Unable to start SRS service with external elasticsearch: unable to find valid certification path to requested target

[dekke046]

Describe the bug Using an external (company managed) ElasticSearch cluster throws a certificte error, this is due to the private CA which is being used within the company. The backingservices SRS helm chart does not provide an option to use a custom cacerts file.

To Reproduce Simple try connect to an external ElasticSearch cluster with a self-signed certificate

Expected behavior Having an option to specify a custom cacerts file, for example logstash has an option to use your own cacert file in the config:

  elasticsearch {
    hosts => "https://xxxx:9200"
    api_key => "xxxx:xxxx"
    data_stream => true
    ssl => true
    cacert => "/path/to/http_ca.crt" 
  }

Chart version What version of the charts are you using? 3.17.0

Have you made any customizations? Yes, unfortunately the values.yaml does not work very well in combination with OpenShift and the security policies which are configured as per company guidelines:

          runAsNonRoot: true
          allowPrivilegeEscalation: false
          capabilities:
            drop:
              - ALL
          seccompProfile:
            type: RuntimeDefault

Server (if applicable, please complete the following information): OpenShift kubernetes cluster, v1.25.16+9946c63

Additional context