10

I have dockerized database microservices. I can run manual queries using the following:

$ ssh user@foo.domain.com
$ docker exec -it postgres bash
docker$ psql -U postgres -h 127.0.0.1 -d postgres

The web services all talk to one another using a Docker bridged virtual network batman.

networks:
  batman:
    driver: bridge

In alignment with PostgreSQL security best practices - I do not expose PostgreSQL port 5432 to the host machine at foo.domain.com. Only the sibling containers which are also in the 'batman' Docker network are allowed to connect to the database.

In a traditional DataGrip / PostgreSQL setup, I would ssh into the hosted box where PostgreSQL is served, and use a local PostgreSQL client (rules from: pg_hba.conf).

A Dockerized system requires one additional step (exec).

Seeing as DataGrip doesn't seem to allow prefixed connection commands, how do I use DataGrip to access a PostgreSQL instance behind a Docker virtual network?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Jack Murphy
  • 2,952
  • 1
  • 30
  • 49
  • certainly DataGrip doesn't allow prefixed connection commands, but does it at least let you specify the path to `psql`? if so, you could make a fake `psql` executable; a shell script containing `docker exec -it postgres psql $*` or similar. – Birchlabs Sep 18 '17 at 10:24
  • Could you add that command to your login script for that user? That way the server automatically runs it instead of relying on DataGrip. – pucky124 Sep 18 '17 at 16:08
  • @Birchlabs - if its possible i cannot figure it out – Jack Murphy Sep 19 '17 at 16:08
  • @pucky124 - that would complicate company wide user management drastically – Jack Murphy Sep 19 '17 at 16:08
  • hm. you may have to write your own JDBC driver. as far as I can tell, the [official PostgreSQL JDBC driver](https://github.com/pgjdbc/pgjdbc) does not invoke the psql binary anyway, so sadly it's probably not possible to make their driver point at a proxy binary. – Birchlabs Sep 19 '17 at 16:14

1 Answers1

-3

I think this should be possible:

  • Add a simple container with an SSH server in the same (batman) network
  • Set up your connection via SSH tunnel: Screenshot of SSH/SSL tunnel option
  • Configure your connection as if you were on the network (so the host would be postgres AFAIR)
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Greg
  • 5,862
  • 1
  • 25
  • 52