Dustin C. Hatch
a269f8a1ae
Since the new database server outside the Kubernetes cluster, created for Authelia, was seeded from a backup of the in-cluster server, it already contained the data from Firefly-III as well. Thus, we can switch Firefly-III to using it, too. The documentation for Firefly-III does not mention anything about how to configure it to use certificate-based authentication for PostgreSQL, as is required by the new server. Fortunately, it ultimately uses _libpq_, so the standard `PG...` environment variables work fine. We just need a certificate issued by the _postgresql-ca_ ClusterIssuer and the _DCH Root CA_ certificate mounted in the Firefly-III container.
14 lines
248 B
YAML
14 lines
248 B
YAML
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: postgres-client-cert
|
|
spec:
|
|
commonName: firefly
|
|
privateKey:
|
|
algorithm: ECDSA
|
|
secretName: postgres-client-cert
|
|
issuerRef:
|
|
name: postgresql-ca
|
|
kind: ClusterIssuer
|
|
|