merge system cert pool with own certs (#2226)

pkg/acquisition/modules/kafka/kafka.go

@@ -214,7 +214,13 @@ func (kc *KafkaConfiguration) NewTLSConfig() (*tls.Config, error) {
 	if err != nil {
 		return &tlsConfig, err
 	}
-	caCertPool := x509.NewCertPool()
+	caCertPool, err := x509.SystemCertPool()
+	if err != nil {
+		return &tlsConfig, fmt.Errorf("unable to load system CA certificates: %w", err)
+	}
+	if caCertPool == nil {
+		caCertPool = x509.NewCertPool()
+	}
 	caCertPool.AppendCertsFromPEM(caCert)
 	tlsConfig.RootCAs = caCertPool
 

pkg/apiserver/apiserver.go

@@ -313,7 +313,13 @@ func (s *APIServer) GetTLSConfig() (*tls.Config, error) {
 			if err != nil {
 				return nil, errors.Wrap(err, "Error opening cert file")
 			}
-			caCertPool = x509.NewCertPool()
+			caCertPool, err = x509.SystemCertPool()
+			if err != nil {
+				log.Warnf("Error loading system CA certificates: %s", err)
+			}
+			if caCertPool == nil {
+				caCertPool = x509.NewCertPool()
+			}
 			caCertPool.AppendCertsFromPEM(caCert)
 		}
 	}

pkg/csconfig/api.go

@@ -133,7 +133,13 @@ func (l *LocalApiClientCfg) Load() error {
 			return errors.Wrapf(err, "failed to load cacert")
 		}
 
-		caCertPool := x509.NewCertPool()
+		caCertPool, err := x509.SystemCertPool()
+		if err != nil {
+			log.Warningf("Error loading system CA certificates: %s", err)
+		}
+		if caCertPool == nil {
+			caCertPool = x509.NewCertPool()
+		}
 		caCertPool.AppendCertsFromPEM(caCert)
 		apiclient.CaCertPool = caCertPool
 	}