scottk/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-03-21 06:39:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(paperless-ngx): disable PG TLS verify-full

Browse Source
This commit is contained in:
JJGadgets
2023-12-25 08:34:36 +08:00
parent e774546cb8
commit 0892c3da33
1 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
kube/deploy/apps/paperless-ngx/app/hr.yaml
View File

@@ -55,8 +55,8 @@ spec:
PAPERLESS_TIKA_ENDPOINT: "http://tika.paperless-ngx.svc.cluster.local"
PAPERLESS_TIKA_GOTENBERG_ENDPOINT: "http://gotenberg.paperless-ngx.svc.cluster.local"
PAPERLESS_DBENGINE: "postgresql"
PAPERLESS_DBSSLMODE: "verify-full"
PAPERLESS_DBSSLROOTCERT: &pg-ca "/pg-tls/ca.crt"
# PAPERLESS_DBSSLMODE: "verify-full"
# PAPERLESS_DBSSLROOTCERT: &pg-ca "/pg-tls/ca.crt"
PAPERLESS_DBHOST:
valueFrom:
secretKeyRef:
@@ -233,17 +233,17 @@ spec:
main:
- subPath: "gotenberg"
path: "/tmp"
pg-tls:
enabled: true
type: secret
name: "pg-paperless-ngx-cluster-cert"
defaultMode: 0400
advancedMounts:
main:
main:
- subPath: "ca.crt"
path: *pg-ca
readOnly: true
# pg-tls:
# enabled: true
# type: secret
# name: "pg-paperless-ngx-cluster-cert"
# defaultMode: 0400
# advancedMounts:
# main:
# main:
# - subPath: "ca.crt"
# path: *pg-ca
# readOnly: true
defaultPodOptions:
automountServiceAccountToken: false
enableServiceLinks: false # avoid exposing too much info in env vars in case of lateral movement attempt