Trusting Private CAs in TKG 2.1 clusters

February 13, 2023

TKG 2.1 has a very different configuration mechanism for clusters in comparison to previous versions of TKG.
In this post we will discuss how to add trust for a CA certificate to a cluster in TKG 2.1.

What needs to trust our CA

In a TKG cluster, there are 2 components we will want to add our CA to:

  1. Containerd – the container runtime that pulls the images from our registry
  2. Kapp Controller – the package management tool used for deploying Tanzu Packages on our clusters

Lets try and see how this can be done

For those that read my blog post on my initial impressions for TKG 2.1 will have seen that I call out that this is now possible without custom overlays like were needed in TKG 1.x.

While this is true, there are some caveats and a few limitations to this, that can easily be solved without needing to write anything custom, as long as we do things in a very specific manner.

Continue reading this post at VRABBI'S BLOG where this post was originally published.

Filter Tags

Tanzu Community Content

Scott Rosenberg

Read More from the Author

With a wealth of experience in the realms of Cloud and Automation, Scott currently holds the prestigious position of Lead Architect in the CTO Office at TeraSky. His expertise spans from traditional legacy datacenters to innovative public cloud technologies and the cloud native ecosystem. Specializing in bridging the gap for customers, Scott eases their transition into the new era of digital transformation.