Extend the API to configure TLS to secure Postgres #51

sergicastro · 2025-07-23T18:22:39Z

This PR allows for managing TLS-secured connections in the PostgreSQL instances.

It:

Introduces the new TLS field in the Kubegres spec
Includes tls_ prefixes scripts for:
- postgres.conf
- pghba.conf
- copy primary data to replica
- backup
Manages transition between TLS and no TLS config without losing data

Additionally:

…nce (#53) I need to finish testing of the TLS PR #51 before making this connection management compatible with TLS-secured connections. The [`func (r *ServicesCountSpecEnforcer) canConnectToPrimaryDb() bool`](https://github.com/tetrateio/kubegres/pull/53/files#diff-2069405fe99f8bae54d23273d6e4708cb8b4e1ec715bbe3f276c63b3157c5ee2R136) method is the current one checking all of this works. It will need to be removed once the target PR starts using these changes. --------- Signed-off-by: Sergi Castro <[email protected]> Co-authored-by: Copilot <[email protected]>

sergicastro added 3 commits July 23, 2025 20:36

Extend the API to configure TLS to secure postgres

eabced2

make generate

87f2866

fix TLSSpecEnforcer when TLS is disabled

16369e3

sergicastro force-pushed the tls branch from db24b82 to 16369e3 Compare July 23, 2025 18:42

sergicastro added 2 commits July 23, 2025 21:09

Fix test db conn utils

cb56394

Clean up code, TODOs, test fix

fee05e9

sergicastro force-pushed the tls branch from 16fc704 to fee05e9 Compare July 23, 2025 21:27

sergicastro added 8 commits July 24, 2025 09:40

reduce flackines

69a39f6

Fix TLS tests and transition

8dba0bf

Make check and fix test-unit paths

a1bfa4d

Fix port in use test setup

17cd74f

minor fix on tests

4e69cfc

clean up

6489b14

more cleanup

ef346ee

Update permissions to include secrets read

0c03697

sergicastro mentioned this pull request Aug 6, 2025

Allow kubegres manager to manage SQL connections to the primary instance #53

Merged

Provide feedback