I’m using the standard grafana docker image, and want to run a HA cluster. To do this, i’ve set up a mysql db in azure, which requires ssl.
However, it appears that there are no ca-certificates bundled in the docker image, because I get the following error on starting the container:
“Server shutdown” logger=server reason="Service init failed: Fail to connect to database: Could not read DB CA Cert path: "
Setting GF_DATABASE_CA_CERT_PATH=/etc/ssl/certs fails, so these do not appear to be present in the image. What now?
Okay, I figured it out, for those coming after me.
First, bind map /etc/ssl/certs to /etc/ssl/certs as read only:
volumes:
- /etc/ssl/certs:/etc/ssl/certs:ro
second, add:
- GF_DATABASE_SSL_MODE=skip-verify
- GF_DATABASE_CA_CERT_PATH=/etc/ssl/certs/ca-certificates.crt
to your environment for the service.
I have found another solution. I have had the same problem but, in my case, I set up Grafana in AH on Azure Kubernetes Service and Azure Database for MySQL.
I hope this may help you 
I used these values in my yaml file:
According to the documentation
- name: GF_DATABASE_SSL_MODE
value: "true"
It is necessary to download the cert and enable the Enforce SSL connection setting
- name: GF_DATABASE_CA_CERT_PATH
value: "/etc/ssl/certs/BaltimoreCyberTrustRoot.crt.pem"
In the end, to put your database name
- name: GF_DATABASE_SERVER_CERT_NAME
value: "[YOURSERVERNAME].mysql.database.azure.com"This solved my issue! Thank you so much!