We will be using the following system.yaml:
As seen above, both connection strings use the same two certificates and two different formats of the same private key.
Additionally, the Metadata password is set to a variable for security purposes (encryption).
We need to make sure we change all values between the “< >” signes (which should be removed). Here is an example where the hostname is ‘googlesql’, database name is ‘artdb’, username is ‘joey’ and password is ‘hello’:
For Helm users:
Custom Metadata DB configuration is yet to be supported via Helm variables. Therefore, we will need to load our full system.yaml file using systemYamlOverride or systemYaml. A couple of notes for Helm installations:
metadata: database: type: postgresql driver: org.postgresql.Driver url: go:user=<db-username> password='${shared.database.password}' dbname=<db-name> host=<db-hostname> port=5432 sslmode=verify-ca sslrootcert=/etc/ssl/certs/server-ca.cer sslcert=/etc/ssl/certs/client-cert.cer sslkey=/etc/ssl/certs/client-key.cer shared: database: type: postgresql driver: org.postgresql.Driver url: jdbc:postgresql://<db-hostname>:5432/<db-name>?sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-ca&sslrootcert=/etc/ssl/certs/server-ca.cer&sslcert=/etc/ssl/certs/client-cert.cer&sslkey=/etc/ssl/certs/postgresql.key username: <db-username> password: <db-password>
As seen above, both connection strings use the same two certificates and two different formats of the same private key.
Additionally, the Metadata password is set to a variable for security purposes (encryption).
We need to make sure we change all values between the “< >” signes (which should be removed). Here is an example where the hostname is ‘googlesql’, database name is ‘artdb’, username is ‘joey’ and password is ‘hello’:
metadata: database: type: postgresql driver: org.postgresql.Driver url: go:user=joey password='${shared.database.password}' dbname=artdb host=googlesql port=5432 sslmode=verify-ca sslrootcert=/etc/ssl/certs/server-ca.cer sslcert=/etc/ssl/certs/client-cert.cer sslkey=/etc/ssl/certs/client-key.cer shared: database: type: postgresql driver: org.postgresql.Driver url: jdbc:postgresql://googlesql:5432/artdb?sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-ca&sslrootcert=/etc/ssl/certs/server-ca.cer&sslcert=/etc/ssl/certs/client-cert.cer&sslkey=/etc/ssl/certs/postgresql.key username: joey password: hello
For Helm users:
Custom Metadata DB configuration is yet to be supported via Helm variables. Therefore, we will need to load our full system.yaml file using systemYamlOverride or systemYaml. A couple of notes for Helm installations:
- Make sure you set ‘postgresql.enabled=false’, otherwise a random DB password will be used.
- Make sure that in system.yaml, ‘metadata.database’ is declared before ‘shared.database’
postgresql: enabled: false global: customVolumes: | - name: gcp-certs secret: secretName: gcp-certs customVolumeMounts: | - name: gcp-certs mountPath: /etc/ssl/certs/ artifactory: systemYaml: | metadata: database: type: postgresql driver: org.postgresql.Driver url: go:user=joey password='${shared.database.password}' dbname=artdb host=googlesql port=5432 sslmode=verify-ca sslrootcert=/etc/ssl/certs/server-ca.cer sslcert=/etc/ssl/certs/client-cert.cer sslkey=/etc/ssl/certs/client-key.cer shared: database: type: postgresql driver: org.postgresql.Driver url: jdbc:postgresql://googlesql:5432/artdb?sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-ca&sslrootcert=/etc/ssl/certs/server-ca.cer&sslcert=/etc/ssl/certs/client-cert.cer&sslkey=/etc/ssl/certs/postgresql.key username: joey password: hello