In an enterprise environment, to encrypt SSL connections, there could be a set of custom certificates signed by one or more trusted certificates. By following this guide you'll be able to provide one or more trusted certificates in PEM format in a single file for the core services managed by the Console.
If you want to add a custom CA certificate to a custom service you should visit this page.
To configure a custom CA certificate for
cms-backend core service, for example, you might:
- Verify if the service you want to provide an additional certificate with supports this feature by visiting its dedicated documentation page.
- Have the CA certificate in
pemformat, and rename the file in
- Create a Kubernetes Secret in the namespace (replace
YOUR_NAMESPACEwith your namespace name) of the project that needs it using the command:
This command will create a secret like the following:
additional-ca.pem content is created in base64.
- In the Console, access to the project and enter in the design section, select the working branch and click the advanced tab.
api-console-config/core-services.json file from the left menu.
Here, you should add:
Once saved and generate the file adding this configuration, you should see the volume correctly mounted in the generated deployment file.
This feature is enabled only for
v1-adapter core services. Other core services will be enabled in the future.
This feature is enabled for all environments. If it is not required to add custom ca certs, for example for a test environment, you must add a secret with an empty
additional-ca.pem file content.