Charmed PostgreSQL

Channel Revision Published Runs on
latest/stable 345 09 Nov 2023
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
14/stable 336 18 Oct 2023
Ubuntu 22.04
14/candidate 336 18 Oct 2023
Ubuntu 22.04
14/beta 336 18 Oct 2023
Ubuntu 22.04
14/edge 350 02 Dec 2023
Ubuntu 22.04
juju deploy postgresql --channel 14/stable
Show information

Platform:

Ubuntu
22.04

How to enable encryption

Note: The TLS settings here are for self-signed-certificates which are not recommended for production clusters, the tls-certificates-operator charm offers a variety of configurations, read more on the TLS charm here

Enable TLS

# deploy the TLS charm
juju deploy tls-certificates-operator

# add the necessary configurations for TLS
juju config tls-certificates-operator generate-self-signed-certificates="true" ca-common-name="Test CA"

# to enable TLS relate the two applications
juju relate tls-certificates-operator postgresql

Manage keys

Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key action. Note passing keys to external/internal keys should only be done with base64 -w0 not cat. With three replicas this schema should be followed

  • Generate a shared internal key
openssl genrsa -out internal-key.pem 3072
  • generate external keys for each unit
openssl genrsa -out external-key-0.pem 3072
openssl genrsa -out external-key-1.pem 3072
openssl genrsa -out external-key-2.pem 3072
  • apply both private keys on each unit, shared internal key will be allied only on juju leader
juju run-action postgresql/0 set-tls-private-key "external-key=$(base64 -w0 external-key-0.pem)"  "internal-key=$(base64 -w0 internal-key.pem)"  --wait
juju run-action postgresql/1 set-tls-private-key "external-key=$(base64 -w0 external-key-1.pem)"  "internal-key=$(base64 -w0 internal-key.pem)"  --wait
juju run-action postgresql/2 set-tls-private-key "external-key=$(base64 -w0 external-key-2.pem)"  "internal-key=$(base64 -w0 internal-key.pem)"  --wait
  • updates can also be done with auto-generated keys with
juju run-action postgresql/0 set-tls-private-key --wait
juju run-action postgresql/1 set-tls-private-key --wait
juju run-action postgresql/2 set-tls-private-key --wait

Disable TLS remove the relation

juju remove-relation tls-certificates-operator postgresql

Help improve this document in the forum (guidelines). Last updated 7 months ago.