Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Postgresql sslrootcert option #417

Open
joachimBurket opened this issue Nov 21, 2024 · 2 comments · May be fixed by #439
Open

Support Postgresql sslrootcert option #417

joachimBurket opened this issue Nov 21, 2024 · 2 comments · May be fixed by #439
Labels
enhancement New feature or request

Comments

@joachimBurket
Copy link
Contributor

Proposed functionality

Add the value externalDatabase.sslRootCert, and put it in the configuration.py:

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "common.names.fullname" . }}
  namespace: {{ include "common.names.namespace" . | quote }}
  # [ ... ]
data:
  configuration.py: |-
    {{ .Files.Get "files/configuration.py" | nindent 4 }}

  netbox.yaml: |-
    # [ ... ]

    DATABASE:
      # [ ... ]      
      OPTIONS:
        sslmode: {{ .Values.externalDatabase.sslMode | quote }}
        
        # add the options here
        sslrootcert: {{ .Values.externalDatabase.sslRootCert | quote }}

      # [ ... ]

Maybe the externalDatabase.sslRootCert value could be set to system by default, but it could be a breaking change because by default my container tries to get the CA cert from //.postgresql/root.crt

Use case

When setting the value externalDatabase.sslMode to verify-full, it should be possible to configure the path of the CA bundle (or set it to system to use the system CA bundle)
@joachimBurket joachimBurket added the enhancement New feature or request label Nov 21, 2024
@LeoColomb
Copy link
Member

Thanks for filing this issue, @joachimBurket.
This suggestion seems all right to me.
Would you like to open a pull request?

Maybe the externalDatabase.sslRootCert value could be set to system by default

Let's keep it empty/null for now, and let's NetBox manage its default on its own.

@joachimBurket
Copy link
Contributor Author

Yes I can give it a try :)

@joachimBurket joachimBurket linked a pull request Dec 10, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Postgresql sslrootcert option joachimBurket/netbox-chart
2 participants
@LeoColomb @joachimBurket