Add CA certificate configuration details to template (#214)

* Add CA certificate configuration details to template * Add namespace to example * Update getting-started/templates/systemlink-values.yaml Co-authored-by: Mark Black <mark.black@ni.com> * Merge sentences for clarity * Remove redundancy * cleanup * Update getting-started/templates/systemlink-values.yaml Co-authored-by: Mark Black <mark.black@ni.com> --------- Co-authored-by: Mark Black <mark.black@ni.com>
ni · Aug 19, 2024 · f7592f0 · f7592f0
1 parent 0968fae
commit f7592f0
Showing 1 changed file with 29 additions and 3 deletions.
diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml
@@ -92,11 +92,37 @@ global:
     install: false
   ##
   ## Specify secrets containing trusted certificates that should be installed in all the necessary applications.
-  ## The secrets must be deployed manually prior to installing this chart.
+  ## The secrets must be deployed manually prior to installing this chart. Config maps may be used when it is not possible to use a secret.
   ## Example:
-  ##  - secretName: "S3Certificate"
-  ##    key: cert
+  ##  - secretName: "ca-secret"
+  ##    key: "cert"
+  ##  - secretName: "ca-config-map"
+  ##    key: "my-cert"
+  ##    isConfigMap: true
+  ##
+  #  <ATTENTION> - If one or more private Certificate Authorities are required for HTTPS access to this application
+  #                or for TLS access to any external resources referenced by this application (databases, file storage, etc.),
+  #                a copy of the certificate chain must be deployed as a secret to the cluster prior to deploying this application.
+  #                For certificate authorities, only the public certificate needs to be deployed to the cluster.
+  #
+  #                EXAMPLE:  kubectl -n systemlink-namespace create secret generic my-ca-certificate --from-file=cert=path/to/my-ca.crt
+  #
+  #                Use the 'trustedCertificatesSecrets', 'apiHostCertificateSecret' and 'deployApiHostCertificateToSystems'
+  #                values below to configure the application and registered client systems with the required trust chain.
+  #
   trustedCertificatesSecrets: []
+  ##
+  ## Secret containing the TLS certificate for the API host. This configuration is only necessary when the API
+  ## host is using a private root CA certificate. When deployApiHostCertificateToSystems is true, this certificate
+  ## will be deployed and installed on all managed clients to enable communication with the API host.
+  ##
+  apiHostCertificateSecret:
+  #  secretName: "ca-secret"
+  #  key: "certificate"
+  ##
+  ## Deploy the certificate stored in apiHostCertificateSecret to all managed systems.
+  ##
+  deployApiHostCertificateToSystems: false
 
 ## Core configuration for the RabbitMQ message broker
 ##