Azure Database for PostgreSQL Part 1 — Deployment

Deployment

When performing the steps mentioned here, Azure takes care of adding PostgreSQL server managed identity (MI) to AKV’s Access Control List (ACL) with Get, Wrap, Unwrap permissions. So, that is the little discrepancy between documentation and practice. When it is done, “Data encryption” on the service should be showing information like below.

  • Set the PosgreSQL DB server firewall correctly. Make sure “Deny public network access = No” and “Enforce SSL connection = Enabled”.
  • Download the required certificate from here and rename the file without “.pem” at the end.
  • Copy the client certificate “BaltimoreCyberTrustRoot.crt” to the right path for each client to leverage.
--cloud-shell-storage-<region>
--csxxxxxxxxx
--cs-<username>-xxxxxxxx
--.cloudsonole
# File path:
https://cs410033fff9ba66a39.file.core.windows.net/cs-<username>-10033fff9ba66a39/.cloudconsole/BaltimoreCyberTrustRoot.crt

Test Access

Finally, we could try to connect to the PostgreSQL server.

  • Ensure PSPing has proper response from the outbound public IP address.
# Create the file repository configuration:
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
# Import the repository signing key:
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
# Update the package lists:
sudo apt-get update
# Install the latest version of PostgreSQL.
sudo apt-get -y install postgresql
# download the client certificate
wget https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem
  • Locate the client root certificate file
  • Copy and paste the command provided by this site.
psql "sslmode=verify-full sslrootcert="./BaltimoreCyberTrustRoot.crt" host=jonwpostgressqlsrv.postgres.database.azure.com port=5432 dbname=postgres user=jonw@jonwpostgressqlsrv password=xxxx"
  • Locate the uploaded client certificate file
  • Copy and paste the command provided by this site.
psql "sslmode=verify-full sslrootcert="/usr/csuser/clouddrive/.cloudconsole/BaltimoreCyberTrustRoot.crt" host=jonwpostgressqlsrv.postgres.database.azure.com port=5432 dbname=postgres user=jonw@jonwpostgressqlsrv password=xxxx"
psql "sslmode=verify-full sslrootcert="./BaltimoreCyberTrustRoot.crt" host=jonwpostgresqlsrv2.postgres.database.azure.com port=5432 dbname=postgres user=jonw@jonwpostgressqlsrv password=xxxx"

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jonathan

Jonathan

Learning new things about Kubernetes every day. Hopefully, the learning notes could help people on the same journey!