Connect to Azure Database for PostgreSQL flexible servers with require_secure_transport ON
The question partly relates to https://github.com/zitadel/zitadel/issues/6106
The official Azure docs for connecting via SSL are here: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-connect-tls-ssl#applications-that-require-certificate-verification-for-tlsssl-connectivity
We deploy (or want to
) Zitadel using the official helm chart https://github.com/zitadel/zitadel-charts/tree/main via helmfile
The source error that deviates from https://zitadel.com/docs/self-hosting/manage/database and zitadel#6106 is:
Obviously due to the fact that I try to connect with SSL
Disabling SSL is not an option atm, see: https://github.com/zitadel/zitadel/issues/3598#issuecomment-1610968551
Does anyone have a working example of using SSL? What mode would I pick? https://www.postgresql.org/docs/current/libpq-ssl.html (I believe
This is my current config fully rendered into the ConfigMap (thread).
I see the values
Its to note that we don't need TLS, our Gateways do that for us.
PS: Yes I will (try to) move it into the
The official Azure docs for connecting via SSL are here: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-connect-tls-ssl#applications-that-require-certificate-verification-for-tlsssl-connectivity
We deploy (or want to
) Zitadel using the official helm chart https://github.com/zitadel/zitadel-charts/tree/main via helmfileThe source error that deviates from https://zitadel.com/docs/self-hosting/manage/database and zitadel#6106 is:
host=[REDACTED].postgres.database.azure.com user=[REDACTED] database=postgres: server error (FATAL: no pg_hba.conf entry for host \"[REDACTED]\", user \"[REDACTED]\", database \"postgres\", no encryption (SQLSTATE 28000)))host=[REDACTED].postgres.database.azure.com user=[REDACTED] database=postgres: server error (FATAL: no pg_hba.conf entry for host \"[REDACTED]\", user \"[REDACTED]\", database \"postgres\", no encryption (SQLSTATE 28000)))Obviously due to the fact that I try to connect with SSL
disabledisable. Now, I can not really stitch 1+1 together how I would configure that with the values possible: https://github.com/zitadel/zitadel-charts/blob/main/charts/zitadel/values.yaml.Disabling SSL is not an option atm, see: https://github.com/zitadel/zitadel/issues/3598#issuecomment-1610968551
Does anyone have a working example of using SSL? What mode would I pick? https://www.postgresql.org/docs/current/libpq-ssl.html (I believe
verify-fullverify-full is wrong as the cert seems to be somewhat generic...)This is my current config fully rendered into the ConfigMap (thread).
I see the values
dbSslRootCrtdbSslRootCrt, dbSslRootCrtSecretdbSslRootCrtSecret (secret of the first one) and dbSslClientCrtSecretdbSslClientCrtSecret, but I can not stitch these two together. Any pointer helps Its to note that we don't need TLS, our Gateways do that for us.
PS: Yes I will (try to) move it into the
secretConfigsecretConfig once it works.
