Certificates
Preview release v0.7.1
EDB Postgres Distributed for Kubernetes was designed to natively support TLS certificates. To set up an PGD cluster, each PGD node requires:
- A server certification authority (CA) certificate
- A server TLS certificate signed by the server CA
- A client CA certificate
- A streaming replication client certificate generated by the client CA
Note
You can find all the secrets used by each PGD node and the expiry dates in the cluster (PGD node) status.
EDB Postgres Distributed for Kubernetes is very flexible when it comes to TLS certificates. It operates primarily in two modes:
- Operator managed — Certificates are internally managed by the operator in a fully automated way and signed using a CA created by EDB Postgres Distributed for Kubernetes.
- User provided — Certificates are generated outside the operator and imported in the cluster definition as secrets. EDB Postgres Distributed for Kubernetes integrates itself with cert-manager.
For more information, see Certificates in the EDB Postgres for Kubernetes documentation.