From 13edcb5cbc0398c92b65dbe7656d61bb92f0f389 Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@zoriya.dev>
Date: Fri, 18 Jul 2025 11:43:04 +0200
Subject: [PATCH] Fix postgres certs

---
 apps/authentik.yaml        | 11 +----------
 apps/postgres/cluster.yaml |  4 ++--
 2 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/apps/authentik.yaml b/apps/authentik.yaml
index bcfda28..2eb38a7 100644
--- a/apps/authentik.yaml
+++ b/apps/authentik.yaml
@@ -34,24 +34,15 @@ spec:
             - name: AUTHENTIK_POSTGRESQL__SSLKEY
               value: /var/postgres-ssl/tls.key
             - name: AUTHENTIK_POSTGRESQL__SSLROOTCERT
-              value: /var/postgres-ca/ca.crt
+              value: /var/postgres-ssl/ca.crt
           volumeMounts:
             - name: postgres-cert
               mountPath: /var/postgres-ssl
-            - name: postgres-cert
-              mountPath: /var/postgres-ca
           volumes:
             - name: postgres-cert
               secret:
                 defaultMode: 0640
                 secretName: postgres-authentik
-            - name: postgres-root
-              secret:
-                defaultMode: 0640
-                secretName: postgres-ca
-                items:
-                  - key: ca.crt
-                    path: ca.crt
           securityContext:
             fsGroup: 1001
             runAsUser: 1001
diff --git a/apps/postgres/cluster.yaml b/apps/postgres/cluster.yaml
index 198b29f..9c946d8 100644
--- a/apps/postgres/cluster.yaml
+++ b/apps/postgres/cluster.yaml
@@ -10,8 +10,8 @@ spec:
     size: 10Gi
 
   certificates:
-    serverTLSSecret: postgres-ca
-    serverCASecret: postgres-ca
+    serverCASecret: postgres-server-cert
+    serverTLSSecret: postgres-server-cert
     clientCASecret: postgres-server-cert
     replicationTLSSecret: postgres-replication-cert