Skip to content

Commit 600ed56

Browse files
authored
feat: mount RDS certificates in devlake (#489)
Signed-off-by: flacatus <flacatus@redhat.com>
1 parent 360202f commit 600ed56

1 file changed

Lines changed: 1 addition & 25 deletions

File tree

components/konflux-devlake/internal-staging/helm-values.yaml

Lines changed: 1 addition & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -50,26 +50,7 @@ lake:
5050
GITHUB_GRAPHQL_JOB_COLLECTION_MODE: "PAGINATING"
5151
GITHUB_GRAPHQL_JOB_PAGINATING_PAGE_SIZE: "100"
5252

53-
DB_URL: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_SERVER):$(MYSQL_PORT)/$(MYSQL_DATABASE)?charset=$(DB_CHARSET)&parseTime=$(DB_PARSE_TIME)&loc=$(DB_LOCATION)&tls=true"
54-
# Go's crypto/x509 on Debian reads /etc/ssl/certs/ by default, not
55-
# /etc/pki/ where OpenShift mounts the trusted CA ConfigMap.
56-
SSL_CERT_FILE: "/etc/ssl/combined/ca-bundle.crt"
57-
initContainers:
58-
- name: build-ca-bundle
59-
image: quay.io/konflux-ci/konflux-devprod/devlake-backend
60-
command:
61-
- sh
62-
- -c
63-
- cat /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/ssl/rds/rds-ca-bundle.pem > /etc/ssl/combined/ca-bundle.crt
64-
volumeMounts:
65-
- name: trusted-ca
66-
mountPath: /etc/pki/ca-trust/extracted/pem
67-
readOnly: true
68-
- name: rds-ca
69-
mountPath: /etc/ssl/rds
70-
readOnly: true
71-
- name: combined-ca
72-
mountPath: /etc/ssl/combined
53+
DB_URL: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_SERVER):$(MYSQL_PORT)/$(MYSQL_DATABASE)?charset=$(DB_CHARSET)&parseTime=$(DB_PARSE_TIME)&loc=$(DB_LOCATION)&tls=custom&ca-cert=/etc/ssl/rds/rds-ca-bundle.pem"
7354
volumes:
7455
- name: trusted-ca
7556
configMap:
@@ -83,18 +64,13 @@ lake:
8364
items:
8465
- key: AWS_RDS_CRTS
8566
path: rds-ca-bundle.pem
86-
- name: combined-ca
87-
emptyDir: {}
8867
volumeMounts:
8968
- name: trusted-ca
9069
mountPath: /etc/pki/ca-trust/extracted/pem
9170
readOnly: true
9271
- name: rds-ca
9372
mountPath: /etc/ssl/rds
9473
readOnly: true
95-
- name: combined-ca
96-
mountPath: /etc/ssl/combined
97-
readOnly: true
9874
extraEnvsFromSecret: konflux-devlake-secrets
9975

10076
mysql:

0 commit comments

Comments
 (0)