From 14862556aa67bd0ae0069c19b7e9c27d266e1cba Mon Sep 17 00:00:00 2001
From: divolgin <dmitriy@replicated.com>
Date: Tue, 15 Oct 2024 09:47:18 -0700
Subject: [PATCH] Docs for using Secret to store custom CA

---
 docs/vendor/replicated-sdk-customizing.md | 26 +++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/docs/vendor/replicated-sdk-customizing.md b/docs/vendor/replicated-sdk-customizing.md
index 4235ff25e8..70f0f071b4 100644
--- a/docs/vendor/replicated-sdk-customizing.md
+++ b/docs/vendor/replicated-sdk-customizing.md
@@ -116,13 +116,15 @@ replicated:
 
 ## Custom Certificate Authority
 
-When installing the Replicated SDK behind a proxy server that terminates TLS and injects a custom certificate, you must provide the CA to the SDK. This can be done by storing the CA in a ConfigMap prior to installation and setting `privateCAConfigmap` key to the name of the ConfigMap.
+When installing the Replicated SDK behind a proxy server that terminates TLS and injects a custom certificate, you must provide the CA to the SDK. This can be done by storing the CA in a ConfigMap or a Secret prior to installation and providing appropriate values during installation.
 
-To store the CA in a ConfigMap:
+### Using a ConfigMap
 
-1. Create a ConfigMap with the name of `private-ca` and the CA as the data value:
+To use a CA stored in a ConfigMap:
+
+1. Create a ConfigMap and the CA as the data value. Note that name of the ConfigMap and data key can be anything.
    ```bash
-   kubectl create configmap -n <NAMESPACE> private-ca --from-file=ca.crt=./ca.crt
+   kubectl -n <NAMESPACE> create configmap private-ca --from-file=ca.crt=./ca.crt
    ```
 1. Add the name of the config map to the values file:
    ```yaml
@@ -134,6 +136,22 @@ To store the CA in a ConfigMap:
 If the `--private-ca-configmap` flag is used with the [kots install](/enterprise/installing-existing-cluster-automation) command, this value will be populated in the Replicated SDK automatically.
 :::
 
+### Using a Secret
+
+To use a CA stored in a Secret:
+
+1. Create a Secret and the CA as a data value. Note that the name of the Secret and the key can be anything.
+   ```bash
+   kubectl -n <NAMESPACE> create secret generic private-ca --from-file=ca.crt=./ca.crt
+   ```
+1. Add the name of the secret and the key to the values file:
+   ```yaml
+   replicated:
+     privateCASecret:
+       name: private-ca
+       key: ca.crt
+   ```
+
 ## Add Tolerations
 
 The Replicated SDK provides a `replicated.tolerations` value that allows users to add custom tolerations to the deployment. For more information about tolerations, see [Taints and Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/).