You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _docs/installation/codefresh-on-prem.md
+33Lines changed: 33 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -723,6 +723,39 @@ cfapi:
723
723
724
724
For detailed information, see the [Securing your webhooks](https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks) and [Webhooks](https://docs.github.com/en/github-ae@latest/rest/webhooks).
725
725
726
+
### Configure custom Root CA for volumes and containers
727
+
Reference the K8s secret containing the root CA in `config.yaml`.
728
+
Define the volume or volumes with the K8s secret objects, and then the volume mounts for the container.
729
+
730
+
731
+
>Requires on-premises version 1.4.6 or higher.
732
+
733
+
**Before you begin**
734
+
Make you have a K8s secret containing the CA
735
+
736
+
**How to**
737
+
738
+
1. Add the following to the `global` section:
739
+
740
+
```yaml
741
+
global:
742
+
env:
743
+
NODE_EXTRA_CA_CERTS: /etc/ssl/custom/ca.crt
744
+
745
+
volumes:
746
+
custom-ca:
747
+
enabled: true
748
+
type: secret
749
+
existingName: my-custom-ca-cert #replace with the name of K8s secret object with the CA cert
750
+
optional: true
751
+
752
+
container:
753
+
volumeMounts:
754
+
custom-ca:
755
+
path:
756
+
- mountPath: /etc/ssl/custom/ca.crt
757
+
subPath: ca.crt
758
+
```
726
759
727
760
## Using existing external services for data storage/messaging