Re: [I] [Question][Module Name] Deploy devlake with managed GCP Cloud database service (with SSL enabled) [incubator-devlake]

Thu, 22 Aug 2024 23:54:43 -0700 


dosubot[bot] commented on issue #7928:
URL: 
https://github.com/apache/incubator-devlake/issues/7928#issuecomment-2306416419

   <!-- Answer -->
   To execute the steps for installing the necessary package and running 
`update-ca-certificates` via the Helm chart, you can use an init container to 
handle the installation and update process. Here is how you can modify your 
Helm chart configuration to achieve this:
   
   1. **Create a Kubernetes secret with your root CA:**
   
       ```shell
       kubectl create secret generic root-ca-cert 
--from-file=rootCA.crt=/path/to/your/rootCA.crt
       ```
   
   2. **Update your `values.yaml` file to include the init container and mount 
the root CA:**
   
       ```yaml
       lake:
         initContainers:
           - name: update-ca-certificates
             image: debian:bullseye
             command: ["sh", "-c", "apt-get update && apt-get install -y 
ca-certificates && cp /mnt/rootCA.crt 
/usr/local/share/ca-certificates/rootCA.crt && update-ca-certificates"]
             volumeMounts:
               - name: root-ca-cert
                 mountPath: /mnt
   
         volumes:
           - name: root-ca-cert
             secret:
               secretName: root-ca-cert
       ```
   
   3. **Install the Helm chart with the updated configuration:**
   
       ```shell
       helm repo add devlake 
https://apache.github.io/incubator-devlake-helm-chart
       helm repo update
       ENCRYPTION_SECRET=$(openssl rand -base64 2000 | tr -dc 'A-Z' | fold -w 
128 | head -n 1)
       helm install devlake devlake/devlake \
         --set mysql.useExternal=true \
         --set mysql.externalServer=<dbserver> \
         --set mysql.externalPort=<port> \
         --set mysql.username=<your-username> \
         --set mysql.password=<your-password> \
         --set mysql.database=<your-database> \
         --set lake.encryptionSecret.secret=$ENCRYPTION_SECRET \
         --values values.yaml
       ```
   
   Replace `<dbserver>`, `<port>`, `<your-username>`, `<your-password>`, and 
`<your-database>` with your actual values.
   
   This configuration ensures that the `ca-certificates` package is installed, 
the root CA certificate is copied to the appropriate location, and the CA 
certificates are updated before the main `lake` container starts.
   
   
   <!-- Dosu Comment Footer -->
   *To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@devlake.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to