Using Custom CA Certificates

If you use custom CA certificates in your deployment process, such as self-signed certificates, you can add them to env zero’s Self-Hosted Agent. To do so, you can attach certificates using the customCertificates helm value that can be set in the configuration. Its value should be a list of Kubernetes Secret names. Each secret may contain one or more custom certificate files. For instance, you can add your CA file using the following command in your cluster:

kubectl create secret generic my-self-signed-cert --from-file=my-self-signed-cert.cer --namespace=env0-agent

Then, in your Helm values file, add the related config:

yaml

"customCertificates":
  - "my-self-signed-cert"

Now you can proceed with the agent upgrade/installation.

Node.js scriptsDuring env zero deployment some customers may want to use Node.js scripts.

To make sure your script using the custom certificates, please add the NODE_EXTRA_CA_CERTS environment variable with the value of /etc/ssl/certs/ca-certificates.crt. That file contains all the certificates in our agent’s pod.

Ignore CA CertsSet gitSslNoVerify to true in your helm values to ignore CA certs.

Next steps

Custom/Optional Configuration - See the full customCertificates Helm value reference.
Self-Hosted Kubernetes Agent - Upgrade the agent after updating certificate configuration.
Extending Deployment Image - Bake certificates into a custom agent image.

Using Cache with PVC env zero Hosted Encrypted State

⌘I

Documentation Index

​Next steps

Next steps