Harness GitOps Agent with self-signed certificates.

Harness Self-Managed Enterprise Edition supports self-signed certificates. This topic describes how to install and configure Harness GitOps Agent to connect to Self-Managed Harness using self-signed certificates.

In this topic we will do the following:

Create a secret.
Modify the GitOps Agent YAML.

Create the secret

Copy the following YAML to your editor.

apiVersion: v1  
kind: Secret  
metadata:  
  name: addcerts  
  namespace: {agent-namespace}  
type: Opaque  
stringData:                             
  ca.bundle: |  
    -----BEGIN CERTIFICATE-----  
    XXXXXXXXXXXXXXXXXXXXXXXXXXX  
    -----END CERTIFICATE-------  
    -----BEGIN CERTIFICATE-----  
    XXXXXXXXXXXXXXXXXXXXXXXXXXX  
    -----END CERTIFICATE-------

Add your certificates to the ca.bundle field.
The XXXXXXXXXXXXXXXXXXXXXXXXXXX placeholder indicates the position for the certificate body. Enclose each certificate in BEGIN CERTIFICATE and END CERTIFICATE comments.
One way to get the certificate using openssl,
```
openssl s_client -servername NAME -connect HOST:PORT  
```
For example,
```
openssl s_client -servername app.harness.io -connect app.harness.io:443
```
Update the namespace to the respective namespace where the agent is installed.
Save the file as addcerts.yaml. Apply the manifest to your cluster.
```
kubectl apply -f addcerts.yaml -n {agent-namespace}
```

Modify the GitOps Agent YAML

Open the gitops-agent.yml file in your editor.
In the { GitopsAgentName }-agent ConfigMap, set the value of GITOPS_SERVICE_HTTP_TLS_ENABLED config to true.

Save and apply the modified manifest:

kubectl apply -f gitops-agent.yml -n {agent-namespace}

Create the secret​

Modify the GitOps Agent YAML​

Create the secret

Modify the GitOps Agent YAML