Support internal root CA
When customers are deploying with BYO certificates (instead of LetsEncrypt), they may want to bring certs based on an internal root CA (e.g. enterprises). We'll need to support adding the root CA all the places.
- What are those places? Probably everywhere to be safe?
- How does it get added? Init container from a common configmap? post-start hook? entrypoint script?