From 0892c3da33f919cf6801430b17cd545a6a2cdf93 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Mon, 25 Dec 2023 08:34:36 +0800
Subject: [PATCH] fix(paperless-ngx): disable PG TLS verify-full

---
 kube/deploy/apps/paperless-ngx/app/hr.yaml | 26 +++++++++++-----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/kube/deploy/apps/paperless-ngx/app/hr.yaml b/kube/deploy/apps/paperless-ngx/app/hr.yaml
index c4bbb526..7f025af5 100644
--- a/kube/deploy/apps/paperless-ngx/app/hr.yaml
+++ b/kube/deploy/apps/paperless-ngx/app/hr.yaml
@@ -55,8 +55,8 @@ spec:
               PAPERLESS_TIKA_ENDPOINT: "http://tika.paperless-ngx.svc.cluster.local"
               PAPERLESS_TIKA_GOTENBERG_ENDPOINT: "http://gotenberg.paperless-ngx.svc.cluster.local"
               PAPERLESS_DBENGINE: "postgresql"
-              PAPERLESS_DBSSLMODE: "verify-full"
-              PAPERLESS_DBSSLROOTCERT: &pg-ca "/pg-tls/ca.crt"
+              # PAPERLESS_DBSSLMODE: "verify-full"
+              # PAPERLESS_DBSSLROOTCERT: &pg-ca "/pg-tls/ca.crt"
               PAPERLESS_DBHOST:
                 valueFrom:
                   secretKeyRef:
@@ -233,17 +233,17 @@ spec:
             main:
               - subPath: "gotenberg"
                 path: "/tmp"
-      pg-tls:
-        enabled: true
-        type: secret
-        name: "pg-paperless-ngx-cluster-cert"
-        defaultMode: 0400
-        advancedMounts:
-          main:
-            main:
-              - subPath: "ca.crt"
-                path: *pg-ca
-                readOnly: true
+      # pg-tls:
+      #   enabled: true
+      #   type: secret
+      #   name: "pg-paperless-ngx-cluster-cert"
+      #   defaultMode: 0400
+      #   advancedMounts:
+      #     main:
+      #       main:
+      #         - subPath: "ca.crt"
+      #           path: *pg-ca
+      #           readOnly: true
     defaultPodOptions:
       automountServiceAccountToken: false
       enableServiceLinks: false # avoid exposing too much info in env vars in case of lateral movement attempt