Tab Group

tab-group

Deprecated documentation notice
This is a callout with an icon.
Caution

This is a Caution callout. There was previously a bug with bold text that we should be aware of and continue to check for. This callout was invoked with the <caution> shortcode. It has no custom title.

This is on a new line.

This is on a new line

This is a plain callout with a title. It has a link to a heading on this page. Its shortcode is <call-out> with a custom title parameter.

  1. Create the /etc/ssl/nginx directory:

    sudo mkdir -p /etc/ssl/nginx

  2. Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.

  3. Install required dependencies:

    sudo yum install ca-certificates wget

  4. Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:

    shell
    sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
nginx -s reload

Much nested tab group

To configure a CA cert and/or client certificate and key, a few extra steps are needed.

First, you need to create two Secrets in the nginx-gateway namespace. The CA must live under the key ca.crt:

kubectl -n nginx-gateway create secret generic nim-ca --from-file ca.crt

The client cert and key must be added to a TLS Secret:

kubectl -n nginx-gateway create secret tls nim-client --cert /path/to/cert --key /path/to/key

Specify the CA Secret name in the --usage-report-ca-secret command-line flag on the nginx-gateway container. Specify the client Secret name in the --usage-report-client-ssl-secret command-line flag on the nginx-gateway container.

You also need to define the proper volume mount to mount the Secrets to the nginx container. Add the following volume to the Deployment:

yaml
- name: nginx-plus-usage-certs
  projected:
    sources:
      - secret:
          name: nim-ca
      - secret:
          name: nim-client

and the following volume mounts to the nginx container:

yaml
- mountPath: /etc/nginx/certs-bootstrap/
  name: nginx-plus-usage-certs

Finally, in the nginx-includes-bootstrap ConfigMap, add the following lines to the mgmt block:

text
ssl_trusted_certificate /etc/nginx/certs-bootstrap/ca.crt;
ssl_certificate        /etc/nginx/certs-bootstrap/tls.crt;
ssl_certificate_key    /etc/nginx/certs-bootstrap/tls.key;

Specify the CA Secret name using the nginx.usage.caSecretName helm value. Specify the client Secret name using the nginx.usage.clientSSLSecretName helm value.

Last modified September 9, 2025
View source
Edit this page
Create a new issue