Closed iainsproat closed 10 months ago
There is no mechanism for achieving this currently IMO.
This should be a feature request.
/kind feature
Agree this would be a net new feature, as Results would need to do the following:
sslrootcert
parameter.See PostgreSQL SSL docs for further technical information.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen
with a justification.
/lifecycle stale
Send feedback to tektoncd/plumbing.
/lifecycle frozen
This is an important security feature.
/assign enarha
@iainsproat, when you have a chance please TAL at #658. It implements the feature you asked for. Thanks.
Expected Behavior
Given a custom root CA certificate for a postgres database server, I would like postgres to use
verify-ca
orverify-full
SSL modes using the custom CA certificate.Is there a mechanism for achieving this that maybe I have missed?
Actual Behavior
With the existing kubernetes manifests, there does not seem to be a mechanism for mounting a trusted certificate either in postgres default location or by specifying a custom location to postgres.
Steps to Reproduce the Problem
DB_SSLMODE=verify-ca
orDB_SSLMODE=verify-full
.Additional Info
Kubernetes version:
Output of
kubectl version
:Tekton Pipeline version:
Output of
tkn version
orkubectl get pods -n tekton-pipelines -l app=tekton-pipelines-controller -o=jsonpath='{.items[0].metadata.labels.version}'