chore: Simplify Importing untrusted TLS certificates to Che doc

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
eclipse-che · Feb 20, 2025 · c9403d0 · c9403d0
1 parent af7cb8f
commit c9403d0
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/modules/administration-guide/pages/importing-untrusted-tls-certificates.adoc b/modules/administration-guide/pages/importing-untrusted-tls-certificates.adoc
@@ -16,14 +16,17 @@ Therefore, you must import into {prod-short} all untrusted CA chains in use by a
 * A source code repositories provider (Git)
 
 {prod-short} uses labeled ConfigMaps in {prod-short} {orch-namespace} as sources for TLS certificates.
-The ConfigMaps can have an arbitrary amount of keys with a random amount of certificates each. Operator merges all ConfigMaps into a single one titled `ca-certs-merged`, and mounts it as a volume in the {prod-short} server, dashboard and workspace pods. 
-By default, the Operator mounts the `ca-certs-merged` ConfigMap in a user's workspace at two locations: `/public-certs` and `/etc/pki/ca-trust/extracted/pem`. The `/etc/pki/ca-trust/extracted/pem` directory is where the system stores extracted CA certificates for trusted certificate authorities on Red Hat (e.g., CentOS, Fedora). CLI tools automatically use certificates from the system-trusted locations, when the user's workspace is up and running.
+The ConfigMaps can have an arbitrary amount of keys with a random amount of certificates each.
+All certificates are mounted into:
 
-[NOTE]
+* `/public-certs` location of {prod-short} server and dashboard pods
+* `/public-certs` and `/etc/pki/ca-trust/extracted/pem` locations of workspaces pods
+
+The `/etc/pki/ca-trust/extracted/pem` directory is where the system stores extracted CA certificates for trusted certificate authorities on Red Hat (e.g., CentOS, Fedora). CLI tools automatically use certificates from the system-trusted locations, when the user's workspace is up and running.
+
+[IMPORTANT]
 ====
-When an OpenShift cluster contains cluster-wide trusted CA certificates added through the link:https://docs.openshift.com/container-platform/latest/networking/configuring-a-custom-pki.html#nw-proxy-configure-object_configuring-a-custom-pki[cluster-wide-proxy configuration],
-{prod-short} Operator detects them and automatically injects them into a ConfigMap with the `config.openshift.io/inject-trusted-cabundle="true"` label.
-Based on this annotation, OpenShift automatically injects the cluster-wide trusted CA certificates inside the `ca-bundle.crt` key of the ConfigMap.
+On OpenShift cluster, {prod-short} operator automatically adds Red Hat Enterprise Linux CoreOS (RHCOS) trust bundle into mounted certificates.
 ====
 
 .Prerequisites