/etc/ssl/cert mounted from AWS EKS returns in x509 error when trying to POST

[bjmask]

Describe the bug
/etc/ssl/cert folder mounted from host on AWS EKS

actual error: "x509: failed to load system roots and no roots provided

To Reproduce
Steps to reproduce the behavior:

1. Spin up application with SS on AWS EKS
2. Apply dummy rule to always notify

Expected behavior
/etc/ssl/certs from any host should work, removing the hostmount for /etc/ssl/certs and apt installing ca-certificates allows for a successful CURL to test the webhook integration.

[rosskusler]

@andres-de-castro On some OS distributions certain files in /etc/ssl/certs are sym-linked to files in /etc/pki/ca-trust. If you only mount /etc/ssl/certs from the host into the pod then the symlinks can break. Maybe this is the same issue you are facing. The solution for me was to mount both /etc/ssl/certs and /etc/pki/ca-trust from the host into the pods.

A better solution might be to rebuild the container image with the ca-certificates package pre-installed.

[bjmask]

Should we change the Dockerfile to build from ca-certificates ?