diff --git a/.dockerignore b/.dockerignore
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/Dockerfile b/Dockerfile
index 9be1fcb8639..a46ab26137a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,9 +12,8 @@ RUN INSTALL_PKGS=" \
     yum install -y --setopt=skip_missing_names_on_install=False $INSTALL_PKGS && \
     yum clean all
 COPY --from=builder /go/src/github.com/openshift/builder/openshift-builder /usr/bin/
-COPY imagecontent/policy.json /etc/containers/
-COPY imagecontent/registries.conf /etc/containers/
-COPY imagecontent/storage.conf /etc/containers/
+COPY imagecontent/bin /usr/bin
+COPY imagecontent/etc/containers /etc/containers
 RUN mkdir -p /var/cache/blobs \
     /var/lib/shared/overlay-images \
     /var/lib/shared/overlay-layers && \
@@ -29,3 +28,4 @@ RUN ln -s /usr/bin/openshift-builder /usr/bin/openshift-sti-build && \
 LABEL io.k8s.display-name="OpenShift Builder" \
       io.k8s.description="This is a component of OpenShift and is responsible for executing image builds." \
       io.openshift.tags="openshift,builder"
+ENTRYPOINT [ "/usr/bin/entrypoint.sh" ]
diff --git a/Dockerfile-dev b/Dockerfile-dev
index 0bb83b74b02..bdb462d74b1 100644
--- a/Dockerfile-dev
+++ b/Dockerfile-dev
@@ -10,10 +10,8 @@ RUN INSTALL_PKGS=" \
       " && \
     yum install -y --setopt=skip_missing_names_on_install=False ${INSTALL_PKGS} && \
     yum clean all
-
-COPY imagecontent/policy.json /etc/containers/
-COPY imagecontent/registries.conf /etc/containers/
-COPY imagecontent/storage.conf /etc/containers/
+COPY imagecontent/bin /usr/bin
+COPY imagecontent/etc/containers /etc/containers
 RUN mkdir -p /var/cache/blobs \
     /var/lib/shared/overlay-images \
     /var/lib/shared/overlay-layers && \
@@ -26,3 +24,4 @@ RUN ln -s /usr/bin/openshift-builder /usr/bin/openshift-sti-build && \
     ln -s /usr/bin/openshift-builder /usr/bin/openshift-git-clone && \
     ln -s /usr/bin/openshift-builder /usr/bin/openshift-manage-dockerfile && \
     ln -s /usr/bin/openshift-builder /usr/bin/openshift-extract-image-content
+ENTRYPOINT [ "/usr/bin/entrypoint.sh" ]
\ No newline at end of file
diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7
index fa57b4142c6..d35e5079413 100644
--- a/Dockerfile.rhel7
+++ b/Dockerfile.rhel7
@@ -12,9 +12,8 @@ RUN INSTALL_PKGS=" \
     yum install -y --setopt=skip_missing_names_on_install=False $INSTALL_PKGS && \
     yum clean all
 COPY --from=builder /go/src/github.com/openshift/builder/openshift-builder /usr/bin/
-COPY imagecontent/policy.json /etc/containers/
-COPY imagecontent/registries.conf /etc/containers/
-COPY imagecontent/storage.conf /etc/containers/
+COPY imagecontent/bin /usr/bin
+COPY imagecontent/etc/containers /etc/containers
 RUN mkdir -p /var/cache/blobs \
     /var/lib/shared/overlay-images \
     /var/lib/shared/overlay-layers && \
@@ -29,3 +28,4 @@ RUN ln -s /usr/bin/openshift-builder /usr/bin/openshift-sti-build && \
 LABEL io.k8s.display-name="OpenShift Builder" \
       io.k8s.description="This is a component of OpenShift and is responsible for executing image builds." \
       io.openshift.tags="openshift,builder"
+ENTRYPOINT [ "/usr/bin/entrypoint.sh" ]
diff --git a/imagecontent/bin/entrypoint.sh b/imagecontent/bin/entrypoint.sh
new file mode 100755
index 00000000000..275ff32a23f
--- /dev/null
+++ b/imagecontent/bin/entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+clusterCA="/var/run/configs/openshift.io/pki/tls-ca-bundle.pem"
+
+if [ -e "$clusterCA" ]; then
+    echo "Adding cluster TLS certificate authority to trust store"
+    cp -f "$clusterCA" /etc/pki/ca-trust/source/anchors/cluster-ca-bundle.pem
+    update-ca-trust extract
+fi
+
+exec "$@"
diff --git a/imagecontent/etc/containers/mounts.conf b/imagecontent/etc/containers/mounts.conf
new file mode 100644
index 00000000000..0183687bf81
--- /dev/null
+++ b/imagecontent/etc/containers/mounts.conf
@@ -0,0 +1,2 @@
+/run/secrets:/run/secrets
+/etc/pki/ca-trust:/etc/pki/ca-trust
diff --git a/imagecontent/policy.json b/imagecontent/etc/containers/policy.json
similarity index 100%
rename from imagecontent/policy.json
rename to imagecontent/etc/containers/policy.json
diff --git a/imagecontent/registries.conf b/imagecontent/etc/containers/registries.conf
similarity index 100%
rename from imagecontent/registries.conf
rename to imagecontent/etc/containers/registries.conf
diff --git a/imagecontent/storage.conf b/imagecontent/etc/containers/storage.conf
similarity index 100%
rename from imagecontent/storage.conf
rename to imagecontent/etc/containers/storage.conf