You can create trust between the nodes by copying the ca.crt file from the Artifactory server under $JFROG_HOME/artifactory/var/etc/access/keys to of the nodes you would like to set trust with under $JFROG_HOME/pipelines/var/etc/security/keys/trusted.
You can have more than one certificates to be present in the trusted directory. For example, you can configure Pipelines API URL behind a load balancer that is setup with custom certificates. You need to add those certificates in the trusted folder as build nodes will be talking to Pipelines API over the load balancer end point.
Add NODE_EXTRA_CA_CERTS environment variable when you use custom certificates. Pipelines looks through all the certificates available in the trusted folder and concatenates those into a single file called pipeline_custom_certs.crt, which is then passed as the NODE_EXTRA_CA_CERTS environment variable.
You can add TLS certificates through a Kubernetes secret. You need to create the secret outside of this chart and provide using the tag, "Values.pipelines.customCertificates.certificateSecretName".
The following example shows how you can create the secret.
kubectl create secret generic ca-cert --from-file=ca.crt=ca.crt
You can pass the secret to the Helm installation by updating the values.yaml file.
pipelines:
customCertificates:
enabled: true
certificateSecretName: ca-cert