From ba4f49077ebb05ace33089849bcbb175352fd75e Mon Sep 17 00:00:00 2001 From: michaeljguarino Date: Thu, 20 Nov 2025 17:21:21 -0500 Subject: [PATCH] Improve sandbox docs new image vendoring + tls disable --- .../advanced-config/sandboxing.md | 34 +++++++++++++------ 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/pages/getting-started/advanced-config/sandboxing.md b/pages/getting-started/advanced-config/sandboxing.md index c4547cad..16ce3d71 100644 --- a/pages/getting-started/advanced-config/sandboxing.md +++ b/pages/getting-started/advanced-config/sandboxing.md @@ -91,19 +91,16 @@ A starter values file for configuring images for your console in the management ```yaml # configure main console image -image: - repository: your.enterprise.registry/pluralsh/console - tag: 0.8.7 # only if you want to pin a tag (not recommended as it's set by the chart already) - -# configure console operator image -controller: - controllerManager: - manager: - image: - repository: your.enterprise.registry/pluralsh/console +global: + registry: your.enterprise.registry # configure kas image kas: + agent: + proxy: + image: + repository: your.enteprise.registry/some/nginx + image: repository: your.enterprise.registry/pluralsh/kas ``` @@ -123,6 +120,23 @@ agentk: For more advanced configuration, we definitely recommend consulting the charts directly, they're both open source at https://github.com/pluralsh/console and https://github.com/pluralsh/deployment-operator. +## Disable cert-manager based TLS + +Our chart defaults to including TLS reconciled by cert-manager, but if you use a cloud-integrated cert management tool like Amazon Certificate Manager, it is unnecessary and could cause double-encryption. Disabling is a simple values override, done with: + +```yaml +# main plural ingress +ingress: + tls: + enabled: false + +# disable for KAS ingress too +kas: + ingress: + tls: + enabled: false +``` + ## Configuring Agent Helm Values Like we said, the main console deployment is pretty easy to configure, but the agents need to be handled specially since they need to be configured in bulk. We provide a number of utilities to make reconfiguration scalable.