Add Custom CA Certificates
Upload Custom CA Certificates at Deployment Time
You can upload custom CA certificates to the Workload Agent during deployment by using the SYSDIG_EXTRA_FILES
environment variable.
SYSDIG_EXTRA_FILES
accepts JSON values in the following structure:
{
"files": [
{
"path": "path/to/file",
"encoding": "base64",
"data": "base64-encoded-data"
}
]
}
The JSON file contains an array of files
that need to be uploaded to the Workload Agent.
Each file contains the following fields:
path
: the path where the file will be stored in the Workload Agent container.encoding
: the encoding of the file. Currently, onlybase64
is supported.data
: the base64-encoded data of the file.
Example: Upload a CA Certificate
The following example shows how to upload a custom CA Certificate custom_ca.crt
to the Workload Agent.
The file you are uploading will be base64
encoded and stored in the /etc/ssl
directory.
Encode Your Custom File
Use any methods to encode the files in base64. For example, in a Linux shell, run:
The base64
output value shown here is an example. The actual value will be longer.
Set the SYSDIG_EXTRA_FILES
Environment Variable
Now that you have the base64-encoded value, add the SYSDIG_EXTRA_FILES
environment variable to the container running the agent, which gets the following JSON:
SYSDIG_EXTRA_FILES='{"files": [{"path": "/etc/ssl/custom_ca.crt", "encoding": "base64", "data": "TXkgY3VzdG9tIENBIENlcnRpZmljYXRlCg=="}]}'
Configure the Connection to the HTTP Proxy
set the SYSDIG_EXTRA_CONF
environment variable to configure the agent to use the custom CA certificates for HTTP Proxy connections.