argo-workflows
argo-workflows copied to clipboard
argoproj
Need to have Postgresql SSL Certificate option when sslmode is enabled
Pre-requisites
- [X] I have double-checked my configuration
- [X] I can confirm the issues exists when I tested with
:latest - [X] I'd like to contribute the fix myself (see contributing guide)
What happened/what you expected to happen?
There is no option to add the below Postgresql SSL Certificate option when ssl is enabled and sslmode is verify-ca/require/verify-full
c.Options["sslrootcert"]
c.Options["sslkey"]
c.Options["sslcert"]
Version
v3.3.8
Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
enable SSL and SSL mode on postgresql db and try to integrate with argo workflow will get the below error:
time="2022-12-14T20:28:04.222Z" level=fatal msg="pq: connection requires a valid client certificate"
Logs from the workflow controller
kubectl logs -n argo deploy/workflow-controller | grep ${workflow}
time="2022-12-14T20:28:04.198Z" level=info msg="SSO enabled"
time="2022-12-14T20:28:04.202Z" level=info msg="Starting Argo Server" instanceID= version=latest+unknown
time="2022-12-14T20:28:04.202Z" level=info msg="Creating DB session"
time="2022-12-14T20:28:04.222Z" level=fatal msg="pq: connection requires a valid client certificate"
Logs from in your workflow's wait container
kubectl logs -n argo -c wait -l workflows.argoproj.io/workflow=${workflow},workflow.argoproj.io/phase!=Succeeded
@sarabala1979 I have done code changes for taking certificate from k8s secret. Can I raise the PR request?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is a mentoring request, please provide an update here. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
@rohankmr414 I have raised PR to master and I can see two parallel release work(v3.4.x & v3.3.x) Do I need to raise a PR for both releases?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is a mentoring request, please provide an update here. Thank you for your contributions.
@terrytangyuan Why is this still closed if the fix was reverted? Should a new issue be created for this feature?
Was the fix reverted because it would require a writable root filesystem? If so, aren't there techniques to accomplish this?
https://github.com/kedacore/keda/discussions/2880#discussioncomment-3033066
https://stackoverflow.com/a/68865545/901597
@terrytangyuan @joebowbeer I don't think this change is reverted due to writable boot file system. Could you review the change as this change is already running on our PROD system without any issues so that I can raise a PR?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
We've also encountered this issue. It looks like the PR which was reverted took the approach of writing from the configured secret to the file system at runtime. Instead of doing this could the path to the certificate files be configurable, then these can be mounted from secrets in the server/workflow controller deployment?
I can create a PR if this approach makes sense.
