Skip to main content
To use a custom domain with TLS on your SambaStack deployment, follow these steps:
This guide is for SambaStack Hosted deployments only.

Step 1: Obtain TLS Certificates

Acquire the TLS certificate and private key for your domain from a trusted certificate authority.

Step 2: Create Kubernetes TLS Secret

Follow the official Kubernetes documentation to create a Kubernetes secret for your TLS certificate and key. Example command: 
kubectl create secret tls <name-for-tls> \
  --cert=path/to/cert.crt \
  --key=path/to/key.key

Step 3: Configure DNS Records

Create DNS records to map your custom domains to the SambaStack servers as follows:
DomainRecord TypeValue
api.example.comCNAMEapi.sambanova.ai
api.example.comTXT<From installer log>
ui.example.comCNAMEcloud.sambanova.ai
ui.example.comTXT<From installer log>
Contact SambaNova support to confirm your regional endpoint, if needed.

Step 4: Update sambastack.yaml

Edit the sambastack.yaml configuration file under data → sambastack.yaml to include your domain and TLS secret information with correct indentation: 
data:
  sambastack.yaml: |
    gateway:
      ingress:
        hosts:
          - host: api.example.com
            tlsSecretName: <name-for-tls>
    cloud-ui:
      ingress:
        hosts:
        - host: ui.example.com
          tlsSecretName: <name-for-tls>
See the SambaStack.yaml Reference for a full example.

Step 5: Apply Configuration

Apply your changes: 
kubectl apply -f sambastack.yaml

Step 6: Sanity Check

Monitor the installer logs to verify TLS certificate processing and domain verification: 
kubectl -n sambastack-installer logs -l sambanova.ai/app=sambastack-installer -f
After applying these changes, your SambaStack deployment will use the specified custom domains and TLS certificates.