Debian based CA updater
Who wan’t to import private authority certificates into their application while most http client libraries inherit from the system’s trust store? Just use update-ca-certificates to populate a common certs volume with anything you mount on /usr/local/share/ca-certificates
apiVersion: batch/v1
kind: Job
spec:
template:
spec:
initContainers:
- name: update-certs
securityContext:
runAsUser: 0 # only need root to update certs
image: some_debian_based_image:0.6.4
command: ['/bin/sh', '-c']
args:
[
'update-ca-certificates; cp -r /etc/ssl/certs/* /etc/ssl/certs_pod/',
]
volumeMounts:
- name: certs
mountPath: /etc/ssl/certs_pod
- name: elastic-http-certs-public
readOnly: true
mountPath: /usr/local/share/ca-certificates/some.crt
subPath: ca.pem
containers:
- name: eteel-job
image: some_debian_based_image:0.6.4
volumeMounts:
- name: certs
mountPath: '/etc/ssl/certs'