When using Postgres Operator (Tanzu Postgres for Kubernetes) are there specific requirements for using a TLS certificate (like a specific CN and SAN), the same for replication? And if so, would it be possible to turn the checks off and just use a random certificate?

VMware Postgres Operator supports Transport Layer Securtiy (TLS) encrypted connections to the Postgres server from clients and applications. Clients can connect to the Postgres server and verify the connection using user provided certificates provided by a corporate Certificate Authority (CA).

For internal Kubernetes communications the Postgres server by default requires cert-manager self-signed certificates.

The VMware Postgres Operator users a Kubernetes Secret to manage TLS. There are several ways to create the Secret:

1. Creating the TLS Secret using cert-manager

2. Create the TLS Secret Manually

PLEASE NOTE: When creating the TLS secret manually, the Replication TLS certificate should have a Common Name (CN) setting that matches replication, which is the preset replication user.