New to KubeDB? Please start here.
Reconfiguring TLS of Postgres Database
This guide will give an overview on how KubeDB Ops-manager operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of a Postgres database.
Before You Begin
- You should be familiar with the following
KubeDBconcepts:
How Reconfiguring Postgres TLS Configuration Process Works
The following diagram shows how KubeDB Ops-manager operator reconfigures TLS of a Postgres database. Open the image in a new tab to see the enlarged version.
The Reconfiguring Postgres TLS process consists of the following steps:
At first, a user creates a
PostgresCustom Resource Object (CRO).KubeDBProvisioner operator watches thePostgresCRO.When the operator finds a
PostgresCR, it creates required number ofPetSetsand related necessary stuff like secrets, services, etc.Then, in order to reconfigure the TLS configuration of the
Postgresdatabase the user creates aPostgresOpsRequestCR with desired information.KubeDBOps-manager operator watches thePostgresOpsRequestCR.When it finds a
PostgresOpsRequestCR, it pauses thePostgresobject which is referred from thePostgresOpsRequest. So, theKubeDBProvisioner operator doesn’t perform any operations on thePostgresobject during the reconfiguring TLS process.Then the
KubeDBOps-manager operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.Then the
KubeDBOps-manager operator will restart all the Pods of the database so that they restart with the new TLS configuration defined in thePostgresOpsRequestCR.After the successful reconfiguring of the
PostgresTLS, theKubeDBOps-manager operator resumes thePostgresobject so that theKubeDBProvisioner operator resumes its usual operations.
In the next docs, we are going to show a step by step guide on reconfiguring TLS configuration of a Postgres database using PostgresOpsRequest CRD.