Skip to content

Commit 1feea56

Browse files
authored
Clarify custom tls documentation (CrunchyData#3629)
* Add documentation about custom TLS secrets, clarifying replication secret common name * Bump streaming standby test secrets to have 10y expiration Issue: [sc-14645]
1 parent f497724 commit 1feea56

File tree

2 files changed

+47
-17
lines changed

2 files changed

+47
-17
lines changed

docs/content/tutorial/customize-cluster.md

Lines changed: 41 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -99,11 +99,18 @@ If you want to use the TLS infrastructure that PGO provides, you can skip the re
9999

100100
### How to Customize TLS
101101

102-
There are a few different TLS endpoints that can be customized for PGO, including those of the Postgres cluster and controlling how Postgres instances authenticate with each other. Let's look at how we can customize TLS.
102+
There are a few different TLS endpoints that can be customized for PGO, including those of the Postgres cluster and controlling how Postgres instances authenticate with each other. Let's look at how we can customize TLS by defining
103103

104-
Your TLS certificate should have a Common Name (CN) setting that matches the primary Service name. This is the name of the cluster suffixed with `-primary`. For example, for our `hippo` cluster this would be `hippo-primary`.
104+
* a `spec.customTLSSecret`, used to both identify the cluster and encrypt communications; and
105+
* a `spec.customReplicationTLSSecret`, used for replication authentication.
105106

106-
To customize the TLS for a Postgres cluster, you will need to create a Secret in the Namespace of your Postgres cluster that contains the TLS key (`tls.key`), TLS certificate (`tls.crt`) and the CA certificate (`ca.crt`) to use. The Secret should contain the following values:
107+
(For more information on the `spec.customTLSSecret` and `spec.customReplicationTLSSecret` fields, see the [`PostgresCluster CRD`]({{< relref "references/crd.md" >}}).)
108+
109+
To customize the TLS for a Postgres cluster, you will need to create two Secrets in the Namespace of your Postgres cluster. One of these Secrets will be the `customTLSSecret` and the other will be the `customReplicationTLSSecret`. Both secrets contain a TLS key (`tls.key`), TLS certificate (`tls.crt`) and CA certificate (`ca.crt`) to use.
110+
111+
Note: If `spec.customTLSSecret` is provided you **must** also provide `spec.customReplicationTLSSecret` and both must contain the same `ca.crt`.
112+
113+
The custom TLS and custom replication TLS Secrets should contain the following fields (though see below for a workaround if you cannot control the field names of the Secret's `data`):
107114

108115
```
109116
data:
@@ -112,39 +119,62 @@ data:
112119
tls.key: <value>
113120
```
114121

115-
For example, if you have files named `ca.crt`, `hippo.key`, and `hippo.crt` stored on your local machine, you could run the following command:
122+
For example, if you have files named `ca.crt`, `hippo.key`, and `hippo.crt` stored on your local machine, you could run the following command to create a Secret from those files:
116123

117124
```
118-
kubectl create secret generic -n postgres-operator hippo.tls \
125+
kubectl create secret generic -n postgres-operator hippo-cluster.tls \
119126
--from-file=ca.crt=ca.crt \
120127
--from-file=tls.key=hippo.key \
121128
--from-file=tls.crt=hippo.crt
122129
```
123130

124-
You can specify the custom TLS Secret in the `spec.customTLSSecret.name` field in your `postgrescluster.postgres-operator.crunchydata.com` custom resource, e.g.:
131+
After you create the Secrets, you can specify the custom TLS Secret in your `postgrescluster.postgres-operator.crunchydata.com` custom resource. For example, if you created a `hippo-cluster.tls` Secret and a `hippo-replication.tls` Secret, you would add them to your Postgres cluster:
132+
133+
```
134+
spec:
135+
customTLSSecret:
136+
name: hippo-cluster.tls
137+
customReplicationTLSSecret:
138+
name: hippo-replication.tls
139+
```
140+
141+
If you're unable to control the key-value pairs in the Secret, you can create a mapping to tell
142+
the Postgres Operator what key holds the expected value. That would look similar to this:
125143

126144
```
127145
spec:
128146
customTLSSecret:
129147
name: hippo.tls
148+
items:
149+
- key: <tls.crt key in the referenced hippo.tls Secret>
150+
path: tls.crt
151+
- key: <tls.key key in the referenced hippo.tls Secret>
152+
path: tls.key
153+
- key: <ca.crt key in the referenced hippo.tls Secret>
154+
path: ca.crt
130155
```
131156

