diff --git a/.github/config/en-custom.txt b/.github/config/en-custom.txt index 7d31e89b3..527960b20 100644 --- a/.github/config/en-custom.txt +++ b/.github/config/en-custom.txt @@ -13,6 +13,7 @@ Async AWSSimpleQueueService Azure Blazor +CAs clusterissuer ClusterIssuer CLI @@ -57,6 +58,7 @@ HttpRoute HttpRoutes Kibana IAM +IAMs IaC InternalServerError IoT diff --git a/docs/content/guides/operations/kubernetes/kubernetes-install/index.md b/docs/content/guides/operations/kubernetes/kubernetes-install/index.md index 917d46f15..e9dcb1617 100644 --- a/docs/content/guides/operations/kubernetes/kubernetes-install/index.md +++ b/docs/content/guides/operations/kubernetes/kubernetes-install/index.md @@ -23,6 +23,14 @@ rad install kubernetes rad install kubernetes --set global.zipkin.url=http://jaeger-collector.radius-monitoring.svc.cluster.local:9411/api/v2/spans,rp.publicEndpointOverride=localhost:8081 ``` +### Use your own root certificate authority certificate + +Many enterprises leverage intermediate root certificate authorities (CAs) to enhance security and control over outgoing traffic originating from their employees' machines, particularly when using a firewall or proxy solution. For example, some enterprises may choose to issue CAs per org and control the traffic per org. In this setup, when Radius attempts to connect to an external endpoint, such as Azure or AWS, traffic is blocked by the firewall. You may optionally use`--set-file` when installing Radius to inject your root CA certificates into Radius: + +```bash +rad install kubernetes --set-file global.rootCA.cert=/etc/ssl/your-root-ca.crt +``` + ## Install with Helm 1. Begin by adding the Radius Helm repository: @@ -47,6 +55,7 @@ rad install kubernetes --set global.zipkin.url=http://jaeger-collector.radius-mo | `global.prometheus.enabled` | `true` | Enables Prometheus metrics. Defaults to `true` | `global.prometheus.path` | `"/metrics"` | Metrics endpoint | `global.prometheus.port` | `9090` | Metrics port +| `global.rootCA.cert` | | Root CA certificate which will be injected to Radius containers. Use `--set-file global.rootCA.cert=[cert file]` | `rp.image` | `ghcr.io/radius-project/applications-rp:latest` //TODO | Location of the Radius resource provider (RP) image | `rp.tag` | `latest` | Tag of the Radius resource provider (RP) image |`rp.publicEndpointOverride` | `""` | Public endpoint of the Kubernetes cluster. Overrides the default behavior of automatically detecting the public endpoint.