Allow ability to pass in root ca in the provider config #6

[crd-n]

Summary

As a kubernetes engineer
I want to configure a self-signed root ca cert to be trusted
So that I can use the minio provider for our internal minio instance which is running under a self-signed cert

Context

When I create a bucket I get the error:
observe failed: cannot determine whether bucket exists: Get "https://xyz.local/bucket-local-dev/?location=": tls: failed to verify certificate: x509: certificate signed by unknown authority

Out of Scope

No response

Further links

No response

Acceptance Criteria

A self-singed ca cert can be added and trusted, so the bucket creation on a minio instance running with a self-signed cert works

Implementation Ideas

No response

[KarlisAG]

Hello, I know this doesn't necessarily fixes the issues, but I faced a similar issue in a network, where self-signed certificates were used. A workaround was found, where you can edit the DeploymentRuntimeConfig to mount the certificate as a volume.

apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
  name: minio
spec:
  deploymentTemplate:
    spec:
      selector: {}
      template:
        spec:     
          containers:
            - name: package-runtime
              volumeMounts:
                - name: ca-certs
                  mountPath: /etc/ssl/certs
          volumes:
            - name: ca-certs
              secret:
                secretName: <secretName>
                items:
                  - key: caFile
                    path: ca-certificates.crt

Albeit, this will also wipe any other files in /etc/ssl/certs, so maybe a better mounting option needs to be looked at, if this is not acceptable.

But I assume providerConfig could be extented to mount it, not sure if that is a common and good practice though.

[crd-n]

Thank you @KarlisAG. This is working as a workaround.