K8S Runner CA bundle for git clone?

I don’t want to use skip_verify: true in all my pipelines for git clone so I need a way to provide a custom CA bundle to the container running git clone.

After reviewing the documentation for the Kubernetes Runner I think the environment variable DRONE_RUNNER_DEVICES might be what I am looking for, however the documentation seems incomplete? The documentation only says that the given devices will be mounted into every pipeline step, but how do I define the mount path for each device? The example value of DRONE_RUNNER_DEVICES is just /dev/sdb with no mount path.

I’m also trying to find a way to mount my self-signed CAs to all containers that are launched by my Kubernetes runner (for git and internal container registries).

Right now, the only way I can see is to build each Docker image myself with the certificates embedded.

Please reply if you find out how to do this.