Unable to set client certificate for Postgres SSL connection

[neumachen]

Summary

There seems to be no way to specify the client certificate to be used when enabling Postgres SSL connection

Steps To Reproduce

1. Use helm-chart Kong
2. Create a new instance of SQL in GCP allowing only SSL enabled connections
3. Deploy Kong with the configuration of pg_ssl = on

Additional Details & Logs

{
 insertId: "qfggk8rqvv2a18nr9"  
 labels: {
  k8s-pod/app: "kong"   
  k8s-pod/component: "init-migrations"   
  k8s-pod/controller-uid: "19bfac91-87d5-4be6-a243-5ba5820a2afa"   
  k8s-pod/job-name: "kong-supply-kong-init-migrations"   
  k8s-pod/release: "kong-supply"   
 }
 logName: "projects/production-apps/logs/stderr"  
 receiveTimestamp: "2020-01-09T19:05:22.289472751Z"  
 resource: {
  labels: {…}   
  type: "k8s_container"   
 }
 severity: "ERROR"  
 textPayload: "Error: [PostgreSQL error] failed to retrieve server_version_num: FATAL: connection requires a valid client certificate

"  
 timestamp: "2020-01-09T19:04:34.372554762Z"  
}

[bungle]

@magicalbanana, yes it is a known limitation, we need to get this in OpenResty before we can make another PR to pgmoon and then finally land it in Kong. We also need to probably see how we can support it with LuaSockets: openresty/lua-nginx-module#1602

[bungle]

@magicalbanana, possible workaround until then is to use Nginx stream proxy (or other proxy/bouncer), and set client cert there.

[neumachen]

@bungle thanks for replying. Kinda sucks to be that way but using the nginx proxy would be difficult given that I am using a managed Postgres from GCP. Or are you referring to something else?

[CristianPupazan]

Stumbled across the same problem. I submitted a pull request for this:
Kong/charts#156