feat: automatically set variables enabling SSL for temporal on extern…

…al databases. (#13095) Follow up to airbytehq/oncall#5843. Here is a suggested approach to automatically enabling SSL if the database type is external. The assumption here is all external database type databases have SSL turned on.
airbytehq · Aug 2, 2024 · 4731a0b · 4731a0b · PurseChicken · Aug 7, 2024
1 parent e42711c
commit 4731a0b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/charts/airbyte-temporal/templates/deployment.yaml b/charts/airbyte-temporal/templates/deployment.yaml
@@ -61,6 +61,19 @@ spec:
           {{- include "airbyte.temporal.database.envs" . | nindent 10 }}
 
         {{- end }}
+
+        {{- if eq .Values.global.database.type "external" }}
+        # Assume an external database requires SSL.
+          - name: POSTGRES_TLS_ENABLED
+            value: "true"
+          - name: POSTGRES_TLS_DISABLE_HOST_VERIFICATION
+            value: "true"
+          - name: SQL_TLS_ENABLED
+            value: "true"
+          - name: SQL_TLS_DISABLE_HOST_VERIFICATION
+            value: "true"
+        {{- end }}
+
         {{- if .Values.extraEnv }}
         {{ .Values.extraEnv | toYaml | nindent 10 }}
         {{- end }}

diff --git a/charts/airbyte-temporal/values.yaml b/charts/airbyte-temporal/values.yaml
@@ -9,6 +9,7 @@ global:
   ## extraLabels [object] - use to specify own additional labels for deployment
   extraLabels: {}
   database:
+    type: internal
     secretName: ""
     secretValue: ""