Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add spec.metadata.pemContents to MySQL & MariaDB binding spec #3619

Open
edwardfward opened this issue Nov 30, 2024 · 1 comment · May be fixed by #3620
Open

Add spec.metadata.pemContents to MySQL & MariaDB binding spec #3619

edwardfward opened this issue Nov 30, 2024 · 1 comment · May be fixed by #3620
Labels
kind/enhancement New feature or request stale

Comments

@edwardfward
Copy link

Describe the feature

Azure Container Apps does not provide a readily apparent way to mount volumes or files, specifically certs required for MySQL connections, to Dapr to create secure binding components. The only option for MySQL is using spec.metadata.pemPath.

This new feature would add spec.metadata.pemContents to the MySQL & MariaDB Binding Spec and give developers the ability to establish secure component bindings in Azure Container Apps simply by passing a string with the contents of the certificate file (e.g. Microsoft's public SSL certificate which must be downloaded in certain environments like Azure Government Cloud) or leveraging various secret stores.

Example of the new bindings.mysql component:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: <NAME>
spec:
  type: bindings.mysql
  version: v1
  metadata:
    - name: url # Required, define DB connection in DSN format
      value: "<CONNECTION_STRING>"
    - name: pemPath # Optional
      value: "<PEM PATH>"
    - name: pemContents # Optional but supersedes pemPath
      value: "<PEM CONTENTS>"
    - name: maxIdleConns
      value: "<MAX_IDLE_CONNECTIONS>"
    - name: maxOpenConns
      value: "<MAX_OPEN_CONNECTIONS>"
    - name: connMaxLifetime
      value: "<CONNECTION_MAX_LIFE_TIME>"
    - name: connMaxIdleTime
      value: "<CONNECTION_MAX_IDLE_TIME>"

An example usage in Microsoft Azure:

  1. Create Azure Key Vault mysecrets and service principal with the requisite permissions to access the vault. Azure Key Vault Secret Store
  2. Create a new secret mypemcontents and copy the PEM certificate file contents into the secret.
  3. Create a new secret myconnectionString and copy the connection string to the Azure MySQL:
    <user>:<password>@tcp(<server>:3306)/<database>?allowNativePasswords=true&tls=custom
  4. Create or apply the following Dapr secret store component in Azure Container Apps
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: azurekeyvault
spec:
  type: secretstores.azure.keyvault
  version: v1
  metadata:
  - name: vaultName
    value: "mysecrets"
  - name: azureTenantId
    value: "[your_tenant_id]"
  - name: azureClientId
    value: "[your_client_id]"
  - name: azureClientSecret
    value : "[your_client_secret]"
  1. Create the secure MySQL binding using spec.metadata.pemContents:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: mysql-binding
spec:
  type: bindings.mysql
  version: v1
  metadata:
    - name: url
      secretKeyRef:
        name: myconnectionString
        key: myconnectionString
    - name: pemContents
      secretKeyRef:
        name: mypemcontents
        key: mypemcontents
auth: azurekeyvault

Release Note

RELEASE NOTE: ADD MySQL/MariaDB binding now supports PEM contents and PEM path
@edwardfward edwardfward added the kind/enhancement New feature or request label Nov 30, 2024
@edwardfward edwardfward linked a pull request Nov 30, 2024 that will close this issue
Open
3 tasks
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Dec 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement New feature or request stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding spec.metadata.pemContents to MySQL Binding edwardfward/components-contrib
1 participant
@edwardfward