This topic describes how you can configure the following certificates for Supply Chain Security Tools (SCST) - Store.
By default, SCST - Store creates a self-signed certificate and TLS communication is automatically enabled.
If ingress support is enabled, SCST - Store installation creates an HTTPProxy entry with host-routing by using the qualified name metadata-store.<ingress_domain>
. For example, metadata-store.example.com
. The created route supports HTTPS communication using the self-signed certificate with the same subject Alternative Name
.
To configure TLS to use a custom certificate:
tap-values.yaml
to use this secret.To place the certificates in a secret:
Secret
and the type kubernetes.io/tls
.In tap-values.yaml
, configure the metadata store to use the namespace
and secretName
from the secret you just created, as in this example:
metadata_store:
tls:
namespace: "NAMESPACE"
secretName: "SECRET-NAME"
Where:
NAMESPACE
is the targeted namespace for secret consumption by the HTTPProxy.SECRET-NAME
is the name of secret for consumption by the HTTPProxy.