-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request - Add ssl option to postgres #221
Comments
Hi @RegisHubelia, this should already be possible by providing your own |
Will do and revert. Still think this should be an option... |
@RegisHubelia the solution shoulb be so easy (i'm not sure)
|
Sorry to drop back here and reopen this issue... But setting DATABASE_URL somehow works, but the issue is in the template:
The DATABASE_URL is set even if we set our own in the extraEnv. so it ends up with something like this in the stateful set for all containers that uses the DATABASE_URL:
This gives an error as there is both, the value and the valueFrom keys. The only way I fould around it is to remove the value in the statefulset once it's created/updated. Should be a quick fix tough, simply adding a check if the extraEnv DATABASE_URL exists - if yes use this one, else use the generated one. Happy to open a PR. |
Hello @RegisHubelia. You are correct that both values are generated in the template. I tried it and found that the last definition from extraEnv overwrites the first one with a warning, not an error. And the value was the correct one and worked correctly in the deployed application. |
Strange, this is not my experience... I ended up with both, the "value" key and the "valueFrom". Did you try to set a value, or the valueFrom? If the value key is set, then yes it should overwrite the generated one, but if using a secret, then it's the valueFrom key, which is likely In most scenario, as there is sensitive information in the url therefore using a secret is a better way to go. |
Ah, thanks for the explanation. Maybe you can try setting |
The issue is that value cannot be set if valueFrom is. So even with your suggestion, it gives this "create Pod zammad-sd-1 in StatefulSet zammad-sd failed error: Pod "zammad-sd-1" is invalid: [spec.containers[1].env[6].valueFrom: Invalid value: "": may not be specified when |
Overriding with |
This has been added recently with 11.0.0. You can now specify/modify |
Thank you! |
Worked like a charm. Thanks again. |
When using custom postgres services (standalone or clusters, but outside of the build-in zammad postgres) - I don't see how to enable ssl to connect to the server. We have a postgres cluster, using bouncers, which requires ssl. We worked around it by connecting directly to the primary instance, but this is far from ideal.
It would be nice to be able to provide either a full url ourselves, or add the ssl options/other options to append to the generated postgres url from the information given in the chart.
The text was updated successfully, but these errors were encountered: