Update PG HA documentation to advise for more secure defaults
https://docs.gitlab.com/ee/administration/high_availability/database.html
We currently document using trust_auth_cidr_addresses
, but don't go into the full implications of this. If done improperly, a database could be left fairly open.
We should update the documentation to better handle this.
-
If we want to keep recommending
trust_auth_cidr_adresses
, we should explain whatNetwork Address
should and should not be. -
We should also consider other authentication methods as defaults. I think it might be possible to do certificate authentication without too much work.