diff --git a/charts/pg-db/README.md b/charts/pg-db/README.md index 3bd999721..0044d3bb9 100644 --- a/charts/pg-db/README.md +++ b/charts/pg-db/README.md @@ -48,6 +48,7 @@ The chart can be customized using the following configurable parameters: | `customRootCATLSSecret.items` | Key-value pairs of the `key` (a key from the `secrets.customRootCATLSSecret.name` secret) and the `path` (name on the file system) for the custom root certificate and key | `` | | `customTLSSecret.name` | A secret with TLS certificate generated for external communications | `""` | | `customReplicationTLSSecret.name` | A secret with TLS certificate generated for internal communications | `""` | +| `tlsOnly` | Set to true to force all HBA records to use the `hostssl` record type. | `false` | | `openshift` | Set to true if the cluster is being deployed on OpenShift, set to false otherwise, or unset it for autodetection | `false` | | `users.name` | The name of the PostgreSQL user | `""` | | `users.databases` | Databases accessible by a specific PostgreSQL user with rights to create objects in them (the option is ignored for postgres user; also, modifying it can’t be used to revoke the already given access) | `{}` | diff --git a/charts/pg-db/templates/cluster.yaml b/charts/pg-db/templates/cluster.yaml index 24b61af29..dada0b677 100644 --- a/charts/pg-db/templates/cluster.yaml +++ b/charts/pg-db/templates/cluster.yaml @@ -40,6 +40,8 @@ spec: {{- end }} {{- end }} + tlsOnly: {{ .Values.tlsOnly }} + openshift: {{ default false .Values.openshift }} {{- if .Values.users }} diff --git a/charts/pg-db/values.yaml b/charts/pg-db/values.yaml index 5ac944d38..870564720 100644 --- a/charts/pg-db/values.yaml +++ b/charts/pg-db/values.yaml @@ -34,6 +34,8 @@ customTLSSecret: customReplicationTLSSecret: name: "" +# tlsOnly: false + # openshift: true # users: