Importing OpenShift CA to our cloud images

fabric8io-images / java

Java Base Images

Apache License 2.0

176 stars 98 forks source link

Importing OpenShift CA to our cloud images #26

Open slaskawi opened 5 years ago

slaskawi commented 5 years ago

As discussed with @rhuss, it would be great if both certificates:

{{/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt}}
{{/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}}

were trusted by default. This will make Mutual TLS (or any TLS actually) less painful for app developers. See (1) for Keycloak example.

(1) https://github.com/jboss-dockerfiles/keycloak/pull/143/files#diff-7308745f949334054889d2bdbcd4b3e8R63

rhuss commented 5 years ago

Good point, we should add this similarly but should also make it configurable and autodetectable. Note, that these images are also used in a plain Docker context where such certs won't be mirrored into the container.

slaskawi commented 5 years ago

@rhuss I totally agree!