Certificates v1
We are in the process of migrating the documentation from the previous EDB Postgres Distributed for Kubernetes name to the new EDB CloudNativePG Global Cluster name. You may see references to both names in this documentation.
EDB Postgres Distributed for Kubernetes was designed to natively support TLS certificates. To set up an PGD cluster, each PGD node requires:
- A server certification authority (CA) certificate
- A server TLS certificate signed by the server CA
- A client CA certificate
- A streaming replication client certificate generated by the client CA
Note
You can find all the secrets used by each PGD node and the expiry dates in the cluster (PGD node) status.
EDB Postgres Distributed for Kubernetes is very flexible when it comes to TLS certificates. It operates primarily in two modes:
- Operator managed — Certificates are internally managed by the operator in a fully automated way and signed using a CA created by EDB Postgres Distributed for Kubernetes.
- User provided — Certificates are generated outside the operator and imported in the cluster definition as secrets. EDB Postgres Distributed for Kubernetes integrates itself with cert-manager.
For more information, see the EDB Postgres for Kubernetes documentation.