Updating ca-certificates in distroless docker image

Asked Aug 31 '23 at 13:50

Active Aug 31 '23 at 13:53

Viewed 16 times

How can I run update-ca-certificates (https://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html) while the docker container is running? Meaning updating /etc/ssl/certs while the docker build process and copying the updated certs to etc/ssl/certs is not an option for me. I need to be able to update the certificates while the container is running. I checked this post: Docker distroless image how to make update-ca-certificates available inside the image? but couldnt see anything concrete that could be useful.

edited Aug 31 '23 at 13:53

asked Aug 31 '23 at 13:50

Omri Shneor

Why not mount a volume where those certs are? – Daniel A. White Aug 31 '23 at 13:53
And run the update-ca-certificates inside a different docker container and share the updated result with the distroless? – Omri Shneor Aug 31 '23 at 13:54
Yes or use a multistage docker image. One with a distro, then the final one – Daniel A. White Aug 31 '23 at 14:00
But I want to be able to restart the container and then rerun the update-ca-certificates in the entrypoint of my container... can that be done with a multistage docker image? – Omri Shneor Aug 31 '23 at 14:11
1

Ideally containers should be immutable – Daniel A. White Aug 31 '23 at 15:13

0 Answers0