feat(pomerium): HA with Postresql backend #35
Conversation
alfonsofortunato
force-pushed
the
feat/pomerium-postgres-ha
branch
3 times, most recently
from
4f22e00 to
be0c2c0
Compare
Merged the main and added the license |
alfonsofortunato
force-pushed
the
feat/pomerium-postgres-ha
branch
from
be0c2c0 to
38c1a66
Compare
| @@ -4,3 +4,5 @@ COOKIE_SECRET=super-secret-cookie | |||
| IDP_CLIENT_SECRET=super-secret-idp | |||
| # SHARED_SECRET is obtained with `head -c32 /dev/urandom | base64` see https://www.pomerium.io/reference/#shared-secret | |||
| SHARED_SECRET=super-secret-shared | |||
|
|
|||
There was a problem hiding this comment.
This env var is missing:
| DATABROKER_STORAGE_TYPE=postgres |
There was a problem hiding this comment.
It is in "config.example.env"
| helm.sh/chart: postgresql-16.0.3 | ||
| type: Opaque | ||
| data: | ||
| postgres-password: "b29wOU9kOHV3ZWk2U29vQnVhaGFlZmF4" |
There was a problem hiding this comment.
should we ask for this password to the user or is it safe to leave it hard coded?
There was a problem hiding this comment.
I've generated with the helm template (more details in the MAINTANANCE.MD). The safer way is have the password hardcoded. In any case by following the maintanance guide the user can customize the password as he wish
|
IMO this PR should not be included as-is, Pomerium in HA is considerable slower, to the point that Hubble for example stops working and Grafana is painfully slow to use. I don't know if is some misconfiguration or could be something on my test environment. |
ralgozino
changed the title
No description provided.