shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: update postgres cert expiry, add cloudflare token secret

Browse Source
This commit is contained in:
Shahab Dogar
2025-07-28 15:36:42 +05:00
parent b6cb6c70bc
commit f40194e50d
4 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
postgres/index.ts
View File

@@ -80,6 +80,8 @@ export class PostgresCluster extends Construct {
algorithm: "ECDSA",
size: 384,
},
duration: "52560h", // 6 years
renewBefore: "8760h", // 1 year before expiration
issuerRef: {
name: "selfsigned-issuer",
kind: "Issuer",
@@ -142,6 +144,8 @@ export class PostgresCluster extends Construct {
"postgres-cluster-r.postgres-system.svc.cluster.local",
"postgres.dogar.dev",
],
duration: "4380h", // 6 months
renewBefore: "720h", // 30 days before expiration
issuerRef: {
name: `${caNames.server}-issuer`,
kind: "Issuer",
@@ -169,6 +173,8 @@ export class PostgresCluster extends Construct {
algorithm: "ECDSA",
size: 256,
},
duration: "52560h", // 6 years
renewBefore: "8760h", // 1 year before expiration
issuerRef: {
name: "selfsigned-issuer",
kind: "Issuer",
@@ -226,6 +232,8 @@ export class PostgresCluster extends Construct {
secretName: certNames.client,
usages: ["client auth"],
commonName: "streaming_replica",
duration: "4380h", // 6 months
renewBefore: "720h", // 30 days before expiration
issuerRef: {
name: "postgres-client-ca-issuer",
kind: "Issuer",
@@ -251,6 +259,8 @@ export class PostgresCluster extends Construct {
secretName: `${user}-client-cert`,
usages: ["client auth"],
commonName: user,
duration: "4380h", // 6 months
renewBefore: "720h", // 30 days before expiration
issuerRef: {
name: "postgres-client-ca-issuer",
kind: "Issuer",