Custom CA cert for proxy

note

These steps are no longer needed, this is automated in newer CRC releases. This page is only useful for historical documentation

Start the CRC with proxy setting as mentioned here.
Create a user-ca-bundle.yaml resource as instructed by the OpenShift docs:

$ cat user-ca-bundle.yaml 
apiVersion: v1
data:
ca-bundle.crt: |
-----BEGIN CERTIFICATE-----
.
.
.
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
name: user-ca-bundle
namespace: openshift-config

Apply the resource to cluster:

$ oc apply user-ca-bundle.yaml

Check the status of operators (most of then will go to progressing state and the come back as available:

$ oc get co

SSH to crc VM and add the custom cert and run update-ca-trust:

$ crc ip
$ ssh -i ~/.crc/machines/crc/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null core@<crc_ip>
$ sudo vi /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt
$ sudo update-ca-trust
$ sudo systemctl restart crio
$ sudo systemctl restart kubelet

Exit from the crc vm and check the operators:

$ oc get co

CRC Engineering docs

Custom CA cert for proxy