postgresql: Use a private CA-signed TLS cert

The PostgreSQL server managed by *Postgres Operator* uses a self-signed certificate by default. In order to enable full validation of the server certificate, we need to use a certificate signed by a known CA that the clients can trust. To that end, I have added a *cert-manager* Issuer specifically for PostgreSQL. The CA certificate is also managed by *cert-manager*; it is self-signed and needs to be distributed to clients out-of-band.
2023-10-18 18:30:27 -05:00
parent ba070e74a9
commit 7698e039d1
3 changed files with 56 additions and 1 deletions
--- a/postgresql/default-cluster.yaml
+++ b/postgresql/default-cluster.yaml
@@ -10,6 +10,8 @@ spec:
  numberOfInstances: 1
  postgresql:
    version: '15'
+  tls:
+    secretName: default-cert
  users:
    dustin:
    - superuser