Recommended method to add ca certs to taiga-back image?

[lknite]

Using openid with an onprep keycloak requires adding the public certificates of the certificate authority to the taiga-back image.

Currently I'm doing this after taiga is setup by:

1. copy ca-chain.crt into the container
2. cat "ca-chain.crt" >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem

However, I'm using kubernetes which may decide to restart the pod at any time, such as if the node the pod is running on crashes. At this point taiga wouldn't work anymore without manually running the steps above. Do you have a recommended technique to add the certs to the taiga-back container?

If not, maybe the technique could be to mount a volume and a check could exist at startup that if the volume exists the container could import the files via the command in step 2, ... open to ideas.

[lknite]

Capturing a manual solution for other kubernetes folks:

        volumeMounts:
        - mountPath: /tmp/ca
          name: certs
      volumes:
      - name: certs
        configMap:
          name: ca-certs
          items:
          - key: "ca.crt"
            path: "cacert.pem"

        lifecycle:
          postStart:
            exec:
             command:
             - /bin/sh
             - -c
             - "cat /tmp/ca/cacert.pem >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem"