Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tensor9.com/llms.txt

Use this file to discover all available pages before exploring further.

Security

Do you ever see my credentials or secrets?

No. You create secrets directly in your own cluster or cloud secret manager. We see only whether a secret exists (a checkmark in the setup interface), never its value. See Credentials and Secrets.

How do I know what permissions the controller has?

The controller runs under an IAM role (AWS) or service account (Kubernetes) in your own account or cluster. You can inspect the Terraform templates before applying them - they contain the exact roles and bindings. After installation, you can list the active role and policies with kubectl or the AWS CLI. See Permissions.

Can I revoke access at any time?

Yes. You own the role and bindings, and can revoke or delete them at any time without coordinating with us. Revocation is immediate. See Revoking Access.

Does the controller phone home?

The controller communicates outbound to our systems for deployment instructions and to report health status. It does not forward your secrets, your data, or information about your other workloads. Application telemetry is off by default and only enabled with your agreement.

Installation

How long does installation take?

Most installations complete in under an hour. The exact time depends on your environment, how many services need configuration, and how many secrets you need to create.

Can I pause and resume?

Yes. Your progress is saved automatically. Close the browser and reopen the setup link whenever you’re ready to continue.

Can I review the Terraform before applying?

Absolutely. The templates are standard .tf files with no custom providers or opaque modules. We encourage you to review them. See the installation guides for AWS or Kubernetes.

What if Terraform apply fails partway through?

Terraform tracks state. If an apply fails, re-running terraform apply will pick up where it left off. You won’t get duplicate resources.

Can I integrate the Terraform into my existing IaC workflow?

Yes. The generated templates are standard Terraform. You can check them into your own repo, run them through your CI/CD pipeline, or manage them alongside your other infrastructure code.

Configuration

Can I use a custom domain?

Yes. You can bring your own domain and configure it with Route 53 or Cloudflare. See DNS and Domains.

What if I don’t have a custom domain?

We can provide a subdomain automatically. No DNS configuration needed on your end.

Can I skip optional secrets?

Yes. Optional secrets can be skipped during setup and added later if needed. Required secrets must be created before the deployment can proceed.

How do I rotate a secret?

Replace the secret in your cluster or cloud secret manager. The controller detects the change automatically. See Secrets.

Operations

How are updates applied?

We prepare the release, and the controller in your environment applies it automatically. You don’t need to take action for routine updates. See Updates and Upgrades.

Can I pin to a specific version?

Yes. Contact us if you need to freeze at a specific version during an audit or compliance review.

What monitoring do I need to set up?

For the controller and deployment infrastructure - nothing. We monitor the controller’s health from our side. For the application’s business logic and user-facing behavior, use your existing monitoring tools. See Monitoring.

What happens if the controller goes offline?

The application continues running - it doesn’t depend on the controller for normal operation. We won’t be able to deploy updates or monitor health until the controller reconnects. We’ll be aware of the outage from our side.

Network

What outbound access does the controller need?

The controller needs outbound HTTPS (port 443) to communicate with our systems. No inbound ports are required. Contact us for the specific endpoint list if your network has restricted outbound access.

Does the controller need a public IP?

No. The controller runs in a private subnet (AWS) or within your cluster’s internal network (Kubernetes). All communication is outbound.