Skip to content
This repository has been archived by the owner on Nov 17, 2023. It is now read-only.

Expose server_tls_sslmode as configurable #21

Open
krunchyklown opened this issue Oct 14, 2020 · 3 comments
Open

Expose server_tls_sslmode as configurable #21

krunchyklown opened this issue Oct 14, 2020 · 3 comments

Comments

@krunchyklown
Copy link

krunchyklown commented Oct 14, 2020
edited
Loading

As we use Postgresql servers that have sslmode=enable, we need to be able to deploy this helm chart with server_tls_sslmode enabled

The current default is disabled, and not configurable

This should be something like in _pgbouncer.ini.tpl:

diff --git a/pgbouncer/templates/_pgbouncer.ini.tpl b/pgbouncer/templates/_pgbouncer.ini.tpl
index d49c2d6..ed6b4b8 100644
--- a/pgbouncer/templates/_pgbouncer.ini.tpl
+++ b/pgbouncer/templates/_pgbouncer.ini.tpl
@@ -36,7 +36,7 @@ unix_socket_dir = var/run/postgresql
;client_tls_protocols = all
;client_tls_dheparams = auto
;client_tls_ecdhcurve = auto
-;server_tls_sslmode = disable
+server_tls_sslmode = {{ .Values.serverTlsSslmode }}
;server_tls_ca_file =
;server_tls_key_file =
;server_tls_cert_file =
@teejaded
Copy link

what about using customSettings?

customSettings:
  server_tls_sslmode: require

@mattmessinger
Copy link
Contributor

@krunchyklown can you please confirm that @teejaded 's suggestion solves your use-case?

@gameiro
Copy link

gameiro commented Feb 6, 2021

Hi, guys I have the same issue with Azure postgresql DB it requires the cert so it can access the server. I am thinking if we could link existing secret or configmap with the cert and would then set in value path for the cert in the container.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@krunchyklown @mattmessinger @teejaded @gameiro