Client Cert Authentication for External Postgres #1859
Comments
mmurtha
changed the title
mmurtha
changed the title
|
I think this is a very valuable contribution. I have installed Harbor using Helm and am trying to connect the Harbor core to an external database with SSL communication enabled using the following configuration: database:
type: external
external:
sslmode: verify-full
However, I encountered the following error: failed to initialize database: Register db Ping `default`, failed to connect to `host=223.144.17.83 user=harbor database=harbor`: failed to write startup message (tls: failed to verify certificate: x509: certificate is valid for 51.15.200.157, 51.50.24.161, 51.151.24.161, not 195.154.197.18This behavior is expected because the certificate is not mounted inside the filesystem of the Harbor components. I believe this is a critical issue, as SSL communication is essential. We should provide a way to mount the certificate within the Harbor components to enable proper SSL communication with external databases. |
I have SSL verification working on the connection to the database. The issue I have is I have to use username/password rather than client cert authentication. Your error may be due to your certificate. Perhaps an SNI error |
Please add support for configuring client certificate authentication when connecting to an external PostgreSQL database. This would involve specifying paths for the following files in the Helm chart values (Values.database.external) and the corresponding configuration in the chart:
sslcert (Client certificate)
sslkey (Client key)
sslrootcert (CA certificate)
I have found one user-submitted PR for this functionality but it does not appear to have been implemented:
damyan#1
Thank you
The text was updated successfully, but these errors were encountered: