Skip to content

Commit

Permalink
Fix the mountpath for the trusted bundles
Browse files Browse the repository at this point in the history 
In the imperative framework. The `fetch-ca` initcontainer will fetch all
the needed CAs and write them to the `/tmp/ca-bundles/ca-bundle.crt`
file which is mounted to a local path called `ca-bundles`

Just like in the git-init initcontainer we need to bindmount that
`ca-bundles` volume and mount it to `/etc/pki/tls/certs` so that
all those certs are actually used by any ssl using tool running
in the imperative container.

Tested and now any ansible.builtin.uri call pointing to a local gitea
route works without the `validate_certs: false` parameter.
  • Loading branch information
@mbaldessari
mbaldessari committed Nov 12, 2024
1 parent 270abf2 commit b3dd979
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion templates/imperative/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@
name: trusted-ca-bundle
- mountPath: /var/run/trusted-hub
name: trusted-hub-bundle
- mountPath: /tmp/ca-bundles
- mountPath: /etc/pki/tls/certs
name: ca-bundles
{{- end }}

Expand Down

0 comments on commit b3dd979

Please sign in to comment.