132-
If you're unable to control the key-value pairs in the Secret, you can create a mapping that looks similar to this:
157+
For instance, if the `hippo.tls` Secret had the `tls.crt` in a key named `hippo-tls.crt`, the
158+
`tls.key` in a key named `hippo-tls.key`, and the `ca.crt` in a key named `hippo-ca.crt`,
159+
then your mapping would look like:
133160

134161
```
135162
spec:
136163
customTLSSecret:
137164
name: hippo.tls
138165
items:
139-
- key: <tls.crt key>
166+
- key: hippo-tls.crt
140167
path: tls.crt
141-
- key: <tls.key key>
168+
- key: hippo-tls.key
142169
path: tls.key
143-
- key: <ca.crt key>
170+
- key: hippo-ca.crt
144171
path: ca.crt
145172
```
146173

147-
If `spec.customTLSSecret` is provided you **must** also provide `spec.customReplicationTLSSecret` and both must contain the same `ca.crt`.
174+
Note: Although the custom TLS and custom replication TLS Secrets share the same `ca.crt`, they do not share the same `tls.crt`:
175+
176+
* Your `spec.customTLSSecret` TLS certificate should have a Common Name (CN) setting that matches the primary Service name. This is the name of the cluster suffixed with `-primary`. For example, for our `hippo` cluster this would be `hippo-primary`.
177+
* Your `spec.customReplicationTLSSecret` TLS certificate should have a Common Name (CN) setting that matches `_crunchyrepl`, which is the preset replication user.
148178

