Closed MrCoffey closed 1 year ago
I managed to resolve this issue.
First I needed to configure prefect to mount the certificate to the root certificate in /home/prefect/.postgresql
that way it can be found by asyncpg
. This is the default location according to the postgres documentation.
prefect-server:
server:
image:
prefectTag: 2.10-python3.9
debug: true
extraVolumes:
- name: db-ssl-secret
secret:
secretName: db-ssl-secret
defaultMode: 384
extraVolumeMounts:
- name: db-ssl-secret
mountPath: "/home/prefect/.postgresql"
readOnly: true
postgresql:
useSubChart: false
auth:
existingSecret: prefect-postgresql
The connection string should have the following format:
postgresql+asyncpg://user:pass@mydb-host.us-west-2.rds.amazonaws.com/dbname?ssl=verify-ca
notice the argument ssl=verify-ca
, that argument will require a file with the name root.crt
holding the ca certificate for the database.
apiVersion: v1
kind: Secret
metadata:
name: db-ssl-secret
data:
root.crt: BASE64ENCODECERTIFICATE=
type: Opaque
I hope this can help someone else. I'll leave the PR open since this configuration should be added to the documentation.
Summary
I'm trying to connect with Prefect, I passing a URL with the following format to the secret documented here:
I'm mounting the certificates in a
volumeMount
in the path~/.postgresql
as documented here.This configuration works fine without the SSL configuration but it seems like there is a lack of documentation when it comes to using SSL to connect to postgres.
Current behavior
When I use the URL above, The prefect-server pod fails with the following error:
According to this issue, the key
ssl
should be used instead ofsslmode
but still failing this time with the error:Desired behavior
Prefect should be able to parse the arguments from the URL and attempt an SSL connection with Postgresql using certificates.
The documentation should illustrate how to configure correctly connections to psql using SSL.
I'm using the version:
2023.03.30
of the helm chart.How can I configure Prefect to use an SSL connection with Postgresql using certificates?
Thanks!
This issue can be related to https://github.com/sqlalchemy/sqlalchemy/issues/6275 and https://github.com/tortoise/tortoise-orm/issues/1376