ROSAENG-130 - feat: add database SSL mode configuration to helm chart

charts/templates/deployment.yaml

@@ -49,7 +49,7 @@ spec:
       - name: db-migrate
         image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
-        command: ["/app/hyperfleet-api", "migrate"]
+        command: ["/app/hyperfleet-api", "migrate", "--db-sslmode={{ .Values.database.sslMode | default "prefer" }}"]
         env:
         # Config file from ConfigMap
         - name: HYPERFLEET_CONFIG
@@ -71,6 +71,7 @@ spec:
         # Simple command - configuration via ConfigMap and environment variables
         args:
         - serve
+        - --db-sslmode={{ .Values.database.sslMode | default "prefer" }}
         ports:
         - name: http
           containerPort: {{ .Values.ports.api | default 8000 }}

charts/values.yaml

@@ -215,6 +215,11 @@ database:
   # For DEVELOPMENT: Use built-in PostgreSQL pod
   # Set postgresql.enabled=true (default)
 
+  # SSL mode for database connections
+  # Options: disable, allow, prefer, require, verify-ca, verify-full
+  # For production, use "require" or higher
+  sslMode: "prefer"
+
   # External database configuration (production)
   external:
     enabled: false