Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Unable to use mTLS certs to connect to mysql in the schema setup/upgrade jobs #472

Closed
kuzmik opened this issue Mar 5, 2024 · 1 comment
Closed

[Bug] Unable to use mTLS certs to connect to mysql in the schema setup/upgrade jobs #472

kuzmik opened this issue Mar 5, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@kuzmik
Copy link

kuzmik commented Mar 5, 2024

What are you really trying to do?

Allow the schema-setup and schema-update jobs to connect to cloudsql and run successfully, using the configured values.

Describe the bug

The schema setup and update jobs do not have the configmaps that the other services do, so they are missing the mysql ssl certs.

I logged into the admin tools pod and connected to mysql via the cli using the --ssl-cert-key (etc) flags and it worked perfectly.

Minimal Reproduction

We're using jsonnet to process the helm charts, and here are the settings I have configured:

values: {
  server: {
   config: {
      persistence: {
        default: {
          driver: 'sql',
          sql: {
            driver: 'mysql8',
            host: c.mysqlBackend,
            port: 3306,
            database: 'temporal',
            user: 'temporal',
            existingSecret: 'temporal-mysql-secrets',
            secretName: 'password',
            maxConns: 20,
            maxConnLifetime: '1h',
            tls: {
              enabled: true,
              certFile: '/secrets/mysql/client-cert.pem',
              keyFile: '/secrets/mysql/client-key.pem',
              caFile: '/secrets/mysql/server-ca.pem',
              enableHostVerification: false,
            },
          },
        },
        visibility: {
          driver: 'sql',
          sql: {
            driver: 'mysql8',
            host: c.mysqlBackend,
            port: 3306,
            database: 'temporal_visibility',
            user: 'temporal',
            existingSecret: 'temporal-mysql-secrets',
            secretName: 'password',
            maxConns: 20,
            maxConnLifetime: '1h',
            tls: {
              enabled: true,
              certFile: '/secrets/mysql/client-cert.pem',
              keyFile: '/secrets/mysql/client-key.pem',
              caFile: '/secrets/mysql/server-ca.pem',
              enableHostVerification: false,
            },
          },
        },
      },
    },
  },
}

The normal deployments (web, frontend, worker, etc) all pick this up and connect successfully, but the jobs do not.

Environment/Versions

  • OS and processor: [e.g. M1 Mac, x86 Windows, Linux]
  • Temporal Version: 1.22.4
  • Chart Version: 0.33.0
  • Are you using Docker or Kubernetes or building Temporal from source? We're using the helm chart which pulls in the stock docker images

Additional context
@kuzmik kuzmik added the bug Something isn't working label Mar 5, 2024
@robholland
Copy link
Contributor

Fixed by: #411.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robholland @kuzmik