Connect vault kubernetes agent to external vault over HTTPS

I need your help.

I have a problem with connecting my external vault with kubernetes,

Kubernetes version is 1.23.8, Vault 1.13.

Problem is with agent install on cluster.
I use vault with my own CA on adress for example
When i deploy agent from helm i got error:

Error authenticating: error looking up token: Get “ ”: tls: failed to verify certificate: x509: certificate signed by unknown authority

I know its related with my issuer and my certificate signed by own CA. I read many tutorials, topics how to deploy agent but every only describe how to connect to vault thru http in many examples.
Can any one help or provide some information how to add CA from my external vault to make agent work ?

The second question which is the best option to get secrets from vault into kubernetes ?
I want to test pod inject and vault side car.