Custom certificates #
If you need to configure Pipelines-as-Code with a Git repository that requires a privately signed or custom certificate to access, then you will need to expose the certificate to Pipelines-as-Code.
If you have installed Pipelines-as-Code through the OpenShift Pipelines operator, then you will need to add your custom certificate to the cluster via the Proxy object. The operator will expose the certificate in all OpenShift Pipelines components and workloads, including Pipelines-as-Code.
Create a ConfigMap containing the certificate #
kubectl -n pipelines-as-code create configmap git-repo-cert --from-file=git.crt=<path to ca.crt>
Mount the ConfigMap in the pods #
Follow this guide
to mount the ConfigMap in the
pipelines-as-code-watcher Deployments in the cluster in the
Say, you mounted the ConfigMap with the
To include this directory in the paths where the certificates are looked up,
set the environment variable
SSL_CERT_DIR in the relevant Pipelines-as-Code
kubectl set env deployment pipelines-as-code-controller pipelines-as-code-watcher -n pipelines-as-code SSL_CERT_DIR=/pac-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs:/system/etc/security/cacerts
Pipelines-as-Code should now be able to access the repository using the custom certificate.