appsmithorg
[Bug]: customCAcert not honored in Kubernetes
Is there an existing issue for this?
- [x] I have searched the existing issues
Description
In the Helm chart, we've documented a way to insert custom CA certificates: https://docs.appsmith.com/getting-started/setup/instance-configuration/custom-domain/custom-ca-root-certificate
This works just fine to inject the CA certs into the container for use by a lot of the runtimes in the container, but the main Java backend doesn't have them added to the keystore.
When the container starts up, it logs "No custom CA certificates found." and the setup-custom-ca-certificates function returns without adding them using keytool. The logic is here: https://github.com/appsmithorg/appsmith/blob/release/deploy/docker/fs/opt/appsmith/entrypoint.sh#L369-L372
The problem is that when we mount the files via the Kubernetes ConfigMap, they are symlinks and not regular files. So the find ... -type f ... on that line doesn't detect them. It needs to also look for symlinks. The same logic is repeated about 10 lines lower when it iterates through the list as well.
Steps To Reproduce
- Do a helm install of Appsmith with
customCAcertssetup in values.yaml - Observe that the line "No custom CA certificates found" is logged during startup, despite the presence of the CA certs
Public Sample App
No response
Environment
Production
Severity
Medium (Frustrating UX)
Issue video log
No response
Version
1.75
