internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2b0221bbc61d0775c461661324c34dd8f12f9f34
awx-operator/docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md
kurokobo 2b0221bbc6 docs: overall minor renovations (#1874) 
* docs: simplify README.md and make index.md to refer to it
* docs: change order for pages in navigation and add missing pages
* docs: fix headings to improve navigation, transform notes to admonition, fix indentation, linting issues and minor issues
* docs: merge docs for using images from private registries
* docs: add example to integrate LDAP configuration via extra_settings_files
* Apply suggestions from code review
docs: apply suggested changes

Co-authored-by: Don Naro <dnaro@redhat.com>

* docs: update the doc site url as same as the url in https://www.ansible.com/ecosystem/
* docs: minor fixes for hpa page
* docs: expand note block
* docs: apply #1904 to README.md

---------

Co-authored-by: Don Naro <dnaro@redhat.com>
2024-07-20 18:34:21 -04:00

2.0 KiB
Raw Blame History

Trusting a Custom Certificate Authority

In cases which you need to trust a custom Certificate Authority, there are few variables you can customize for the awx-operator.

Trusting a custom Certificate Authority allows the AWX to access network services configured with SSL certificates issued locally, such as cloning a project from from an internal Git server via HTTPS. It is common for these scenarios, experiencing the error unable to verify the first certificate.

Name Description Default
ldap_cacert_secret LDAP Certificate Authority secret name ''
ldap_password_secret LDAP BIND DN Password secret name ''
bundle_cacert_secret Certificate Authority secret name ''

Please note the awx-operator will look for the data field ldap-ca.crt in the specified secret when using the ldap_cacert_secret, whereas the data field bundle-ca.crt is required for bundle_cacert_secret parameter.

Example of customization could be:

---
spec:
  ...
  ldap_cacert_secret: <resourcename>-custom-certs
  ldap_password_secret: <resourcename>-ldap-password
  bundle_cacert_secret: <resourcename>-custom-certs

Create the secret with kustomization.yaml file:

...
secretGenerator:
  - name: <resourcename>-custom-certs
    files:
      - bundle-ca.crt=<path+filename>
    options:
      disableNameSuffixHash: true
...

Create the secret with CLI:

  • Certificate Authority secret

    kubectl create secret generic <resourcename>-custom-certs \
  --from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>  \
  --from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>

  • LDAP BIND DN Password secret

    kubectl create secret generic <resourcename>-ldap-password \
  --from-literal=ldap-password=<your_ldap_dn_password>