SSL filtering is off on the proxy. The proxy env vars were causing
Docker login failures (proxy intercepting Harbor auth) and pip hash
mismatches (proxy caching stale packages). Keep only the CA cert
mount for any remaining TLS needs.
The Kyverno policy injected HTTP_PROXY into build pods but NO_PROXY
was missing .celestium.life. Docker login to registry.celestium.life
was going through the Squid proxy which does SSL interception,
causing auth failures.
Celes Renata