Add missing instruction on adding the CA configmap (#669)

* Add missing instruction on adding the CA configmap Signed-off-by: Roy Golan <[email protected]> * Update serverlessworkflow/modules/ROOT/pages/cloud/operator/add-custom-ca-to-a-workflow-pod.adoc Co-authored-by: Ricardo Zanini <[email protected]> --------- Signed-off-by: Roy Golan <[email protected]> Co-authored-by: Ricardo Zanini <[email protected]>
apache · Sep 6, 2024 · d0f5003 · d0f5003
1 parent 9517469
commit d0f5003
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/...workflow/modules/ROOT/pages/cloud/operator/add-custom-ca-to-a-workflow-pod.adoc b/...workflow/modules/ROOT/pages/cloud/operator/add-custom-ca-to-a-workflow-pod.adoc
@@ -136,6 +136,16 @@ spec:
 
 Similar to a deployment spec, a serverless workflow has a spec.podTemplate, with minor differences, but the change is almost identical.
 In this case, we are mounting some ingress ca-bundle because we want our workflow to reach the `.apps.my-cluster-name.my-cluster-domain` SSL endpoint.
+
+In this example, we pull the ingress CA of OpenShift's ingress deployment because this is the CA that signs the target routes' certificates. It can be any CA that is signing the target service certificate.
+Here's how to copy the ingress ca cert to the desired namespace:
+
+[source,shell]
+---
+kubectl config set-context --current --namespace=my-namespace
+kubectl get cm -n openshift-config-managed default-ingress-cert  -o yaml | awk '!/namespace:.*$/' | sed 's/default-ingress-cert/ingress-ca/'  | kubectl create -f -
+---
+
 Here is the relevant spec section of a workflow with the changes:
 
 [source,yaml]