SSL enabled postgres - kong migration fails

Kong migration job fails for SSL. When I specify KONG_PG_SSL as “true”, it says field is immutable.

$ k logs pod/kong-migrations-wq4d6 -n apigateway
Error: [PostgreSQL error] failed to retrieve server_version_num: FATAL: SSL connection is required. Please specify SSL options and retry.

  Run with --v (verbose) or --vv (debug) for more details

Can you share the YAML manifest of the migration job?
And how are you installing Kong?

Hello @hbagdi
I am using https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/master/deploy/single/all-in-one-postgres.yaml

And installed in one namespace of k8s cluster.

It works great if SSL if Off on Postgres database.
Can you share an example of SSL properties yaml?

Where do you specify it?
Please make sure that you specify the field before you apply the above manifest.
Also, it might be happening that the migration Job already exists, in which case, please delete it first from your k8s cluster and then apply the update manifest.

It would be nice if you could PR this change of turning SSL on by default for Postgres and Kong communication.

Hope this helps!

Yes it was part of manifest before I applied it.

But Yes you are right. Job was already there and they with SSL field I was applying manifest.
I used kubectl apply --force to make it work :slight_smile:

I am not sure if we should PR this, my Postgres has SSL On, but may be not case with everyone. Rather we can add few lines in documentation. What do you think?

Did you have to configure anything in Kong or Postgres deployment other than changing values of environment values? If not, then we can include this in the default deployment for a little more secure and sane deployment.
If yes, then we should let users decide what is best for them.

Makes sense. Sure lets have PR. How do I raise it? Never done before.

You will need a Github account and then fork the following repository:

The files that you will need to edit are here: https://github.com/Kong/kubernetes-ingress-controller/tree/master/deploy/manifests

Let me know if you have any questions.

Created Pull requests - https://github.com/swapnild2111/kubernetes-ingress-controller/pulls
Please take a look :slight_smile:

Please send the Pull Request against kong/kubernetes-ingress-controller repository.
You have opened up Pull Requests against the fork itself, meaning you will merge in the changes in your copy of the code only.

Here it is: https://github.com/Kong/kubernetes-ingress-controller/pull/368


© 2018 Kong Inc.    Terms  •  Privacy  •  FAQ