search

netbox-community / netbox-chart

A Helm chart for NetBox
https://netbox.readthedocs.io/
Apache License 2.0
263 stars 155 forks source link

Support Postgresql `sslrootcert` option #417

Open joachimBurket opened 1 week ago

joachimBurket commented 1 week ago

Proposed functionality

Add the value externalDatabase.sslRootCert, and put it in the configuration.py:

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "common.names.fullname" . }}
  namespace: {{ include "common.names.namespace" . | quote }}
  # [ ... ]
data:
  configuration.py: |-
    {{ .Files.Get "files/configuration.py" | nindent 4 }}

  netbox.yaml: |-
    # [ ... ]

    DATABASE:
      # [ ... ]      
      OPTIONS:
        sslmode: {{ .Values.externalDatabase.sslMode | quote }}

        # add the options here
        sslrootcert: {{ .Values.externalDatabase.sslRootCert | quote }}

      # [ ... ]

Maybe the externalDatabase.sslRootCert value could be set to system by default, but it could be a breaking change because by default my container tries to get the CA cert from //.postgresql/root.crt

Use case

When setting the value externalDatabase.sslMode to verify-full, it should be possible to configure the path of the CA bundle (or set it to system to use the system CA bundle)

LeoColomb commented 4 days ago

Thanks for filing this issue, @joachimBurket. This suggestion seems all right to me. Would you like to open a pull request?

Maybe the externalDatabase.sslRootCert value could be set to system by default

Let's keep it empty/null for now, and let's NetBox manage its default on its own.