Your organization may require connecting to the database instance over SSL. To supply Coder with the appropriate certificates, and have it connect over SSL, follow the steps below:
- Create the certificate as a secret in your Kubernetes cluster, if not already present:
kubectl create secret tls postgres-certs -n coder --key="postgres.key" --cert="postgres.crt"- Define the secret volume and volumeMounts in the Helm chart:
coder:
volumes:
- name: "pg-certs-mount"
secret:
secretName: "postgres-certs"
volumeMounts:
- name: "pg-certs-mount"
mountPath: "$HOME/.postgresql"
readOnly: true- Lastly, your PG connection URL will look like:
postgres://<user>:<password>@databasehost:<port>/<db-name>?sslmode=require&sslcert="$HOME/.postgresql/postgres.crt&sslkey=$HOME/.postgresql/postgres.key"- Download the CA certificate chain for your database instance, and create it as a secret in your Kubernetes cluster, if not already present:
kubectl create secret tls postgres-certs -n coder --key="postgres-root.key" --cert="postgres-root.crt"- Define the secret volume and volumeMounts in the Helm chart:
coder:
volumes:
- name: "pg-certs-mount"
secret:
secretName: "postgres-certs"
volumeMounts:
- name: "pg-certs-mount"
mountPath: "$HOME/.postgresql/postgres-root.crt"
readOnly: true- Lastly, your PG connection URL will look like:
postgres://<user>:<password>@databasehost:<port>/<db-name>?sslmode=verify-full&sslrootcert="/home/coder/.postgresql/postgres-root.crt"More information on connecting to PostgreSQL databases using certificates can be found in the PostgreSQL documentation.