Skip to content

Certificate injection in Pulp containers#

In OpenShift environments, it is possible to mount additional trust bundles into Pulp containers.

Pulp operator handles part of the process.

When trusted_ca: true Pulp operator will automatically create and mount a ConfigMap with the custom CA into Pulp pods, but before doing so users need to first follow the steps from Enabling the cluster-wide proxy to "register" the custom CA certificate into the cluster.

Info

It is recommended to execute the previous steps in a maintenance window because, since this is cluster-wide modification, the cluster can get unavailable if executed wrong (some cluster operators pods will be restarted).