When executing oc adm node-image create, “error: context deadline exceeded” is printed and ISO image is not generated

OCP 4.17.3

Always

Steps
1) Prepare the following execution environmentExecution environment:
A 3-node cluster built using the Agent-based Installer method
Online environment with Internet access.
Online environment with Internet access. A proxy is available. A proxy certificate is required for connection.

2) Refer to the official document and command help, and execute the following commands (4 patterns)  1. $ oc adm node-image create nodes-config.yaml --skip-verification=true --registry-config='pull-secret.json' 2.
  2. $ oc adm node-image create nodes-config.yaml --insecure=true --registry-config='pull-secret.json' 3.
  3. $ oc adm node-image create nodes-config.yaml --skip-verification=true --insecure=true --registry-config='pull-secret.json' 4. 
  4. $ oc adm node-image create nodes-config.yaml --certificate-authority='<proxy certificate>' --registry-config='pull-secret.json' 

The “error: context deadline exceeded” is printed in any of the patterns described in [What we did], and the ISO image is not generated. The log of the pod (node-joiner-xxxxx) created during execution shows that the process stops in the phase of executing “oc image extract”. HTTPS_PROXY, HTTP_PROXY, and NO_PROXY are applied to pod (node-joiner-xxxxx). 

Log in to pod (node-joiner-xxxxx) and execute curl against the external URL, 　When I log into pod (node-joiner-xxxxx) and run curl against an external URL, I get “SSL certificate problem: unable to get local issuer certificate”, 　It appears that the proxy certificate is not being applied to the pod (the user-ca-bundle in proxy/cluster contains the proxy certificate).

Pod must be able to read certificates and perform Proxy communication

$ oc version 
Client Version: 4.17.3 
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 
Server Version: 4.17.3 
Kubernetes Version: v1.30.5


Requests. 
1. Please let us how to apply a proxy certificate to a pod (node-joiner-xxxxx) created during execution. 

2. Please let us if there are any options or procedures to change the reference of oc extract image that is executed on pod (node-joiner-xxxxx) created during execution. (Can the reference be changed to a private registry, etc. that does not go through a proxy, not the reference of the environment where oc adm node-image create is executed, but the reference of the oc extract image that is executed on the pod (node-joiner-xxxxx)?