This commit adjusts the method in which ca-certificates is installed into the startup-script image. The ca-certificates package has a dependency on OpenSSL, which unnecessarily increases the attack surface of the image, since the image's only functionality is fully contained in manage-startup-script.sh and the script makes no network connections. The package could theoretically be removed, but as a precaution, the root certificates from the ca-certificates package are copied in to the image using the same method as is used in the Cilium Operator image.
This commit adjusts the method in which
ca-certificatesis installed into the startup-script image. Theca-certificatespackage has a dependency on OpenSSL, which unnecessarily increases the attack surface of the image, since the image's only functionality is fully contained inmanage-startup-script.shand the script makes no network connections. The package could theoretically be removed, but as a precaution, the root certificates from theca-certificatespackage are copied in to the image using the same method as is used in the Cilium Operator image.