From 990204b2cfee549bfda1231cdd4f06b9de1d4c29 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 22 Jan 2024 16:57:38 -0600
Subject: [PATCH] kitchen: Use Certifi TLS CA bundle for OpenSSL

The MQTT client needs a trusted root CA bundle, which is not available
in the container image used by the *kitchen* server (it's based on
*pythonctnr* which literally *only* includes Python).  Fortunately, as
it uses OpenSSL under the hood, we can configure it to use the bundle
included with the *certifi* Python package via an environment variable.
---
 kitchen/kitchen.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kitchen/kitchen.yaml b/kitchen/kitchen.yaml
index 6e30e59..d238f5f 100644
--- a/kitchen/kitchen.yaml
+++ b/kitchen/kitchen.yaml
@@ -38,6 +38,8 @@ spec:
         env:
         - name: TZ
           value: America/Chicago
+        - name: SSL_CERT_FILE
+          value: /usr/lib/python3.10/site-packages/certifi/cacert.pem
         imagePullPolicy: Always
         ports:
         - containerPort: 8000