redaction (#1)
Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
This commit was merged in pull request #1.
This commit is contained in:
@@ -0,0 +1,69 @@
|
||||
---
|
||||
# Self-signed issuer for PostgreSQL certificates
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: postgresql-selfsigned-issuer
|
||||
namespace: postgresql-system
|
||||
spec:
|
||||
selfSigned: {}
|
||||
|
||||
---
|
||||
# Server TLS certificate for PostgreSQL cluster
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: postgresql-shared-server-cert
|
||||
namespace: postgresql-system
|
||||
labels:
|
||||
cnpg.io/reload: "" # Enable automatic reload by CloudNativePG
|
||||
spec:
|
||||
secretName: postgresql-shared-server-cert
|
||||
commonName: postgresql-shared-rw
|
||||
usages:
|
||||
- server auth
|
||||
dnsNames:
|
||||
# Primary service (read-write)
|
||||
- postgresql-shared-rw
|
||||
- postgresql-shared-rw.postgresql-system
|
||||
- postgresql-shared-rw.postgresql-system.svc
|
||||
- postgresql-shared-rw.postgresql-system.svc.cluster.local
|
||||
# Read service (read-only from any instance)
|
||||
- postgresql-shared-r
|
||||
- postgresql-shared-r.postgresql-system
|
||||
- postgresql-shared-r.postgresql-system.svc
|
||||
- postgresql-shared-r.postgresql-system.svc.cluster.local
|
||||
# Read-only service (read-only replicas only)
|
||||
- postgresql-shared-ro
|
||||
- postgresql-shared-ro.postgresql-system
|
||||
- postgresql-shared-ro.postgresql-system.svc
|
||||
- postgresql-shared-ro.postgresql-system.svc.cluster.local
|
||||
issuerRef:
|
||||
name: postgresql-selfsigned-issuer
|
||||
kind: Issuer
|
||||
group: cert-manager.io
|
||||
# Certificate duration (90 days to match CloudNativePG default)
|
||||
duration: 2160h # 90 days
|
||||
renewBefore: 168h # 7 days (matches CloudNativePG default)
|
||||
|
||||
---
|
||||
# Client certificate for streaming replication
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: postgresql-shared-client-cert
|
||||
namespace: postgresql-system
|
||||
labels:
|
||||
cnpg.io/reload: "" # Enable automatic reload by CloudNativePG
|
||||
spec:
|
||||
secretName: postgresql-shared-client-cert
|
||||
commonName: streaming_replica
|
||||
usages:
|
||||
- client auth
|
||||
issuerRef:
|
||||
name: postgresql-selfsigned-issuer
|
||||
kind: Issuer
|
||||
group: cert-manager.io
|
||||
# Certificate duration (90 days to match CloudNativePG default)
|
||||
duration: 2160h # 90 days
|
||||
renewBefore: 168h # 7 days (matches CloudNativePG default)
|
||||
Reference in New Issue
Block a user