feat: allow setting and using NODE_EXTRA_CA_CERTS

Currently users can provide certificate files to be used to validate the TLS connection when pulling images from private container registries. However, these certificates are not used when doing HTTP requests to Kubernetes Upstream - the certs are used only for contacting the container registries.

If users provide a CA certificate under a configurable path (by default /srv/app/certs/ca.pem) then we can now use this cert to validate the chain of certs in the TLS connection to Kubernetes Upstream.

Author: ivanstanev

snyk-monitor/templates/deployment.yaml

@@ -59,6 +59,8 @@ spec:
           - name: registries-conf
             mountPath: "/srv/app/.config/containers"
           env:
+          - name: NODE_EXTRA_CA_CERTS
+            value: {{ .Values.extraCaCerts }}
           - name: SNYK_INTEGRATION_ID
             valueFrom:
               secretKeyRef:

snyk-monitor/values.yaml

@@ -66,6 +66,8 @@ envs:
   - name: NODE_OPTIONS
     value: --max_old_space_size=2048
 
+extraCaCerts: /srv/app/certs/ca.pem
+
 # CPU/Mem requests and limits for snyk-monitor
 requests:
   cpu: '250m'