feat: enable connection pooling by mkm29 · Pull Request #188 · uds-packages/postgres-operator

mkm29 · 2026-04-22T21:30:58Z

Description

Enable connection pooling, required 2 changes:

Use zalando pgBouncer image (CNPG image is not compatible with Zalando)
Add enableConnectionPooler and enableReplicaConnectionPooler to allowlist of values to pass through to upstream chart in postgres-minimal.yaml

Type of change

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Other (security config, docs update, etc)

Checklist before merging

Test, docs, adr added or updated as needed
Contributor Guide Steps followed

…able for CR)

github-actions · 2026-04-22T21:34:51Z

Full scan comparison results are too large to post as a comment. Link to full results artifact: Results
Summarized results are below:

`quay.io/rfcurated/zalando/spilo-17:4.0-p3-jammy-fips-rfcurated` -> `cgr.dev/defenseunicorns.com/spilo-17:4.1.2`

New vulnerabilities: 20
Fixed vulnerabilities: 84
Existing vulnerabilities: 0

cgr.dev/defenseunicorns.com/prometheus-postgres-exporter

cgr.dev/defenseunicorns.com/prometheus-postgres-exporter `0.19.1` -> `0.19.1`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 0

`quay.io/rfcurated/zalando/postgres-operator:1.15-jammy-scratch-fips-rfcurated` -> `cgr.dev/defenseunicorns.com/postgres-operator:1.15.1`

New vulnerabilities: 0
Fixed vulnerabilities: 14
Existing vulnerabilities: 0

quay.io/rfcurated/zalando/postgres-operator/logical-backup

quay.io/rfcurated/zalando/postgres-operator/logical-backup `1.15-jammy-scratch-fips-rfcurated` -> `1.15-jammy-scratch-fips-rfcurated`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 12

`quay.io/rfcurated/zalando/pgbouncer:32-jammy-rfcurated` -> `cgr.dev/defenseunicorns.com/pgbouncer:1.25.1`

New vulnerabilities: 4
Fixed vulnerabilities: 8
Existing vulnerabilities: 0

registry1.dso.mil/ironbank/opensource/zalando/postgres-operator

registry1.dso.mil/ironbank/opensource/zalando/postgres-operator `v1.15.0` -> `v1.15.0`

New vulnerabilities: 0
Fixed vulnerabilities: 3
Existing vulnerabilities: 231

registry1.dso.mil/ironbank/opensource/zalando/logical-backup

registry1.dso.mil/ironbank/opensource/zalando/logical-backup `v1.15.1` -> `v1.15.1`

New vulnerabilities: 0
Fixed vulnerabilities: 11
Existing vulnerabilities: 297

registry1.dso.mil/ironbank/opensource/zalando/pgbouncer

registry1.dso.mil/ironbank/opensource/zalando/pgbouncer `1.25.1` -> `1.25.1`

New vulnerabilities: 0
Fixed vulnerabilities: 6
Existing vulnerabilities: 269

ghcr.io/zalando/spilo-17

ghcr.io/zalando/spilo-17 `4.0-p3` -> `4.0-p3`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 702

registry1.dso.mil/ironbank/opensource/prometheus/postgres-exporter

registry1.dso.mil/ironbank/opensource/prometheus/postgres-exporter `v0.19.1` -> `v0.19.1`

New vulnerabilities: 0
Fixed vulnerabilities: 3
Existing vulnerabilities: 219

ghcr.io/zalando/postgres-operator/logical-backup

ghcr.io/zalando/postgres-operator/logical-backup `v1.15.1` -> `v1.15.1`

New vulnerabilities: 25
Fixed vulnerabilities: 25
Existing vulnerabilities: 569

`ghcr.io/cloudnative-pg/pgbouncer:1.24.1-23` -> `registry.opensource.zalan.do/acid/pgbouncer:master-32`

New vulnerabilities: 91
Fixed vulnerabilities: 345
Existing vulnerabilities: 0

ghcr.io/zalando/spilo-17

ghcr.io/zalando/spilo-17 `4.0-p3` -> `4.0-p3`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 702

quay.io/prometheuscommunity/postgres-exporter

quay.io/prometheuscommunity/postgres-exporter `v0.19.1` -> `v0.19.1`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 26

ghcr.io/zalando/postgres-operator

ghcr.io/zalando/postgres-operator `v1.15.1` -> `v1.15.1`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 90

generated with uds-pk scan compare

zachariahmiller

Proposed update makes sense. Requesting a couple changes and test/docs updates.

