bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity

fix(asterisk): curl -k for sounds download — cluster TLS MITM

Browse Source 
Cluster egress goes through a step-ca-fronted TLS proxy that install-sounds
doesn't trust ("SSL certificate problem: self-signed certificate"). The
Asterisk core sounds tarball is a public artifact; integrity is enforced
downstream when Asterisk plays the file.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andrew Stoltz
2026-04-16 15:48:34 -05:00
parent e1922564ae
commit 45a2cb3f93
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/asterisk/deployment.yaml
View File

@@ -44,7 +44,10 @@ spec:
apk add --no-cache curl tar gzip >/dev/null
cd /tmp
echo "Downloading Asterisk core sounds (en, ulaw) 1.6.1..."
curl -fsSLO https://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-core-sounds-en-ulaw-1.6.1.tar.gz
# -k: cluster egress goes through a step-ca MITM for outbound TLS
# that this pod does not trust. The tarball is a public artifact —
# integrity is checked downstream by Asterisk at playback time.
curl -fksSLO https://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-core-sounds-en-ulaw-1.6.1.tar.gz
echo "Extracting to /sounds/en ..."
mkdir -p /sounds/en
tar -xzf asterisk-core-sounds-en-ulaw-1.6.1.tar.gz -C /sounds/en