Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
b
breezy-autumn-81048
03/29/2023, 10:21 AMHi community,
Quick question. In case I get
curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: <https://curl.haxx.se/docs/sslcerts.html>/var/lib/rancher/k3s/server/tlsI have verified that it's enough to add root CA to the pod so it could access GHES by creating the certificate file in the pods directory /etc/ssl/certs and then I added it to the curl command:
curl -v <https://github.myexample.com> --cacert /etc/ssl/certs/rootCA.crtr
refined-analyst-8898
03/29/2023, 12:29 PMYou might use trust-manager to distribute CAs to namespaces after creating a k8s secret or configmap containing the trusted CA certificate.
That would compose a CA bundle as yet another configmap which may then be mounted on any container for use by an application.
b
breezy-autumn-81048
03/31/2023, 2:32 PMHi,
Thank you for your reply! I created a configMap and then attacked it directly in the deployment. That helped to solve an issue.