Andy
Reputation: 11
How to configure Harbor with external database and sslmode
I have a postgresql database where ssl is required
resource "google_sql_database_instance" "instance" {
provider = google-beta
name = "harbor-postgre"
region = "europe-west1"
database_version = "POSTGRES_13"
deletion_protection = false
depends_on = [google_service_networking_connection.harbor_postgresql_vpc_connection]
settings {
tier = "db-g1-small"
disk_size = "100"
disk_autoresize = true
disk_type = "PD_SSD"
#availability_type = "REGIONAL"
ip_configuration {
ipv4_enabled = false
private_network = google_compute_network.tools_europe_west1_vpc.id
require_ssl = true
}
}
}
I want to deploy harbor by using the helmchart. In the values.yaml set set the following
database:
# if external database is used, set "type" to "external"
# and fill the connection informations in "external" section
type: external
external:
host: "xxx.xx.xxx.x"
port: "xxxx"
username: "postgres"
password: "xxx"
coreDatabase: "registry"
notaryServerDatabase: "notary_server"
notarySignerDatabase: "notary_signer"
# "disable" - No SSL
# "require" - Always SSL (skip verification)
# "verify-ca" - Always SSL (verify that the certificate presented by the
# server was signed by a trusted CA)
# "verify-full" - Always SSL (verify that the certification presented by the
# server was signed by a trusted CA and the server host name matches the one
# in the certificate)
## sslmode: "disable"
sslmode: "require"
# The maximum number of connections in the idle connection pool per pod (core+exporter).
# If it <=0, no idle connections are retained.
maxIdleConns: 100
# The maximum number of open connections to the database per pod (core+exporter).
# If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgre of harbor.
maxOpenConns: 900
## Additional deployment annotations
podAnnotations: {}
In kubernetes my harbor-core deployment returns the following
*resource: {2} severity: "INFO" textPayload: "2023-04-24T06:22:25Z [INFO] [/common/dao/base.go:66]: Registering database: type-PostgreSQL host-xxx.xx.xxx.x port-xxxx database-registry sslmode-"require"" timestamp: "2023-04-24T06:22:25.501442827Z"
resource: {2}
severity: "INFO"
textPayload: "[ORM]2023/04/24 06:22:25 register db Ping default, pq: connection requires a valid client certificate"
timestamp: "2023-04-24T06:22:25.517334631Z"*
I could not find anything where to set the client certificate.
Upvotes: 0
Views: 1052
Answers (0)
Related Questions
- How can I drop all the tables in a PostgreSQL database?
- How to Enforce SSL Mode in SQLAlchemy with pg8000 for Cloud SQL Connection Using IAM Auth
- Openliberty PostgreDB connection with sslMode=verify-ca fails
- How to drop a PostgreSQL database if there are active connections to it?
- How can I call a postgresql db stored in DigitalOcean from ASP.NET Core web api?
- How to configure Harbor on k8s cluster?
- My database connection doesn't connect with postgreSQL
- Reverse enginerring PostgreSQL database with SSL connection in SchemaSpy
- How to connect to Heroku postgres database from a local connection in php