Server job helm chart - how to pass tls cert information

rahulk · September 3, 2023, 3:43pm

Hi,

I am using temporal helm charts to deploy temporal server. I have a postgres DB with mtls enabled.

I am able to create a db and perform schema setup with the below job.

apiVersion: batch/v1
kind: Job
metadata:
  name: setup-database
spec:
  completions: 1
  template:
    spec:
      securityContext:
        fsGroup: 1000
        runAsUser: 1000
      containers:
      - name: admin-tools
        image: temporalio/admin-tools:1.21.3
        command: ["/bin/sh", "-c"]
        args:
        - |
          temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal create-database
          temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal setup-schema -v 0.0
          temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal update-schema --schema-dir /etc/temporal/schema/postgresql/v12/temporal/versioned
          temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal_visibility create-database
          temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal_visibility setup-schema -v 0.0
          temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal_visibility update-schema --schema-dir /etc/temporal/schema/postgresql/v12/visibility/versioned
        env:
          - name: SQL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: temporal-default-store
                key: password
          - name: EP
            value: "10.86.10.09"
        volumeMounts:
        - name: certs-volume
          mountPath: /etc/certs
      restartPolicy: Never
      volumes:
      - name: certs-volume
        secret:
          secretName: temporal-cert-secret # Replace with the name of your Secret containing the certificate files
          defaultMode: 384

The server-job template present in the temporal helm charts ( server-job.yaml ) runs the schema setup without the mtls attributes. Instead of my own custom job I want to use this template thats part of the temporal helm charts.

How can I update this job to enable tls and include tls certs info as part of the environment variables?

Thanks

Topic		Replies	Views
TLS - Configuration with Helm Chart in production environment Community Support	0	297	December 22, 2023
How to provide DB credentials to temporal in production? Community Support mysql , helm , database	2	1601	September 19, 2022
Helm Chart with TLS Community Support helm , tls	1	966	June 18, 2022
Security/Auth between SDK client and Temporal Server (Helm chart) Community Support security	1	1130	June 8, 2022
Temporal helm-chart & bring your own Postgres DB Community Support	3	1922	October 20, 2020

Server job helm chart - how to pass tls cert information

Related Topics