kitchen: Use Certifi TLS CA bundle for OpenSSL
The MQTT client needs a trusted root CA bundle, which is not available in the container image used by the *kitchen* server (it's based on *pythonctnr* which literally *only* includes Python). Fortunately, as it uses OpenSSL under the hood, we can configure it to use the bundle included with the *certifi* Python package via an environment variable.
This commit is contained in:
@@ -38,6 +38,8 @@ spec:
|
|||||||
env:
|
env:
|
||||||
- name: TZ
|
- name: TZ
|
||||||
value: America/Chicago
|
value: America/Chicago
|
||||||
|
- name: SSL_CERT_FILE
|
||||||
|
value: /usr/lib/python3.10/site-packages/certifi/cacert.pem
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8000
|
- containerPort: 8000
|
||||||
|
|||||||
Reference in New Issue
Block a user