cert-injection-webhook icon indicating copy to clipboard operation
cert-injection-webhook copied to clipboard

Published 20 hours ago verified publisher icon vmware-tanzu

Injection webhook not working on RHEL based distros

Open sanchezfauste opened this issue 9 months ago • 0 comments

It seems that caCertsMountPath is hardcoded to /etc/ssl/certs: https://github.com/vmware-tanzu/cert-injection-webhook/blob/6cdee4ae0687528c453efa5c7394f32b13202313/pkg/certinjectionwebhook/admission_controller.go#L28-L29

RHEL uses diferent path /etc/pki/ca-trust/source/anchors to store trusted CAs:

This directory /etc/pki/ca-trust/source/ contains CA certificates and
trust settings in the PEM file format. The trust settings found here will be
interpreted with a high priority - higher than the ones found in
/usr/share/pki/ca-trust-source/.

=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
            list of CAs trusted on the system:

            Copy it to the
                    /etc/pki/ca-trust/source/anchors/
            subdirectory, and run the
                    update-ca-trust
            command.

            If your certificate is in the extended BEGIN TRUSTED file format,
            then place it into the main source/ directory instead.
=============================================================================

Please refer to the update-ca-trust(8) manual page for additional information.

The result is that certificates are mounted at a wrong path.

sanchezfauste avatar May 24 '24 15:05 sanchezfauste