By aq
Hi,
I am currently running a managed postgres database and a kubernetes cluster in digital ocean.
These are both running in the same VPC
I have added the kubernetes cluster to the trusted sources of the managed database.
I am able to connect to the database from my local machine if I add my local ip to the trusted sources.
However, I am seeing that my connection keeps timing out when trying to connect to the database in one of my k8s pods.
My code looks like this (typescript):
import dotenv from 'dotenv';
import pg from 'pg';
dotenv._config_();
export const _pool_ = new pg._Pool_({
connectionString: process.env.DATABASE_URL,
connectionTimeoutMillis: 5000,
ssl:
process_.env.ENVIRONMENT !== 'local'
? {
rejectUnauthorized: true,
ca: _Buffer_._from_(
_process_.env.DATABASE_CRT as string,
'base64',
)._toString_('utf-8'),
} : undefined,
});
I pass the DATABASE_CRT and the DATABASE_URL via secrets -> env variables.
I base64 encoded the DATABASE_CRT.
I also created a small script that I ran in the pod with the DATABASE_CRT in-lined, also was timing out… This same code worked locally
I am using the VPC connection string as the DATABASE_URL, and the ca-certificate (I base64 encoded and placed in my secret) downloaded from the managed postgres page.
I was able to hit the database via telnet from the pod ie. curl -v telnet://<db-host>:<db-port>
Any advice?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
https://github.com/brianc/node-postgres/issues/2558#issuecomment-2575641839
I had to remove the ?sslmode=require from the database connection string
Here is working code
- I used the public connection string
import dotenv from 'dotenv';
import pg from 'pg';
dotenv.config();
const { Pool } = pg;
// Decode the base64-encoded CA certificate
const caCert = process.env.DATABASE_CRT
? Buffer.from(process.env.DATABASE_CRT, 'base64').toString('utf-8')
: undefined;
// Configure SSL based on the environment
const sslConfig = process.env.ENVIRONMENT !== 'local' && caCert
? { rejectUnauthorized: true, ca: caCert }
: undefined;
// Create a new PostgreSQL connection pool
export const pool = new Pool({
connectionString: process.env.DATABASE_URL,
connectionTimeoutMillis: 5000,
ssl: sslConfig,
});
// Example function to test the connection
async function testConnection() {
try {
const client = await pool.connect();
console.log('Connected to the database successfully.');
client.release();
} catch (err) {
console.error('Database connection error:', err.stack);
}
}
// Run the test
testConnection();
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.