core: extend postgres configuration (#5138)
Add postgres configuration options to control TLS verification and client certificates.
This commit is contained in:
parent
6192d01b7e
commit
adcd11b1f8
|
@ -276,6 +276,10 @@ DATABASES = {
|
|||
"USER": CONFIG.y("postgresql.user"),
|
||||
"PASSWORD": CONFIG.y("postgresql.password"),
|
||||
"PORT": int(CONFIG.y("postgresql.port")),
|
||||
"SSLMODE": CONFIG.y("postgresql.sslmode"),
|
||||
"SSLROOTCERT": CONFIG.y("postgresql.sslrootcert"),
|
||||
"SSLCERT": CONFIG.y("postgresql.sslcert"),
|
||||
"SSLKEY": CONFIG.y("postgresql.sslkey"),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -57,6 +57,10 @@ if __name__ == "__main__":
|
|||
password=CONFIG.y("postgresql.password"),
|
||||
host=CONFIG.y("postgresql.host"),
|
||||
port=int(CONFIG.y("postgresql.port")),
|
||||
sslmode=CONFIG.y("postgresql.sslmode"),
|
||||
sslrootcert=CONFIG.y("postgresql.sslrootcert"),
|
||||
sslcert=CONFIG.y("postgresql.sslcert"),
|
||||
sslkey=CONFIG.y("postgresql.sslkey"),
|
||||
)
|
||||
curr = conn.cursor()
|
||||
try:
|
||||
|
|
|
@ -29,6 +29,10 @@ while True:
|
|||
password=CONFIG.y("postgresql.password"),
|
||||
host=CONFIG.y("postgresql.host"),
|
||||
port=int(CONFIG.y("postgresql.port")),
|
||||
sslmode=CONFIG.y("postgresql.sslmode"),
|
||||
sslrootcert=CONFIG.y("postgresql.sslrootcert"),
|
||||
sslcert=CONFIG.y("postgresql.sslcert"),
|
||||
sslkey=CONFIG.y("postgresql.sslkey"),
|
||||
)
|
||||
conn.cursor()
|
||||
break
|
||||
|
|
|
@ -33,6 +33,10 @@ kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config
|
|||
- `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432
|
||||
- `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD`
|
||||
- `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer
|
||||
- `AUTHENTIK_POSTGRESQL__SSLMODE`: Strictness of ssl verification. Defaults to `verify-ca`
|
||||
- `AUTHENTIK_POSTGRESQL__SSLROOTCERT`: CA root for server ssl verification
|
||||
- `AUTHENTIK_POSTGRESQL__SSLCERT`: Path to x509 client certificate to authenticate to server
|
||||
- `AUTHENTIK_POSTGRESQL__SSLKEY`: Path to private key of `SSLCERT` certificate
|
||||
|
||||
## Redis Settings
|
||||
|
||||
|
|
Reference in a new issue