Custom CA Certificates

If you use custom CA certificates in your deployment process, such as self-signed certificates, you can easily add them to env0's Self-Hosted Agent.

To do so, you can attach certificates using the customCertificates helm value that can be to the configuration. Its value should be a list of Kubernetes Secret names. Each secret may contain one or more custom certificate files.

For instance, you can add your CA file using the following command in your cluster:

kubectl create secret generic my-self-signed-cert --from-file=my-self-signed-cert.cer --namespace=env0-agent

Then, in your Helm values file, add the related config:

  - "my-self-signed-cert"

Now you can proceed with the agent upgrade/installation.


Node.js scripts

During env0 deployment some customers may want to use Node.js scripts.

To make sure your script using the custom certificates, please add the NODE_EXTRA_CA_CERTS environment variable with the value of /etc/ssl/certs/ca-certificates.crt. That file contains all the certificates in our agent's pod.


Ignore CA Certs

Set gitSslNoVerify to true in your helm values to ignore CA certs.