From 25e4b6ddac7f72723ae61f32ae9b5476efa1b8dd Mon Sep 17 00:00:00 2001
From: divolgin <dmitriy@replicated.com>
Date: Fri, 20 Sep 2024 09:30:31 -0700
Subject: [PATCH] Document custom CA use with replicated SDK

---
 docs/vendor/replicated-sdk-customizing.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/vendor/replicated-sdk-customizing.md b/docs/vendor/replicated-sdk-customizing.md
index 079bc470e4..44c1f53fcb 100644
--- a/docs/vendor/replicated-sdk-customizing.md
+++ b/docs/vendor/replicated-sdk-customizing.md
@@ -110,6 +110,22 @@ replicated:
     value: my-value-2  
 ```
 
+## Custom Certificate Authority
+
+When installing the Replicated SDK behind a proxy server that terminates TLS and injects a custom certificate, you must provide the CA to the SDK. This can be done by storing the CA in a ConfigMap prior to installation and setting `privateCAsConfigmap` key to the name of the ConfigMap.
+
+To store the CA in a ConfigMap:
+
+1. Create a ConfigMap with the name of `private-ca` and the CA as the data value:
+   ```bash
+   kubectl create configmap -n <NAMESPACE> private-ca --from-file=ca.crt=./ca.crt
+   ```
+1. Add the name of the config map to the values file:
+   ```yaml
+   replicated:
+     privateCAsConfigmap: private-ca
+   ```
+
 ## Add Tolerations
 
 The Replicated SDK provides a `replicated.tolerations` value that allows users to add custom tolerations to the deployment. For more information about tolerations, see [Taints and Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/).