From 790831de1a988ab0ffb410078b9a523a8b03fe64 Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@zoriya.dev>
Date: Wed, 16 Jul 2025 13:46:16 +0200
Subject: [PATCH] Add dnsNames and usage to postgres-ca

---
 apps/postgres/certs.yaml | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/apps/postgres/certs.yaml b/apps/postgres/certs.yaml
index fee13bf..1480a53 100644
--- a/apps/postgres/certs.yaml
+++ b/apps/postgres/certs.yaml
@@ -5,9 +5,6 @@ metadata:
   namespace: postgres
 spec:
   isCA: true
-  secretTemplate:
-    labels:
-      cnpg.io/reload: ""
   commonName: postgres-ca
   secretName: postgres-ca
   privateKey:
@@ -38,8 +35,17 @@ spec:
     labels:
       cnpg.io/reload: ""
   usages:
-    - client auth
-  commonName: streaming_replica
+    - server auth
+  dnsNames:
+   - postgres-cluster-rw
+   - postgres-cluster-rw.postgres
+   - postgres-cluster-rw.postgres.svc
+   - postgres-cluster-r
+   - postgres-cluster-r.postgres
+   - postgres-cluster-r.postgres.svc
+   - postgres-cluster-ro
+   - postgres-cluster-ro.postgres
+   - postgres-cluster-ro.postgres.svc
   issuerRef:
     name: postgres-ca
     kind: Issuer