michael_dileo/Keybard-Vagabond-Demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add source code and readme

Browse Source
This commit is contained in:
Michael DiLeo
2025-12-24 14:35:17 +01:00
parent 7c92e1e610
commit 74324d5a1b
331 changed files with 39272 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
manifests/infrastructure/postgresql/cert-manager-certificates.yaml Normal file
View File

@@ -0,0 +1,69 @@
---
# Self-signed issuer for PostgreSQL certificates
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: postgresql-selfsigned-issuer
namespace: postgresql-system
spec:
selfSigned: {}
---
# Server TLS certificate for PostgreSQL cluster
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: postgresql-shared-server-cert
namespace: postgresql-system
labels:
cnpg.io/reload: "" # Enable automatic reload by CloudNativePG
spec:
secretName: postgresql-shared-server-cert
commonName: postgresql-shared-rw
usages:
- server auth
dnsNames:
# Primary service (read-write)
- postgresql-shared-rw
- postgresql-shared-rw.postgresql-system
- postgresql-shared-rw.postgresql-system.svc
- postgresql-shared-rw.postgresql-system.svc.cluster.local
# Read service (read-only from any instance)
- postgresql-shared-r
- postgresql-shared-r.postgresql-system
- postgresql-shared-r.postgresql-system.svc
- postgresql-shared-r.postgresql-system.svc.cluster.local
# Read-only service (read-only replicas only)
- postgresql-shared-ro
- postgresql-shared-ro.postgresql-system
- postgresql-shared-ro.postgresql-system.svc
- postgresql-shared-ro.postgresql-system.svc.cluster.local
issuerRef:
name: postgresql-selfsigned-issuer
kind: Issuer
group: cert-manager.io
# Certificate duration (90 days to match CloudNativePG default)
duration: 2160h # 90 days
renewBefore: 168h # 7 days (matches CloudNativePG default)
---
# Client certificate for streaming replication
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: postgresql-shared-client-cert
namespace: postgresql-system
labels:
cnpg.io/reload: "" # Enable automatic reload by CloudNativePG
spec:
secretName: postgresql-shared-client-cert
commonName: streaming_replica
usages:
- client auth
issuerRef:
name: postgresql-selfsigned-issuer
kind: Issuer
group: cert-manager.io
# Certificate duration (90 days to match CloudNativePG default)
duration: 2160h # 90 days
renewBefore: 168h # 7 days (matches CloudNativePG default)