Add Custom Certificates to ESS Services#
In some cases, you may need to add custom certificates to the ESS services’ trust store. For example, you may need to add custom certificates to allow ESS services to communicate with services that do not use typical certificate authorities.
Warning
The following procedure modifies initContainers for your Kubernetes pods and may have far-reaching impact. Exercise care when using the following procedure.
Example Customization#
The following kustomization uses the Inrupt-provided
load-custom-cert.yaml
to add a custom certificate (named
custom.crt
in the example) from a ConfigMap
when pods start
running.
Download the
load-custom-cert.yaml
to a temp directory.cd $(mktemp -d) docker run --rm -v $(pwd):/cert-example/ docker.software.inrupt.com/inrupt-kustomizer:2.3.0 cp -R /release/ess/deployment/kubernetes/components/openid-custom-certificate/ /cert-example/
From the temp directory, copy the downloaded
load-custom-cert.yaml
to the ESS installation directory.cp openid-custom-certificate/load-custom-cert.yaml ${HOME}/ess/
If saving to a directory different from the ESS installation directory, update the path to
load-custom-cert.yaml
in thekustomization.yaml
step below.Go to your ESS installation directory:
cd ${HOME}/ess
Save your custom certificate in a file named
custom.crt
.Modify the
kustomization.yaml
(i.e., step 3 of the Applying Your Customizations procedure).Specifically, add the highlighted content to the
kustomization.yaml
file under thepatches
key andconfigMapGenerator
key:Tip
If
patches
key does not exist inkustomization.yaml
, add thepatches
key as well.If
configMapGenerator
key does not exist inkustomization.yaml
, add theconfigMapGenerator
key as well.# kustomization.yaml in your ESS installation directory # ... Preceding content omitted for brevity # ... patches: - path: load-custom-cert.yaml target: kind: Deployment name: ess-openid configMapGenerator: - name: custom-certificate namespace: ess files: - custom.crt
Continue with the rest of the Applying Your Customizations procedure.