149179
As with the other changes, you can roll out the TLS customizations with `kubectl apply`.
150180

testing/kuttl/e2e/streaming-standby/00--secrets.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
apiVersion: v1
22
data:
3-
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnakNDQVNpZ0F3SUJBZ0lSQU0vVDF1MXllNHZ3ek1SWEt1NGlWZVF3Q2dZSUtvWkl6ajBFQXdNd0h6RWQKTUJzR0ExVUVBeE1VY0c5emRHZHlaWE10YjNCbGNtRjBiM0l0WTJFd0hoY05Nakl3TlRJek1UZ3hNRFE0V2hjTgpNekl3TlRJd01Ua3hNRFE0V2pBZk1SMHdHd1lEVlFRREV4UndiM04wWjNKbGN5MXZjR1Z5WVhSdmNpMWpZVEJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQlArM2dEb2s3V3duaDZmNnNUV3ozUmlrS3Q4TFhyN0QKSEpGSGNXdHd3MDI5TXQrb0lubWYwUE1VS1BiVHgrSDBSZTBLcENSRUhCbytmcXJqblIzZlBXdWpSVEJETUE0RwpBMVVkRHdFQi93UUVBd0lCQmpBU0JnTlZIUk1CQWY4RUNEQUdBUUgvQWdFQU1CMEdBMVVkRGdRV0JCU3ErUFdhClQreTAvUjBRb1AzUS9nUnZWY3JGQ0RBS0JnZ3Foa2pPUFFRREF3TklBREJGQWlBRHl3UXR2Zk1xUEIvWXlzL1QKd2lNZExNR3JocWVXeDVjYVZ2TWNVWkJxWHdJaEFQS1NBemo5K1RsTzg0cmNFN25pT3U2K2NRWEYzcjNxTFFOYQpNYWVId3d5TAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
4-
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNNVENDQWRlZ0F3SUJBZ0lRUjVzZEwwcit1S0VTUjVudzFvYkFuakFLQmdncWhrak9QUVFEQXpBZk1SMHcKR3dZRFZRUURFeFJ3YjNOMFozSmxjeTF2Y0dWeVlYUnZjaTFqWVRBZUZ3MHlNakExTWpNeE9ERXdORGhhRncweQpNekExTWpNeE9URXdORGhhTURzeE9UQTNCZ05WQkFNVE1IQnliMlIxWTNScGIyNHRjSEpwYldGeWVTNXdjbTlrCmRXTjBhVzl1TG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzTGpCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUgKQTBJQUJPTWQ3ZUo5U1JtYmd0TUJ1R1hFc1UyNzBOUjhvU0pCSUJEdk1DTGpkSnB0TmVHWCt4MEhHT0ZZRGw0cgpOd0JZUk9EaUc3Z2loaVZ0ZyszTTNhejdjWk9qZ2Rnd2dkVXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01Bd0dBMVVkCkV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVxdmoxbWsvc3RQMGRFS0Q5MFA0RWIxWEt4UWd3Z1pNR0ExVWQKRVFTQml6Q0JpSUl3Y0hKdlpIVmpkR2x2Ymkxd2NtbHRZWEo1TG5CeWIyUjFZM1JwYjI0dWMzWmpMbU5zZFhOMApaWEl1Ykc5allXd3VnaUZ3Y205a2RXTjBhVzl1TFhCeWFXMWhjbmt1Y0hKdlpIVmpkR2x2Ymk1emRtT0NIWEJ5CmIyUjFZM1JwYjI0dGNISnBiV0Z5ZVM1d2NtOWtkV04wYVc5dWdoSndjbTlrZFdOMGFXOXVMWEJ5YVcxaGNua3cKQ2dZSUtvWkl6ajBFQXdNRFNBQXdSUUloQVBCai9uVU9HeHpsNXVvQnl6WHNuT3ppbTBJNHFVL21pRS9COFpOcApBSTNNQWlBOWtFeUphUGRqVHZ6cEc4LzZxbldrdGh6K1FKK3h5bGtMenNVUUNld2ZhUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
5-
tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlFRlpFS1ZIZ3YyT25uZkljaXlRUFlzbzBvalBVN3NIVS9KUFI3TE5CWERvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNHgzdDRuMUpHWnVDMHdHNFpjU3hUYnZRMUh5aElrRWdFTzh3SXVOMG1tMDE0WmY3SFFjWQo0VmdPWGlzM0FGaEU0T0lidUNLR0pXMkQ3Y3pkclB0eGt3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
3+
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnakNDQVNlZ0F3SUJBZ0lRZUpacWMxMmR3TDh6cDNRVjZVMzg0ekFLQmdncWhrak9QUVFEQXpBZk1SMHcKR3dZRFZRUURFeFJ3YjNOMFozSmxjeTF2Y0dWeVlYUnZjaTFqWVRBZUZ3MHlNekEwTVRFeE56UTFNemhhRncwegpNekEwTURneE9EUTFNemhhTUI4eEhUQWJCZ05WQkFNVEZIQnZjM1JuY21WekxXOXdaWEpoZEc5eUxXTmhNRmt3CkV3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFWEZwMU1nOFQ0aWxFRFlleVh4Nm5hRU0weEtNUStNZU0KWnM3dUtockdmTnY1cVd3N0puNzJEMEZNWE9raVNTN1BsZUhtN1lwYk1lelZ4UytjLzV6a2NLTkZNRU13RGdZRApWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDQVFBd0hRWURWUjBPQkJZRUZGU2JSZzdXCnpIZFdIODN2aEtTcld3dGV4K2FtTUFvR0NDcUdTTTQ5QkFNREEwa0FNRVlDSVFDK3pXTHh4bmpna1ZYYzBFOVAKbWlmZm9jeTIrM3AxREZMUkJRcHlZNFE0RVFJaEFPSDhQVEtvWnRZUWlobVlqTkd3Q1J3aTgvVFRaYWIxSnVIMAo2YnpodHZobgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
