Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

operator allow to create cluster with TLS disabled but pooler - not #2620

Open
baznikin opened this issue Apr 23, 2024 · 0 comments
Open

operator allow to create cluster with TLS disabled but pooler - not #2620

baznikin opened this issue Apr 23, 2024 · 0 comments

Comments

@baznikin
Copy link

baznikin commented Apr 23, 2024
edited

Operator allow to create cluster without enforced secure connections, but bundled pgBouncer enforce it.

  • Which image of the operator are you using? e.g. registry.opensource.zalan.do/acid/postgres-operator:v1.11.0
  • Where do you run it - cloud or metal? Kubernetes or OpenShift? [DigitalOcean K8s]
  • Are you running Postgres Operator in production? yes
  • Type of issue? Bug report

We set ALLOW_NOSSL: "true" for our clusters via ConfigMap and now we want to use connection pooler. However it is enforce secure connections:

server_tls_sslmode = require
server_tls_ca_file = /etc/ssl/certs/pgbouncer.crt
server_tls_protocols = secure
client_tls_sslmode = require

Please, make it configurable or allow insecure connections with looser restrictions:

server_tls_sslmode = prefer
client_tls_sslmode = prefer

It is backward compatible with existent configurations and do not harm anyone
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@baznikin