search

tembo-io / tembo-stacks

Moved to https://github.com/tembo-io/tembo
https://tembo.io
PostgreSQL License
85 stars 1 forks source link

Correct issue with setting up CA and Secret for Connection Pooler #353

Closed nhudson closed 1 year ago

nhudson commented 1 year ago

There is an issue with setting up the -pooler secret since we switched to using our own generated CA. This PR is an attempt to add support to generate the certificate and secret the pooler requires to reconcile along with setting up the cnpg_pooler_pgbouncer role in the database.

fixes: TEM-2039

nhudson commented 1 year ago

https://linear.app/tembo/issue/TEM-2039/fix-pooler-mode-to-work-with-custom-certs

nhudson commented 1 year ago 
k get secrets my-coredb-ca1 -ojson | jq -r '.data["ca.crt"]' | base64 -d >ca.crt
❯ psql "postgres://postgres:$(kubectl get secrets -o json my-coredb-connection | jq -r '.data.password' | base64 --decode)@my-coredb-pooler.localhost:5432?sslmode=verify-full&sslrootcert=ca.crt"
psql (15.4, server 15.3)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)
Type "help" for help.

postgres=# \dx;
                   List of installed extensions
    Name    | Version |   Schema   |         Description          
------------+---------+------------+------------------------------
 pg_graphql | 1.2.0   | graphql    | pg_graphql: GraphQL support
 plpgsql    | 1.0     | pg_catalog | PL/pgSQL procedural language
(2 rows)

postgres=#