document how to mount a custom CA bundle

[ktdreyer]

Summary

• Adds docs/src/content/docs/guides/custom-ca-bundle.md
• Explains the OpenShift CA injection approach: annotate a trusted-ca-bundle ConfigMap and mount it over /etc/pki/tls/certs/ca-bundle.crt in the backend pod
• Covers the manual ConfigMap option for non-OpenShift Kubernetes
• Includes a support status table noting that runner pod support is pending mount trusted CA bundle in runner pods for custom TLS #1247 and Support custom SSL root CAs for internal GitLab instances #1038

Test plan

• Verify the doc renders correctly in the Astro docs site
• Confirm all links to mount trusted CA bundle in runner pods for custom TLS #1247 and Support custom SSL root CAs for internal GitLab instances #1038 resolve

Closes #1248

Summary by CodeRabbit

• Documentation
  • Added guide for mounting a custom CA bundle with detailed instructions for OpenShift and Kubernetes. Includes configuration methods for trusting private and corporate certificate authorities, plus a support status table.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3c366fe9-2616-402b-b6c9-2e2f94b32699

📥 Commits

Reviewing files that changed from the base of the PR and between 4c8486e and 98314cb.

📒 Files selected for processing (1)

• docs/src/content/docs/guides/custom-ca-bundle.md

---

📝 Walkthrough

Walkthrough

Added documentation guide explaining how to configure Ambient to trust custom CA certificates from private or corporate CAs. Covers OpenShift ConfigMap injection via config.openshift.io/inject-trusted-cabundle annotation and manual ConfigMap mounting for non-OpenShift Kubernetes clusters. Includes support status indicating backend-api support and pending runner pod implementation.

Changes

Cohort / File(s)	Summary
Custom CA Bundle Documentation docs/src/content/docs/guides/custom-ca-bundle.md	New guide for mounting custom CA bundles to /etc/pki/tls/certs/ca-bundle.crt inside containers. Covers OpenShift automated injection and Kubernetes manual ConfigMap mounting approaches. Includes verification steps and support status table tracking backend-api availability and pending runner pod support.

🚥 Pre-merge checks | ✅ 7 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title does not follow Conventional Commits format; it lacks the required type(scope) prefix such as 'docs:' or 'docs(guides):'.	Reformat the title to follow Conventional Commits: 'docs: document how to mount a custom CA bundle' or 'docs(guides): mount custom CA bundle'.

✅ Passed checks (7 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	All coding objectives from #1248 are met: CA usage explained, OpenShift ConfigMap injection documented, namespace guidance provided, verification steps included, and runner pod support limitation noted.
Out of Scope Changes check	✅ Passed	All changes are in-scope: the new guide documentation directly addresses #1248 requirements with no unrelated modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Performance And Algorithmic Complexity	✅ Passed	Pull request adds only documentation (88 lines markdown) with no executable code, algorithms, or runtime logic that could cause performance regressions.
Security And Secret Handling	✅ Passed	Documentation contains no hardcoded secrets, tokens, or credentials; all examples use proper placeholders and follow Kubernetes security best practices.
Kubernetes Resource Safety	✅ Passed	Pull request adds documentation with example Kubernetes YAML snippets, not actual resource manifests. No actual resources deployed, safety criteria not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch kdreyer/docs-custom-ca-bundle

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch kdreyer/docs-custom-ca-bundle

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}