Inject oci_registry_extra_ca_certs into get-openstack-images job
What does this MR do and why?
Inject oci_registry_extra_ca_certs
into get-openstack-images
in order to get ride of insecure donwload mode
Use Kustomize component to do following action if .Values.oci_registry_extra_ca_certs
is set:
- add extra-ca-certs secret in namespace
- patch get-openstack-images job to mount extra-ca-certs secrets in pod volumes
- patch get-openstack-images job to add the environment variable REQUESTS_CA_BUNDLE which points to cert file
Python script uses requests module which supports REQUESTS_CA_BUNDLE to specify custom CA certs file.
A small change in python script to add logs if TLS mode is secure or insecure
Related reference(s)
closes #888
Test coverage
Edited by Alexandre Seitz