feat(helm): added cert-postgresql template to helm

[waleedlatif1]

Summary

added cert-postgresql template to helm

Type of Change

• New feature

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Ready	Preview	Comment	Oct 13, 2025 7:40pm

[greptile-apps]

Greptile Overview

Summary

Added cert-manager integration for PostgreSQL TLS certificate management, enabling automated certificate provisioning and renewal for secure database connections.

• Created certificate-postgresql.yaml template that generates a cert-manager Certificate resource when PostgreSQL TLS is enabled
• Extended values.yaml with comprehensive certificate configuration options including duration (10 years default), renewal period (90 days before expiry), key algorithm (RSA 4096-bit default), and issuer reference
• Certificate automatically configures appropriate DNS names for the PostgreSQL service (<fullname>-postgresql and FQDN within cluster)
• Includes support for additional DNS names, rotation policy, and custom issuer groups
• Properly gated behind postgresql.enabled and postgresql.tls.enabled flags
• Well-documented with inline comments explaining all configuration options

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The implementation follows Helm and cert-manager best practices with proper conditional rendering, sensible defaults, comprehensive documentation, and correct integration with existing PostgreSQL StatefulSet configuration. The certificate configuration aligns with the existing TLS setup in the StatefulSet template
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
helm/sim/templates/certificate-postgresql.yaml	5/5	Added cert-manager Certificate resource for PostgreSQL TLS with proper configuration for DNS names, issuer reference, and certificate lifecycle management
helm/sim/values.yaml	5/5	Extended PostgreSQL TLS configuration with certificate lifecycle settings, issuer reference, and key algorithm options with sensible defaults

Sequence Diagram

sequenceDiagram
    participant User as User/Helm
    participant Helm as Helm Chart
    participant K8s as Kubernetes API
    participant CertMgr as cert-manager
    participant Issuer as ClusterIssuer/Issuer
    participant PG as PostgreSQL Pod

    User->>Helm: helm install with postgresql.tls.enabled=true
    Helm->>K8s: Create Certificate resource
    Note over Helm,K8s: From certificate-postgresql.yaml
    K8s->>CertMgr: Notify new Certificate
    CertMgr->>Issuer: Request certificate issuance
    Note over CertMgr,Issuer: Using configured issuerRef
    Issuer-->>CertMgr: Return signed certificate
    CertMgr->>K8s: Store certificate in K8s
    Note over CertMgr,K8s: Creates certificatesSecret
    Helm->>K8s: Deploy PostgreSQL StatefulSet
    K8s->>PG: Mount certificate volume
    Note over PG: Mounts at /etc/postgresql/tls
    PG->>PG: Enable SSL with certificates
    PG-->>K8s: PostgreSQL ready with TLS
    
    Note over CertMgr: 90 days before expiry
    CertMgr->>Issuer: Request renewal
    Issuer-->>CertMgr: Return renewed certificate
    CertMgr->>K8s: Update certificate storage
    K8s->>PG: Trigger pod restart
    PG->>PG: Load new certificate

Loading

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}