Postgres CA Cert and Kubernetes

May 17, 2019 390 views
Kubernetes PostgreSQL

I have a managed postgres database with DO - connection string has sslmode = require in it.

For local development I have downloaded and trusted the CA certificate for our postgres instance and all works fine.

But now I have deployed our application to a kubernetes cluster on DO - and its failing because the CA Root is not trusted.

Is it possible to configure Kubernetes to download the CA and trust it on the underlying droplets?

1 Answer

I've found a solution in case anyone else comes along later.

I included my .crt file in my project so it got included with the binaries.

Then in my dockerfile I added these 2 liness in the final stage:

ADD [path from working dir to the CRT file] /usr/local/share/ca-certificates/DO-PG-CA.crt
RUN chmod 644 /usr/local/share/ca-certificates/DO-PG-CA.crt && update-ca-certificates

Have another answer? Share your knowledge.