missing possibility to add CA certs to brig and galley pods

[orandev]

Hello,
I want to add a bot to my platform. The bot is hosted behind an https URL with a certificate generated by an internal CA.
I cannot add the bot in the conversation (PinInvalidCert error)
After debugging, it's because brig and galley pods only accepts bot URLs with self-signed certs or certs generated by a trusted CA.
I was able to install our internal CA cert on the pods like this:
vi /usr/local/share/ca-certificates/internal_ca.crt
paste the crt content
update-ca-certificates
But it's a bit complicated to do that on each pod recreation.
Could you modify brig and galley charts so that we can specify somewhere one or multiple internal CA crt files?
Maybe method3 from this URL: https://medium.com/@paraspatidar/add-self-signed-or-ca-root-certificate-in-kubernetes-pod-ca-root-certificate-store-cb7863cb3f87

[lucendio]

Hi,

method 3 is a valid approach. But, If you can't wait for this to land (not on the roadmap yet), you might want to take a look into the Docker option. You can build the necessary images yourself.:

1. create a new Dockerfiles, that uses the official ones from quay.io as base images
2. copy the certs into the right place
3. publish those images to a registry that is accessible from the k8s cluster
4. override the image refs in the wire-server helm values

[orandev]

Ok thanks, I'll look into that.