…-package.*.yaml templates accordingly

…$probe$ instead; updated zarf tools wait-for with new zarf tools wait-for resource

…uild image

…adding registry1 patch to pooler

…eat/enable-connection-pooling

…ilar to that needed for registry1 Signed-off-by: Mitch Murphy <mitchell.murphy@defenseunicorns.com>

…avor) Signed-off-by: Mitch Murphy <mitchell.murphy@defenseunicorns.com>

Signed-off-by: Mitch Murphy <mitchell.murphy@defenseunicorns.com>

…e and refining deployment actions

… from values

…able for CR)

Signed-off-by: Mitch Murphy <mitchell.murphy@defenseunicorns.com>

mkm29 added 3 commits April 22, 2026 17:26

feat: enable connection pooling (use correct image, pass through vari…

5158bc9

…able for CR)

feat: enable connection pooling (use correct image, pass through vari…

bf0a5c8

…able for CR)

Merge branch 'main' into feat/enable-connection-pooling

f6aad8d

mkm29 requested review from a team as code owners April 22, 2026 21:30

fix: accidentally removed uds-config.yaml file

4362398

mkm29 closed this Apr 22, 2026

mkm29 reopened this Apr 22, 2026

zachariahmiller requested changes Apr 23, 2026

View reviewed changes

Comment thread chart/templates/postgres-minimal.yaml Outdated

Comment thread chart/templates/postgres-minimal.yaml Outdated

Comment thread chart/templates/postgres-minimal.yaml Outdated

feat: enhance connection pooling configuration and update task options

a4b1d2b

codyshoffner reviewed Apr 23, 2026

View reviewed changes

Comment thread tasks.yaml Outdated

mkm29 and others added 2 commits April 23, 2026 14:25

fix: removed setting flavor in tasks.yaml file

b6619fd

Merge branch 'main' into feat/enable-connection-pooling

b3e007c

mkm29 marked this pull request as draft April 23, 2026 18:58

mkm29 added 8 commits April 23, 2026 16:20

feat: added _helpers.tpl for setting proper netpols; updated both uds…

634a689

…-package.*.yaml templates accordingly

feat: added minimal connectionPooler dict in uds-bundle.yaml

f00007f

feat: add pooler tests to postgres-test package

2c643cd

fix: k8s substitute double $ with single $ which is invalid SQL, use …

e8f4da8

…$probe$ instead; updated zarf tools wait-for with new zarf tools wait-for resource

docs: add connection pooling section to configuration.md doc

cbb3287

feat: add shim to make IB pgbouncer image work without needing to reb…

25ab4f4

…uild image

fix: resolved linting issues in registry1-pooler-patch.yaml task

ee6aba6

docs: add section to configuration.md document justifying reason for …

d1a4165

…adding registry1 patch to pooler

mkm29 marked this pull request as ready for review April 24, 2026 21:50

chore: update images to cgr

2cc0316

colinlodter requested review from codyshoffner and zachariahmiller May 8, 2026 01:18

colinlodter reviewed May 8, 2026

View reviewed changes

Comment thread zarf.yaml Outdated

Merge branch 'main' into chore/swap-to-cgr-images

234d371

codyshoffner and others added 4 commits May 14, 2026 10:13

chore: swap rf images for cgr

b5e05f1

Merge remote-tracking branch 'origin/chore/swap-to-cgr-images' into f…

a5547af

…eat/enable-connection-pooling

chore: update workflows and tasks to use uds-common v1.24.10

89fb977

feat(cgr): add unicorn flavor; create pooler patch for chainguard sim…

8301447

…ilar to that needed for registry1 Signed-off-by: Mitch Murphy <mitchell.murphy@defenseunicorns.com>

mkm29 force-pushed the feat/enable-connection-pooling branch from a53cfaa to 8301447 Compare May 14, 2026 18:14

chore: removed --set=unicorn from tasks.yaml (used to test unicorn fl…

53eabf5

…avor) Signed-off-by: Mitch Murphy <mitchell.murphy@defenseunicorns.com>

mkm29 force-pushed the feat/enable-connection-pooling branch from 815c158 to 53eabf5 Compare May 14, 2026 18:19

mkm29 added 6 commits May 14, 2026 15:14

docs: create documentation for unicorn patch

ff3c27f

Signed-off-by: Mitch Murphy <mitchell.murphy@defenseunicorns.com>

feat(zarf): enable connection pooling by updating cluster architectur…

4edb702

…e and refining deployment actions

fix(pooler): removed hasKey test for connectionPooler and use default…

203bf5a

… from values

feat: enable connection pooling (use correct image, pass through vari…

880dec3

…able for CR)

