v26.3.1
v26.3.1
Serve Polis over HTTPS with a built-in TLS sidecar
The Polis Helm chart can now terminate TLS in front of Polis without an external ingress. Set tlsSidecar.enabled: true and point
tlsSidecar.tls.secretName at an existing Secret that holds tls.crt and tls.key (managed by you or cert-manager):
tlsSidecar:
enabled: true
tls:
secretName: polis-tls
The chart then runs an nginx sidecar that terminates HTTPS and proxies to Polis in the same pod. The Service keeps the same port
and name; when the sidecar is enabled the Service routes to it (HTTPS) instead of the plain-HTTP Polis listener, so plain HTTP is
no longer served. The sidecar image defaults to docker.io/nginxinc/nginx-unprivileged:stable and is overridable via
tlsSidecar.image.
The feature is off by default, so existing deployments are unchanged and continue to serve plain HTTP.
For advanced cases, the chart also exposes deployment.extraContainers, deployment.extraVolumes,
deployment.extraVolumeMounts, and deployment.extraEnvs to add arbitrary sidecars or volumes.