Added support for docdb #60
Conversation
So in order for docdb to have tls encryption during transit, the guides https://docs.aws.amazon.com/documentdb/latest/developerguide/security.encryption.ssl.html https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html Call for the public keys to be downloaded/present in each container using it. The size of the file (~5kb) is just shy of 5% the capacity of a single k8s configmap value so what's happening is each deployment now has a configmap resource which for now only has 1 key (the rds ca pem) which is put in the /config/rds_ca.pem path (and there's now an envar pointing directly to that). With that in place a user can now have their app use docdb by referencing 4 environment variables: username, password, hostname, and ca_path. WE NEED TO BE SURE TO TELL FOLKS IN OUR DOCDB MODULE DOCS TO USE THAT ENVAR.
Codecov Report
@@ Coverage Diff @@
## main #60 +/- ##
==========================================
+ Coverage 75.64% 76.27% +0.62%
==========================================
Files 15 15
Lines 620 649 +29
==========================================
+ Hits 469 495 +26
- Misses 151 154 +3
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
| {{- include "k8s-service.labels" . | nindent 4 }} | ||
| namespace: {{ include "k8s-service.namespaceName" . }} | ||
| data: | ||
| rds_ca.pem: | |
There was a problem hiding this comment.
Can you add a comment here explaining where this pem was downloaded from and what it represents?
| env: | ||
| - name: RDS_CA_PATH |
There was a problem hiding this comment.
Add a comment here explaining what this env var represents
| @@ -62,4 +68,14 @@ spec: | |||
| {{- toYaml .Values.podResourceLimits | nindent 14 }} | |||
| requests: | |||
| {{- toYaml .Values.podResourceRequests | nindent 14 }} | |||
| volumes: | |||
| # You set volumes at the Pod level, then mount them into containers inside that Pod | |||
There was a problem hiding this comment.
nit: the comments in this section don't seem too useful
There was a problem hiding this comment.
copy pasting lol
So in order for docdb to have tls encryption during transit, the guides
https://docs.aws.amazon.com/documentdb/latest/developerguide/security.encryption.ssl.html
https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html
Call for the public keys to be downloaded/present in each container using it. The size of the file (~5kb) is just shy of 5% the capacity of a single k8s configmap value so what's happening is each deployment now has a configmap resource which for now only has 1 key (the rds ca pem) which is put in the /config/rds_ca.pem path (and there's now an envar pointing directly to that). With that in place a user can now have their app use docdb by referencing 4 environment variables: username, password, hostname, and ca_path.
WE NEED TO BE SURE TO TELL FOLKS IN OUR DOCDB MODULE DOCS TO USE THAT ENVAR.
