- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Not the Solution
- Report Inappropriate Content
I believe this can be solved by adding the root CAs to the kapp-controller pods.
Generate a ca-certificates.crt file with the contents of all CAs to be trusted.
rm -f ca-certificates.crt
cat rootCA.crt >> ca-certificates.crt
# Repeat for all trusted CAs
Load the certificate bundle into Kubernetes and update the kapp-controller deployment to include it in all pods.
kubectl create -n tkg-system configmap kapp-controller-ca-certificates --from-file=ca-certificates.crt
cat <<EOF | kubectl patch -n tkg-system deployment/kapp-controller --patch-file=/dev/stdin
spec:
template:
spec:
containers:
- name: kapp-controller
volumeMounts:
- mountPath: /etc/ssl/certs/ca-certificates.crt
subPath: ca-certificates.crt
name: ca-certificates
readOnly: true
volumes:
- configMap:
name: kapp-controller-ca-certificates
name: ca-certificates
EOF
The kapp-controller pods will restart with the new configuration and should start working. You can follow the kapp-controller logs for more details.
kubectl -n tkg-system logs -f deployment/kapp-controller
