From 4904e75e75eff7aac4b18395c2ab9e61439638dd Mon Sep 17 00:00:00 2001 From: 12ww1160 <12ww1160@confdroid.com> Date: Sat, 14 Mar 2026 18:32:43 +0100 Subject: [PATCH] OP#496 add config example and update Readme --- README.md | 9 ++- docs/example_config.yaml | 148 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 1 deletion(-) create mode 100644 docs/example_config.yaml diff --git a/README.md b/README.md index fcfc80f..b05635b 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ - [README](#readme) - [Purpose](#purpose) - [Download](#download) + - [Configuration](#configuration) - [Contact Us](#contact-us) ## Purpose @@ -18,7 +19,13 @@ [confdroid_pgbouncer:latest](https://sourcecode.confdroid.com/confdroid/-/packages/container/confdroid_pgbouncer/latest) +## Configuration + +The container takes its configuration via config map and secrets. + +- see [example config](docs/example_config.yaml) + ## Contact Us - [contact form](https://confdroid.com/contact/) -- [feedback portal](https://feedback.confdroid.com/) \ No newline at end of file +- [feedback portal](https://feedback.confdroid.com/) diff --git a/docs/example_config.yaml b/docs/example_config.yaml new file mode 100644 index 0000000..afbb061 --- /dev/null +++ b/docs/example_config.yaml @@ -0,0 +1,148 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pgbouncer + +--- +apiVersion: v1 +kind: Secret +metadata: + name: pgbouncer-users + namespace: pgbouncer +type: Opaque +stringData: + userlist.txt: | + "example_user "md535412bdc28167fbcdcef2c25bafd2f21" + +--- +apiVersion: v1 +kind: Secret +metadata: + name: pgbouncer-tls + namespace: pgbouncer +type: Opaque +data: + data: + ca.crt: + client.crt: + client.key: + server.crt: + server.key: + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: pgbouncer-config + namespace: pgbouncer +data: + pgbouncer.ini: | + [pgbouncer] + listen_addr = 0.0.0.0 + listen_port = 6432 + auth_type = md5 + auth_file = /etc/pgbouncer/userlist.txt + # admin_users = admin + pool_mode = transaction + max_client_conn = 100 + default_pool_size = 20 + ignore_startup_parameters = extra_float_digits + + log_connections = 1 + log_disconnections = 1 + log_pooler_errors = 1 + log_stats = 1 + verbose = 0 + pidfile = /var/run/pgbouncer/pgbouncer.pid + + # TLS backend: PgBouncer → PostgreSQL + server_tls_sslmode = verify-ca + server_tls_ca_file = /etc/pgbouncer/tls/ca.crt + server_tls_cert_file = /etc/pgbouncer/tls/client.crt + server_tls_key_file = /etc/pgbouncer/tls/client.key + server_tls_protocols = secure + + # TLS frontend + client_tls_sslmode = require + client_tls_key_file = /etc/pgbouncer/tls/server.key + client_tls_cert_file = /etc/pgbouncer/tls/server.crt + client_tls_ca_file = /etc/pgbouncer/tls/ca.crt + client_tls_protocols = secure + + [databases] + = host= port=5432 pool_mode=session dbname= auth_user="" + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pgbouncer-deployment + namespace: pgbouncer +spec: + replicas: 2 + selector: + matchLabels: + app: pgbouncer + template: + metadata: + labels: + app: pgbouncer + spec: + containers: + - name: pgbouncer + image: sourcecode.confdroid.com/confdroid/confdroid_pgbouncer:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 6432 + volumeMounts: + - name: config + mountPath: /etc/pgbouncer/pgbouncer.ini + subPath: pgbouncer.ini + readOnly: true + - name: users + mountPath: /etc/pgbouncer/userlist.txt + subPath: userlist.txt + readOnly: true + - name: tls + mountPath: /etc/pgbouncer/tls + readOnly: true + + livenessProbe: + tcpSocket: + port: 6432 + initialDelaySeconds: 5 + periodSeconds: 10 + + readinessProbe: + tcpSocket: + port: 6432 + initialDelaySeconds: 5 + periodSeconds: 10 + + volumes: + - name: config + configMap: + name: pgbouncer-config + - name: users + secret: + secretName: pgbouncer-users + - name: tls + secret: + secretName: pgbouncer-tls + +--- +apiVersion: v1 +kind: Service +metadata: + name: pgbouncer-service + namespace: pgbouncer +spec: + selector: + app: pgbouncer + ports: + - name: pgbouncer_port + port: 6432 + targetPort: 6432 + protocol: TCP +