https://prefect.io logo
Join Slack
Powered by
<@ULVA73B9P> I'm trying to use external Azure Post...
# marvin-in-the-wild
c
@Marvin I'm trying to use external Azure Postgres with Prefect-server helm. How do I get the root.crt
m
It seems that the Prefect documentation does not provide specific guidance on acquiring the 
root.crt
certificate for external Azure PostgreSQL databases for use with a self-hosted Prefect Server deployed via Helm. However, to obtain the 
root.crt
for Azure PostgreSQL, you would generally follow Azure's documentation on how to configure SSL with a PostgreSQL database: 1. Visit the Azure Portal: Go to the Azure Portal and navigate to your PostgreSQL database's "Connection security" settings. 2. Enable SSL connection: Make sure SSL connection is enabled for your PostgreSQL service. 3. Download the server certificate: There should be an option to download the server certificate (which is typically named 
BaltimoreCyberTrustRoot.crt.pem
or similar). 4. Convert the certificate: If necessary, convert the downloaded certificate to the required format (e.g., from 
.pem
to 
.crt
). I recommend referencing Azure's official documentation for the most accurate and up-to-date steps. For further Prefect integration, this certificate will need to be securely stored and referenced in your Helm deployment to ensure a secure connection to the PostgreSQL database. Given that you are using Prefect Server with Helm, you would likely need to configure the 
PREFECT_API_DATABASE_CONNECTION_URL
environment variable with the SSL parameters outlined by the PostgreSQL connection string format, which typically looks like this:
Copy code
postgresql://<user>:<password>@<host>:<port>/<database>?sslmode=verify-full&sslrootcert=<path_to_your_root.crt>
Please refer to Azure's official documentation for specific steps on setting up the SSL connection and downloading the certificate. If you encounter any issues specific to Prefect Server, feel free to consult the Prefect forums or GitHub issues for further assistance.
c
how do I pass the certificate to the secret? apiVersion: v1 kind: Secret metadata: name: db-ssl-secret data: root.crt: BASE64ENCODECERTIFICATE= type: Opaque
Open in Slack
PreviousNext
Powered by