4+
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNQakNDQWVXZ0F3SUJBZ0lSQU93NURHaGVVZnVNY25KYVdKNkllall3Q2dZSUtvWkl6ajBFQXdNd0h6RWQKTUJzR0ExVUVBeE1VY0c5emRHZHlaWE10YjNCbGNtRjBiM0l0WTJFd0hoY05Nak13TkRFeE1UYzBOVE01V2hjTgpNek13TkRBNE1UZzBOVE01V2pBOU1Uc3dPUVlEVlFRREV6SndjbWx0WVhKNUxXTnNkWE4wWlhJdGNISnBiV0Z5CmVTNWtaV1poZFd4MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc0xqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDkKQXdFSEEwSUFCT3RlNytQWFlDci9RQVJkcHlwYTFHcEpkbW5wOFN3ZG9FOTIzUXoraWt4UllTalgwUHBXcytqUQpVNXlKZ0NDdGxyZmxFZVZ4S2YzaVpiVHdadFlIaHVxamdlTXdnZUF3RGdZRFZSMFBBUUgvQkFRREFnV2dNQXdHCkExVWRFd0VCL3dRQ01BQXdId1lEVlIwakJCZ3dGb0FVVkp0R0R0Yk1kMVlmemUrRXBLdGJDMTdINXFZd2daNEcKQTFVZEVRU0JsakNCazRJeWNISnBiV0Z5ZVMxamJIVnpkR1Z5TFhCeWFXMWhjbmt1WkdWbVlYVnNkQzV6ZG1NdQpZMngxYzNSbGNpNXNiMk5oYkM2Q0kzQnlhVzFoY25rdFkyeDFjM1JsY2kxd2NtbHRZWEo1TG1SbFptRjFiSFF1CmMzWmpnaDl3Y21sdFlYSjVMV05zZFhOMFpYSXRjSEpwYldGeWVTNWtaV1poZFd4MGdoZHdjbWx0WVhKNUxXTnMKZFhOMFpYSXRjSEpwYldGeWVUQUtCZ2dxaGtqT1BRUURBd05IQURCRUFpQjA3Q3YzRHJTNXUxRFdaek1MQjdvbAppcjFFWEpQTnFaOXZWQUF5ZTdDMGJRSWdWQVlDM2F0ekl4a0syNHlQUU1TSjU1OGFaN3JEdkZGZXdOaVpmdSt0CjdETT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
5+
tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUoxYkNXMTByR3o2VWQ1K2R3WmZWcGNUNFlqck9XVG1iVW9XNXRxYTA2b1ZvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNjE3djQ5ZGdLdjlBQkYybktsclVha2wyYWVueExCMmdUM2JkRFA2S1RGRmhLTmZRK2xhego2TkJUbkltQUlLMld0K1VSNVhFcC9lSmx0UEJtMWdlRzZnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
66
kind: Secret
77
metadata:
88
name: cluster-cert
99
type: Opaque
1010
---
1111
apiVersion: v1
1212
data:
13-
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnakNDQVNpZ0F3SUJBZ0lSQU0vVDF1MXllNHZ3ek1SWEt1NGlWZVF3Q2dZSUtvWkl6ajBFQXdNd0h6RWQKTUJzR0ExVUVBeE1VY0c5emRHZHlaWE10YjNCbGNtRjBiM0l0WTJFd0hoY05Nakl3TlRJek1UZ3hNRFE0V2hjTgpNekl3TlRJd01Ua3hNRFE0V2pBZk1SMHdHd1lEVlFRREV4UndiM04wWjNKbGN5MXZjR1Z5WVhSdmNpMWpZVEJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQlArM2dEb2s3V3duaDZmNnNUV3ozUmlrS3Q4TFhyN0QKSEpGSGNXdHd3MDI5TXQrb0lubWYwUE1VS1BiVHgrSDBSZTBLcENSRUhCbytmcXJqblIzZlBXdWpSVEJETUE0RwpBMVVkRHdFQi93UUVBd0lCQmpBU0JnTlZIUk1CQWY4RUNEQUdBUUgvQWdFQU1CMEdBMVVkRGdRV0JCU3ErUFdhClQreTAvUjBRb1AzUS9nUnZWY3JGQ0RBS0JnZ3Foa2pPUFFRREF3TklBREJGQWlBRHl3UXR2Zk1xUEIvWXlzL1QKd2lNZExNR3JocWVXeDVjYVZ2TWNVWkJxWHdJaEFQS1NBemo5K1RsTzg0cmNFN25pT3U2K2NRWEYzcjNxTFFOYQpNYWVId3d5TAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
14-
