From 8b6bf401f601e75ea4de2a09b2165429fcd6809e Mon Sep 17 00:00:00 2001
From: Michaela Lang <94735640+michaelalang@users.noreply.github.com>
Date: Tue, 17 Sep 2024 19:39:24 +0200
Subject: [PATCH] quayapp(deploymenttemplate): mounting optional postgres certs
 (PROJQUAY-2417) (#854)

Mounts Postgres certificates that can be used for authentication into the container if they exist.
---
 kustomize/base/quay.deployment.yaml            | 16 ++++++++++++++++
 kustomize/components/job/quay.upgrade.job.yaml | 16 ++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/kustomize/base/quay.deployment.yaml b/kustomize/base/quay.deployment.yaml
index 837978fa6..339165cb5 100644
--- a/kustomize/base/quay.deployment.yaml
+++ b/kustomize/base/quay.deployment.yaml
@@ -33,6 +33,18 @@ spec:
                   name: cluster-trusted-ca
               - secret:
                   name: extra-ca-certs
+        - name: postgres-certs
+          projected:
+            sources:
+            - secret:
+                name: postgresql-ca
+                optional: true
+            - secret:
+                name: postgresql-client-certs
+                optional: true
+        - name: postgres-certs-store
+          emptyDir:
+            sizeLimit: 5Mi
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -129,3 +141,7 @@ spec:
             - name: extra-ca-certs
               readOnly: true
               mountPath: /conf/stack/extra_ca_certs
+            - name: postgres-certs
+              mountPath: /run/secrets/postgresql
+            - name: postgres-certs-store
+              mountPath: /.postgressql
diff --git a/kustomize/components/job/quay.upgrade.job.yaml b/kustomize/components/job/quay.upgrade.job.yaml
index 1de9a7af8..4a5c83dbf 100644
--- a/kustomize/components/job/quay.upgrade.job.yaml
+++ b/kustomize/components/job/quay.upgrade.job.yaml
@@ -28,6 +28,18 @@ spec:
                   name: cluster-trusted-ca
               - secret:
                   name: extra-ca-certs  
+        - name: postgres-certs
+          projected:
+            sources:
+            - secret:
+                name: postgresql-ca
+                optional: true
+            - secret:
+                name: postgresql-client-certs
+                optional: true
+        - name: postgres-certs-store
+          emptyDir:
+            sizeLimit: 5Mi
       containers:
         - name: quay-app-upgrade
           image: quay.io/projectquay/quay:latest
@@ -69,3 +81,7 @@ spec:
             - name: extra-ca-certs
               readOnly: true
               mountPath: /conf/stack/extra_ca_certs
+            - name: postgres-certs
+              mountPath: /run/secrets/postgresql
+            - name: postgres-certs-store
+              mountPath: /.postgressql