From 4731a0b246eb9767ec61faf211097c8f0f68fb5b Mon Sep 17 00:00:00 2001 From: Davin Chia Date: Thu, 1 Aug 2024 18:11:03 -0700 Subject: [PATCH] feat: automatically set variables enabling SSL for temporal on external databases. (#13095) Follow up to airbytehq/oncall#5843. Here is a suggested approach to automatically enabling SSL if the database type is external. The assumption here is all external database type databases have SSL turned on. --- charts/airbyte-temporal/templates/deployment.yaml | 13 +++++++++++++ charts/airbyte-temporal/values.yaml | 1 + 2 files changed, 14 insertions(+) diff --git a/charts/airbyte-temporal/templates/deployment.yaml b/charts/airbyte-temporal/templates/deployment.yaml index 139f6794a92..23b6a615e60 100644 --- a/charts/airbyte-temporal/templates/deployment.yaml +++ b/charts/airbyte-temporal/templates/deployment.yaml @@ -61,6 +61,19 @@ spec: {{- include "airbyte.temporal.database.envs" . | nindent 10 }} {{- end }} + + {{- if eq .Values.global.database.type "external" }} + # Assume an external database requires SSL. + - name: POSTGRES_TLS_ENABLED + value: "true" + - name: POSTGRES_TLS_DISABLE_HOST_VERIFICATION + value: "true" + - name: SQL_TLS_ENABLED + value: "true" + - name: SQL_TLS_DISABLE_HOST_VERIFICATION + value: "true" + {{- end }} + {{- if .Values.extraEnv }} {{ .Values.extraEnv | toYaml | nindent 10 }} {{- end }} diff --git a/charts/airbyte-temporal/values.yaml b/charts/airbyte-temporal/values.yaml index 4a054b10110..062d54ef338 100644 --- a/charts/airbyte-temporal/values.yaml +++ b/charts/airbyte-temporal/values.yaml @@ -9,6 +9,7 @@ global: ## extraLabels [object] - use to specify own additional labels for deployment extraLabels: {} database: + type: internal secretName: "" secretValue: ""