Configure a TLS Gateway in SAP BTP, Kyma Runtime ​
Learn how to configure a TLS Gateway in SAP BTP, Kyma runtime using Gardener-managed Let's Encrypt certificates.
Context ​
In this procedure, you set up a TLS Gateway that secures communication between clients and your workloads. The server certificate is automatically provisioned and managed through Gardener's Certificate custom resource (CR), which requests a publicly trusted certificate from Let's Encrypt.
Prerequisites ​
- You have Istio and API Gateway modules in your cluster. See Adding and Deleting a Kyma Module for SAP BTP, Kyma runtime or Quick Install for open-source Kyma.
- For setting up the TLS Gateway, you must prepare the domain name available in the public DNS zone.
- You must supply credentials for a DNS provider supported by Gardener so the ACME DNS challenge can be completed during certificate issuance. For the list of supported providers, see External DNS Management Guidelines.
Procedure ​
Next Steps ​
Expose workloads behing your TLS Gateway. To learn how to do this, see Expose and Secure Workloads.