Skip to content

Add Support for Custom TLS Certificates in Connection Pooler #1232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Add Support for Custom TLS Certificates in Connection Pooler #1232

wants to merge 2 commits into from

Conversation

@borchero
Copy link

@borchero borchero commented Nov 25, 2020

Fixes #1230
Dockerfile for new pgBouncer image: https://github.com/borchero/pgbouncer

@FxKu
Copy link
Member

FxKu commented Dec 15, 2020

Thank @borchero for your contribution. We have just merged the inherited annotation feature to allow passing annotations from the postgres manifest down to child resources. You can also use the downscaler_annotations option to only inherit annotations to the deployment and statefulset. I think, you can use this rather than adding yet another field. Could you strip back this PR then to only the TLS passing to pooler?

@borchero
Copy link
Author

borchero commented Dec 15, 2020

Removing pooler-specific annotations is a hacky solution imo. The reason for these annotations is to allow external operators to reload the pooler Pods once the TLS secret changes. When using downscaler_annotations, my understanding is that these annotations are also added to the Postgres StatefulSet.

Unfortunately, this means that these "reloading" annotations also trigger a redeploy of the Postgres Pods although they handle hot reloading internally.

@FxKu FxKu added this to the 1.7 milestone Dec 16, 2020
@Jan-M
Copy link
Member

Jan-M commented Dec 16, 2020

@borchero I would like to see this added to the operator config, don#t you agree? this seems like a potential global config for all poolers?

@borchero
Copy link
Author

borchero commented Dec 16, 2020

Yes, that sounds reasonable. So can I update the PR with pooler specific annotations in the operator config?

@FxKu
Copy link
Member

FxKu commented Dec 16, 2020

Sure, you can add it here.

There are a few more places where you have to reflect the change. See our short docs on this topic.

@FxKu FxKu modified the milestones: 1.6.1, 1.7 Feb 15, 2021
@FxKu FxKu modified the milestones: 1.7, 1.8 Mar 26, 2021
@FxKu FxKu modified the milestones: 1.7, 1.8 Aug 20, 2021
@FxKu FxKu removed this from the 1.8 milestone Mar 2, 2022
@bchrobot
Copy link

bchrobot commented Apr 29, 2022

This is a feature we are interested in. @borchero do you still have plans to work on this at some point? If not, I would be happy to take a stab at rebasing on master and making the requested changes for pooler annotations.

@borchero
Copy link
Author

borchero commented May 3, 2022

Hey @bchrobot I don't currently need the functionality anymore, so I'm unlikely to work on it soon ... feel free to take over!

@Dayde
Copy link

Dayde commented May 18, 2022

Really interested in this too, in fact we consider it to be more a bugfix than a feature as we can’t use MTLS through pgBouncer because of this.
Looking at the two years old comments @FxKu I’m not sure what is still to be done.
@bchrobot have you already start to work on that ? We’re gonna need that soon and we’d be glad to lend a hand.

@FxKu FxKu added this to the 1.9 milestone May 19, 2022
@Dayde
Copy link

Dayde commented Jun 27, 2022

Should I open another PR ? I’ve rebased the branch but I can’t push it here.
A brief sum up of what’s left to do in your opinion would be really nice 🙏

@bchrobot
Copy link

bchrobot commented Jul 4, 2022

@bchrobot have you already start to work on that ? We’re gonna need that soon and we’d be glad to lend a hand.

I have not made any progress and will not have time to work on this until November. A new PR is probably the easiest path forward.

@jeremie-seguin jeremie-seguin mentioned this pull request Dec 27, 2022
Merged
@borchero
Copy link
Author

borchero commented Jan 3, 2023

Closing this in favor of #2146.

@borchero borchero closed this Jan 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@avaczi avaczi Awaiting requested review from avaczi

@CyberDem0n CyberDem0n Awaiting requested review from CyberDem0n

@erthalion erthalion Awaiting requested review from erthalion

@FxKu FxKu Awaiting requested review from FxKu FxKu is a code owner

@Jan-M Jan-M Awaiting requested review from Jan-M Jan-M is a code owner

@RafiaSabih RafiaSabih Awaiting requested review from RafiaSabih

@sdudoladov sdudoladov Awaiting requested review from sdudoladov sdudoladov is a code owner

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

1.9

Development

Successfully merging this pull request may close these issues.

PgBouncer does not use Custom TLS Certificate

5 participants

@borchero @FxKu @Jan-M @bchrobot @Dayde