From 8c8ebd2304ea1d8185a2fff85e478e0f168a62bd Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Tue, 21 Apr 2026 16:50:26 +0200 Subject: [PATCH] pass infra roles to auth file via pooler entrypoint --- pkg/cluster/connection_pooler.go | 7 ++++--- pooler/entrypoint.sh | 13 +++++++++++++ pooler/pgbouncer.ini.tmpl | 1 - 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/pkg/cluster/connection_pooler.go b/pkg/cluster/connection_pooler.go index 41251629c..9aa40c638 100644 --- a/pkg/cluster/connection_pooler.go +++ b/pkg/cluster/connection_pooler.go @@ -320,15 +320,16 @@ func (c *Cluster) generateConnectionPoolerPodTemplate(role PostgresRole) ( } envVars = append(envVars, c.getConnectionPoolerEnvVars()...) + // allow infrastructure roles to be added to pgBouncer auth_file infraRolesList := make([]string, 0) - for infraRoleName := range c.InfrastructureRoles { - infraRolesList = append(infraRolesList, infraRoleName) + for infraRoleName, infraRole := range c.InfrastructureRoles { + infraRolesList = append(infraRolesList, fmt.Sprintf("%s %s", infraRoleName, infraRole.Password)) } if len(infraRolesList) > 0 { envVars = append(envVars, v1.EnvVar{ Name: "INFRASTRUCTURE_ROLES", - Value: strings.Join(infraRolesList, ","), + Value: strings.Join(infraRolesList, "\n"), }) } diff --git a/pooler/entrypoint.sh b/pooler/entrypoint.sh index de443dd02..3637849d0 100755 --- a/pooler/entrypoint.sh +++ b/pooler/entrypoint.sh @@ -17,4 +17,17 @@ fi envsubst < /etc/pgbouncer/pgbouncer.ini.tmpl > /etc/pgbouncer/pgbouncer.ini envsubst < /etc/pgbouncer/auth_file.txt.tmpl > /etc/pgbouncer/auth_file.txt +# --- Append Infrastructure Roles --- +if [ -n "${INFRASTRUCTURE_ROLES}" ]; then + # Use a loop to read each line from the multi-line variable + echo "${INFRASTRUCTURE_ROLES}" | while IFS= read -r line; do + # Skip empty lines + [ -z "${line}" ] && continue + + # Append formatted "user" "password" pair to the auth file + # This assumes each line of $INFRASTRUCTURE_ROLES is "user password" + echo "${line}" | awk '{printf "\"%s\" \"%s\"\n", $1, $2}' >> /etc/pgbouncer/auth_file.txt + done +fi + exec /bin/pgbouncer /etc/pgbouncer/pgbouncer.ini diff --git a/pooler/pgbouncer.ini.tmpl b/pooler/pgbouncer.ini.tmpl index 9b3c509d8..3596efca6 100644 --- a/pooler/pgbouncer.ini.tmpl +++ b/pooler/pgbouncer.ini.tmpl @@ -9,7 +9,6 @@ pool_mode = $CONNECTION_POOLER_MODE listen_port = $CONNECTION_POOLER_PORT listen_addr = * admin_users = $PGUSER -stats_users = $INFRASTRUCTURE_ROLES auth_dbname = postgres auth_file = /etc/pgbouncer/auth_file.txt auth_query = SELECT * FROM $PGSCHEMA.user_lookup($1)