Merge "Support proxy envs for kubeval-validator krm function"

krm-functions/kubeval-validator/Dockerfile

@@ -1,6 +1,13 @@
 ARG GO_IMAGE=gcr.io/gcp-runtimes/go1-builder:1.15
 ARG PLUGINS_RELEASE_IMAGE=alpine:3.12.0
+
 FROM ${GO_IMAGE} as function
+# Inject custom root certificate authorities if needed
+# Docker does not have a good conditional copy statement and requires that a source file exists
+# to complete the copy function without error.  Therefore the README.md file will be copied to
+# the image every time even if there are no .crt files.
+COPY ./certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
 ENV PATH "/usr/local/go/bin:$PATH"
 ENV CGO_ENABLED=0
 WORKDIR /go/src/
@@ -11,6 +18,13 @@ COPY image/main.go .
 RUN go build -v -o /usr/local/bin/config-function ./
 
 FROM ${PLUGINS_RELEASE_IMAGE} as release
+# Inject custom root certificate authorities if needed
+# Docker does not have a good conditional copy statement and requires that a source file exists
+# to complete the copy function without error.  Therefore the README.md file will be copied to
+# the image every time even if there are no .crt files.
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+COPY ./certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
 ENV PYTHONUNBUFFERED=1
 RUN echo "**** install Python ****" && \
     apk add --no-cache python3 && \

krm-functions/kubeval-validator/certs/README.md

@@ -0,0 +1,6 @@
+# Additional Docker image root certificate authorities
+If you require additional certificate authorities for your Docker image:
+* Add ASCII PEM encoded .crt files to this directory
+  * The files will be copied into your docker image at build time.
+
+To update manually copy the .crt files to /usr/local/share/ca-certificates/ and run sudo update-ca-certificates.