This topic describes how you can configure the following certificates for Supply Chain Security Tools (SCST) - Store.
By default, SCST - Store creates a self-signed certificate and TLS communication is automatically enabled.
If ingress support is enabled, SCST - Store installation creates an HTTPProxy entry with host routing by using the qualified name metadata-store.<ingress_domain>
. For example, metadata-store.example.com
. The created route supports HTTPS communication using the self-signed certificate with the same subject Alternative Name
.
(Optional) Users can configure TLS to use a custom certificate. To do that:
tap-values.yaml
to use this secret.To place the certificates in a secret:
Secret
and type kubernetes.io/tls
.In the tap-values.yaml
file, you can configure the metadata store to use the namespace
and secretName
from the secret created in the last step.
metadata_store:
tls:
namespace: "namespace"
secretName: "secretName"
Where:
namespace
is the targeted namespace for secret consumption by the HTTPProxy.secretName
is the name of secret for consumption by the HTTPProxy.