It seems that caCertsMountPath is hardcoded to /etc/ssl/certs:
|
caCertsVolumeName = "ca-certs" |
|
caCertsMountPath = "/etc/ssl/certs" |
RHEL uses diferent path /etc/pki/ca-trust/source/anchors to store trusted CAs:
This directory /etc/pki/ca-trust/source/ contains CA certificates and
trust settings in the PEM file format. The trust settings found here will be
interpreted with a high priority - higher than the ones found in
/usr/share/pki/ca-trust-source/.
=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
list of CAs trusted on the system:
Copy it to the
/etc/pki/ca-trust/source/anchors/
subdirectory, and run the
update-ca-trust
command.
If your certificate is in the extended BEGIN TRUSTED file format,
then place it into the main source/ directory instead.
=============================================================================
Please refer to the update-ca-trust(8) manual page for additional information.
The result is that certificates are mounted at a wrong path.
It seems that
caCertsMountPathis hardcoded to/etc/ssl/certs:cert-injection-webhook/pkg/certinjectionwebhook/admission_controller.go
Lines 28 to 29 in 6cdee4a
RHEL uses diferent path
/etc/pki/ca-trust/source/anchorsto store trusted CAs:The result is that certificates are mounted at a wrong path.