diff --git a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
index d1e6d6069..5cbfdafd1 100644
--- a/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
+++ b/cost-analyzer/templates/cost-analyzer-deployment-template.yaml
@@ -126,6 +126,12 @@ spec:
            defaultMode: 420
            secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret | default "federated-store" }}
         {{- end }}
+        {{- if .Values.kubecostModel.caCertsSecret }}
+        - name: ca-certs-secret
+          secret:
+           defaultMode: 420
+           secretName: {{ .Values.kubecostModel.caCertsSecret}}
+        {{- end }}
         {{- if .Values.kubecostProductConfigs }}
         {{- if and ((.Values.kubecostProductConfigs).productKey).enabled ((.Values.kubecostProductConfigs).productKey).secretname }}
         - name: productkey-secret
@@ -615,6 +621,10 @@ spec:
               mountPath: /var/configs/etl/federated
               readOnly: true
             {{- end }}
+            {{- if .Values.kubecostModel.caCertsSecret }}
+            - name: ca-certs-secret
+              mountPath: /etc/pki/ca-trust/source/anchors
+            {{- end }}
             {{- if .Values.kubecostAdmissionController }}
             {{- if .Values.kubecostAdmissionController.enabled }}
             {{- if .Values.kubecostAdmissionController.secretName }}
diff --git a/cost-analyzer/values.yaml b/cost-analyzer/values.yaml
index 1f361c4f0..16dfe52f7 100644
--- a/cost-analyzer/values.yaml
+++ b/cost-analyzer/values.yaml
@@ -575,6 +575,9 @@ kubecostModel:
   #         "client_x509_cert_url": ""
   #       }
 
+  # the name of the Secret containing custom CA certs to mount to cost model container
+  # caCertsSecret: ca-certs-secret
+
   # Installs Kubecost/OpenCost plugins
   plugins:
     enabled: false