uses alt base image based on the stack for local

tembo-cli/src/cmd/apply.rs

@@ -10,6 +10,7 @@ use controller::extensions::types::Extension as ControllerExtension;
 use controller::extensions::types::ExtensionInstallLocation as ControllerExtensionInstallLocation;
 use controller::extensions::types::TrunkInstall as ControllerTrunkInstall;
 use controller::stacks::get_stack;
+use controller::stacks::types::Stack;
 use controller::stacks::types::StackType as ControllerStackType;
 use itertools::Itertools;
 use log::info;
@@ -240,10 +241,11 @@ fn docker_apply_instance(
         stack.app_services.clone(),
         extensions,
         trunk_installs,
-        stack.postgres_config,
+        stack.postgres_config.clone(),
     )?;
 
-    let rendered_dockerfile: String = get_rendered_dockerfile(&trunk_installs)?;
+    let rendered_dockerfile: String =
+        get_rendered_dockerfile(&trunk_installs, &stack, instance_setting.pg_version)?;
 
     FileUtils::create_file(
         DOCKERFILE_NAME.to_string(),
@@ -988,6 +990,8 @@ pub fn get_instance_settings(
 
 pub fn get_rendered_dockerfile(
     trunk_installs: &Option<Vec<ControllerTrunkInstall>>,
+    stack: &Stack,
+    pg_version: u8,
 ) -> Result<String, anyhow::Error> {
     // Include the Dockerfile template directly into the binary
     let contents = include_str!("../../tembo/Dockerfile.template");
@@ -996,6 +1000,14 @@ pub fn get_rendered_dockerfile(
     let _ = tera.add_raw_template("dockerfile", contents);
     let mut context = Context::new();
 
+    let image = match pg_version.into() {
+        14 => &stack.images.pg14,
+        15 => &stack.images.pg15,
+        16 => &stack.images.pg16,
+        _ => &stack.images.pg15,
+    };
+
+    context.insert("image_with_version", &image);
     context.insert("trunk_installs", &trunk_installs);
 
     let rendered_dockerfile = tera.render("dockerfile", &context).unwrap();
@@ -1109,6 +1121,15 @@ fn get_postgres_config(
         }
     }
 
+    postgres_config.push_str(
+        "
+listen_addresses = '*'
+ssl = 'on'
+ssl_cert_file = '/var/lib/postgresql/server.crt'
+ssl_key_file = '/var/lib/postgresql/server.key'
+ssl_min_protocol_version = 'TLSv1.2'",
+    );
+
     Ok(postgres_config)
 }
 

tembo-cli/tembo/Dockerfile.template

@@ -1,4 +1,45 @@
-FROM quay.io/tembo/tembo-local:latest
+FROM quay.io/tembo/{{image_with_version}}
+
+USER root
+
+RUN apt-get update && \
+    apt-get install -y vim openssl && \
+    apt-get autoremove -y && \
+    apt-get clean -y && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN chown -R postgres:postgres $PGDATA && \
+    chmod -R 0700 $PGDATA
+# Set up the environment for the data directory
+ENV PGDATA /var/lib/postgresql/data2
+RUN mkdir -p $PGDATA && \
+    chown -R postgres:postgres $PGDATA && \
+    chmod -R 0700 $PGDATA
+
+# Generate self-signed certificate
+RUN openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
+    -subj "/CN=*.local.tembo.io" \
+    -keyout /var/lib/postgresql/server.key \
+    -out /var/lib/postgresql/server.crt && \
+    chown postgres:postgres /var/lib/postgresql/server.* && \
+    chmod 600 /var/lib/postgresql/server.key
+
+USER postgres
+
+# Initialize the database
+RUN pg_ctl -c init
+
+
+# Set permissive authentication (for local testing)
+RUN echo "hostssl all all 0.0.0.0/0 trust" >> ${PGDATA}/pg_hba.conf
+RUN echo "include_dir = 'extra-configs'" >> ${PGDATA}/postgresql.conf
+RUN mkdir -p $PGDATA/extra-configs
+
+# Set environment variables
+ENV PGHOST=localhost
+ENV PGPORT=5432
+ENV PGDATABASE=postgres
+ENV PGUSER=postgres
 
 {% for trunk_install in trunk_installs %}
 {% if trunk_install.version %}
@@ -10,4 +51,6 @@ RUN trunk install {{trunk_install.name}}
 
 # Optional:
 # Specify extra Postgres configurations by copying into this directory
-COPY postgres.conf $PGDATA/extra-configs
+COPY postgres.conf $PGDATA/extra-configs/postgres.conf
+
+CMD ["postgres"]