Skip to content

Commit

Permalink
Reintroduce external DB
Browse files Browse the repository at this point in the history
With the DB installed through the operator, we can't provide TLS
certificate and key, thus we can't enabled TLS verification in the API.
  • Loading branch information
enarha committed Nov 13, 2024
1 parent c4e9601 commit d0e2b7a
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 26 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,11 @@ spec:
- name: auth.username
value: tekton
- name: auth.existingSecret
value: tekton-results-database
value: tekton-results-postgres
- name: auth.secretKeys.userPasswordKey
value: db.password
value: POSTGRES_PASSWORD
- name: auth.secretKeys.adminPasswordKey
value: db.password
value: POSTGRES_PASSWORD
- name: primary.resources.requests
value: "null"
- name: primary.podSecurityContext.fsGroup
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -997,9 +997,10 @@ spec:
logs_api: true
log_level: debug
db_port: 5432
db_host: tekton-results-postgres-service.openshift-pipelines.svc.cluster.local
db_host: postgres-postgresql.openshift-pipelines.svc.cluster.local
db_sslmode: verify-full
db_sslrootcert: /etc/tls/db/tekton-results-db-ca.pem
is_external_db: true
logs_path: /logs
logs_type: File
logs_buffer_size: 5242880
Expand All @@ -1009,26 +1010,6 @@ spec:
prometheus_port: 9090
prometheus_histogram: true
options:
statefulSets:
tekton-results-postgres:
spec:
template:
spec:
containers:
- name: postgres
volumeMounts:
- mountPath: /opt/app-root/src/certs/
name: db-tls-ca
readOnly: true
volumes:
- name: db-tls-ca
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
secretName: rds-root-crt
deployments:
tekton-results-watcher:
spec:
Expand Down
4 changes: 2 additions & 2 deletions hack/secret-creator/create-plnsvc-secrets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ create_db_secret() {
kubectl create secret generic -n openshift-pipelines tekton-results-postgres \
--from-literal=POSTGRES_USER=tekton \
--from-literal=POSTGRES_PASSWORD="$(openssl rand -base64 20)" \
--from-literal=POSTGRES_HOST="tekton-results-postgres-service.openshift-pipelines.svc.cluster.local" \
--from-literal=POSTGRES_HOST="postgres-postgresql.openshift-pipelines.svc.cluster.local" \
--from-literal=POSTGRES_DB="tekton-results"
}

Expand Down Expand Up @@ -92,7 +92,7 @@ create_db_cert_secret_and_configmap() {
-out ".tmp/tekton-results/ca.crt" \
> /dev/null
openssl req -new -nodes -text \
-subj "/CN=postgres-postgresql.tekton-results.svc.cluster.local" \
-subj "/CN=postgres-postgresql.openshift-pipelines.svc.cluster.local" \
-addext "subjectAltName=DNS:postgres-postgresql.openshift-pipelines.svc.cluster.local" \
-out ".tmp/tekton-results/tls.csr" \
-keyout ".tmp/tekton-results/tls.key" \
Expand Down

0 comments on commit d0e2b7a

Please sign in to comment.