feat: support postgres mtls #178
Conversation
coadler
force-pushed
the
colin/postgres-mtls
branch
2 times, most recently
from
2353fa7 to
44406e4
Compare
| sslMode: "require" | ||
| # postgres.ssl -- Options for configuring the SSL cert, key, and root cert | ||
| # when connecting to Postgres. | ||
| ssl: |
There was a problem hiding this comment.
what do you think about using tls here, makes things consistent with ingress.tls etc
There was a problem hiding this comment.
Postgres always refers to it as SSL so I was staying consistent with their documentation and naming.
There was a problem hiding this comment.
hmm. alright I guess. I get why they need to call it SSL (backward compatibility) but since this is a new field for us, I prefer TLS. not a big deal to me though.
| {{- else }} | ||
| {{- toYaml .Values.coderd.securityContext | nindent 12 }} | ||
| {{- end }} | ||
| {{- include "coder.volumeMounts" . | indent 10 }} |
There was a problem hiding this comment.
It didn't need volume mounts before.
There was a problem hiding this comment.
huh, I would've thought we'd need volume mounts for TLS certs and stuff 🤷♂️
coadler
force-pushed
the
colin/postgres-mtls
branch
from
2a9dc31 to
b952fba
Compare
coadler
force-pushed
the
colin/postgres-mtls
branch
from
b952fba to
6de6352
Compare
| key: "" | ||
| # postgres.ssl.keySecret -- Secret containing a PEM encoded key file. | ||
| keySecret: | ||
| # postgres.ssl.keytSecret.name -- Name of the secret. |
There was a problem hiding this comment.
longer-term, we might want to consider an option to load this from a file in the certs directory (e.g. load the file into a Secret and use that secret name automatically)... but this is good for now
3 participants
No description provided.