Description of problem:

Documentation for third-party plugin installation (using OCI) does not cover how to support corporate CAs for the image copy process (skopeo copy) in the init container.

Prerequisites (if any, like setup, operators/versions):

RHDH 1.7.1, installing custom plugins packaged as an OCI container in an enterprise environment with corporate CAs.

Steps to Reproduce

1. Configure an OCI-packaged custom plugin in a disconnected environment with corporate CAs.
2. The init container attempts to use skopeo copy.

Actual results:

Init container fails due to certificate validation errors. The solution was to manually mount the trusted-cabundle to the 

/etc/pki/tls/certs/ca-bundle.crt

 path of the init container.

Expected results:

Documentation should clearly explain the steps and configuration required to configure the init container to trust corporate CAs for skopeo copy.

Reproducibility (Always/Intermittent/Only Once):

Always

Build Details:

RHDH 1.7.1 Installation using Helm Charts.

Additional info (Such as Logs, Screenshots, etc):

We were packaging our customized widgets using an oci container. When the init container tried to use skopeo copy to copy the oci bundle, it failed due to certificate validation.
Again the solution was to mount the trusted-cabundle to the /etc/pki/tls/certs/ca-bundle.crt path of the init container which made things working without any issues.
While the documentation https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.7/html/installing_and_viewing_plugins_in_red_hat_developer_hub/assembly-third-party-plugins#assembly-install-third-party-plugins-rhdh talks about how to support authentication it doesn’t explain what to do in case you have a corporate CA that is not part of the default bundle.