Inject oci_registry_extra_ca_certs into get-openstack-images job (!2312) · Merge requests · Sylva-projects / sylva-core

What does this MR do and why?

Inject oci_registry_extra_ca_certs into get-openstack-imagesin order to get ride of insecure donwload mode

Use Kustomize component to do following action if .Values.oci_registry_extra_ca_certs is set:

add extra-ca-certs secret in namespace
patch get-openstack-images job to mount extra-ca-certs secrets in pod volumes
patch get-openstack-images job to add the environment variable REQUESTS_CA_BUNDLE which points to cert file

Python script uses requests module which supports REQUESTS_CA_BUNDLE to specify custom CA certs file.

A small change in python script to add logs if TLS mode is secure or insecure

closes #888

Edited May 24, 2024 by Alexandre Seitz