[BUG]: Helm chart does not allow mounting TLS certificates #3268
Comments
|
@stefannica wdyt? We might consider customizing the Helm chart to mount the existing CA certificates directory from the pod into the application container. This would allow the application to use the pre-existing certificates without needing to repackage the Helm chart. |
|
Giving this a try here: #3268 |
|
@mazay this should have been fixed with #3320. Please confirm and then close this issue when convenient. The ZenML server can now use CA certificates already available on the pod in |
|
@stefannica thanks. Do you plan on releasing this? |
It will be in the next ZenML release, of course. I can't back-port it however, because it relies on some code changes too. |
|
@stefannica ok, we use helm artifact for deployment. So I can't test it until it's released |
@mazay the new Helm chart version (0.74.0) has just been published: https://artifacthub.io/packages/helm/zenml/zenml |
Contact Details [Optional]
No response
System Information
Helm chart version
0.71.0What happened?
The Helm chart does not support mounting TLS certificates for using MySQL SSL encrypted connections.
The docs suggest adding certificates to the chart root, which is not feasible - we should not repackage the helm chart to enable such simple functionality.
Alternatively, the app could use the CA certificates already available on the pod, eg.
/etc/ssl/certs/ca-certificates.crtwhen?ssl=trueor a similar argument is present in the DB connection URL.At the moment we had to make SSL encryption optional and sacrifice the security.
Reproduction steps
No response
Relevant log output
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: