Configuring TLS for EDB Postgres with a custom resource

You can enable TLS to encrypt connections to your EDB Postgres instance using your own custom TLS certificates and the database's custom resource.

1. Set the following environment variables:
   1. Set the EDB_INSTANCE_NAME environment variable to the name of the database instance you want to secure with TLS:

      export EDB_INSTANCE_NAME=<name>

   2. Set the EDB_VERSION environment variable to the version of the database.

      export EDB_VERSION=<version>

   3. Set the SERVER_CERT_SECRET environment variable to the name of the custom TLS certificate secret that you want to use for the server database instance:

      export SERVER_CERT_SECRET=<tls server cert secret>

   4. Set the CLIENT_CERT_SECRET environment variable to the name of the custom TLS certificate secret that you want to use for the client database instance:

      export CLIENT_CERT_SECRET=<tls client cert secret>

   5. Set the STG_CLASS_BLOCK environment variable to the block storage class you want to use for this database instance:

      export STG_CLASS_BLOCK=<storage>

2. Run the following command to enable TLS for your database:

   cat <<EOF | oc apply -f -
   apiVersion: edb.cpd.ibm.com/v1
   kind: CPDEdbInstance
   metadata:
     name: ${EDB_INSTANCE_NAME}     
     namespace: ${PROJECT_CPD_INST_OPERANDS}
   spec:
     forceDeleteResource: false
     license:
       accept: true
     version: "${EDB_VERSION}"     
     replicas: 1
     storageSize: "2G"
     storageClass: ${STG_CLASS_BLOCK}     
     resources:
       requests:
         memory: 4Gi
         cpu: 1
       limits:
         memory: 4Gi
         cpu: 1
   tls:
     customClientCert: ${CLIENT_CERT_SECRET}
     customServerCert: ${SERVER_CERT_SECRET}
   EOF

   Tip: To automatically remove pvcs and secrets when you delete an instance, set the forceDeleteResources key under the spec key to true.