)
How to add another root-certificate to this file /var/run/secrets/kubernetes.io/serviceaccount/ca.crt (in pod fs) that signed the kubernetes root-certificate ?
That is, there should always be two certificates when mounting the Pod.
Thank you.
There a multiple ways to do this.
Use Init-Containers - Init containers run before your actually containers start. You can use this to Place a file (e.g. a certificate) inside your "real" container using a emptyDir-Volume. I would prefer this method. Many kubernetes applications that can be installed using helm support this out of the box.
Share your certs across all your nodes and mount them into the containers. This method is only feasible if you have full control over your nodes (e.g. When you use an On-Premise installation).
Add the certificates at build time. But you could only do this if the software that needs your certificates is built by yourself.