (recommended)
Terminate TLS at the Network Load Balancer using AWS cert-manager (recommended)
For production AWS deployments, terminating TLS at the Network Load Balancer using AWS Certificate Manager (ACM) is recommended for best performance and manageability.
Creating the certificate in AWS Certificate Manager
-
Create a certificate in ACM:
- Navigate to AWS Certificate Manager in the AWS console
- Request a public certificate
- Specify your domain (e.g.,
*.tfy.example.com) - Choose DNS validation (recommended)
-
Validate domain ownership:
-
Add the CNAME records provided by ACM to your DNS provider
- Follow the official AWS guide for DNS validation
- For detailed steps on adding CNAME records, see AWS documentation on DNS validation
- Wait for the certificate to change to “Active” status (this may take 30 minutes or longer)
-
Copy the certificate ARN for the next step (format will be like:
arn:aws:acm:region:account:certificate/certificate-id)
-
Add the CNAME records provided by ACM to your DNS provider
Applying the certificate to your TrueFoundry deployment
- In the TrueFoundry platform, navigate to Deployments > Helm
- Filter to find the helm chart for your cluster and select tfy-istio-ingress helm chart.
-
Click Edit and update the configuration:
Terminate TLS using cert-manager with your DNS provider (e.g. cloudflare, godaddy, etc.)
Terminate TLS using cert-manager with your DNS provider (e.g. cloudflare, godaddy, etc.)
Other way to handle TLS termination is to use cert-manager with your DNS provider. This is useful if you don’t want to use AWS cert-manager.For this you can follow the instructions here.