Merge branch 'main' into feat/enable-connection-pooling

ba7f02c

fix(lint): add empty line to end of uds-config.yaml

3f1b297

Signed-off-by: Mitch Murphy <mitchell.murphy@defenseunicorns.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: enable connection pooling#188

feat: enable connection pooling#188
mkm29 wants to merge 28 commits into
mainfrom
feat/enable-connection-pooling

mkm29 commented Apr 22, 2026

Uh oh!

github-actions Bot commented Apr 22, 2026 •

edited

Loading

Uh oh!

zachariahmiller left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

mkm29 commented Apr 22, 2026

Description

Type of change

Checklist before merging

Uh oh!

github-actions Bot commented Apr 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

quay.io/rfcurated/zalando/spilo-17:4.0-p3-jammy-fips-rfcurated -> cgr.dev/defenseunicorns.com/spilo-17:4.1.2

cgr.dev/defenseunicorns.com/prometheus-postgres-exporter 0.19.1 -> 0.19.1

quay.io/rfcurated/zalando/postgres-operator:1.15-jammy-scratch-fips-rfcurated -> cgr.dev/defenseunicorns.com/postgres-operator:1.15.1

quay.io/rfcurated/zalando/postgres-operator/logical-backup 1.15-jammy-scratch-fips-rfcurated -> 1.15-jammy-scratch-fips-rfcurated

quay.io/rfcurated/zalando/pgbouncer:32-jammy-rfcurated -> cgr.dev/defenseunicorns.com/pgbouncer:1.25.1

registry1.dso.mil/ironbank/opensource/zalando/postgres-operator v1.15.0 -> v1.15.0

registry1.dso.mil/ironbank/opensource/zalando/logical-backup v1.15.1 -> v1.15.1

registry1.dso.mil/ironbank/opensource/zalando/pgbouncer 1.25.1 -> 1.25.1

ghcr.io/zalando/spilo-17 4.0-p3 -> 4.0-p3

registry1.dso.mil/ironbank/opensource/prometheus/postgres-exporter v0.19.1 -> v0.19.1

ghcr.io/zalando/postgres-operator/logical-backup v1.15.1 -> v1.15.1

ghcr.io/cloudnative-pg/pgbouncer:1.24.1-23 -> registry.opensource.zalan.do/acid/pgbouncer:master-32

ghcr.io/zalando/spilo-17 4.0-p3 -> 4.0-p3

quay.io/prometheuscommunity/postgres-exporter v0.19.1 -> v0.19.1

ghcr.io/zalando/postgres-operator v1.15.1 -> v1.15.1

Uh oh!

zachariahmiller left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

github-actions Bot commented Apr 22, 2026 •

edited

Loading

`quay.io/rfcurated/zalando/spilo-17:4.0-p3-jammy-fips-rfcurated` -> `cgr.dev/defenseunicorns.com/spilo-17:4.1.2`

cgr.dev/defenseunicorns.com/prometheus-postgres-exporter `0.19.1` -> `0.19.1`

`quay.io/rfcurated/zalando/postgres-operator:1.15-jammy-scratch-fips-rfcurated` -> `cgr.dev/defenseunicorns.com/postgres-operator:1.15.1`

quay.io/rfcurated/zalando/postgres-operator/logical-backup `1.15-jammy-scratch-fips-rfcurated` -> `1.15-jammy-scratch-fips-rfcurated`

`quay.io/rfcurated/zalando/pgbouncer:32-jammy-rfcurated` -> `cgr.dev/defenseunicorns.com/pgbouncer:1.25.1`

registry1.dso.mil/ironbank/opensource/zalando/postgres-operator `v1.15.0` -> `v1.15.0`

registry1.dso.mil/ironbank/opensource/zalando/logical-backup `v1.15.1` -> `v1.15.1`

registry1.dso.mil/ironbank/opensource/zalando/pgbouncer `1.25.1` -> `1.25.1`

ghcr.io/zalando/spilo-17 `4.0-p3` -> `4.0-p3`

registry1.dso.mil/ironbank/opensource/prometheus/postgres-exporter `v0.19.1` -> `v0.19.1`

ghcr.io/zalando/postgres-operator/logical-backup `v1.15.1` -> `v1.15.1`

`ghcr.io/cloudnative-pg/pgbouncer:1.24.1-23` -> `registry.opensource.zalan.do/acid/pgbouncer:master-32`

ghcr.io/zalando/spilo-17 `4.0-p3` -> `4.0-p3`

quay.io/prometheuscommunity/postgres-exporter `v0.19.1` -> `v0.19.1`

ghcr.io/zalando/postgres-operator `v1.15.1` -> `v1.15.1`