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJqakNDQVRXZ0F3SUJBZ0lSQU9waEYwSm16R3p1dWNJS2tLVHZGdzh3Q2dZSUtvWkl6ajBFQXdNd0h6RWQKTUJzR0ExVUVBeE1VY0c5emRHZHlaWE10YjNCbGNtRjBiM0l0WTJFd0hoY05Nakl3TlRJek1UZ3hNRFE0V2hjTgpNak13TlRJek1Ua3hNRFE0V2pBWE1SVXdFd1lEVlFRRERBeGZZM0oxYm1Ob2VYSmxjR3d3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUSldWWnphdk1xbU5NYTNwLzhBMXZta2hLZzNpRHU2TUhzc0dCS094bVYKYWdXS0RwRnlxTStYZ3F1bjdxWlUvd2NkRUZ5VFVLVCthUjVRSGozdFZYZlFvMW93V0RBT0JnTlZIUThCQWY4RQpCQU1DQmFBd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTcStQV2FUK3kwL1IwUW9QM1EvZ1J2ClZjckZDREFYQmdOVkhSRUVFREFPZ2d4ZlkzSjFibU5vZVhKbGNHd3dDZ1lJS29aSXpqMEVBd01EUndBd1JBSWcKSE5Hc0NJdEdtcVBLSEY4M2EyazBoVitVSGNDU0VmbExraStsa2RiVnovVUNJSHV0d2VWU0pITk5ieldsd3EyawpxSDhFT1JIOWMvTHJJT2htK1B3UmFqT0kKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
15-
tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUMyb2ZZNnBROGhlblZJd1RnTjNQYS9jLzRBeGk0NGFMdm1pWiszblhFbGJvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFeVZsV2MycnpLcGpUR3Q2Zi9BTmI1cElTb040Zzd1akI3TEJnU2pzWmxXb0ZpZzZSY3FqUApsNEtycCs2bVZQOEhIUkJjazFDay9ta2VVQjQ5N1ZWMzBBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
13+
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnakNDQVNlZ0F3SUJBZ0lRZUpacWMxMmR3TDh6cDNRVjZVMzg0ekFLQmdncWhrak9QUVFEQXpBZk1SMHcKR3dZRFZRUURFeFJ3YjNOMFozSmxjeTF2Y0dWeVlYUnZjaTFqWVRBZUZ3MHlNekEwTVRFeE56UTFNemhhRncwegpNekEwTURneE9EUTFNemhhTUI4eEhUQWJCZ05WQkFNVEZIQnZjM1JuY21WekxXOXdaWEpoZEc5eUxXTmhNRmt3CkV3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFWEZwMU1nOFQ0aWxFRFlleVh4Nm5hRU0weEtNUStNZU0KWnM3dUtockdmTnY1cVd3N0puNzJEMEZNWE9raVNTN1BsZUhtN1lwYk1lelZ4UytjLzV6a2NLTkZNRU13RGdZRApWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDQVFBd0hRWURWUjBPQkJZRUZGU2JSZzdXCnpIZFdIODN2aEtTcld3dGV4K2FtTUFvR0NDcUdTTTQ5QkFNREEwa0FNRVlDSVFDK3pXTHh4bmpna1ZYYzBFOVAKbWlmZm9jeTIrM3AxREZMUkJRcHlZNFE0RVFJaEFPSDhQVEtvWnRZUWlobVlqTkd3Q1J3aTgvVFRaYWIxSnVIMAo2YnpodHZobgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
14+
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJqekNDQVRTZ0F3SUJBZ0lRRzA0MEprWjYwZkZtanpaVG1SekhyakFLQmdncWhrak9QUVFEQXpBZk1SMHcKR3dZRFZRUURFeFJ3YjNOMFozSmxjeTF2Y0dWeVlYUnZjaTFqWVRBZUZ3MHlNekEwTVRFeE56UTFNemhhRncwegpNekEwTURneE9EUTFNemhhTUJjeEZUQVRCZ05WQkFNTURGOWpjblZ1WTJoNWNtVndiREJaTUJNR0J5cUdTTTQ5CkFnRUdDQ3FHU000OUF3RUhBMElBQk5HVHcvSmVtaGxGK28xUlRBb0VXSndzdjJ6WjIyc1p4N2NjT2VmL1NXdjYKeXphYkpaUmkvREFyK0kwUHNyTlhmand3a0xMa3hERGZsTklvcFZMNVYwT2pXakJZTUE0R0ExVWREd0VCL3dRRQpBd0lGb0RBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkZTYlJnN1d6SGRXSDgzdmhLU3JXd3RlCngrYW1NQmNHQTFVZEVRUVFNQTZDREY5amNuVnVZMmg1Y21Wd2JEQUtCZ2dxaGtqT1BRUURBd05KQURCR0FpRUEKcWVsYmUvdTQzRFRPWFdlell1b3Nva0dUbHg1U2ljUFRkNk05Q3pwU2VoWUNJUUNOOS91Znc0SUZzdDZOM1RtYQo4MmZpSElKSUpQY0RjM2ZKUnFna01RQmF0QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
15+
tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBxeTVzNVJxWThKUmdycjJreE9zaG9hc25yTWhUUkJPYjZ0alI3T2ZqTFlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFMFpQRDhsNmFHVVg2alZGTUNnUlluQ3kvYk5uYmF4bkh0eHc1NS85SmEvckxOcHNsbEdMOApNQ3Y0alEreXMxZCtQRENRc3VURU1OK1UwaWlsVXZsWFF3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
1616
kind: Secret
1717
metadata:
1818
name: replication-cert

0 commit comments

Comments
 (0)