@thisismissem Maybe this is related https://mastodon.world/@giuliohome/111338180540250101
To be honest, I like DigitalOcean's simplicity. Instead of installing a #PostgreSQL operator on #Kubernetes (which is however a good exercise on their DOKR), you can offload some resources but yeah searching for hidden Helm chart configuration settings can be annoying indeed 😉
@giuliohome I don't think that's related. This is that out of the box, their app platform cannot talk to their database platform without doing a whole weird dance with custom SSL certificates — I'm sure the digitalocean team knows about this mess (cc @elan )
@thisismissem@elan what I am saying is. If I create a managed postrgres there I see that I can connect via psql but from golang it's tricky because I have to set ssl=require to make the connection work. It does seem related to what you have written above IMHO
@thisismissem@elan and also my export SQL_TLS_DISABLE_HOST_VERIFICATION=1 seems related to avoiding "a whole weird dance with custom SSL certificates" as far as an exercise, a tutorial or a "proof of concept" demo are concerned... Anyway, thanks for your interesting "toots"
@giuliohome@elan you really don't wanna be disabling TLS host verification.. that's the equivalent of saying "don't care about the information in the certificate, just let me connect dammit"
@thisismissem@elan sure ;-) I know what I am doing of course it's not for production or even test, but just for hacking. If I want to test a dotnet activity in temporal cluster and I'm starting from scratch from creating a new k8s cluster that I'll delete eventually, the part where I connect postgresql is "just let me do that"... but yeah I agree that the certificate "dance" is always annoying. And can be due also to private enterprise cert root auth, not only to DO
@elan@giuliohome this seriously tripped me up when I used the app platform, as I expected DO's managed databases to just “work" with the app platform, but instead I had to configure all this stuff about SSL/TLS certificates.
@thisismissem I had the same annoyance with Linode's database offering and certificates. And today I got a notice that their managed databases are going on hold while they rework the whole thing.
First experiences of #DigitalOcean's managed App platform is not fantastic at all. Defaults to Node.js 16.x which is EOL, when you create an application database and database user, it defaults to not having the appropriate permissions, so you've gotta add your own IP Address as a trusted source, then connect via psql and issue a bunch of comments.
Also it's unclear what I'm meant to do with the app spec? Am I meant to commit that to repo?
Oh, and health checks? LOL, good luck. Half the time it's like “health check failed" even though the server is absolutely running. Needed to add an health_check.initial_delay_seconds because this server needs to migrate db on startup (not my preferred way but whatever)
pft. I think maybe I've worked it out, for safety this app binds to 127.0.0.1 by default, but I guess maybe DigitalOcean's App platform needs you to bind to 0.0.0.0 ?
Add comment