From b3dd9796ff83669e1d6e321edab2f060bd37ae95 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Tue, 12 Nov 2024 19:16:12 +0100
Subject: [PATCH] Fix the mountpath for the trusted bundles

In the imperative framework. The `fetch-ca` initcontainer will fetch all
the needed CAs and write them to the `/tmp/ca-bundles/ca-bundle.crt`
file which is mounted to a local path called `ca-bundles`

Just like in the git-init initcontainer we need to bindmount that
`ca-bundles` volume and mount it to `/etc/pki/tls/certs` so that
all those certs are actually used by any ssl using tool running
in the imperative container.

Tested and now any ansible.builtin.uri call pointing to a local gitea
route works without the `validate_certs: false` parameter.
---
 templates/imperative/_helpers.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/imperative/_helpers.tpl b/templates/imperative/_helpers.tpl
index 88538f8..ce5bdef 100644
--- a/templates/imperative/_helpers.tpl
+++ b/templates/imperative/_helpers.tpl
@@ -99,7 +99,7 @@
   name: trusted-ca-bundle
 - mountPath: /var/run/trusted-hub
   name: trusted-hub-bundle
-- mountPath: /tmp/ca-bundles
+- mountPath: /etc/pki/tls/certs
   name: ca-bundles
 {{- end }}