[DB TLS Connection][Helm Chart] Request for the feature for connecting to external DB with TLS connection · apache/dolphinscheduler#17550

2025-09-29T09:11:39.000Z

### Search before asking - [x] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar feature requirement. ### Description In the normal production deployment, we will have a database which enable the TLS connection using a self signed certificate. The client initiate the connection using an internal domain to the DB and verifying the self-signed CA certificate of this TLS connection. Suggest to add the support of this common practice in the Helm Chart by 1. adding the configuration of the DB SSL connection with the CA certificate Configuration. It would be great if it can refer to a Kubernetes Secret 2. Add hostAliases in the helm chart (https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) so that the pod can go to the DB using an internal FQDN. The internal FQDN is also used in the TLS certificate, so we need to use it to connect to DB so that the server can use the correct server certificate ### Use case _No response_ ### Related issues _No response_ ### Are you willing to submit a PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)

(0 评论) (0 反应) (0 负责人)Java (11,659 star) (4,324 fork)batch import

featurehelp wanted

描述

Search before asking

I had searched in the issues and found no similar feature requirement.

Description

In the normal production deployment, we will have a database which enable the TLS connection using a self signed certificate. The client initiate the connection using an internal domain to the DB and verifying the self-signed CA certificate of this TLS connection. Suggest to add the support of this common practice in the Helm Chart by

adding the configuration of the DB SSL connection with the CA certificate Configuration. It would be great if it can refer to a Kubernetes Secret
Add hostAliases in the helm chart (https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) so that the pod can go to the DB using an internal FQDN. The internal FQDN is also used in the TLS certificate, so we need to use it to connect to DB so that the server can use the correct server certificate

Use case

No response

Related issues

No response

Are you willing to submit a PR?

Yes I am willing to submit a PR!

Code of Conduct

I agree to follow this project's Code of Conduct

贡献者指南

技术栈: javakubernetesdocker
领域: infrastructuredevops
议题类型: feature
难度: 3
预计时间: half day
活动状态: fresh
清晰度: mostly clear
前置要求: Understanding of Kubernetes SecretsFamiliarity with Helm chartsBasic knowledge of TLS/SSL
新手友好度: 60
研究方向: Explore the existing DolphinScheduler Helm chart located in the repository's helm chart directory. Examine values.yaml for current database configuration options and templates like deployment.yaml or statefulset.yaml where environment variables are set. Look for any existing SSL or TLS configurations. To implement, add new values for CA certificate secret reference and SSL enable/disable, and update the deployment template to include those environment variables. For hostAliases, modify the pod spec template to include hostAliases based on new values. Ensure changes are compatible with the existing configuration structure.