fix: complete first round of testing

chart/templates/_helpers.tpl

@@ -108,4 +108,12 @@ Generate the secrets.cipher value
       {{- fail "Expected kratos.config.secrets.cipher to be a list of strings" -}}
     {{- end -}}
   {{- end -}}
-{{- end -}}
+{{- end -}}
+
+{{- define "incident-commander.connectionPooler.secretKeyRef" -}}
+{{- if .Values.db.connectionPooler.secretKeyRef -}}
+  {{- printf "%s" .Values.db.connectionPooler.secretKeyRef -}}
+{{- else -}}
+  {{- printf "%s-pgbouncer-config" (include "incident-commander.name" .) -}}
+{{- end -}}
+{{- end }}

chart/templates/deployment.yaml

@@ -37,7 +37,7 @@ spec:
             - name: DB_URL
               valueFrom:
                 secretKeyRef:
-                  name: {{ if .Values.db.connectionPooler.enabled }}{{ include "incident-commander.name" . }}-pgbouncer{{ else }}{{ .Values.db.secretKeyRef.name }}{{ end }}
+                  name: {{ if .Values.db.connectionPooler.enabled }}{{ include "incident-commander.connectionPooler.secretKeyRef" . }}{{ else }}{{ .Values.db.secretKeyRef.name }}{{ end }}
                   key: {{ .Values.db.secretKeyRef.key }}
             - name: PGRST_JWT_SECRET
               valueFrom:

chart/templates/pgbouncer.yaml

@@ -70,6 +70,14 @@ spec:
             secretKeyRef:
               name: {{ .Values.db.secretKeyRef.name }}
               key: POSTGRES_PORT
+        volumeMounts:
+          - name: configfiles
+            mountPath: "/etc/pgbouncer"
+            readOnly: true 
+      volumes:
+        - name: configfiles
+          secret:
+            secretName: {{ include "incident-commander.connectionPooler.secretKeyRef" . }}
 {{ .Values.db.connectionPooler.extraContainers | indent 6 }}
 ---
 {{- end }}

chart/templates/postgrest.yaml

@@ -27,7 +27,7 @@ spec:
             - name: PGRST_DB_URI
               valueFrom:
                 secretKeyRef:
-                  name: {{ if .Values.db.connectionPooler.enabled }}{{ include "incident-commander.name" . }}-pgbouncer{{ else }}{{ .Values.db.secretKeyRef.name }}{{ end }}
+                  name: {{ if .Values.db.connectionPooler.enabled }}{{ include "incident-commander.connectionPooler.secretKeyRef" . }}{{ else }}{{ .Values.db.secretKeyRef.name }}{{ end }}
                   key: {{ .Values.db.secretKeyRef.key }}
             - name: PGRST_JWT_SECRET
               valueFrom:

chart/templates/secrets.yaml

@@ -27,9 +27,7 @@
 {{- $pgrstJWTSecret :=  (( get $jwtSecretData .Values.db.jwtSecretKeyRef.key) | b64dec ) | default (( get $injData "PGRST_JWT_SECRET") | b64dec ) | default ( randAlphaNum 32 ) }}
 
 {{- $kratosSecret := ((lookup "v1" "Secret" .Release.Namespace (include "kratos-im.secretname" .)).data | default dict) -}}
-{{- $pgbounceruser :=  (( get $secretData "PGBOUNCER_USER" ) | b64dec ) | default "pgbouncer" }}
-{{- $pgbouncerpassword :=  (( get $injData "PGBOUNCER_PASSWORD") | b64dec ) | default (( get $secretData "PGBOUNCER_PASSWORD") | b64dec ) | default ( randAlphaNum 32 )  }}
-{{- $kratosDSN := (print "postgres://" (ternary $pgbounceruser $user .Values.db.connectionPooler.enabled) ":" (ternary $pgbouncerpassword $password .Values.db.connectionPooler.enabled) "@" $host "/" $database) -}}
+{{- $kratosDSN := (print "postgres://" $user ":" $password "@" $host "/" $database) -}}
 
 # Change kratos DSN to generated DB_URL
 ---
@@ -76,11 +74,10 @@ type: Opaque
 stringData:
   PGRST_JWT_SECRET: {{ $pgrstJWTSecret | quote }}
 ---
-{{- $pgConfig := dict "pgbounceruser" $pgbounceruser "pgbouncerpassword" $pgbouncerpassword "pguser" $user "pgpassword" $password "database" $database "pgHost" $postgresHost "pgPort" $postgresPort -}}
+{{- $pgConfig := dict "pguser" $user "pgpassword" $password "database" $database "pgHost" $postgresHost "pgPort" $postgresPort -}}
 
 {{- define "userlistConfig" -}}
 "{{ .pguser }}" "{{ .pgpassword }}"
-"{{ .pgbounceruser }}" "{{ .pgbouncerpassword }}"
 {{- end -}}
 
 {{- define "pgbouncerConfig" -}}
@@ -91,20 +88,19 @@ stringData:
 listen_addr = 0.0.0.0
 listen_port = 5432
 unix_socket_dir =
-user = {{ .pguser }}
+auth_user = {{ .pguser }}
 auth_file = /etc/pgbouncer/userlist.txt
 auth_type = md5
 pool_mode = transaction
 max_client_conn = 100
 ignore_startup_parameters = extra_float_digits
-admin_users = {{ .pguser }}
 {{- end -}}
 
 {{- if .Values.db.connectionPooler.enabled  }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: pgbouncer-config
+  name: {{ include "incident-commander.name" . }}-pgbouncer-config
 type: Opaque
 data:
   pgbouncer.ini: {{ include "pgbouncerConfig" $pgConfig | b64enc }}
@@ -113,13 +109,9 @@ data:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "incident-commander.name" . }}-pgbouncer
+  name: {{ include "incident-commander.connectionPooler.secretKeyRef" . }}
 type: Opaque
 stringData:
-  PGBOUNCER_USER: {{ $pgbounceruser | quote }}
-  PGBOUNCER_PASSWORD: {{ $pgbouncerpassword | quote }}
-  SSLMODE: {{ $sslmode | quote }}
-  DB_URL:  {{ (print "postgres://" $pgbounceruser ":" $pgbouncerpassword "@" $host "/" $database "?sslmode=" $sslmode ) | quote }}
-  DATABASE: {{ $database | quote }}
+  DB_URL:  {{ (print "postgres://" $user ":" $password "@" $host "/" $database "?sslmode=" $sslmode ) | quote }}
 ---
 {{- end -}}

chart/values.yaml

@@ -93,7 +93,8 @@ db:
     name: incident-commander-postgrest-jwt
     key: PGRST_JWT_SECRET
   connectionPooler:
-    enabled: false
+    enabled: true
+    secretKeyRef: "MYpgbouncer"
     serviceAccount:
       annotations: {}
     extraContainers: ""
@@ -122,6 +123,7 @@ canary-checker:
     runMigrations: false
     connectionPooler:
       enabled: false
+      #secretKeyRef: ""
     external:
       enabled: true
       create: false
@@ -139,6 +141,7 @@ config-db:
       persist: false
     connectionPooler:
       enabled: false
+      # secretKeyRef: ""
     external:
       enabled: true
       secretKeyRef: