Skip to main content
Version: 0.8.0

TLS and certificates

TLS configuration

By default the dashboard will listen on with TLS disabled and without exposing any external connection. To expose an external connection, you must first configure TLS. TLS termination can be provided via an ingress controller or directly by the dashboard. In either case, the helm release must be updated. To have the dashboard itself handle TLS, you must create a tls secret containing the cert and key:

kubectl create secret tls my-tls-secret \
--cert=path/to/cert/file \

and reference it from the helm release:

enabled: true
secretName: "my-tls-secret"

If you prefer to delegate TLS handling to the ingress controller instead, your helm release should look like:

enabled: true
... other parameters specific to the ingress type ...


Install cert-manager and request a Certificate in the flux-system namespace. Provide the name of secret associated with the certificate to the weave-gitops-enterprise HelmRelease as described above.