Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2414

Quay config editor was failed to validate AWS RDS TLS Cert

    XMLWordPrintable

Details

    Description

      Description:

      This is an issue found when configure quay 3.6.0 to use AWS RDS Postgresql database, in Quay Config editor input correct Postgresql hostname, dbname, username/password, and upload correct AWS RDS TLS Cert, the validation was failed, get error message " Could not connect to database. Error: failed to connect to `host=terraform-20210818014427516000000001.cmqwuswughvh.us-east-2.rds.amazonaws.com user=quayrdsdb database=quay`: failed to write startup message (x509: certificate signed by unknown authority)"

      AWS RDS TLS Cert: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem 

      With Quay 3.5.5, use the same AWS RDS Postgresql database and the same AWS RDS TLS Cert, this issue is not existed, see screenshots.

      Quay 3.6.0 images:  quay-operator-bundle-container-v3.6.0-18

      oc get pod
      NAME                                       READY   STATUS      RESTARTS   AGE
      demo-clair-app-7dfc759788-mq6zv            1/1     Running     4          3m1s
      demo-clair-app-7dfc759788-r7zrg            1/1     Running     4          3m6s
      demo-clair-postgres-844bf9d7d4-v4rzh       1/1     Running     0          2m31s
      demo-quay-app-7bc9b4cbcf-d9dgp             1/1     Running     0          3m6s
      demo-quay-app-7bc9b4cbcf-qvsl9             1/1     Running     0          3m1s
      demo-quay-app-upgrade-pfq7q                0/1     Completed   0          3m12s
      demo-quay-config-editor-844d6c77dc-ffhz5   1/1     Running     0          3m6s
      demo-quay-database-86f7bdfd9c-8cfwg        1/1     Running     2          26m
      demo-quay-mirror-6cdbb594f8-jhz68          1/1     Running     0          2m26s
      demo-quay-mirror-6cdbb594f8-tj4kv          1/1     Running     0          2m26s
      demo-quay-postgres-init-s785g              0/1     Completed   0          26m
      demo-quay-redis-c4bb9d477-kz6zk            1/1     Running     0          3m6s
      quay-operator.v3.6.0-784898d9f8-s57wc      1/1     Running     0          39m
      
      oc get pod quay-operator.v3.6.0-784898d9f8-s57wc -o json | jq '.spec.containers[0].image'
      "registry.redhat.io/quay/quay-operator-rhel8@sha256:a36dfd94f41997aec2d2436f2d4a6aaca7615b52cc291592aff6f34a623370d6"
      

      Quay 3.6.0:

      Validation was failed with correct AWS RDS TLS Cert

      Quay 3.5.5:

      Validation is passed with valid AWS RDS TLS Cert

      Attachments

        Activity

          People

            sleesinc Kenny Lee Sin Cheong
            lzha1981 luffy zhang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: