We are running TKG (former community edition) without supervisor in standalone server mode and we have created a workload cluster named "runner". The "runner" cluster is intended to host GitLab runners, and our environment is air-gapped so we need to use our internal resources and cannot connect outside our corporate network. We host our internal helm charts on internal Artifactory (repo.company.com). When we try to install any helm chart, we are getting the following error:
Failed to pull image "repo.company.com/gitlab/cluster-integration/gitlab-agent/agentk:v16.4.0": rpc error: code = Unknown desc = failed to pull and unpack image "repo.company.com/gitlab/cluster-integration/gitlab-agent/agentk:v16.4.0": failed to resolve reference "repo.company.com/gitlab/cluster-integration/gitlab-agent/agentk:v16.4.0": failed to do request: Head "https://repo.company.com/v2/gitlab/cluster-integration/gitlab-agent/agentk/manifests/v16.4.0": x509: certificate signed by unknown authority
I am new to the company, and they have in the past gotten around this manually, but we now need a solution that will work cluster wide. Is there a way to trust our corporate root ca (or group of individual certificates) so that we can do these helm deployments and TKG can pull from our Artifactory images as needed without needing to manually intervene?