Installing root certificate in Loome Azure Container Instance (ACI)

What Happened?

Issue:

Loome Agent ACI was not able to communicate to external endpoints secured by a private SSL certificate.

Impact:

Loome Agent ACI will fail to connect to services.

Root Cause:

The Loome Agent ACI does not trust the SSL/TLS certificate presented by the target service because the required root certificate (from an internal or self-signed certificate authority) is not installed in the container’s trusted certificate store.

How can you fix it?

Resolution

You will first need to upload your certificate into the File Share of the Azure Storage that is attached to your Loome Agent ACI. Assuming that you upload the certificate to the root of the File Share of the attached Azure Storage (/aci/external). After that, you will need to redeploy the ACI adding a command line.

--command-line "/bin/bash -c 'cp /aci/external/my-certificate.crt /usr/local/share/ca-certificates/ && update-ca-certificates && tail -f /dev/null'"

The Azure CLI command will look like this: azure-cli

Note: If you have a YAML file for your ACI, you can add a command to the YAML that will install the certificate from the Azure Storage and then run the Loome Agent within the ACI. This will ensure that your ACI will always install the certificate before starting the Loome Agent.

yaml