Background

Some organizations use fully private DNS and certificate authorities which won't validate using standard OS certificate bundles. The Plural console and agent communicate over standard HTTPs and all http clients will fail w/o certificate validation. The simplest way to manage this (and to manage private CAs generally) is to reconfigure the certificate bundles of the various apps. There are three main steps to this:

• set up cert managers trust manager in the relevant cluster(s)
• configure a configmap volume to /etc/ssl/certs to be mounted to all deployments for your management console
• configure your agents to use a similar configmap volume

Installing Trust Manager

trust-manager is a simple operator in the cert manager ecosystem that collates certificate bundles and writes them to secrets or config maps. Certificates are not usually sensitive information, so storing them in config maps is still within best-practices, and that will be how we manage it in this tutorial.

To install trust-manager, you can follow cert manager's docs here. It does require an installation of cert-manager as well. Once the operator is installed, you'll want to create a bundle resource, like so:

apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
  name: plrl-bundle
spec:
  sources:
    - useDefaultCAs: true
    - inLine:
        | # simple way to specify additional certificates, trust manager supports other sources too
        -----BEGIN CERTIFICATE-----
        MIIC5zCCAc+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
        ....
        0V3NCaQrXoh+3xrXgX/vMdijYLUSo/YPEWmo
        -----END CERTIFICATE-----
  target:
    configMap:
      key: 'ca-certificates.crt'

This will create a ConfigMap named plrl-bundle in every namespace, which can then be used by whatever workload, but in this case, we'll focus on the main Plural-specific resources to configure.

Note: once you have all these set up and all agents are healthy, you can use Plural to manage these resources long-term.

Configure your Console