Add init script to download extra ca certs

config_app/config_util/config/TransientDirectoryProvider.py

@@ -44,6 +44,10 @@ class TransientDirectoryProvider(FileConfigProvider):
   def save_configuration_to_kubernetes(self):
     data = {}
 
+    # Kubernetes secrets don't have sub-directories, so for the extra_ca_certs dir
+    # we have to put the extra certs in with a prefix, and then one of our init scripts
+    # (02_get_kube_certs.sh) will expand the prefixed certs into the equivalent directory
+    # so that they'll be installed correctly on startup by the certs_install script
     certs_dir = os.path.join(self.config_volume, EXTRA_CA_DIRECTORY)
     if os.path.exists(certs_dir):
       for extra_cert in os.listdir(certs_dir):