Add preflight check for external postgres permissions#459
Open
hedge-sparrow wants to merge 1 commit into
Open
Conversation
jlav
added a commit
that referenced
this pull request
Jun 5, 2026
* Add TLS SAN + DNS hostname preflight to Replicated config Adds replicated/preflight.yaml: a troubleshoot.sh Preflight that validates the uploaded TLS certificate covers every provisioned hostname (subdomain wildcard vs path-based exact runtime routing) and that those hostnames resolve in DNS. A proxied alpine/openssl runPod emits per-hostname warn outcomes. Adds the probe image to application.yaml additionalImages so air-gapped builds mirror it. * Move TLS/DNS hostname preflight into the chart so KOTS discovers it The standalone replicated/preflight.yaml (a top-level Preflight CR) is never discovered by KOTS for this Helm-based app — preflights are surfaced only via the chart-rendered Secret labeled troubleshoot.sh/kind: preflight. Move the check into the chart's troubleshoot templates (mirroring PR #459), reading the cert and hostnames from values already flowing into the chart (keycloak ingress secret, per-service ingress hosts, runtime-api env, laminar) — no new config plumbed through the HelmChart CR or values.yaml. The probe image reuses the proxy base already embedded in image.repository. Revert the now-unneeded replicated/preflight.yaml and the application.yaml additionalImages entry. Bump the openhands chart to 0.7.38. * Condense the top-of-file comment on the TLS hostname preflight
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds preflight collector and analyzer to attempt to check external postgresql permissions
Helm Chart Checklist
versionfield inChart.yamlfor each modified chartAdditional Notes