Trusting Private CAs in TKG 2.1 clusters

February 13, 2023

TKG 2.1 has a very different configuration mechanism for clusters in comparison to previous versions of TKG.
In this post we will discuss how to add trust for a CA certificate to a cluster in TKG 2.1.

What needs to trust our CA

In a TKG cluster, there are 2 components we will want to add our CA to:

  1. Containerd – the container runtime that pulls the images from our registry
  2. Kapp Controller – the package management tool used for deploying Tanzu Packages on our clusters

Lets try and see how this can be done

For those that read my blog post on my initial impressions for TKG 2.1 will have seen that I call out that this is now possible without custom overlays like were needed in TKG 1.x.

While this is true, there are some caveats and a few limitations to this, that can easily be solved without needing to write anything custom, as long as we do things in a very specific manner.

Continue reading this post at VRABBI'S BLOG where this post was originally published.

Filter Tags

Tanzu Community Content

scott rosenberg

Read More from the Author

8 Years of experience in the worlds and Cloud and Automation. Currently Scott is the Lead Architect in the CTO Office at TeraSky. Scott has vast experience with both the legacy datacenters as well as the cutting edge Public Cloud technologies, and cloud native ecosystem and specializes in bridging the gap for customers and easing there transition to the new digital transformation era.