quayapp(deploymenttemplate): mounting optional postgres certs (PROJQU…

…AY-2417) (#854) Mounts Postgres certificates that can be used for authentication into the container if they exist.
quay · Sep 17, 2024 · 8b6bf40 · 8b6bf40
1 parent 2df7310
commit 8b6bf40
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/kustomize/base/quay.deployment.yaml b/kustomize/base/quay.deployment.yaml
@@ -33,6 +33,18 @@ spec:
                   name: cluster-trusted-ca
               - secret:
                   name: extra-ca-certs
+        - name: postgres-certs
+          projected:
+            sources:
+            - secret:
+                name: postgresql-ca
+                optional: true
+            - secret:
+                name: postgresql-client-certs
+                optional: true
+        - name: postgres-certs-store
+          emptyDir:
+            sizeLimit: 5Mi
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -129,3 +141,7 @@ spec:
             - name: extra-ca-certs
               readOnly: true
               mountPath: /conf/stack/extra_ca_certs
+            - name: postgres-certs
+              mountPath: /run/secrets/postgresql
+            - name: postgres-certs-store
+              mountPath: /.postgressql
diff --git a/kustomize/components/job/quay.upgrade.job.yaml b/kustomize/components/job/quay.upgrade.job.yaml
@@ -28,6 +28,18 @@ spec:
                   name: cluster-trusted-ca
               - secret:
                   name: extra-ca-certs  
+        - name: postgres-certs
+          projected:
+            sources:
+            - secret:
+                name: postgresql-ca
+                optional: true
+            - secret:
+                name: postgresql-client-certs
+                optional: true
+        - name: postgres-certs-store
+          emptyDir:
+            sizeLimit: 5Mi
       containers:
         - name: quay-app-upgrade
           image: quay.io/projectquay/quay:latest
@@ -69,3 +81,7 @@ spec:
             - name: extra-ca-certs
               readOnly: true
               mountPath: /conf/stack/extra_ca_certs
+            - name: postgres-certs
+              mountPath: /run/secrets/postgresql
+            - name: postgres-certs-store
+              mountPath: /.postgressql