core: extend postgres configuration (#5138)
Add postgres configuration options to control TLS verification and client certificates.
This commit is contained in:
parent
6192d01b7e
commit
adcd11b1f8
|
@ -276,6 +276,10 @@ DATABASES = {
|
||||||
"USER": CONFIG.y("postgresql.user"),
|
"USER": CONFIG.y("postgresql.user"),
|
||||||
"PASSWORD": CONFIG.y("postgresql.password"),
|
"PASSWORD": CONFIG.y("postgresql.password"),
|
||||||
"PORT": int(CONFIG.y("postgresql.port")),
|
"PORT": int(CONFIG.y("postgresql.port")),
|
||||||
|
"SSLMODE": CONFIG.y("postgresql.sslmode"),
|
||||||
|
"SSLROOTCERT": CONFIG.y("postgresql.sslrootcert"),
|
||||||
|
"SSLCERT": CONFIG.y("postgresql.sslcert"),
|
||||||
|
"SSLKEY": CONFIG.y("postgresql.sslkey"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -57,6 +57,10 @@ if __name__ == "__main__":
|
||||||
password=CONFIG.y("postgresql.password"),
|
password=CONFIG.y("postgresql.password"),
|
||||||
host=CONFIG.y("postgresql.host"),
|
host=CONFIG.y("postgresql.host"),
|
||||||
port=int(CONFIG.y("postgresql.port")),
|
port=int(CONFIG.y("postgresql.port")),
|
||||||
|
sslmode=CONFIG.y("postgresql.sslmode"),
|
||||||
|
sslrootcert=CONFIG.y("postgresql.sslrootcert"),
|
||||||
|
sslcert=CONFIG.y("postgresql.sslcert"),
|
||||||
|
sslkey=CONFIG.y("postgresql.sslkey"),
|
||||||
)
|
)
|
||||||
curr = conn.cursor()
|
curr = conn.cursor()
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -29,6 +29,10 @@ while True:
|
||||||
password=CONFIG.y("postgresql.password"),
|
password=CONFIG.y("postgresql.password"),
|
||||||
host=CONFIG.y("postgresql.host"),
|
host=CONFIG.y("postgresql.host"),
|
||||||
port=int(CONFIG.y("postgresql.port")),
|
port=int(CONFIG.y("postgresql.port")),
|
||||||
|
sslmode=CONFIG.y("postgresql.sslmode"),
|
||||||
|
sslrootcert=CONFIG.y("postgresql.sslrootcert"),
|
||||||
|
sslcert=CONFIG.y("postgresql.sslcert"),
|
||||||
|
sslkey=CONFIG.y("postgresql.sslkey"),
|
||||||
)
|
)
|
||||||
conn.cursor()
|
conn.cursor()
|
||||||
break
|
break
|
||||||
|
|
|
@ -33,6 +33,10 @@ kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config
|
||||||
- `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432
|
- `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432
|
||||||
- `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD`
|
- `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD`
|
||||||
- `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer
|
- `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer
|
||||||
|
- `AUTHENTIK_POSTGRESQL__SSLMODE`: Strictness of ssl verification. Defaults to `verify-ca`
|
||||||
|
- `AUTHENTIK_POSTGRESQL__SSLROOTCERT`: CA root for server ssl verification
|
||||||
|
- `AUTHENTIK_POSTGRESQL__SSLCERT`: Path to x509 client certificate to authenticate to server
|
||||||
|
- `AUTHENTIK_POSTGRESQL__SSLKEY`: Path to private key of `SSLCERT` certificate
|
||||||
|
|
||||||
## Redis Settings
|
## Redis Settings
|
||||||
|
|
||||||
|
|
Reference in a new issue