So if I understand you correctly I should build a custom image based on an existing sti image such as https://github.com/openshift/sti-php/blob/master/5.5/Dockerfile.rhel7
? I believe that I can add my CA if I modify the base image (base-rhel7) and rebuild.
Alternatively I can add an "ADD myca.crt /etc/pki/tls/certs/ca-bundle.crt" instruction to the above Dockerfile.
Which of the above options do you recommend? I guess the first option is more generic thus preferred.
Meanwhile I tried a simpler approach - executing /bin/bash in the openshift/php-55-centos7 image and adding the CA manually, but this failed since I was unable to get root privileges. Is it even possible to run commands as root in the sti images?
Finally I feel the best solution to this issue would be to automatically mount the CA bundle from the host for all containers (the same way the /ets/hosts and /etc/resolv.conf are mounted). This would work for me since my host machine is already configured to trust the CA.
Is this solution feasible with docker (via the options in sysconfig) or the current version of openshift?