Update cert-manager example

# Using Cert-Manager with Postgres Operator 5.x

## Introduction

Starting with version 5.0 of the Crunchy Data Postgres Operator for Kubernetes, TLS is on by default to secure all communication to/from the postgres cluster.  By default, the Operator will generate the necessary certificates for the Postgres cluster and components.  It is possible to provide custom cetificates by storing the certificates in a Kubernetes Secret and pointing the Operator to those secrets in the Postgres manifest.

Starting with version 5.0 of PGO, the Postgres Operator from Crunchy Data, TLS is on by default to secure all communication to/from the postgres cluster.  By default, the Operator will generate the necessary certificates for the Postgres cluster and components.  It is possible to provide custom certificates by storing the certificates in a Kubernetes Secret and pointing the Operator to those secrets in the Postgres manifest.

Cert-Manager can be used to dynamically generate and manage certificates in Kubernetes.   Cert-Manager can generate self-signed certificates or certificates from several certificate authorities.

After Cert-Manager has been deployed, the next step used in this example is to setup a Certificate Issuer.  The Certificate Issuer can be configured to be local to a namespace or cluster wide.  In the examples provided here, a cluster wide issuer is created.

### Configure Issuer

```kubectl apply -k certman```

```

kubectl apply -k certman

```

This Kustomize deployment performs the following actions:

In the Postgres manifest, two entries are added to point to the newly created Secrets.  The customTLSSecret key references the <cluster>-tls secret while the customReplicationTLSSecret references the <cluster>-repl-tls secret.

### Deploy Postgres Cluster

```kubectl apply -k postgres```

### Deploy Postgres

```shell

kubectl apply -k postgres

```

The following process takes place during the deployment:

* Custom certificate is generated for Postgres using the CA ClusterIssuer created in the previous steps.

* Custom certificate is generated for Postgres replication using the CA ClusterIssuer.

* Postgres cluster deployed using the custom certificates.

  renewBefore: 360h # 15d

  subject:

    organizations:

    - crunchydata

    - hippo-org

  # The use of the common name field has been deprecated since 2000 and is

  # discouraged from being used.

  commonName: _crunchyrepl

  isCA: false

  privateKey:

    algorithm: RSA

    encoding: PKCS1

    size: 2048

    algorithm: ECDSA

    size: 256

  usages:

    - server auth

    - client auth

    - digital signature

    - key encipherment

  # At least one of a DNS Name, URI, or IP address is required.

  dnsNames:

  - _crunchyrepl

  # uris:

  # - spiffe://cluster.local/ns/zoo/hippo

  #ipAddresses:

  #- 192.168.0.5

  # Issuer references are always required.

  issuerRef:

    name: ca-issuer

    # We can reference ClusterIssuers by changing the kind here.

  renewBefore: 360h # 15d

  subject:

    organizations:

    - crunchydata

    - hippo-org

  # The use of the common name field has been deprecated since 2000 and is

  # discouraged from being used.

  commonName: postgres-operator

  isCA: false

  privateKey:

    algorithm: RSA

    encoding: PKCS1

    size: 2048

    algorithm: ECDSA

    size: 256

  usages:

    - server auth

    - client auth

    - digital signature

    - key encipherment

  # At least one of a DNS Name, URI, or IP address is required.

  dnsNames:

  - hippo-primary

  # uris:

  # - spiffe://cluster.local/ns/zoo/hippo

  #ipAddresses:

  #- 192.168.0.5

  # Issuer references are always required.

  issuerRef:

    name: ca-issuer

    # We can reference ClusterIssuers by changing the kind here.

  customTLSSecret:

    name: hippo-tls

  instances:

    - name: pgc

      replicas: 2

    - replicas: 2

      dataVolumeClaimSpec:

        accessModes:

        - "ReadWriteOnce"