our own postgres

[segator]

if we already have a postgres server, can we configure it instead of deploying a new one?

[evandam]

👍 for this, I would really like to be able to point to a separately managed database rather than running postgres in our cluster.

[scalp42]

Same here, it seems to be all hardcoded 😢

[afeiszli]

Deploying postgres is hardcoded with helm. You may want to follow the manual deploy steps instead. Otherwise you will need to remove postgres after helm install and then change the connection details: https://github.com/gravitl/netmaker/tree/master/k8s/server

[jensjohansen]

The problem is the postgres instalation fails in this helm chart

2022-12-03 13:35:27.042 GMT [163] FATAL: password authentication failed for user "postgres"
2022-12-03 13:35:27.042 GMT [163] DETAIL: User "postgres" has no password assigned.
Connection matched pg_hba.conf line 10: "local all all md5"
2022-12-03 13:35:27.042 GMT [163] LOG: could not send data to client: Broken pipe
postgresql-repmgr 13:35:27.04 INFO ==> ** Starting repmgrd **
[2022-12-03 13:35:27] [NOTICE] repmgrd (repmgrd 5.2.1) starting up
[2022-12-03 13:35:27] [ERROR] connection to database failed
[2022-12-03 13:35:27] [DETAIL]
FATAL: password authentication failed for user "repmgr"

We've had similar problems with third-party products that rely on the Mitnami HA Postgresql installation - it looks like Bitnami broker their helm chart, and everyone has to update their helm charts if they are using it as a subchart.

[anjomro]

For anyone looking: You can now use your own Postgres DB.
The configuration isn't documented though, however from the Helm-Chart you should be able to disable the attached bitname postgres-ha and configure the connection to another Postgres instance.

wireguard:
  dbHost: YOUR-POSTGRES-HOST

postgresql-ha:
  enabled: false
  postgresql:
    username: YOUR-POSTGRES-USER
    password: YOUR-POSTGRES-PW
    database: YOUR-POSTGRES-DB

The Postgres port is hardcoded to be 5432

[maaft]

@anjomro sorry to say, but this is rather useless in its current state.

• why not support complete configuration, including port?
• unfortunately, I see it waaaay to often, but secrets in plain yaml gives me headaches. They are a nightmare (or even impossible) to manager securely with GitOps. Other helm-charts support "secretKeyRef", where the corresponding env vars are then read from secrets.

Here's what would make sense:

postgresql-ha:
  enabled: false
  postgresql:
    username:
      secretKeyRef:
        name: db-credentials
        key: username
    password:
      secretKeyRef:
        name: db-credentials
        key: password
    database: YOUR-POSTGRES-DB

Edit: Where do I even set the URL for my DB?

[jessebot]

looks like the work for this was submitted in PR #35