'Add `cacerts` file to all pods in a Kubernetes cluster

Well, my question is really short and hopefully simple? Is it possible to add a cacerts file automatically in every pod in a specific Kubernetes cluster?

According to this article it's possible by creating a ConfigMap and add this to the path /etc/ssl/certs/. But is it possible to achieve this on a higher level so that all pods in a Kubernetes cluster have this cacerts file?

kubernetescertificateconfigmaproot-certificatecacerts


Solution 1:[1]

You can add a MutatingAdmissionWebhook for a pod, which adds the folder by default as a volume to each pod. Check out the docs about MutatingAdmissionWebhooks and writing an admission webhook.

This way you add a "service", which mutates the pod config before the scheduler handles it. Check out this for a quick example.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

SSL certificate error for IE users only

Server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

How to convert certificate from PEM to JKS?

Getting Chrome to accept self-signed localhost certificate

Extract metadata info and Validate digital signature from PDF file using Python

HTTP error 403.16 - client certificate trust issue

In Moodle Certificate not displaying course completion date

Asp.net core, "asn1 encoding routines:asn1_d2i_read_bio:not enough data" error for certificate

Using client certificates in ReactJS

Why do HTTPS requests produce SSL CERTIFICATE_VERIFY_FAILED error?

How can an IMAP connection fail with a certificate error when an SMTP connection with same credentials succeeds?

powershell signing certificate unknownerror