Advanced Configuration
Support Self Signed CA Certificates
For organisations that enforce using self-signed certificates to connect to external services or other services, Truefoundry platform will have to be configured accordingly.
We will use kyverno to enable automated CA cert injection on pods selectively.
Steps
-
Install kyverno
-
We will use
tfy-kyverno-config
helm chart to enable cert injection link. Create avalues.yaml
and fill in the values. -
Install the helm chart
This will install a Kyverno ClusterPolicy
which will inject the ca certificates in the pods getting created along with env variables if needed.
You can also add more addCaCertificateVolume.injectionConfigs
with custom labels for workloads that need the CA certificate injected. The per-service labels can be configured from the truefoundry UI