Details
-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
0
-
0%
Description
There's no official documentation or solution to mount the custom CA certificates inside the Windows Container like the usual method for pods where we can mount the certificates at the path "/etc/pki/ca-trust/extracted/pem" as per the below documentation.
Currently, adding the custom CA certificates to Windows Host truststore also doesn't work as expected for some reason.
--> PS C:\Users\Administrator> Import-Certificate -FilePath "C:\Users\Administrator\RootCA.crt" -CertStoreLocation Cert:\LocalMachi
ne\Root
--> https://docs.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2019-ps
The customer needs this feature for the following use case.
--> Windows Container will be running in an OpenShift 4 cluster where it will be acting as a frontend we can say and sending requests to some "HTTPS" based external URL outside the cluster for fetching some data or it can be a DB.
--> Now that HTTPS-based URL is serving a TLS certificate signed by the customer's internal CA certificate (internal PKI) and not by some Global CA (DigiCert, etc).
--> Since the internal CA certificate isn't trusted at the container level the request always fails to verify the legitimacy of the server and therefore could not
establish a secure connection to it.
So if we can add a feature at WMCO level itself to add the desired CA certificates at the container level, or some steps to mount the certificates at the container level, etc. will really help.
