Merge "Add certificate injection support to images"

Dockerfile

@@ -5,6 +5,14 @@ FROM gcr.io/gcp-runtimes/go1-builder:1.13 as builder
 
 ENV PATH "/usr/local/go/bin:$PATH"
 
+# Inject custom root certificate authorities if needed.
+# Docker does not have a good conditional copy statement and requires that a
+# source file exists to complete the copy function without error. Therefore, the
+# README.md file will be copied to the image every time even if there are no
+# .crt files.
+COPY ./certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod

certs/README.md

@@ -0,0 +1,8 @@
+# Additional Docker image root certificate authorities
+
+If you require additional certificate authorities for your Docker image:
+* Add ASCII PEM encoded .crt files to this directory
+  * The files will be copied into your docker image at build time.
+
+To update manually copy the `.crt` files to `/usr/local/share/ca-certificates/`
+and run `sudo update-ca-certificates`.

images/jump-host/Dockerfile

@@ -1,9 +1,18 @@
 ARG BASE_IMAGE=gcr.io/google-appengine/python
 FROM ${BASE_IMAGE}
 
+# Inject custom root certificate authorities if needed.
+# Docker does not have a good conditional copy statement and requires that a
+# source file exists to complete the copy function without error. Therefore, the
+# README.md file will be copied to the image every time even if there are no
+# .crt files.
+COPY ./certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 RUN apt-get update
 RUN apt-get install -y --no-install-recommends jq
 
+RUN pip3 config set global.cert /etc/ssl/certs/ca-certificates.crt
 RUN pip3 install requests python-dateutil redfishtool
 
 CMD ["/bin/bash"]