Skip to content

Commit

Permalink
feat: tls certificate from secret (#79)
Browse files Browse the repository at this point in the history 
## Description
Allows for Postgres to use a custom user-specified certificate from a
secret in postgres-minimal deployment. For example:
```yaml
postgresql:
  enabled: true # Set to false to not create the PostgreSQL resource
  teamId: "uds"
  volume:
    size: "10Gi"
  numberOfInstances: 2
  users:
    client.client: [] # database owner
  databases:
    clientdb: client.client
  version: "13"
  ingress:
    remoteGenerated: Anywhere
  tls:
    secretName: my-custom-postgres-cert
```

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-package-postgres-operator/blob/main/CONTRIBUTING.md#developer-workflow)
followed

---------

Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
Release-As: v1.13.0-uds.4
  • Loading branch information
@JeffResc @Racer159
JeffResc and Racer159 authored Nov 4, 2024
1 parent a7dbb04 commit 6f43464
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
4 changes: 4 additions & 0 deletions chart/templates/postgres-minimal.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,10 @@ spec:
- {{ . | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.postgresql.tls }}
tls:
{{- toYaml .Values.postgresql.tls | nindent 4 }}
{{- end }}
sidecars:
- name: "exporter"
image: {{ .Values.metrics.image | quote }}
Expand Down
1 change: 1 addition & 0 deletions docs/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ Postgres Operator is configured through [`acid.zalan.do/v1` `Postgresql` custom
- `postgresql.ingress`: A list of ingress entries to create for this cluster (follows the [custom networking definition](https://github.com/defenseunicorns/uds-software-factory/blob/main/docs/networking.md) except for `direction` which is always `Ingress` and `selector` which is always `cluster-name: pg-cluster`)
- `postgresql.resources`: A Kubernetes Pod resource specification to define requests and limits
- `postgresql.additionalVolumes`: A list of additional volumes to map into the Postgres container if needed (see below)
- `postgresql.tls`: TLS configuration for the Postgres cluster to use (follows the [`tls` section of the Zalando Postgres CR](https://github.com/zalando/postgres-operator/blob/master/docs/reference/cluster_manifest.md#custom-tls-certificates))

## Postgres HugePages

Expand Down

0 comments on commit 6f43464

Please sign in to comment.