This message was deleted Rancher Users #k3s

Join Slack

This message was deleted.

# k3s

adamant-kite-43734

03/29/2023, 10:21 AM

This message was deleted.

breezy-autumn-81048

03/29/2023, 11:33 AM

I have verified that it's enough to add root CA to the pod so it could access GHES by creating the certificate file in the pods directory /etc/ssl/certs and then I added it to the curl command:

Copy code

curl -v <https://github.myexample.com> --cacert /etc/ssl/certs/rootCA.crt

Would be good to understand where that root CA should be added in K3S so pods could use it.

refined-analyst-8898

03/29/2023, 12:29 PM

You might use trust-manager to distribute CAs to namespaces after creating a k8s secret or configmap containing the trusted CA certificate.

refined-analyst-8898

03/29/2023, 12:30 PM

That would compose a CA bundle as yet another configmap which may then be mounted on any container for use by an application.

breezy-autumn-81048

03/31/2023, 2:32 PM

Hi, Thank you for your reply! I created a configMap and then attacked it directly in the deployment. That helped to solve an issue.

177 Views

Open in Slack

Previous Next