Alpine image forgets all built-in trusted CAs #5
Description
First of all, I'd like to thank you for creating and maintaining this chart. It honestly made my work so much easier, especially combined with the reflector chart.
That being said, I've faced an interesting issue when using Alpine linux and thought It'd be best to share it here.
Description:
When adding the custom CA to an Alpine image, the SSL_CERT_FILE environment variable causes the OS to ONLY trust the custom CA and forget all built-in trusted CAs. resulting in the container trusting local servers using certs issued by the custom CA, but not trusting anything else, including apk's own repositories.
Current workaround:
What I'm doing currently is concatenating the custom CA to the built-in trusted CA file, then updating SSL_CERT_FILE.
I thought of adding the built-in ones to the custom CA file, but this is simpler because the custom CA volume is mounted as read-only.
cat /ssl/certfile.crt >> /etc/ssl/certs/ca-certificates.crt
then
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
Is there a possibility of finding a solution for this that doesn't require additional steps when using Alpine? or would that be out of scope for this tool.