Add Custom Certificates to ESS Services#
In some cases, you may need to add custom certificates to the ESS services’ trust store. For example, you may need to add custom certificates to allow ESS services to communicate with services that do not use typical certificate authorities.
Warning
The following procedure modifies initContainers for your Kubernetes pods and may have far-reaching impact. Exercise care when using the following procedure.
Example Customization#
The following kustomization uses the Inrupt-provided
load-custom-cert.yaml to add a custom certificate (named
custom.crt in the example) from a ConfigMap when pods start
running.
Download the
load-custom-cert.yamlto a temp directory.cd $(mktemp -d) docker run --rm -v $(pwd):/cert-example/ docker.software.inrupt.com/inrupt-kustomizer:2.1 cp -R /release/ess/deployment/kubernetes/components/openid-custom-certificate/ /cert-example/
From the temp directory, copy the downloaded
load-custom-cert.yamlto the ESS installation directory.cp openid-custom-certificate/load-custom-cert.yaml ${HOME}/ess/
If saving to a directory different from the ESS installation directory, update the path to
load-custom-cert.yamlin thekustomization.yamlstep below.Go to your ESS installation directory:
cd ${HOME}/ess
Save your custom certificate in a file named
custom.crt.Modify the
kustomization.yaml(i.e., step 3 of the Applying Your Customizations procedure).Specifically, add the highlighted content to the
kustomization.yamlfile under thepatcheskey andconfigMapGeneratorkey:Tip
If
patcheskey does not exist inkustomization.yaml, add thepatcheskey as well.If
configMapGeneratorkey does not exist inkustomization.yaml, add theconfigMapGeneratorkey as well.# kustomization.yaml in your ESS installation directory # ... Preceding content omitted for brevity # ... patches: - path: load-custom-cert.yaml target: kind: Deployment name: ess-openid configMapGenerator: - name: custom-certificate namespace: ess files: - custom.crt
Continue with the rest of the Applying Your Customizations procedure.