Step 1: Certificates

ARTIFACTORY: Connecting to Google Cloud PostgreSQL

AuthorFullName__c
Ashraf Kherbawy
articleNumber
000005146
ft:sourceType
Salesforce
FirstPublishedDate
2021-10-03T20:15:40Z
lastModifiedDate
2022-12-06
VersionNumber
8
In the Google SQL UI panel, navigate to your PostgreSQL instance > Connections and make sure that ‘Allow only SSL connections’ is checked – this will enforce SSL connections. Then, click ‘Create Client Certificate’ which will generate the following certificates and private key:
  1. client-cert.cer/.der
  2. client-key.cer/.der
  3. server-ca.cer/.der
These three files need to be moved into the ‘/etc/ssl/certs/’ directory of the Artifactory host machine/pod/container. ‘/etc/ssl/certs/’ is the default directory from which Go applications (Metadata) load certificates.

As ‘client-key.cer/.der’ is the private key being used for Metadata, we will need to create another copy of it in DER format for Artifactory:
$ openssl pkcs8 -topk8 -outform DER -in client-key.cer/.der -out postgresql.key -nocrypt
For demonstration, we will place ‘postgresql.key’ under ‘/etc/ssl/certs/’ as well.

For Helm users:
If Artifactory is installed via Helm, the certificate can be copied as a secret:

1. Create the secret:
$ ls ../gcp-certs
client-cert.cer client-key.cer  postgresql.key  server-ca.cer
$ kubectl create secret generic gcp-certs --from-file="../gcp-certs/"
secret/gcp-certs created


2. Add ‘customVolumes’ and ‘customVolumeMounts’ to the values.yaml file:
global:

  customVolumes: |

      - name: gcp-certs

        secret:

          secretName: gcp-certs

  customVolumeMounts: |

     - name: gcp-certs

       mountPath: /etc/ssl/certs/