Custom Certificates
Some differences exist depending on the type of installation you are performing.
Host Installation
In a host installation, you can specify the location of the CA certificate in the dragent.yaml
file.
ca_certificate: /path/to/ca.crt
For Windows host installations, the path should be in the format C:\path\to\ca.crt
. Stop the Sysdig Agent
service in Windows host installations before performing this configuration.
After you modify the dragent.yaml
file, restart the services to apply the changes.
Cluster Installation
In a cluster installation, you can specify the content of the custom certificate in the values.yaml
file or directly using the key-value pair.
Use the Key-Value Pair
Specify each parameter using the --set key=value[,key=value]
argument to the helm install command.
helm install sysdig sysdig/sysdig-deploy \
--set global.ssl.ca.certs[0]=<CA_CERTIFICATE>
Use values.yaml
The values.yaml
file specifies the values for the configuration parameters. You can add the configuration to the values.yaml
file, then use it in the helm install command.
global:
ssl:
ca:
certs:
- |
-----BEGIN CERTIFICATE-----
MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
-----END CERTIFICATE-----
# Filename that is used when creating the secret. Required if cert is provided.
keyName: "ca.crt"
Execute the following command after modifying the values.yaml file.
This will mount the certificate as a secret in the agent namespace.
helm install sysdig sysdig/sysdig-deploy -f values.yaml
There are other options to configure the CA certificate in the values.yaml
file depending on the existing secret or configmap that contains the CA certificate.
# Provide the name of an existing Secret that contains the CA required
existingCaSecret: "my-certificate"
# Provide the filename that is defined inside the existing Secret
existingCaSecretKeyName: "ca.crt"
# Provide the name of an existing ConfigMap that contains the CA required
existingCaConfigMap: "my-ca-configmap"
# Provide the filename that is defined inside the existing ConfigMap
existingCaConfigMapKeyName: "ca.crt"
Learn More
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.