Description of problem:
Foreman MCP server looks for a CA cert bundle file called ca.pem in the current working directory within the container. If a custom certs bundle needs to be supplied, then it needs to be bind mounted into that directory.

In the community image published on quay.io, the working directory is /app, in the one on registry.redhat.io the working directory is /opt/app-root/src. Current documentation only takes the upstream flavour into consideration effectively making the documentation wrong for the satellite branded image.

This means that when using the downstream image:

• the documentation guides users to mount the ca bundle into a location from which it is not read
• because the ca bundle is not read, certs cannot be verified

How reproducible:
always
 

Is this issue a regression from an earlier version:
No
 

Steps to Reproduce:

1. Follow the docs, pay extra attention to the --volume Path_to_My_CA_Bundle:/app/ca.pem:ro,Z line

Actual behavior:
Even if this is done, certs can be verified

Expected behavior:
Certs can (and are) verified

Notes
Currently there are three options:
1. In the documentation, give different instructions based on the image used
2. In the documentation, guide users to pass in an argument indicating where the cert bundle is - add --ca-bundle /custom/ca.pem to the command
3. Fix the working directory difference in the image itself, thus making the docs correct