1. Proposed title of this feature request

Support all PKI export formats in the network-operator

2. What is the nature and description of the request?

Support all extract formats supported by ca-certificates done as part of this. Currently, the documentation only supports only creates PEM extract format [1].

 Also, add the OpenShift signer ca that is presented at /var/run/secrets/kubernetes.io/serviceaccount.  So that app developers can point at a single bundle and know that it will work for intracluster communication as well as external communication on a private network, instead of having to change bundle based on the target.

More details: https://github.com/openshift/cluster-network-operator/issues/700

3. Why does the customer need this? (List the business requirements here)

PEM extract formats do not work with Java applications which is the primarily used case at this company.

Right now the customer has to maintain an enormous and elaborate base image builder. They take explicit images from the Red Hat catalog and imperatively add PKI and yum configurations by running commands in a docker build. Those are then presented internally as the Red Hat base images to use but will work in our private network. If this had parity with ca-certificates, the customer can declaratively inject PKI into any image from any source, at runtime.

4. List any affected packages or components.

network-operator

[1] https://docs.openshift.com/container-platform/latest/networking/configuring-a-custom-pki.html#certificate-injection-using-operators_configuring-a-custom-pki