[nullify88]

Doesn't distroless bring in a lot of complexity when you need something as simple as ca-certificates?

IMO Distroless or even scratch is nice for statically complied binaries or self contained deployments, but if there's a dependency on user space then it becomes complex.

[pas]

You can copy the CA bundle in the last step of the image build (along with the required libs and their assets/dependencies), or am I missing something?