[Suggestion] Support selfsigned certificate when lifecycle is launched as a pod

[cmoulliard]

Description

When the lifecycle is launched as a pod, the following error is reported during the ANALYZING phase as the go-containerregistry tries to access a secured docker registry which is not running within the kubernetes cluster and where the certificate has been signed by an unknow authority

...
4 of 11 buildpacks participating
paketo-buildpacks/ca-certificates 3.6.1
paketo-buildpacks/node-engine     1.5.0
paketo-buildpacks/npm-install     1.1.0
paketo-buildpacks/node-start      1.0.7
===> ANALYZING
Warning: Platform requested deprecated API '0.4'
ERROR: failed to initialize analyzer: getting previous image: connect to repo store "kind-registry.local:5000/snowdrop/sample-nodejs:latest": Get "https://kind-registr
y.local:5000/v2/": x509: certificate signed by unknown authority; Get "http://kind-registry.local:5000/v2/": net/http: HTTP/1.x transport connection broken: malformed
HTTP response "\x15\x03\x01\x00\x02\x02"

Proposed solution

Lifecycle should expose additional variables able to configure how it will communicate as client with the container registry:

SECURE_REGISTRY: true/false
REGISTRY_USERNAME: key mounted from a secret
REGISTRY_PASSOWRD: key mounted from a secret
REGISTRY_CA_CERTIFICATE: path to access the certificate mounted as volume

Additional context

go-container and x.509 unknow certificate authority issue: https://github.com/google/go-containerregistry/issues?q=is%3Aissue+x509%3A+certificate+signed+by+unknown+authority

[cmoulliard]

Temporary workaround is to set as ENV VAR SSL_CERT_DIR - https://github.com/redhat-buildpacks/testing/commit/87c186fa58588e48525268e79e19154cdcb579df#diff-a37dde4de2485edb113484a3c30e42bf483b3dd03c055c6b12e3e52e63366de3L57

[natalieparellano]

Not exactly the same but related: https://github.com/buildpacks/lifecycle/issues/524

[yodatak]

We go the same problem at work with enterprise signed certificates