Alright, let's break down how to get your CockroachDB connection string sorted and connect to it with DBeaver—here's a step-by-step guide tailored to your Minikube setup:

First, since your CockroachDB is running in Minikube, we need to forward the cluster's SQL port to your local machine so tools like DBeaver can reach it. From your kubectl get all output, the public service is myname-cockroachdb-public using port 26257 (CockroachDB's default SQL port).

Run this command in your terminal to set up port forwarding:

kubectl port-forward service/myname-cockroachdb-public 26257:26257

Leave this terminal window open—closing it will stop the port forwarding.

A secure CockroachDB connection string follows this format:

postgresql://<YOUR_USERNAME>:<YOUR_PASSWORD>@localhost:26257/defaultdb?sslmode=verify-full&sslrootcert=<PATH_TO_CA_CERT>&sslcert=<PATH_TO_CLIENT_CERT>&sslkey=<PATH_TO_CLIENT_KEY>

We'll fill in the certificate paths next.

Your myname-client-secure pod already has all the necessary SSL certificates installed. Let's copy them to your local machine:

1. Create a local directory to store the certificates:

   mkdir -p ~/cockroach-certs
   

2. Copy the CA certificate, client certificate, and client key from the pod to your local directory:

   kubectl cp myname-client-secure:/cockroach/certs/ca.crt ~/cockroach-certs/
   kubectl cp myname-client-secure:/cockroach/certs/client.<YOUR_USERNAME>.crt ~/cockroach-certs/
   kubectl cp myname-client-secure:/cockroach/certs/client.<YOUR_USERNAME>.key ~/cockroach-certs/
   

   Note: If you're not sure what your client certificate/key filenames are, run kubectl exec -it myname-client-secure -- ls /cockroach/certs/ to list all files in the certs directory.

3. Fix file permissions for the key (most tools require it to be read-only):

   chmod 600 ~/cockroach-certs/*.key
   

If you have the CockroachDB CLI installed locally, you can test the connection string to make sure it works before moving to DBeaver:

cockroach sql --url "postgresql://<YOUR_USERNAME>:<YOUR_PASSWORD>@localhost:26257/defaultdb?sslmode=verify-full&sslrootcert=~/cockroach-certs/ca.crt&sslcert=~/cockroach-certs/client.<YOUR_USERNAME>.crt&sslkey=~/cockroach-certs/client.<YOUR_USERNAME>.key"

If you get a SQL prompt, your connection string is good to go.

DBeaver works with CockroachDB via its PostgreSQL compatibility. Here's how to set up the connection:

1. Open DBeaver and click New Connection (the green plus icon in the top-left). Search for and select PostgreSQL, then click Next.
2. On the Main tab:
   • Host: localhost
   • Port: 26257
   • Database: defaultdb
   • Username: Your CockroachDB username
   • Password: Your CockroachDB password
3. Switch to the SSL tab:
   • Check Use SSL
   • Set SSL mode to verify-full
   • For CA certificate, select the ca.crt file in your ~/cockroach-certs directory
   • For Client certificate, select your client.<YOUR_USERNAME>.crt file
   • For Client key, select your client.<YOUR_USERNAME>.key file
4. Click Test Connection—if everything is set up correctly, you'll see a success message. Click Finish to save the connection.

• If you don't want to keep the port forwarding terminal open, you can use minikube service myname-cockroachdb-public to get a publicly accessible URL for the cluster, but port forwarding is simpler for local tooling like DBeaver.
• Make sure you don't share your certificate files or connection string—they contain sensitive access credentials.

内容的提问来源于stack exchange，提问作者Pointo Senshi