feat: (#2) Allow to expose PostgreSQL port to a private network

riotkit-org · Feb 4, 2023 · 2ce5abc · 2ce5abc
1 parent 9479783
commit 2ce5abc
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -75,6 +75,15 @@ PostgreSQL
 
 A dependency to Passbolt and Gitea.
 
+### Exposing to Kubernetes cluster for performing backups
+
+PostgreSQL instance can be exposed via `5432/tcp` port to a private subnet to let other applications connect to it, or to perform backups.
+
+```yaml
+postgres_forward_port_to_ip: "127.0.0.1"  # use 127.0.0.1 to "disable" port forwarding. Use your private subnet address to expose PostgreSQL into e.g. Kubernetes cluster
+postgres_forward_port_to_port: "5432"
+```
+
 Exposing service using Kubernetes
 ---------------------------------
 

diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -58,6 +58,8 @@ pg_admin_user: "anticapitalist"
 pg_admin_password: "read-about-anarchist-syndicalism"
 pg_ip: "172.131.2.210"
 pg_port: "5432"
+postgres_forward_port_to_ip: "127.0.0.1"  # use 127.0.0.1 to "disable" port forwarding. Use your private subnet address to expose PostgreSQL into e.g. Kubernetes cluster
+postgres_forward_port_to_port: "5432"
 
 # ---------
 # Passbolt

diff --git a/tasks/postgres.yaml b/tasks/postgres.yaml
@@ -71,6 +71,8 @@
           - type=bind,source=/var/lib/riotkit-core/var/lib/postgresql/data,destination=/var/lib/postgresql/data,relabel=shared
       expose:
           - "5432"
+      ports:
+          - "{{ postgres_forward_port_to_ip }}:{{ postgres_forward_port_to_port }}:5432/tcp"
       generate_systemd:
           path: /etc/systemd/system
           restart_policy: always