We have airflow hosted on OCP and we running dags to upload data to azure from dags so from OCP we need connection to azure. We opened proxy connection from company domain and now we need to migrate to 8085 proxy which requires SSL interception and hence require company trust certificate.
I added certificate bundle to secret and mounted as drive and able to see certificate, also tried with config map and able to mount it. But for proxy to pick it needs to be in "/etc/pki/ca-trust/" or "/usr/share/pki/ca-trust-source/".
I added lifecycle command to copy from mount to those location but seems permission is denied. I tried to run copy command in pod terminal but yes its giving error.
Following research it seems that image becomes readonly. and sudo is not working nor chown to get directory access.
Without root access it seems not possible to copy to those location. Only option looks building newer image with certificate bundle copied already to it.
Let me know if there is any other option