arangodb
diff --git a/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/integration-sidecar.md
Lines changed: 7 additions & 1 deletion b/‎docs/integration-sidecar.md
Lines changed: 7 additions & 1 deletion
diff --git a/‎pkg/deployment/resources/arango_profiles.go
Lines changed: 52 additions & 1 deletion b/‎pkg/deployment/resources/arango_profiles.go
Lines changed: 52 additions & 1 deletion
@@ -34,6 +34,7 @@
 - (Feature) CertManager Integration
 - (Feature) (Networking) Gateway Options sync
 - (Feature) Webhooks
+- (Feature) (Platform) Add CA Integration propagation
 
 ## [1.2.43](https://github.com/arangodb/kube-arangodb/tree/1.2.43) (2024-10-14)
 - (Feature) ArangoRoute CRD
 
@@ -137,4 +137,10 @@ Example: `deployment`
 
 HTTP/S Endpoint of the ArangoDeployment Internal Service.
 
-Example: `https://deployment.default.svc:8529`
+Example: `https://deployment.default.svc:8529`
+
+#### ARANGO_DEPLOYMENT_CA (optional)
+
+Path to the CA in the PEM format. If not set, TLS is disabled.
+
+Example: `/etc/deployment-int/ca/ca.pem`
@@ -34,6 +34,8 @@ import (
 	schedulerApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1"
 	schedulerContainerApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/container"
 	schedulerContainerResourcesApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/container/resources"
+	schedulerPodApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/pod"
+	schedulerPodResourcesApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/pod/resources"
 	shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
 	"github.com/arangodb/kube-arangodb/pkg/deployment/patch"
 	"github.com/arangodb/kube-arangodb/pkg/integrations/sidecar"
@@ -125,7 +127,10 @@ func (r *Resources) EnsureArangoProfiles(ctx context.Context, cachedStatus inspe
 
 			integration, err := sidecar.NewIntegration(&schedulerContainerResourcesApi.Image{
 				Image: util.NewType(r.context.GetOperatorImage()),
-			}, spec.Integration.GetSidecar(), r.arangoDeploymentProfileTemplate(cachedStatus))
+			}, spec.Integration.GetSidecar(),
+				r.arangoDeploymentProfileTemplate(cachedStatus),
+				r.arangoDeploymentCATemplate(),
+			)
 			if err != nil {
 				return "", nil, err
 			}
@@ -220,6 +225,52 @@ func (r *Resources) arangoDeploymentProfileTemplate(cachedStatus inspectorInterf
 	}
 }
 
+func (r *Resources) arangoDeploymentCATemplate() *schedulerApi.ProfileTemplate {
+	t := r.context.GetSpec().TLS
+	if !t.IsSecure() {
+		return nil
+	}
+
+	return &schedulerApi.ProfileTemplate{
+		Pod: &schedulerPodApi.Pod{
+			Volumes: &schedulerPodResourcesApi.Volumes{
+				Volumes: []core.Volume{
+					{
+						Name: "deployment-int-ca",
+						VolumeSource: core.VolumeSource{
+							Secret: &core.SecretVolumeSource{
+								SecretName: GetCASecretName(r.context.GetAPIObject()),
+							},
+						},
+					},
+				},
+			},
+		},
+		Container: &schedulerApi.ProfileContainerTemplate{
+			All: &schedulerContainerApi.Generic{
+				Environments: &schedulerContainerResourcesApi.Environments{
+					Env: []core.EnvVar{
+						{
+							Name:  "ARANGO_DEPLOYMENT_CA",
+							Value: fmt.Sprintf("/etc/deployment-int/ca/%s", CACertName),
+						},
+					},
+				},
+				VolumeMounts: &schedulerContainerResourcesApi.VolumeMounts{
+					VolumeMounts: []core.VolumeMount{
+						{
+							Name:              "deployment-int-ca",
+							ReadOnly:          true,
+							RecursiveReadOnly: nil,
+							MountPath:         "/etc/deployment-int/ca",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
 func (r *Resources) ensureArangoProfilesFactory(ctx context.Context, cachedStatus inspectorInterface.Inspector, expected ...func() (string, *schedulerApi.ArangoProfile, error)) (bool, error) {
 	var changed bool