postgresql: Use a private CA-signed TLS cert

The PostgreSQL server managed by *Postgres Operator* uses a self-signed certificate by default. In order to enable full validation of the server certificate, we need to use a certificate signed by a known CA that the clients can trust. To that end, I have added a *cert-manager* Issuer specifically for PostgreSQL. The CA certificate is also managed by *cert-manager*; it is self-signed and needs to be distributed to clients out-of-band.
2023-10-18 18:30:27 -05:00
parent ba070e74a9
commit 7698e039d1
3 changed files with 56 additions and 1 deletions
--- a/postgresql/postgresql-operator-configuration.yaml
+++ b/postgresql/postgresql-operator-configuration.yaml
@@ -100,7 +100,7 @@ configuration:
    spilo_allow_privilege_escalation: true
    # spilo_runasuser: 101
    # spilo_runasgroup: 103
-    # spilo_fsgroup: 103
+    spilo_fsgroup: 103
    spilo_privileged: false
    storage_resize_mode: pvc
    # toleration: