-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
There's no official documentation or solution to mount the custom CA certificates inside the Windows Container like the usual method for pods where we can mount the certificates at the path "/etc/pki/ca-trust/extracted/pem" as per the below documentation.
Currently, adding the custom CA certificates to Windows Host truststore also doesn't work as expected for some reason.
--> PS C:\Users\Administrator> Import-Certificate -FilePath "C:\Users\Administrator\RootCA.crt" -CertStoreLocation Cert:\LocalMachi
ne\Root
--> https://docs.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2019-ps
The customer needs this feature for the following use case.
--> Windows Container will be running in an OpenShift 4 cluster where it will be acting as a frontend we can say and sending requests to some "HTTPS" based external URL outside the cluster for fetching some data or it can be a DB.
--> Now that HTTPS-based URL is serving a TLS certificate signed by the customer's internal CA certificate (internal PKI) and not by some Global CA (DigiCert, etc).
--> Since the internal CA certificate isn't trusted at the container level the request always fails to verify the legitimacy of the server and therefore could not
establish a secure connection to it.
So if we can add a feature at WMCO level itself to add the desired CA certificates at the container level, or some steps to mount the certificates at the container level, etc. will really help.