Skip to content

build multi-arch pooler image#3077

Open
FxKu wants to merge 19 commits intomasterfrom
pooler-build
Open

build multi-arch pooler image#3077
FxKu wants to merge 19 commits intomasterfrom
pooler-build

Conversation

@FxKu
Copy link
Copy Markdown
Member

@FxKu FxKu commented Apr 17, 2026

and stop maintaining internal repo.

Our internal pooler was using a few hacks to

  • allow connections to admin DB by any use with a defined prefix
  • ignoring errors when SET commands are used

We still need to allow our monitoring user served from an infrastructure role secret to be able to connect to the pgbouncer admin DB, but as a read-only stats_user. In the passed we only copied a hardcoded auth file into the Docker image. But since the list of infra users can be vary and we don't want to hard code credentials into env variables I'm proposing the following architecture:

  1. Set an INFRASTRUCTURE_ROLES env var on the pooler pod with the user names which is passed to the pgbouncer.ini template to be set as stats_users.
  2. Create a secret per pooler deployment which stores a dynamically generated userlist.txt file.
  3. Mount this file into the pooler container for pgBouncer to allow connections from the pooler user as well as infrastructure roles. Could also be extended to more users. But the normal flow would see users connecting via the auth_query (and not auth_file) to the actual database.

@FxKu FxKu added this to the 2.0.0 milestone Apr 17, 2026
@FxKu FxKu added the minor label Apr 17, 2026
@FxKu FxKu moved this to Waiting for review in Postgres Operator Apr 17, 2026
Comment thread pooler/Dockerfile Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

Status: Waiting for review

Development

Successfully merging this pull request may close these issues.

2 participants