From 2f54642b1951125210aa1ed6b0e4fe8caaf332b3 Mon Sep 17 00:00:00 2001 From: Roy Golan Date: Thu, 15 Aug 2024 17:43:08 +0300 Subject: [PATCH] Add missing instruction on adding the CA configmap Signed-off-by: Roy Golan --- .../operator/add-custom-ca-to-a-workflow-pod.adoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/serverlessworkflow/modules/ROOT/pages/cloud/operator/add-custom-ca-to-a-workflow-pod.adoc b/serverlessworkflow/modules/ROOT/pages/cloud/operator/add-custom-ca-to-a-workflow-pod.adoc index c9e1d3084..f7fc08561 100644 --- a/serverlessworkflow/modules/ROOT/pages/cloud/operator/add-custom-ca-to-a-workflow-pod.adoc +++ b/serverlessworkflow/modules/ROOT/pages/cloud/operator/add-custom-ca-to-a-workflow-pod.adoc @@ -136,6 +136,17 @@ spec: Similar to a deployment spec, a serverless workflow has a spec.podTemplate, with minor differences, but the change is almost identical. In this case, we are mounting some ingress ca-bundle because we want our workflow to reach the `.apps.my-cluster-name.my-cluster-domain` SSL endpoint. + +In this example we pull the ingress CA of OpenShift's ingress deployment because this +is the CA that is used to sign certificates for routes. It can be any CA that is signing the target service certificate. +Here's how to copy the ingress ca cert to the desired namespace: + +[source,shell] +--- +kubectl config set-context --current --namespace=my-namespace +kubectl get cm -n openshift-config-managed default-ingress-cert -o yaml | awk '!/namespace:.*$/' | sed 's/default-ingress-cert/ingress-ca/' | kubectl create -f - +--- + Here is the relevant spec section of a workflow with the changes: [source,yaml]