Skip to main content

v26.3.1

v26.3.1

Serve Polis over HTTPS with a built-in TLS sidecar

The Polis Helm chart can now terminate TLS in front of Polis without an external ingress. Set tlsSidecar.enabled: true and point tlsSidecar.tls.secretName at an existing Secret that holds tls.crt and tls.key (managed by you or cert-manager):

tlsSidecar:
enabled: true
tls:
secretName: polis-tls

The chart then runs an nginx sidecar that terminates HTTPS and proxies to Polis in the same pod. The Service keeps the same port and name; when the sidecar is enabled the Service routes to it (HTTPS) instead of the plain-HTTP Polis listener, so plain HTTP is no longer served. The sidecar image defaults to docker.io/nginxinc/nginx-unprivileged:stable and is overridable via tlsSidecar.image.

The feature is off by default, so existing deployments are unchanged and continue to serve plain HTTP.

For advanced cases, the chart also exposes deployment.extraContainers, deployment.extraVolumes, deployment.extraVolumeMounts, and deployment.extraEnvs to add arbitrary sidecars or volumes.