diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml
index 7368b210b..149fb7adb 100644
--- a/charts/datadog/templates/_container-agent.yaml
+++ b/charts/datadog/templates/_container-agent.yaml
@@ -410,6 +410,9 @@
     - name: kubelet-cert-volume
       mountPath: /certs
     {{- end }}
+    - name: agent-cluster-ca
+      mountPath: /etc/datadog-agent/agent-cluster-ca
+      readOnly: true
 {{- if .Values.agents.volumeMounts }}
 {{ toYaml .Values.agents.volumeMounts | indent 4 }}
 {{- end }}
diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml
index d121ca2d6..ea8b3e0cc 100644
--- a/charts/datadog/templates/_container-otel-agent.yaml
+++ b/charts/datadog/templates/_container-otel-agent.yaml
@@ -110,6 +110,9 @@
     {{- if .Values.datadog.kubelet.hostCAPath }}
 {{ include "datadog.kubelet.volumeMount" . | indent 4 }}
     {{- end }}
+    - name: agent-cluster-ca
+      mountPath: /etc/datadog-agent/agent-cluster-ca
+      readOnly: true
 {{- if .Values.agents.volumeMounts }}
 {{ toYaml .Values.agents.volumeMounts | indent 4 }}
 {{- end }}
diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml
index ce99e1a48..bfb5df6a2 100644
--- a/charts/datadog/templates/_container-process-agent.yaml
+++ b/charts/datadog/templates/_container-process-agent.yaml
@@ -107,6 +107,9 @@
     {{- if .Values.datadog.kubelet.hostCAPath }}
 {{ include "datadog.kubelet.volumeMount" . | indent 4 }}
     {{- end }}
+    - name: agent-cluster-ca
+      mountPath: /etc/datadog-agent/agent-cluster-ca
+      readOnly: true
 {{- if .Values.agents.volumeMounts }}
 {{ toYaml .Values.agents.volumeMounts | indent 4 }}
 {{- end }}
diff --git a/charts/datadog/templates/_container-security-agent.yaml b/charts/datadog/templates/_container-security-agent.yaml
index 7269ddd8f..2ce292dec 100644
--- a/charts/datadog/templates/_container-security-agent.yaml
+++ b/charts/datadog/templates/_container-security-agent.yaml
@@ -129,6 +129,9 @@
       readOnly: true
     {{- end }}
     {{- end }}
+    - name: agent-cluster-ca
+      mountPath: /etc/datadog-agent/agent-cluster-ca
+      readOnly: true
 {{- if .Values.agents.volumeMounts }}
 {{ toYaml .Values.agents.volumeMounts | indent 4 }}
 {{- end }}
diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml
index 04416040e..bdad4cc29 100644
--- a/charts/datadog/templates/_container-system-probe.yaml
+++ b/charts/datadog/templates/_container-system-probe.yaml
@@ -171,6 +171,9 @@
       mountPath: {{ .Values.datadog.systemProbe.btfPath }}
       readOnly: true
 {{- end }}
+    - name: agent-cluster-ca
+      mountPath: /etc/datadog-agent/agent-cluster-ca
+      readOnly: true
 {{- if .Values.agents.volumeMounts }}
 {{ toYaml .Values.agents.volumeMounts | indent 4 }}
 {{- end }}
diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml
index 57663482e..89f3aa498 100644
--- a/charts/datadog/templates/_container-trace-agent.yaml
+++ b/charts/datadog/templates/_container-trace-agent.yaml
@@ -117,6 +117,9 @@
       readOnly: false # Need RW for UDS APM socket
     {{- end }}
     {{- end }}
+    - name: agent-cluster-ca
+      mountPath: /etc/datadog-agent/agent-cluster-ca
+      readOnly: true
     {{- include "container-crisocket-volumemounts" . | nindent 4 }}
     {{- end }}
     {{- include "container-cloudinit-volumemounts" . | nindent 4 }}
diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml
index 5f119578f..3dc81ba3a 100644
--- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml
+++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml
@@ -213,6 +213,9 @@ spec:
           - name: config
             mountPath: {{ template "datadog.confPath" . }}
             readOnly: false # Need RW for config path
+          - name: agent-cluster-ca
+            mountPath: /etc/datadog-agent/agent-cluster-ca
+            readOnly: true
 {{- if eq (include "should-mount-fips-configmap" .) "true" }}
 {{- include "linux-container-fips-proxy-cfg-volumemount" . | indent 10 }}
 {{- end }}
@@ -229,6 +232,9 @@ spec:
 {{- $startup := .Values.clusterChecksRunner.startupProbe }}
 {{ include "probe.http" (dict "settings" $startup "path" "/startup" "port" $healthPort) | indent 10 }}
       volumes:
+        - name: agent-cluster-ca
+          secret:
+            secretName: datadog-agent-cluster-ca-secret
         - name: installinfo
           configMap:
             name: {{ include "agents-install-info-configmap-name" . }}
diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml
index 9709b5f8c..c1e55fd7e 100644
--- a/charts/datadog/templates/cluster-agent-deployment.yaml
+++ b/charts/datadog/templates/cluster-agent-deployment.yaml
@@ -439,6 +439,9 @@ spec:
           - name: tmpdir
             mountPath: /tmp
             readOnly: false
+          - name: agent-cluster-ca
+            mountPath: /etc/datadog-agent/agent-cluster-ca
+            readOnly: true
           - name: installinfo
             subPath: install_info
             {{- if eq .Values.targetSystem "windows" }}
@@ -471,6 +474,9 @@ spec:
           - name: config
             mountPath: /etc/datadog-agent
       volumes:
+        - name: agent-cluster-ca
+          secret:
+            secretName: datadog-agent-cluster-ca-secret
         - name: datadogrun
           emptyDir: {}
         - name: varlog
diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml
index 5d3cb255d..d70df7319 100644
--- a/charts/datadog/templates/daemonset.yaml
+++ b/charts/datadog/templates/daemonset.yaml
@@ -151,6 +151,9 @@ spec:
           {{ include "system-probe-init" . | nindent 6 }}
         {{- end }}
       volumes:
+      - name: agent-cluster-ca
+        secret:
+          secretName: datadog-agent-cluster-ca-secret
       {{- if (not .Values.providers.gke.autopilot) }}
       - name: auth-token
         emptyDir: {}
diff --git a/charts/datadog/templates/secret-ipc-ca.yaml b/charts/datadog/templates/secret-ipc-ca.yaml
new file mode 100644
index 000000000..1a654bda4
--- /dev/null
+++ b/charts/datadog/templates/secret-ipc-ca.yaml
@@ -0,0 +1,13 @@
+{{- $cn := printf "%s-root-ca" .Release.Name -}}
+{{- $ca := genCA $cn 3650 -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: datadog-agent-cluster-ca-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "datadog.labels" . | indent 4 }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ $ca.Cert | b64enc | quote }}
+  tls.key: {{ $ca.Key | b64enc | quote }}
\ No newline at end of file