docs(postgresql): improve SSL docs

codefresh/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Helm Chart for Codefresh On-Prem
 name: codefresh
-version: 2.8.6
+version: 2.8.7
 keywords:
   - codefresh
 home: https://codefresh.io/

codefresh/README.md

@@ -1,6 +1,6 @@
 ## Codefresh On-Premises
 
-![Version: 2.8.6](https://img.shields.io/badge/Version-2.8.6-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square)
+![Version: 2.8.7](https://img.shields.io/badge/Version-2.8.7-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square)
 
 Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes.
 
@@ -409,18 +409,26 @@ postgresql:
   enabled: false
 ```
 
-Provide the following env vars to enable SSL connection to Postgres:
+##### Using SSL with a PostgreSQL
+
+Provide the following env vars to enforce SSL connection to PostgresSQL:
 
 ```yaml
 global:
   env:
+    # More info in the official docs: https://www.postgresql.org/docs/current/libpq-envars.html
     PGSSLMODE: "require"
 
 helm-repo-manager:
   env:
     POSTGRES_DISABLE_SSL: "false"
 ```
 
+> ⚠️ **Important!**<br />
+> We do not support custom CA configuration for PostgreSQL, including self-signed certificates. This may cause incompatibility with some providers' default configurations.<br />
+> In particular, Amazon RDS for PostgreSQL version 15 and later requires SSL encryption by default ([ref](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html#PostgreSQL.Concepts.General.SSL.Requiring)).<br />
+> We recommend disabling SSL on the provider side in such cases or using the following steps to mount custom CA certificates: [Mounting private CA certs](#mounting-private-ca-certs)
+
 #### External Redis
 
 ```yaml
@@ -2177,6 +2185,10 @@ Default PostgreSQL image is changed from 13.x to 17.x
 
 If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x.
 
+> ⚠️ **Important!**<br />
+> The default SSL configuration may change on your provider's side when you upgrade.<br />
+> Please read the following section before the upgrade: [Using SSL with a PostgreSQL](#using-ssl-with-a-postgresql)
+
 ⚠️ ⚠️ ⚠️  16.x version is also supported (17.x version of PostgreSQL is still in preview on multiple cloud providers)
 
 ⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported due to **incompatible breaking changes** in the database files. You will see the following error in the logs:

codefresh/README.md.gotmpl

@@ -411,18 +411,27 @@ postgresql:
   enabled: false
 ```
 
-Provide the following env vars to enable SSL connection to Postgres:
+##### Using SSL with a PostgreSQL
+
+Provide the following env vars to enforce SSL connection to PostgresSQL:
 
 ```yaml
 global:
   env:
+    # More info in the official docs: https://www.postgresql.org/docs/current/libpq-envars.html
     PGSSLMODE: "require"
 
 helm-repo-manager:
   env:
     POSTGRES_DISABLE_SSL: "false"
 ```
 
+> ⚠️ **Important!**<br />
+> We do not support custom CA configuration for PostgreSQL, including self-signed certificates. This may cause incompatibility with some providers' default configurations.<br />
+> In particular, Amazon RDS for PostgreSQL version 15 and later requires SSL encryption by default ([ref](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html#PostgreSQL.Concepts.General.SSL.Requiring)).<br />
+> We recommend disabling SSL on the provider side in such cases or using the following steps to mount custom CA certificates: [Mounting private CA certs](#mounting-private-ca-certs)
+
+
 #### External Redis
 
 ```yaml
@@ -2186,6 +2195,10 @@ Default PostgreSQL image is changed from 13.x to 17.x
 
 If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x.
 
+> ⚠️ **Important!**<br />
+> The default SSL configuration may change on your provider's side when you upgrade.<br />
+> Please read the following section before the upgrade: [Using SSL with a PostgreSQL](#using-ssl-with-a-postgresql)
+
 ⚠️ ⚠️ ⚠️  16.x version is also supported (17.x version of PostgreSQL is still in preview on multiple cloud providers)
 
 ⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported due to **incompatible breaking changes** in the database files. You will see the following error in the logs: