docs: how to mount a custom CA bundle

[ktdreyer]

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Summary

There is no documentation explaining how to configure Ambient to trust certificates from a private or corporate CA. This affects users on clusters where internal services use custom TLS.

What to cover

• How Ambient uses CA certificates in runner pods and the backend API
• How to create and annotate a trusted-ca-bundle ConfigMap so OpenShift automatically injects the cluster's CA bundle
• Which namespace(s) to deploy the ConfigMap to
• How to verify the configuration is working

Location

docs/src/content/docs/guides/custom-ca-bundle.md

Related

• mount trusted CA bundle in runner pods for custom TLS #1247 — runner pods need code changes to actually mount the ConfigMap; the guide should note that runner pod support is pending that fix
• Support custom SSL root CAs for internal GitLab instances #1038