Trust Custom CA¶
This section describes how to configure Rok or Rok Registry to trust a custom CA. This is required to allow Rok or Rok Registry to connect securely with services that use certificates signed by an unknown authority.
Go to your GitOps repository, inside your
root@rok-tools:~# cd ~/ops/deployments
Obtain the custom CA certificate and copy it to your clipboard.
Edit the Kustomize patch and set the corresponding config variable. Choose one of the following options, based on your deployment.
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Trust Custom CA"
Apply the kustomization. Choose one of the following options, based on your deployment.
Assuming you have exposed your deployment with a certificate signed by your custom CA, follow the steps below to verify that this CA is considered as trusted.
Specify the endpoint of an HTTPS service that uses a certificate signed by your custom CA:
root@rok-tools:~/ops/deploymnets# export ENDPOINT=<ENDPOINT>
<ENDPOINT>with the endpoint of your HTTPS service. For example:
root@rok-tools:~/ops/deploymnets# export ENDPOINT=https://arrikto-cluster.apps.example.com/registry/
Exec into the Pod and try to access your Dashboard. Choose one of the following options, based on your deployment.
Connection timed out
Ensure that your Load Balancer allows traffic coming from inside your cluster. Edit
ingress-nginxLoadBalancer service accordingly.