Doesn't distroless bring in a lot of complexity when you need something as simple as ca-certificates?
IMO Distroless or even scratch is nice for statically complied binaries or self contained deployments, but if there's a dependency on user space then it becomes complex.
You can copy the CA bundle in the last step of the image build (along with the required libs and their assets/dependencies), or am I missing something?
The result is images the same size as Alpine, or smaller, without the incompatibilities. I think Alpine is a dead end.