TLS Certificates

🚧

Legacy Flow

This document references a Service created via the Prodvana web app. This is no longer the recommended flow as services should be defined using config files. This document is kept around for compatibility and historical purposes.

Prodvana supports securing traffic to services using TLS encryption. Currently, only AWS certificate manager is supported.

🚧

Certificates must be in the AWS Region your EKS cluster runs

Obtain Certificate from AWS

Visit https://console.aws.amazon.com/acm/home in the account that hosts the EKS cluster linked to Prodvana.

Click on "Request Certificate" and follow prompts to obtain a new certificate. Once a certificate has been issued, copy the ARN associated with this certificate.

Attach Certificate to a service

Start a deployment of the service to attach the certificate to.

On the service configuration page, select the "Enable TLS" checkbox and update the "Exposed port" to 443. In the "Custom Domains and TLS" section at the bottom, enter in the domain you requested certificate for and paste in the certificate ARN that was copied in the previous step.

Click "Deploy" to start deployment.