public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

bump pooler image with pgBouncer 1.17.0 and auth_type md5 (#1837) 

* bump pooler image with pgBouncer 1.17.0 and auth_type md5

* add docs about scram hasher

* only one yaml
This commit is contained in:
Felix Kunde 2022-04-05 11:08:30 +02:00 committed by GitHub
parent 7ac9c2a98e
commit 43e18052c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/postgres-operator/crds/operatorconfigurations.yaml
View File

@ -588,7 +588,7 @@ spec:
default: "pooler" default: "pooler"
connection_pooler_image: connection_pooler_image:
type: string type: string
default: "registry.opensource.zalan.do/acid/pgbouncer:master-19" default: "registry.opensource.zalan.do/acid/pgbouncer:master-22"
connection_pooler_max_db_connections: connection_pooler_max_db_connections:
type: integer type: integer
default: 60 default: 60

2
charts/postgres-operator/values.yaml
View File

@ -381,7 +381,7 @@ configConnectionPooler:
# db user for pooler to use # db user for pooler to use
connection_pooler_user: "pooler" connection_pooler_user: "pooler"
# docker image # docker image
connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-19" connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-22"
# max db connections the pooler should hold # max db connections the pooler should hold
connection_pooler_max_db_connections: 60 connection_pooler_max_db_connections: 60
# default pooling mode # default pooling mode

26
docs/user.md
View File

@ -83,9 +83,9 @@ kubectl port-forward $PGMASTER 6432:5432 -n default
``` ```
Open another CLI and connect to the database using e.g. the psql client. Open another CLI and connect to the database using e.g. the psql client.
When connecting with the `postgres` user read its password from the K8s secret When connecting with a manifest role like `foo_user` user, read its password
which was generated when creating the `acid-minimal-cluster`. As non-encrypted from the K8s secret which was generated when creating `acid-minimal-cluster`.
connections are rejected by default set the SSL mode to `require`: As non-encrypted connections are rejected by default set SSL mode to `require`:
```bash ```bash
export PGPASSWORD=$(kubectl get secret postgres.acid-minimal-cluster.credentials.postgresql.acid.zalan.do -o 'jsonpath={.data.password}' | base64 -d) export PGPASSWORD=$(kubectl get secret postgres.acid-minimal-cluster.credentials.postgresql.acid.zalan.do -o 'jsonpath={.data.password}' | base64 -d)
@ -93,6 +93,26 @@ export PGSSLMODE=require
psql -U postgres -h localhost -p 6432 psql -U postgres -h localhost -p 6432
``` ```
## Password encryption
Passwords are encrypted with `md5` hash generation by default. However, it is
possible to use the more recent `scram-sha-256` method by changing the
`password_encryption` parameter in the Postgres config. You can define it
directly from the cluster manifest:
```yaml
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: acid-minimal-cluster
spec:
[...]
postgresql:
version: "14"
parameters:
password_encryption: scram-sha-256
```
## Defining database roles in the operator ## Defining database roles in the operator
Postgres Operator allows defining roles to be created in the resulting database Postgres Operator allows defining roles to be created in the resulting database

2
manifests/configmap.yaml
View File

@ -17,7 +17,7 @@ data:
# connection_pooler_default_cpu_request: "500m" # connection_pooler_default_cpu_request: "500m"
# connection_pooler_default_memory_limit: 100Mi # connection_pooler_default_memory_limit: 100Mi
# connection_pooler_default_memory_request: 100Mi # connection_pooler_default_memory_request: 100Mi
connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-19" connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-22"
# connection_pooler_max_db_connections: 60 # connection_pooler_max_db_connections: 60
# connection_pooler_mode: "transaction" # connection_pooler_mode: "transaction"
# connection_pooler_number_of_instances: 2 # connection_pooler_number_of_instances: 2

2
manifests/minimal-fake-pooler-deployment.yaml
View File

@ -23,7 +23,7 @@ spec:
serviceAccountName: postgres-operator serviceAccountName: postgres-operator
containers: containers:
- name: postgres-operator - name: postgres-operator
image: registry.opensource.zalan.do/acid/pgbouncer:master-19 image: registry.opensource.zalan.do/acid/pgbouncer:master-22
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: resources:
requests: requests:

2
manifests/operatorconfiguration.crd.yaml
View File

@ -586,7 +586,7 @@ spec:
default: "pooler" default: "pooler"
connection_pooler_image: connection_pooler_image:
type: string type: string
default: "registry.opensource.zalan.do/acid/pgbouncer:master-19" default: "registry.opensource.zalan.do/acid/pgbouncer:master-22"
connection_pooler_max_db_connections: connection_pooler_max_db_connections:
type: integer type: integer
default: 60 default: 60

2
manifests/postgresql-operator-default-configuration.yaml
View File

@ -187,7 +187,7 @@ configuration:
connection_pooler_default_cpu_request: "500m" connection_pooler_default_cpu_request: "500m"
connection_pooler_default_memory_limit: 100Mi connection_pooler_default_memory_limit: 100Mi
connection_pooler_default_memory_request: 100Mi connection_pooler_default_memory_request: 100Mi
connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-19" connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-22"
# connection_pooler_max_db_connections: 60 # connection_pooler_max_db_connections: 60
connection_pooler_mode: "transaction" connection_pooler_mode: "transaction"
connection_pooler_number_of_instances: 2 connection_pooler_number_of_instances: 2