Closed kuzmik closed 1 month ago
Allow the schema-setup and schema-update jobs to connect to cloudsql and run successfully, using the configured values.
The schema setup and update jobs do not have the configmaps that the other services do, so they are missing the mysql ssl certs.
I logged into the admin tools pod and connected to mysql via the cli using the --ssl-cert-key (etc) flags and it worked perfectly.
We're using jsonnet to process the helm charts, and here are the settings I have configured:
values: { server: { config: { persistence: { default: { driver: 'sql', sql: { driver: 'mysql8', host: c.mysqlBackend, port: 3306, database: 'temporal', user: 'temporal', existingSecret: 'temporal-mysql-secrets', secretName: 'password', maxConns: 20, maxConnLifetime: '1h', tls: { enabled: true, certFile: '/secrets/mysql/client-cert.pem', keyFile: '/secrets/mysql/client-key.pem', caFile: '/secrets/mysql/server-ca.pem', enableHostVerification: false, }, }, }, visibility: { driver: 'sql', sql: { driver: 'mysql8', host: c.mysqlBackend, port: 3306, database: 'temporal_visibility', user: 'temporal', existingSecret: 'temporal-mysql-secrets', secretName: 'password', maxConns: 20, maxConnLifetime: '1h', tls: { enabled: true, certFile: '/secrets/mysql/client-cert.pem', keyFile: '/secrets/mysql/client-key.pem', caFile: '/secrets/mysql/server-ca.pem', enableHostVerification: false, }, }, }, }, }, }, }
The normal deployments (web, frontend, worker, etc) all pick this up and connect successfully, but the jobs do not.
Fixed by: https://github.com/temporalio/helm-charts/pull/411.
What are you really trying to do?
Allow the schema-setup and schema-update jobs to connect to cloudsql and run successfully, using the configured values.
Describe the bug
The schema setup and update jobs do not have the configmaps that the other services do, so they are missing the mysql ssl certs.
I logged into the admin tools pod and connected to mysql via the cli using the --ssl-cert-key (etc) flags and it worked perfectly.
Minimal Reproduction
We're using jsonnet to process the helm charts, and here are the settings I have configured:
The normal deployments (web, frontend, worker, etc) all pick this up and connect successfully, but the jobs do not.
Environment/Versions
Additional context