Postgress mTLS documentation

[skluther]

Currently, I'm using crunchy_pg which has tls enabled and would like to get my setup working correctly but currently rps and mps are both throwing errors for SELF_SIGNED_CERT_IN_CHAIN.

I have a secret that includes the CA which I can provide to the containers, is there any way for me to specify that they should use that for db verification?

I see a few options in the config model relating to this but I'm unsure which ones to set (if any are appropriate): https://github.com/device-management-toolkit/mps/blob/00a213215691d308d8618f5745f3f8e3c413e272/src/models/Config.d.ts

[skluther]

I was able to resolve this by mounting the pg ca cert into the pod to /pg-ca.crt and setting this as the connection string:

$(MPS_CONNECTION_URI)?sslmode=require&sslrootcert=/pg-ca.crt