K
Q

Openshift: Visibility between pods

7/12/2018

I'm trying to get access to a deployed postgresql pod from other pod.

Inside pod1 is running a straightforward postgresql container. By other side, in pod2 I'm running a vault container.

I'm trying to configure vault in order to add a database engine:

vault write database/config/my-postgresql-database \
    plugin_name=postgresql-database-plugin \
    allowed_roles="my-role" \
    connection_url="postgresql://{{username}}@postgresql:5432/" \
    username="postgres"

However, I'm getting this error:

Error writing data to database/config/my-postgresql-database: Error making API request.

URL: PUT https://vault.ra-sec.svc/v1/database/config/my-postgresql-database
Code: 400. Errors:

* error creating database object: error verifying connection: pq: SSL is not enabled on the server

It seems that there's a connection related problem.

Could you provide me any ideas to solve that?

-- user10063942
kubernetes
openshift

Similar Questions

How to see the telemetry of azure kubernetes having containers and images in Application Insights?
error: the server doesn't have a resource type "svc"
in kubernetes, how to update pods to use updated configmap
Kubernetes app with GCP Cloud SQL does not accept any connections. Full source available on Github
.Net Core microservices: using HTTPS on Kubernetes on Azure (AKS)
GKE Cluster autoscaler profile for older luster

1 Answer

7/16/2018

This is how I have setup Vault with PostgreSQL DB in our openshift environment.

Configure config.hcl for Vault

Define a configuration file for Vault server.

#config.hcl
disable_mlock = true

storage "postgresql" {
  connection_url = "postgres://vault:vault@postgresql:5432/postgres?sslmode=disable"
}

listener "tcp" {
  address = "0.0.0.0:8200"
  tls_disable = 1
}

where postgresql is the service name configured for PostgreSQL DB

Startup Script

Run the server by using the below command by configuring it as part of your startup script.

vault server -config=/etc/service/vault-server/config.hcl

Setup PostgreSQL DB

You can use the PostgreSQL-peristent template that is provided by Openshift(hope you are using the same). Execute the following commands in postgreSQL POD/container to allow the connection from Vault.

CREATE TABLE vault_kv_store (
  parent_path TEXT COLLATE "C" NOT NULL,
  path        TEXT COLLATE "C",
  key         TEXT COLLATE "C",
  value       BYTEA,
  CONSTRAINT pkey PRIMARY KEY (path, key)
);

CREATE INDEX parent_path_idx ON vault_kv_store (parent_path);

Setting up DB for vault: https://www.vaultproject.io/docs/configuration/storage/postgresql.html

After this make sure to create a service for PostgreSQL so that other PODs in the same namespace can discover them using the Openshift service name.

Hope this helps! Anything missing let me know.

-- Here_2_learn
Source: StackOverflow