From 7830b4c7d04ec767350974c88412a27f9035dc76 Mon Sep 17 00:00:00 2001
From: kurokobo <2920259+kurokobo@users.noreply.github.com>
Date: Tue, 1 Mar 2022 20:49:52 +0900
Subject: [PATCH] feat: add overview for trusting custom ca

---
 tips/trust-custom-ca.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tips/trust-custom-ca.md b/tips/trust-custom-ca.md
index fc91a4a..84ae2d6 100644
--- a/tips/trust-custom-ca.md
+++ b/tips/trust-custom-ca.md
@@ -11,11 +11,30 @@ Refer [the official documentation](https://github.com/ansible/awx-operator#trust
 <!-- omit in toc -->
 ## Table of Contents
 
+- [Overview](#overview)
 - [Prepare required CA certificatess](#prepare-required-ca-certificatess)
 - [Modify `base/kustomization.yaml`](#modify-basekustomizationyaml)
 - [Modify `base/awx.yaml`](#modify-baseawxyaml)
 - [Apply configuration](#apply-configuration)
 
+## Overview
+
+Trusting custom Certificate Authority can be achieved by following steps:
+
+1. Creating new Secret which includes your certificates
+2. Passing it to your AWX by specifying the name of the Secret as your AWX's specification
+
+There are two kinds of certificate, one is used to trust LDAP server, and the other is used as the CA bundle.
+
+| Fields in the specification for AWX | Keys in Secret | Containers in AWX pod that the certificate will be mounted | Paths that the certificate will be mounted as |
+|-|-|-|-|
+| `ldap_cacert_secret` | `ldap-ca.crt` | `awx-web` | `/etc/openldap/certs/ldap-ca.crt` |
+| `bundle_cacert_secret` | `bundle-ca.crt` | `awx-web`, `awx-task`, and `awx-ee` | `/etc/pki/ca-trust/source/anchors/bundle-ca.crt` |
+
+Note that the `awx-ee` container is used to run management jobs only, not EE which runs your playbooks. If the EE running your playbook needs a certificate, you will need to [customize the pod specification](../containergroup).
+
+If you want to mount the certificate to the additional containers in AWX pod or the additional path other than above, you shoud add extra volumes and extra mounts using `extra_volumes` and `_extra_volume_mounts` field, but this is not covered in this guide. Refer to [the official documentation](https://github.com/ansible/awx-operator#custom-volume-and-volume-mount-options).
+
 ## Prepare required CA certificatess
 
 Place your certificates under `base` directory.