Skip to content

Commit 360202f

Browse files
authored
feat: change devlake secrets path for certificates (#487)
Signed-off-by: flacatus <flacatus@redhat.com>
1 parent e0ea6cd commit 360202f

1 file changed

Lines changed: 31 additions & 1 deletion

File tree

components/konflux-devlake/internal-staging/helm-values.yaml

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,18 +53,48 @@ lake:
5353
DB_URL: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_SERVER):$(MYSQL_PORT)/$(MYSQL_DATABASE)?charset=$(DB_CHARSET)&parseTime=$(DB_PARSE_TIME)&loc=$(DB_LOCATION)&tls=true"
5454
# Go's crypto/x509 on Debian reads /etc/ssl/certs/ by default, not
5555
# /etc/pki/ where OpenShift mounts the trusted CA ConfigMap.
56-
SSL_CERT_FILE: "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
56+
SSL_CERT_FILE: "/etc/ssl/combined/ca-bundle.crt"
57+
initContainers:
58+
- name: build-ca-bundle
59+
image: quay.io/konflux-ci/konflux-devprod/devlake-backend
60+
command:
61+
- sh
62+
- -c
63+
- cat /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/ssl/rds/rds-ca-bundle.pem > /etc/ssl/combined/ca-bundle.crt
64+
volumeMounts:
65+
- name: trusted-ca
66+
mountPath: /etc/pki/ca-trust/extracted/pem
67+
readOnly: true
68+
- name: rds-ca
69+
mountPath: /etc/ssl/rds
70+
readOnly: true
71+
- name: combined-ca
72+
mountPath: /etc/ssl/combined
5773
volumes:
5874
- name: trusted-ca
5975
configMap:
6076
name: trusted-ca
6177
items:
6278
- key: ca-bundle.crt
6379
path: tls-ca-bundle.pem
80+
- name: rds-ca
81+
secret:
82+
secretName: konflux-devlake-secrets
83+
items:
84+
- key: AWS_RDS_CRTS
85+
path: rds-ca-bundle.pem
86+
- name: combined-ca
87+
emptyDir: {}
6488
volumeMounts:
6589
- name: trusted-ca
6690
mountPath: /etc/pki/ca-trust/extracted/pem
6791
readOnly: true
92+
- name: rds-ca
93+
mountPath: /etc/ssl/rds
94+
readOnly: true
95+
- name: combined-ca
96+
mountPath: /etc/ssl/combined
97+
readOnly: true
6898
extraEnvsFromSecret: konflux-devlake-secrets
6999

70100
mysql:

0 commit comments

Comments
 (0)