From 6d1a5db50751a5462885de050f49506c26f30940 Mon Sep 17 00:00:00 2001 From: Maor Friedman Date: Mon, 18 Aug 2025 12:46:00 +0300 Subject: [PATCH 1/2] mount DB CA cert to file instead of environment variable --- template.yaml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/template.yaml b/template.yaml index 49fb7e5..a0602fe 100644 --- a/template.yaml +++ b/template.yaml @@ -454,12 +454,6 @@ objects: secretKeyRef: name: ${ASSISTED_CHAT_DB_SECRET_NAME} key: db.password - - name: ASSISTED_CHAT_POSTGRES_CA_CERT - valueFrom: - secretKeyRef: - name: ${ASSISTED_CHAT_DB_SECRET_NAME} - key: db.ca_cert - optional: true resources: limits: memory: ${MEMORY_LIMIT} @@ -479,6 +473,9 @@ objects: subPath: llama_stack_client_config.yaml - name: data-storage mountPath: ${STORAGE_MOUNT_PATH} + - name: db-ca-cert + mountPath: /etc/tls + readOnly: true livenessProbe: httpGet: path: /liveness @@ -536,6 +533,13 @@ objects: name: llama-stack-client-config - name: data-storage emptyDir: {} + - name: db-ca-cert + secret: + secretName: ${ASSISTED_CHAT_DB_SECRET_NAME} + items: + - key: db.ca_cert + path: ca-bundle.pem + optional: true - apiVersion: v1 kind: Service From fa50704cf7bcdde1b876eba637c52e8f54862cfa Mon Sep 17 00:00:00 2001 From: Maor Friedman Date: Mon, 18 Aug 2025 12:46:24 +0300 Subject: [PATCH 2/2] enable ssl and CA in lightspeed-stack --- template.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/template.yaml b/template.yaml index a0602fe..a9cbd56 100644 --- a/template.yaml +++ b/template.yaml @@ -178,6 +178,8 @@ objects: db: ${env.ASSISTED_CHAT_POSTGRES_NAME} user: ${env.ASSISTED_CHAT_POSTGRES_USER} password: ${env.ASSISTED_CHAT_POSTGRES_PASSWORD} + ssl_mode: "verify-full" + ca_cert_path: /etc/tls/ca-bundle.pem namespace: lightspeed-stack system_prompt: | You are OpenShift Lightspeed Intelligent Assistant - an intelligent virtual assistant and expert on all things related to OpenShift installation, configuration, and troubleshooting, specifically with the Assisted Installer.