Add custom CA in OCP bundle

openstack-gitops · Dec 10, 2024 · 3151036 · 3151036
1 parent 06aa997
commit 3151036
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/docs/managing-secrets-with-vault.md b/docs/managing-secrets-with-vault.md
@@ -55,6 +55,13 @@ $ openssl genrsa -out ca.key 4096
 $ openssl req -x509 -new -nodes -key ca.key -sha256 -days 1024 -out ca.crt
 ```
 
+_Inject our custom CA in the OCP internal trust store_
+```bash
+$ oc -n openshift-config create configmap vault-ca.crt --from-file ca-bundle.crt=ca.crt
+$ oc patch proxy/cluster --type=merge --patch='{"spec":{"trustedCA":{"name":"vault-ca.crt"}}}'
+```
+([doc source](https://docs.openshift.com/container-platform/4.17/security/certificates/updating-ca-bundle.html))
+
 _Create a certificate configuration `vault-csr.conf` (set `CN` accordingly)_
 ```
 [req]