docs: add steps for postgres SSL cert config (#8648)

ericpaulsen · johnstcn · web-flow · commit 001670cc13f6 · 2023-07-21T10:36:11.000-04:00
* docs: add steps for postgres SSL cert config

* make fmt

* Update docs/install/kubernetes.md

Co-authored-by: Cian Johnston &lt;cian@coder.com&gt;

* fixup! Update docs/install/kubernetes.md

---------

Co-authored-by: Cian Johnston &lt;cian@coder.com&gt;
diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md
@@ -179,6 +179,39 @@ In certain enterprise environments, the [Azure Application Gateway](https://lear
 - Websocket traffic (required for workspace connections)
 - TLS termination
 
+## PostgreSQL Certificates
+
+Your organization may require connecting to the database instance over SSL. To supply
+Coder with the appropriate certificates, and have it connect over SSL, follow the steps below:
+
+1. Create the certificate as a secret in your Kubernetes cluster, if not already present:
+
+```console
+$ kubectl create secret tls postgres-certs -n coder --key="postgres.key" --cert="postgres.crt"
+```
+
+1. Define the secret volume and volumeMounts in the Helm chart:
+
+```yaml
+coder:
+  volumes:
+    - name: "pg-certs-mount"
+      secret:
+        secretName: "postgres-certs"
+  volumeMounts:
+    - name: "pg-certs-mount"
+      mountPath: "$HOME/.postgresql"
+      readOnly: true
+```
+
+1. Lastly, your PG connection URL will look like:
+
+```console
+postgres://<user>:<password>@databasehost:<port>/<db-name>?sslmode=require&sslcert=$HOME/.postgresql/postgres.crt&sslkey=$HOME/.postgresql/postgres.key"
+```
+
+> More information on connecting to PostgreSQL databases using certificates can be found [here](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-CLIENTCERT).
+
 ## Upgrading Coder via Helm
 
 To upgrade Coder in the future or change values,
