Add the configmap on all pod via mutatingWebhookConfiguration

[sebglon]

De you plan to provide a mutatingWebhookConfiguration to add the generated configmap on all pods in a target namespaces?

This can help us to deploy the bundle like the kube-root-ca.crtconfigmap.

[SgtCoDFish]

I wouldn't say we're "planning" to implement this, since we're still working on laying the groundwork for trust-manager and ensuring that generating the bundles is absolutely rock-solid.

After we've got generation sorted, then comes using the bundles brilliantly and this would fit into that category.

This it definitely seems to make sense and you're not the only person to raise it. We'll keep it in mind!

[lknite]

I was thinking to write an operator for just this use case. Happy to have discovered trust-manager.

Thing is, the location where the cabundle should be placed or imported from can be different... an operator could really make things easier by figuring out the location at least as well as a human could by either mounting in several locations, somehow inspecting the pod to figure out where to mount things, having a look up technique to acquire the source image and mapping its ca-bundle location...

Maybe it would be appropriate to allow a label on the namespace to indicate to trust-manager which or if all pods in the namespace should have the ca-bundle mounted.