confdroid/confdroid_pgbouncer
1
0
Fork 0
Code Issues Packages Projects Wiki Activity

OP#496 add config example and update Readme

Browse Source
This commit is contained in:
Arne Teuke
2026-03-14 18:32:43 +01:00
parent bc8c2ed89f
commit 4904e75e75
2 changed files with 156 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -6,6 +6,7 @@
- [README](#readme)
- [Purpose](#purpose)
- [Download](#download)
- [Configuration](#configuration)
- [Contact Us](#contact-us)
## Purpose
@@ -18,7 +19,13 @@
[confdroid_pgbouncer:latest](https://sourcecode.confdroid.com/confdroid/-/packages/container/confdroid_pgbouncer/latest)
## Configuration
The container takes its configuration via config map and secrets.
- see [example config](docs/example_config.yaml)
## Contact Us
- [contact form](https://confdroid.com/contact/)
- [feedback portal](https://feedback.confdroid.com/)
- [feedback portal](https://feedback.confdroid.com/)

148
docs/example_config.yaml Normal file
View File

@@ -0,0 +1,148 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: pgbouncer
---
apiVersion: v1
kind: Secret
metadata:
name: pgbouncer-users
namespace: pgbouncer
type: Opaque
stringData:
userlist.txt: |
"example_user "md535412bdc28167fbcdcef2c25bafd2f21"
---
apiVersion: v1
kind: Secret
metadata:
name: pgbouncer-tls
namespace: pgbouncer
type: Opaque
data:
data:
ca.crt: <encrypted cert>
client.crt: <encrypted cert>
client.key: <encrypted key>
server.crt: <encrypted cert>
server.key: <encrypted key>
---
apiVersion: v1
kind: ConfigMap
metadata:
name: pgbouncer-config
namespace: pgbouncer
data:
pgbouncer.ini: |
[pgbouncer]
listen_addr = 0.0.0.0
listen_port = 6432
auth_type = md5
auth_file = /etc/pgbouncer/userlist.txt
# admin_users = admin
pool_mode = transaction
max_client_conn = 100
default_pool_size = 20
ignore_startup_parameters = extra_float_digits
log_connections = 1
log_disconnections = 1
log_pooler_errors = 1
log_stats = 1
verbose = 0
pidfile = /var/run/pgbouncer/pgbouncer.pid
# TLS backend: PgBouncer → PostgreSQL
server_tls_sslmode = verify-ca
server_tls_ca_file = /etc/pgbouncer/tls/ca.crt
server_tls_cert_file = /etc/pgbouncer/tls/client.crt
server_tls_key_file = /etc/pgbouncer/tls/client.key
server_tls_protocols = secure
# TLS frontend
client_tls_sslmode = require
client_tls_key_file = /etc/pgbouncer/tls/server.key
client_tls_cert_file = /etc/pgbouncer/tls/server.crt
client_tls_ca_file = /etc/pgbouncer/tls/ca.crt
client_tls_protocols = secure
[databases]
<example_db> = host=<example_host> port=5432 pool_mode=session dbname=<example_db> auth_user="<example_user>"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgbouncer-deployment
namespace: pgbouncer
spec:
replicas: 2
selector:
matchLabels:
app: pgbouncer
template:
metadata:
labels:
app: pgbouncer
spec:
containers:
- name: pgbouncer
image: sourcecode.confdroid.com/confdroid/confdroid_pgbouncer:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 6432
volumeMounts:
- name: config
mountPath: /etc/pgbouncer/pgbouncer.ini
subPath: pgbouncer.ini
readOnly: true
- name: users
mountPath: /etc/pgbouncer/userlist.txt
subPath: userlist.txt
readOnly: true
- name: tls
mountPath: /etc/pgbouncer/tls
readOnly: true
livenessProbe:
tcpSocket:
port: 6432
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 6432
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: config
configMap:
name: pgbouncer-config
- name: users
secret:
secretName: pgbouncer-users
- name: tls
secret:
secretName: pgbouncer-tls
---
apiVersion: v1
kind: Service
metadata:
name: pgbouncer-service
namespace: pgbouncer
spec:
selector:
app: pgbouncer
ports:
- name: pgbouncer_port
port: 6432
targetPort: 6432
protocol: TCP