For non-Lightup Cloud deployments, you can add a TLS certificate to your Lightup cluster.

1. Obtain a TLS certificate (a .crt file) and an associated key (a .key file), and store them locally to a machine that has kubectl access to the cluster. For example, in a VM deployment these files should be on the VM.
2. From this machine run the following script with LIGHTUP_TLS_CRT_FILE and LIGHTUP_TLS_KEY_FILE set to the TLS certificate file paths:

curl -H 'Cache-Control: no-cache' -L https://s3.us-west-2.amazonaws.com/www.lightup.ai/launch_lightup.sh | LIGHTUP_TLS_CRT_FILE=<path to TLS crt file> LIGHTUP_TLS_KEY_FILE=<path to TLS key file> bash -s update-cert

3. Wait for about five minutes, then confirm the new certificate is in place and working.

Maintaining your certificate

You are responsible for maintaining the certificate going forward. If it expires you will need to replace the files and then rerun the cURL script.