fix(gitops): add stunnel client config and clean server config

databases/postgresql/kustomization.yaml

@@ -8,6 +8,7 @@ resources:
   - ghcr-pull-externalsecret.yaml
   - stunnel-externalsecret.yaml
   - stunnel-server-configmap.yaml
+  - stunnel-client-configmap.yaml
   - stunnel-server-deployment.yaml
   - stunnel-server-service.yaml
   - stunnel-client-deployment.yaml

databases/postgresql/stunnel-client-configmap.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgresql-stunnel-client
+  namespace: database
+data:
+  stunnel.conf: |
+    foreground = yes
+    debug = 5
+    [postgres-client]
+    client = yes
+    accept = 0.0.0.0:15432
+    connect = postgresql-stunnel-server.database.svc.cluster.local:5433
+    verifyChain = no
+    sslVersionMin = TLSv1.2
+    options = NO_SSLv2
+    options = NO_SSLv3
+    TIMEOUTclose = 0

databases/postgresql/stunnel-client-deployment.yaml

@@ -24,14 +24,13 @@ spec:
         - name: stunnel-client
           image: ghcr.io/x-evor/postgresql.svc.plus/stunnel-client:latest
           imagePullPolicy: IfNotPresent
-          env:
-            - name: STUNNEL_SERVICE
-              value: postgres-client
-            - name: STUNNEL_ACCEPT
-              value: "15432"
-            - name: STUNNEL_CONNECT
-              value: postgresql-stunnel-server.database.svc.cluster.local:5433
-            - name: STUNNEL_CRONTAB
-              value: ""
           ports:
             - containerPort: 15432
+          volumeMounts:
+            - name: stunnel-config
+              mountPath: /etc/stunnel/stunnel.conf
+              subPath: stunnel.conf
+      volumes:
+        - name: stunnel-config
+          configMap:
+            name: postgresql-stunnel-client

databases/postgresql/stunnel-server-configmap.yaml

@@ -19,6 +19,5 @@ data:
     socket = l:TCP_NODELAY=1
     socket = r:TCP_NODELAY=1
     socket = l:SO_KEEPALIVE=1
-    socket = r:TCP_KEEPALIVE=1
     TIMEOUTclose = 0
     TIMEOUTidle = 43200