Creating a Kubernetes TLS Secret
- Last Updated: July 17, 2025
- 1 minute read
- Hybrid Data Pipeline
- Version 5.0
- Documentation
Prerequisites:
- The FQDN you are using to call the Hybrid Data Pipeline service.
- TLS certificate and private key associated with the FQDN. The certificate and private key must be in PEM file format.
Hybrid Data Pipeline supports client-side TLS for Kubernetes deployments. TLS is required for ODBC and JDBC connectivity, and for the deployment and use of the On-Premises Connector. Therefore, TLS should be enabled in nearly all deployment scenarios. In turn, a Kubernetes TLS Secret must be created for the deployment. A Kubernetes TLS Secret stores the TLS certificate and its associated private key.
Take the following steps to create a TLS Secret for your Kubernetes cluster:
- Run the following command to create the TLS Secret:
kubectl create secret tls tls-cert --cert=fullchain.pem --key=privkey.pem --namespace namespace-value
where:
tls-cert is the name of the Secret.
fullchain.pem is the path to the certificate file. This file must be in PEM file format and must include the full certificate chain.
privkey.pem is the private key associated with the full chain certificate.
Important: The Secret must be created in the same namespace used to deploy the Helm chart. - Enable TLS and provide the name of the TLS Secret in the
values.yaml. For
example:
tls: enabled: true secretName: "tls-cert"