Users working in enterprise environments often rely on a corporate CA, which is not included in the default CA bundle within container images. While NODE_EXTRA_CA_CERTS can be used to point applications (such as Keycloak) to a custom CA bundle, this guidance is not clearly documented. Currently, the documentation only references NODE_EXTRA_CA_CERTS in the context of external PostgreSQL setups, making it difficult for users to discover the correct approach.

Required Updates:

• Add documentation on how to configure RHDH/Keycloak to trust a corporate CA.
• Explain the recommended method of mounting a CA bundle into the pod and setting the NODE_EXTRA_CA_CERTS environment variable.
• Include guidance for using the inject-trusted-cabundle annotation on a ConfigMap (as described in OpenShift Docs) to manage CA injection:
  • Create a ConfigMap with the annotation.
  • Mount the injected CA bundle into the pod.
  • Point NODE_EXTRA_CA_CERTS to the mounted path.

This update will help users avoid confusion and ensure consistent configuration across enterprise environments.