diff --git a/charts/catalog-api/README.md b/charts/catalog-api/README.md index 80d153a6f..3df91a755 100644 --- a/charts/catalog-api/README.md +++ b/charts/catalog-api/README.md @@ -117,18 +117,23 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo ### Database settings -| Name | Description | Value | -| ------------------------------------------------------ | ------------------------------------------------------------------- | ------ | -| `api.postgres.host` | PostgreSQL rw/ro hostname or IP. **Required** | `""` | -| `api.postgres.port` | PostgreSQL port | `5432` | -| `api.postgres.name` | PostgreSQL database name. **Required** | `""` | -| `api.postgres.username` | PostgreSQL username. **Required** | `""` | -| `api.postgres.password` | PostgreSQL password. **Required** | `""` | -| `api.postgres.queryTimeout` | Max execution time PostgreSQL query timeout in seconds | `3` | -| `api.postgres.poolSize.api` | PostgreSQL connection pool size for API | `32` | -| `api.postgres.poolSize.preloaders.region` | PostgreSQL connection pool size for preloader regions | `2` | -| `api.postgres.poolSize.preloaders.rubric` | PostgreSQL connection pool size for preloader rubrics | `3` | -| `api.postgres.poolSize.preloaders.additionalAttribute` | PostgreSQL connection pool size for preloader additional attributes | `3` | +| Name | Description | Value | +| ------------------------------------------------------ | ------------------------------------------------------------------- | ---------------------------- | +| `api.postgres.host` | PostgreSQL rw/ro hostname or IP. **Required** | `""` | +| `api.postgres.port` | PostgreSQL port | `5432` | +| `api.postgres.name` | PostgreSQL database name. **Required** | `""` | +| `api.postgres.username` | PostgreSQL username. **Required** | `""` | +| `api.postgres.password` | PostgreSQL password. **Required** | `""` | +| `api.postgres.queryTimeout` | Max execution time PostgreSQL query timeout in seconds | `3` | +| `api.postgres.poolSize.api` | PostgreSQL connection pool size for API | `32` | +| `api.postgres.poolSize.preloaders.region` | PostgreSQL connection pool size for preloader regions | `2` | +| `api.postgres.poolSize.preloaders.rubric` | PostgreSQL connection pool size for preloader rubrics | `3` | +| `api.postgres.poolSize.preloaders.additionalAttribute` | PostgreSQL connection pool size for preloader additional attributes | `3` | +| `api.postgres.ssl.enabled` | Use SSL to connect to PostgreSQL | `false` | +| `api.postgres.ssl.mode` | SSL connection mode | `verify-full` | +| `api.postgres.ssl.clientCert` | Client certificate file path | `./path/to/client-cert.pem` | +| `api.postgres.ssl.clientKey` | Client key file path | `./path/to/client-key.pkcs8` | +| `api.postgres.ssl.caCert` | CA certificate file path | `./path/to/server-ca.pem` | ### Preloaders settings diff --git a/charts/catalog-api/templates/helpers.tpl b/charts/catalog-api/templates/helpers.tpl index da5cca347..547f7be17 100644 --- a/charts/catalog-api/templates/helpers.tpl +++ b/charts/catalog-api/templates/helpers.tpl @@ -44,6 +44,17 @@ onprem {{- end }} {{- define "catalog.env.postgres" -}} +- name: CATALOG_DB_SSL_ENABLED + value: "{{ .Values.api.postgres.ssl.enabled }}" +- name: CATALOG_DB_SSL_MODE + value: "{{ .Values.api.postgres.ssl.mode }}" +- name: CATALOG_DB_SSL_CLIENTCERT_PATH + value: "{{ .Values.api.postgres.ssl.clientCert }}" +- name: CATALOG_DB_SSL_KEYCERT_PATH + value: "{{ .Values.api.postgres.ssl.clientKey }}" +- name: CATALOG_DB_SSL_SERVERCERT_PATH + value: "{{ .Values.api.postgres.ssl.caCert }}" + - name: CATALOG_DB_SCHEMA value: "{{ include "catalog.manifestCode" . }},extensions" - name: CATALOG_DB_QUERY_TIMEOUT diff --git a/charts/catalog-api/values.yaml b/charts/catalog-api/values.yaml index 87eaf686a..d9acfdaa2 100644 --- a/charts/catalog-api/values.yaml +++ b/charts/catalog-api/values.yaml @@ -154,6 +154,11 @@ api: # @param api.postgres.poolSize.preloaders.region PostgreSQL connection pool size for preloader regions # @param api.postgres.poolSize.preloaders.rubric PostgreSQL connection pool size for preloader rubrics # @param api.postgres.poolSize.preloaders.additionalAttribute PostgreSQL connection pool size for preloader additional attributes + # @param api.postgres.ssl.enabled Use SSL to connect to PostgreSQL + # @param api.postgres.ssl.mode SSL connection mode + # @param api.postgres.ssl.clientCert Client certificate file path + # @param api.postgres.ssl.clientKey Client key file path + # @param api.postgres.ssl.caCert CA certificate file path postgres: host: '' @@ -168,6 +173,12 @@ api: region: 2 rubric: 3 additionalAttribute: 3 + ssl: + enabled: false + mode: verify-full + clientCert: ./path/to/client-cert.pem + clientKey: ./path/to/client-key.pkcs8 + caCert: ./path/to/server-ca.pem # @section Preloaders settings