Fix custom CA certificates for task/web/migration #1846
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
This PR fixes the usage of custom CA certificates in the migration job and improves the existing implementation in the task & web deployment.
During the upgrade to awx 24.0.0, a new pod is created for migration. This pod doesnt contain the custom ca certificate and fails when using external postgres with verify enabled.
PR fixes: #1782
Follow up / Improves: #1800
ISSUE TYPE
ADDITIONAL INFORMATION
This PR is based on the great work of @YassineFadhlaoui in #1782 (comment) and @akkaba23 in #1800 (comment)
The following has changed:
Added a new init container
init-bundle-ca-trust
to thetask
+web
deployment and to themigration
jobupdate-ca-trust extract
ifbundle_ca_crt
is set.runAsUser: 0
Removed the
update-ca-trust
command from the init containerinit-receptor
because it will run once in the new init containerinit-bundle-ca-trust
Removed the mounting of the volume
{{ ansible_operator_meta.name }}-bundle-cacert
from containers that really do not need itAdded the whole
bundle_ca_crt
logic to themigration
jobI've successfully tested that change during my upgrade from awx-operator v2.12.1 to v2.15.0