Hi,
I am using temporal helm charts to deploy temporal server. I have a postgres DB with mtls enabled.
I am able to create a db and perform schema setup with the below job.
apiVersion: batch/v1
kind: Job
metadata:
name: setup-database
spec:
completions: 1
template:
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
containers:
- name: admin-tools
image: temporalio/admin-tools:1.21.3
command: ["/bin/sh", "-c"]
args:
- |
temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal create-database
temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal setup-schema -v 0.0
temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal update-schema --schema-dir /etc/temporal/schema/postgresql/v12/temporal/versioned
temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal_visibility create-database
temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal_visibility setup-schema -v 0.0
temporal-sql-tool --ep $EP --tls --tls-cert-file /etc/certs/client-cert.pem --tls-key-file /etc/certs/client-key.pem --tls-ca-file /etc/certs/server-ca.pem --tls-disable-host-verification --plugin postgres --password $SQL_PASSWORD -p 5432 -u temporal --database temporal_visibility update-schema --schema-dir /etc/temporal/schema/postgresql/v12/visibility/versioned
env:
- name: SQL_PASSWORD
valueFrom:
secretKeyRef:
name: temporal-default-store
key: password
- name: EP
value: "10.86.10.09"
volumeMounts:
- name: certs-volume
mountPath: /etc/certs
restartPolicy: Never
volumes:
- name: certs-volume
secret:
secretName: temporal-cert-secret # Replace with the name of your Secret containing the certificate files
defaultMode: 384
The server-job template present in the temporal helm charts ( server-job.yaml ) runs the schema setup without the mtls attributes. Instead of my own custom job I want to use this template thats part of the temporal helm charts.
How can I update this job to enable tls and include tls certs info as part of the environment variables?
Thanks