I am very new to Kubernetes and am working with an eks cluster. I am trying to pull images and I have added a cert to /etc/docker/certs.d/<registry-name>/ and I am able to pull fine after logging in. However when I create a deployment to deploy apps to my pods, it seems like I have to manually ssh into my EKS nodes and copy over the cert. Otherwise, I am left with a x509 Certificate error. Additionally, if I terminate a node and new nodes are created, those new nodes obviously don't have the cert anymore in which I have to copy over the cert again. Is there a way to configure a secret or configmap so that new nodes will automatically have this cert. I know you can add a mount to a configmap, but it seems like this only works for pods.
Also, what is the best way I can replace these certs for cases where the certs expire (i.e. pulling images from ECR)?
You can use the secret to pull the docker and storing the cert in Kubernetes level but yes you are right it will work with POD. There is no way you can manage or inject at the node level.
The only option you are left with to create the custom AMI and use that for creating the nodes inside the EKS node so by default you will be having that cert into the Node if scale up or down.
https://aws.amazon.com/premiumsupport/knowledge-center/eks-custom-linux-ami/