When working with internal container deployments, there are many cases, where applications need to access an internal HTTPS service. If these services use internal certificates from an internal certificate authority (CA), the client (container/pod) needs to trust the certificate chain including the Sub/Issuing CA certificate and the Root CA certificate.
These certificates have to be added to the trusted ROOT CA store, which should not be done at runtime (hence not with a sidecar container or similar constructs). The solution to this problem would be to add them at build time. We will discover how this process can be simplified and automated by using Azure Container Registry (ACR) tasks.