Do we have support for MTLS in kong OSS with Postgresql?
i saw this Configuring PostgreSQL TLS - Kong Gateway | Kong Docs configuration but it is not available in OSS kong.conf ,and it is nowhere written in doc?
As far as I understand the code, mTLS is indeed not possible in the OSS version.
You can enable TLS to postgres by setting these environment variables:
KONG_PG_SSL=on
KONG_PG_SSL_VERIFY=on
KONG_PG_SSL_VERSION=tlsv1_3
and you can also validate the server-certificate by adding these env variables:
KONG_PG_SSL_REQUIRED=on
KONG_LUA_SSL_TRUSTED_CERTIFICATE=/path-to-your-database-truststore.pem
but the settings for mTLS client-certificate and key, as described for the Enterprise version, seems to be ignored by the OSS code.
The reason can be seen in the Kong code in the postgres connector here:
The settings for “cert” and “key” are never initialised.
However if you are developer and are able to extend the Lua code, a workaround is quite simple. Kong uses the “pgmoon” library.
Just add the missing lines as described in the ssl-example on the “pgmoon” githab page: