feat(pooler): support custom TLS and CA secrets in PgBouncer spec by leonardoce · Pull Request #8692 · cloudnative-pg/cloudnative-pg
label
Sep 30, 2025
gbartolini
changed the title
feat: add client/server TLS and CA secret fields to PgBouncer spec
feat(pooler): support custom TLS and CA secrets in PgBouncer spec
and removed size:XXL
This PR changes 1000+ lines, ignoring generated files.labels
Oct 9, 2025
This patch extends the Pooler CRD with the following new fields in `.spec.pgbouncer`: - `clientTLSSecret` maps to the `client_tls_key_file` and `client_tls_cert_file` parameters - `clientCASecret` maps to the `client_tls_ca_file` parameter - `serverTLSSecret` maps to the `server_tls_key_file` and `server_tls_cert_file` parameters - `serverCASecret` maps to the `server_ca_file` parameter When specified, these fields take precedence over the automatic TLS configuration that CloudNativePG already generates for PgBouncer. The existing `authQuery` and `authQuerySecret` behavior is preserved for backward compatibility, although `serverTLSSecret` may override it if set. See: cloudnative-pg#8675 Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
… are missing Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters