I am using Sonarqube to validate my code, since I consider code quality important. My Sonarqube is running as container in Kubernetes, and uses an external Postgresql database. For security reasons, we want the database connection SSL-encrypted, so no data can be swooped off during transport.
It looks basically like this:
Since Sonarqube is natively supporting SSL, all you have to do for basic encryption is to edit your db connection in your manifest from
SONAR_JDBC_URL: jdbc:postgresql://<hostname>/<database_name>
to
SONAR_JDBC_URL: jdbc:postgresql://<hostname>/<database_name>?ssl=true&sslmode=require
Originally I found only this part: SONAR_JDBC_URL: jdbc:postgresql://<hostname>/<database_name>?ssl=true , but that did not work at all. You need the sslmode as well. These are the available modes: disable – no SSLrequire – SSL but no validationverify-ca – SSL + validate against CAverify-full – SSL + validate CA + hostname
I decided to leave it with sslmode=require. In my setup I don’t need to validate the DB server, since I am using Puppet to manage all my environments and the internal network cannot be accessed from outside anyway. So the traffic between the container and the database server is encrypted and cannot be intercepted.
Well that is it. At some point I might add a post about managing your own internal CA, but for now: Happy coding!
Author Profile
