Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add references to sslmode for postgres dbs #617

Merged
merged 2 commits into from
Jan 17, 2025
Merged

fix: add references to sslmode for postgres dbs #617

merged 2 commits into from
Jan 17, 2025

Conversation

Chickensoupwithrice
Copy link
Contributor

@Chickensoupwithrice Chickensoupwithrice commented Jan 16, 2025
edited
Loading

REL-638
raised issues that this flag did not get mentioned in the docs where a
customer wanted to use TLS. It also outlined the recommended fixes that
this commit implements.

This PR has an accompanying docs PR

Checklist

Test plan

Manually test this out? Would require spinning up an RDS instance or something, but that's fine.
I'm in the process of doing so now.

@Chickensoupwithrice
Copy link
Contributor Author

Chickensoupwithrice commented Jan 17, 2025
edited
Loading

I've finally verified that this fix works. Below are screenshots showing that sslmode is passed in as an environment variable, and it's able to connect successfully to an external database.
image
image
image

Here is the patch I used with the password removed:

Patch file for testing

diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml
index c74b21a..5b8e717 100644
--- a/charts/sourcegraph/values.yaml
+++ b/charts/sourcegraph/values.yaml
@@ -148,24 +148,24 @@ cadvisor:

codeInsightsDB:

-- Enable codeinsights-db PostgreSQL server

  • enabled: true
  • enabled: false
    auth:

    -- Name of existing secret to use for Code Insights credentials

    The secret must contain the keys user, password, database, host and port.

    auth.user, auth.password, etc. are ignored if this is enabled

    existingSecret: ""

    -- Sets codeinsights-db database name

  • database: "postgres"
  • database: "codeinsights-db"

    -- Sets codeinsights-db host

  • host: "codeinsights-db"
  • host: "database-1-sslmode-test.cwpsk693immt.us-west-2.rds.amazonaws.com"

    -- Sets codeinsights-db username

    user: "postgres"

    -- Sets codeinsights-db password

  • password: "password"
  • password: ""

    -- Sets codeinsights-db port

    port: "5432"

    -- Sets codeinsights-db SSL mode

  • sslmode: "disable" # set to "require" to enable SSL
  • sslmode: "require" # set to "require" to enable SSL

-- Environment variables for the codeinsights-db container

env: {}

-- Name of existing ConfigMap for codeinsights-db. It must contain a postgresql.conf key.

@@ -223,24 +223,24 @@ codeInsightsDB:

codeIntelDB:

-- Enable codeintel-db PostgreSQL server

  • enabled: true
  • enabled: false
    auth:

    -- Name of existing secret to use for CodeIntel credentials

    The secret must contain the keys user, password, database, host and port.

    auth.user, auth.password, etc. are ignored if this is enabled

    existingSecret: ""

    -- Sets codeintel-db database name

  • database: "sg"
  • database: "codeintel-db"

    -- Sets codeintel-db host

  • host: "codeintel-db"
  • host: "database-1-sslmode-test.cwpsk693immt.us-west-2.rds.amazonaws.com"

    -- Sets codeintel-db username

  • user: "sg"
  • user: "postgres"

    -- Sets codeintel-db password

  • password: "password"
  • password: ""

    -- Sets codeintel-db port

    port: "5432"

    -- Sets codeintel-db SSL mode

  • sslmode: "disable" # set to "require" to enable SSL
  • sslmode: "require" # set to "require" to enable SSL

-- Name of existing ConfigMap for codeintel-db. It must contain a postgresql.conf key

existingConfig: ""

-- Additional PostgreSQL configuration. This will override or extend our default configuration.

@@ -709,24 +709,24 @@ nodeExporter:

pgsql:

-- Enable pgsql PostgreSQL server

  • enabled: true
  • enabled: false
    auth:

    -- Name of existing secret to use for Postgres credentials

    The secret must contain the keys user, password, database, host and port.

    auth.user, auth.password, etc. are ignored if this is enabled

    existingSecret: ""

    -- Sets postgres database name

  • database: "sg"
  • database: "postgres"

    -- Sets postgres host

  • host: "pgsql"
  • host: "database-1-sslmode-test.cwpsk693immt.us-west-2.rds.amazonaws.com"

    -- Sets postgres username

  • user: "sg"
  • user: "postgres"

    -- Sets postgres password

  • password: "password"
  • password: ""

    -- Sets postgres port

    port: "5432"

    -- Sets postgres SSL mode

  • sslmode: "disable" # set to "require" to enable SSL
  • sslmode: "require" # set to "require" to enable SSL

-- Name of existing ConfigMap for pgsql. It must contain a postgresql.conf key

existingConfig: "" # Name of an existing configmap

-- Additional PostgreSQL configuration. This will override or extend our default configuration.

@Chickensoupwithrice
fix: add references to sslmode for postgres dbs
5f63fba 
[REL-638](https://linear.app/sourcegraph/issue/REL-638/configure-aws-rds-databases-for-tls-connections-in-helm-chart)
raised issues that this flag did not get mentioned in the docs where a
customer wanted to use TLS. It also outlined the recommended fixes that
this commit implements.
@Chickensoupwithrice
fix: regenerate docs and update test checksums
563eb4e 
- update pgsql secret checksum
- codeinsights db checksum
- codeintel db checksum
- pgsqlAuth test checksum
- the other pgsql checsum...
@Chickensoupwithrice Chickensoupwithrice enabled auto-merge (squash) January 17, 2025 17:27
@Chickensoupwithrice Chickensoupwithrice merged commit bbc52d1 into main Jan 17, 2025
5 checks passed
@Chickensoupwithrice Chickensoupwithrice deleted the al/REL-638/pg-ssl-mode branch January 17, 2025 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdpleiness jdpleiness jdpleiness approved these changes

@marcleblanc2 marcleblanc2 Awaiting requested review from marcleblanc2

@DaedalusG DaedalusG Awaiting requested review from DaedalusG

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Chickensoupwithrice @jdpleiness