Improve teh securty of teh DB

infrastructure/kubernetes/base/configmaps/postgres-logging-config.yaml

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-logging-config
+  namespace: bakery-ia
+  labels:
+    app.kubernetes.io/name: bakery-ia
+    app.kubernetes.io/component: database-logging
+data:
+  postgresql.conf: |
+    # PostgreSQL Configuration for Kubernetes
+    # Generated for security compliance and monitoring
+
+    # Network Configuration
+    listen_addresses = '*'
+    port = 5432
+
+    # Connection Logging
+    log_connections = on
+    log_disconnections = on
+    log_hostname = off
+
+    # Query Logging
+    log_statement = 'all'
+    log_duration = on
+    log_min_duration_statement = 1000
+
+    # Log Destination
+    log_destination = 'stderr'
+    logging_collector = off
+
+    # Log Output Format
+    log_line_prefix = '%t [%p]: user=%u,db=%d,app=%a,client=%h '
+    log_timezone = 'UTC'
+
+    # Error Logging
+    log_error_verbosity = default
+    log_min_messages = warning
+    log_min_error_statement = error
+
+    # Checkpoints
+    log_checkpoints = on
+
+    # Lock Waits
+    log_lock_waits = on
+    deadlock_timeout = 1s
+
+    # Temporary Files
+    log_temp_files = 0
+
+    # Autovacuum Logging
+    log_autovacuum_min_duration = 0
+
+    # SSL/TLS Configuration
+    ssl = on
+    ssl_cert_file = '/tls/server-cert.pem'
+    ssl_key_file = '/tls/server-key.pem'
+    ssl_ca_file = '/tls/ca-cert.pem'
+    ssl_prefer_server_ciphers = on
+    ssl_min_protocol_version = 'TLSv1.2'