You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a DevTools customer,
I would like to have CA certs on my arbitrary images,
So that I can make HTTPS requests.
Solution
There are definitely several levels to this, and I see them something like as follows:
Current solution (at time of writing) which applies only to subset of OSes that either…
a. have write access to /usr/local/share/ca-certificates and access to the update-ca-certificates command, or
b. have write access to /etc/ssl/certs/ca-certificates.crt or /etc/ssl/cert.pem and use either of those by default.
Copy the manager's certs to the workers and move them to right locations when possible, or try to get applications to source them from a writable directory when not.
Test the worker's operating system, determine package manager and default cert paths, use package manager to install cert manager when possible and update certs the "correct" way when possible, falling back to level 2 when not possible.
Story
As a DevTools customer,
I would like to have CA certs on my arbitrary images,
So that I can make HTTPS requests.
Solution
There are definitely several levels to this, and I see them something like as follows:
a. have write access to
/usr/local/share/ca-certificatesand access to theupdate-ca-certificatescommand, orb. have write access to
/etc/ssl/certs/ca-certificates.crtor/etc/ssl/cert.pemand use either of those by default.I came across a nice example that completes a lot of the up front work for level 3: https://github.com/millermatt/osca.