Install linkerd identity certificates with helm

Hi , we use flux for helm charts . I want to deploy the linkerd-control-plane
I’m using linkerd2-edge for the linkerd-control-plane
it written:
certificates must live in a ConfigMap resource named linkerd-identity-trust-roots . Issuer certificates must live in a Secret named linkerd-identity-issuer
and then supply the files when running helm:

helm install linkerd-control-plane -n linkerd
–set-file identityTrustAnchorsPEM=ca.crt
–set-file identity.issuer.tls.crtPEM=issuer.crt
–set-file identity.issuer.tls.keyPEM=issuer.key

I can create the ca.crt, issuer.crt ,issuer.key with step command , but how do I apply them to the CM linkerd-identity-trust-rootsand secret linkerd-identity-issuer to load them to git ?

If you use --set-file for these, then the Helm chart will create the ConfigMap and Secret for you. However, as we discuss in Linkerd with external CAs using Vault, you can also create them by hand and then tell the Helm chart to just use the already-existing ConfigMap and Secret.

Hi , we are using flux , so I’m not running the command: “helm install linkerd-control-plane -n linkerd …”
I’ve download the values file of linkerd-contrl-plane from artifacthub , and the flux should reconcile the code from git
so how do I upload the ca.crt issuer.crt issuer.key into ConfigMap resource named linkerd-identity-trust-roots. Issuer and a secret named linkerd-identity-issuer

the release.yaml from my gitlab :
kind: HelmRelease
name: linkerd-control-plane
namespace: linkerd
interval: 1m
chart: linkerd-control-plane
version: ‘2024.4.5’
kind: HelmRepository
name: linkerd-edge
namespace: flux-system
interval: 1m
here I pasted the default values

thanks for your quick response

@Alen has been working on a GitHub repository of GitOps examples that might be handy here: GitHub - BuoyantIO/bel-examples: Repo for BEL implementation and feature enablement examples

Clone that repository and take a look at the Flux example.