Custom Certificate Authorities

Appending the Certificate Authority (CA)

Appending the Certificate Authority (CA)

Append additional certificate authorities to the system’s trusted certificate store by patching the machine configuration with the following document:

apiVersion: v1alpha1
kind: TrustedRootsConfig
name: custom-ca
certificates: |-
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----

Multiple documents can be appended, and multiple CA certificates might be present in each configuration document. This configuration can be also applied in maintenance mode. Please note that if the STATE partition is encrypted, the CA certificates will only be loaded after the partition is unlocked. So the encryption method should allow unlocking the partition without the need for a CA certificate.

How to manage PKI and certificate lifetimes with Talos Linux

IRSA with Talos Linux

⌘I

Overview

Getting Started

Platform specific installation

Deploying and managing workloads

Networking

Security

Build and extend Talos

Configure your Talos cluster

Advanced guides

Reference

Troubleshooting and support

Learn more

Appending the Certificate Authority (CA)

Overview

Getting Started

Platform specific installation

Deploying and managing workloads

Networking

Security

Build and extend Talos

Configure your Talos cluster

Advanced guides

Reference

Troubleshooting and support

Learn more

Documentation Index

​Appending the Certificate Authority (CA)

Appending the Certificate Authority (CA)