diff --git a/lib/container_orchestrator/object_definition.rb b/lib/container_orchestrator/object_definition.rb
index 29e35ae6dd3..1811318cb02 100644
--- a/lib/container_orchestrator/object_definition.rb
+++ b/lib/container_orchestrator/object_definition.rb
@@ -111,6 +111,25 @@ def deployment_definition(name)
             ],
           }
         }
+      else
+        deployment[:spec][:template][:spec][:containers][0][:volumeMounts] ||= []
+        deployment[:spec][:template][:spec][:containers][0][:volumeMounts] << {
+          :mountPath => "/etc/pki/ca-trust/source/anchors",
+          :name      => "messaging-certificate",
+          :readOnly  => true,
+        }
+
+        deployment[:spec][:template][:spec][:volumes] ||= []
+        deployment[:spec][:template][:spec][:volumes] << {
+          :name   => "messaging-certificate",
+          :secret => {
+            :secretName => "manageiq-cluster-ca-cert",
+            :items      => [
+              :key  => "ca.crt",
+              :path => "ca.crt",
+            ],
+          }
+        }
       end
 
       deployment
diff --git a/spec/lib/container_orchestrator_spec.rb b/spec/lib/container_orchestrator_spec.rb
index 48c046becb7..4ef9d7fd3a5 100644
--- a/spec/lib/container_orchestrator_spec.rb
+++ b/spec/lib/container_orchestrator_spec.rb
@@ -139,8 +139,8 @@
 
       deployment_definition = subject.send(:deployment_definition, "test")
 
-      expect(deployment_definition.fetch_path(:spec, :template, :spec, :containers, 0, :volumeMounts).length).to eq(2)
-      expect(deployment_definition.fetch_path(:spec, :template, :spec, :volumes).length).to eq(2)
+      expect(deployment_definition.fetch_path(:spec, :template, :spec, :containers, 0, :volumeMounts).length).to eq(3)
+      expect(deployment_definition.fetch_path(:spec, :template, :spec, :volumes).length).to eq(3)
     end
 
     it "mounts the database root certificate" do