Skip to content

Commit

Permalink
SSL mode support for postgres in Catalog API
Browse files Browse the repository at this point in the history
  • Loading branch information
@pavelgopanenko
pavelgopanenko committed Sep 26, 2023
1 parent 55591dc commit 69a6336
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 12 deletions.
29 changes: 17 additions & 12 deletions charts/catalog-api/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,18 +117,23 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo

### Database settings

| Name | Description | Value |
| ------------------------------------------------------ | ------------------------------------------------------------------- | ------ |
| `api.postgres.host` | PostgreSQL rw/ro hostname or IP. **Required** | `""` |
| `api.postgres.port` | PostgreSQL port | `5432` |
| `api.postgres.name` | PostgreSQL database name. **Required** | `""` |
| `api.postgres.username` | PostgreSQL username. **Required** | `""` |
| `api.postgres.password` | PostgreSQL password. **Required** | `""` |
| `api.postgres.queryTimeout` | Max execution time PostgreSQL query timeout in seconds | `3` |
| `api.postgres.poolSize.api` | PostgreSQL connection pool size for API | `32` |
| `api.postgres.poolSize.preloaders.region` | PostgreSQL connection pool size for preloader regions | `2` |
| `api.postgres.poolSize.preloaders.rubric` | PostgreSQL connection pool size for preloader rubrics | `3` |
| `api.postgres.poolSize.preloaders.additionalAttribute` | PostgreSQL connection pool size for preloader additional attributes | `3` |
| Name | Description | Value |
| ------------------------------------------------------ | ------------------------------------------------------------------- | ---------------------------- |
| `api.postgres.host` | PostgreSQL rw/ro hostname or IP. **Required** | `""` |
| `api.postgres.port` | PostgreSQL port | `5432` |
| `api.postgres.name` | PostgreSQL database name. **Required** | `""` |
| `api.postgres.username` | PostgreSQL username. **Required** | `""` |
| `api.postgres.password` | PostgreSQL password. **Required** | `""` |
| `api.postgres.queryTimeout` | Max execution time PostgreSQL query timeout in seconds | `3` |
| `api.postgres.poolSize.api` | PostgreSQL connection pool size for API | `32` |
| `api.postgres.poolSize.preloaders.region` | PostgreSQL connection pool size for preloader regions | `2` |
| `api.postgres.poolSize.preloaders.rubric` | PostgreSQL connection pool size for preloader rubrics | `3` |
| `api.postgres.poolSize.preloaders.additionalAttribute` | PostgreSQL connection pool size for preloader additional attributes | `3` |
| `api.postgres.ssl.enabled` | Use SSL to connect to PostgreSQL | `false` |
| `api.postgres.ssl.mode` | SSL connection mode | `verify-full` |
| `api.postgres.ssl.clientCert` | Client certificate file path | `./path/to/client-cert.pem` |
| `api.postgres.ssl.clientKey` | Client key file path | `./path/to/client-key.pkcs8` |
| `api.postgres.ssl.caCert` | CA certificate file path | `./path/to/server-ca.pem` |

### Preloaders settings

Expand Down
11 changes: 11 additions & 0 deletions charts/catalog-api/templates/helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,17 @@ onprem
{{- end }}

{{- define "catalog.env.postgres" -}}
- name: CATALOG_DB_SSL_ENABLED
value: "{{ .Values.api.postgres.ssl.enabled }}"
- name: CATALOG_DB_SSL_MODE
value: "{{ .Values.api.postgres.ssl.mode }}"
- name: CATALOG_DB_SSL_CLIENTCERT_PATH
value: "{{ .Values.api.postgres.ssl.clientCert }}"
- name: CATALOG_DB_SSL_CLIENTKEY_PATH
value: "{{ .Values.api.postgres.ssl.clientKey }}"
- name: CATALOG_DB_SSL_SERVERCERT_PATH
value: "{{ .Values.api.postgres.ssl.serverCert }}"

- name: CATALOG_DB_SCHEMA
value: "{{ include "catalog.manifestCode" . }},extensions"
- name: CATALOG_DB_QUERY_TIMEOUT
Expand Down
11 changes: 11 additions & 0 deletions charts/catalog-api/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,11 @@ api:
# @param api.postgres.poolSize.preloaders.region PostgreSQL connection pool size for preloader regions
# @param api.postgres.poolSize.preloaders.rubric PostgreSQL connection pool size for preloader rubrics
# @param api.postgres.poolSize.preloaders.additionalAttribute PostgreSQL connection pool size for preloader additional attributes
# @param api.postgres.ssl.enabled Use SSL to connect to PostgreSQL
# @param api.postgres.ssl.mode SSL connection mode
# @param api.postgres.ssl.clientCert Client certificate file path
# @param api.postgres.ssl.clientKey Client key file path
# @param api.postgres.ssl.serverCert Server root certificate file path

postgres:
host: ''
Expand All @@ -168,6 +173,12 @@ api:
region: 2
rubric: 3
additionalAttribute: 3
ssl:
enabled: false
mode: verify-full
clientCert: ./path/to/client-cert.pem
clientKey: ./path/to/client-key.pkcs8
serverCert: ./path/to/server-cert.pem

# @section Preloaders settings

Expand Down

0 comments on commit 69a6336

Please sign in to comment.