Skip to content

ImagePullSecret for the pooler image #3026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mbuken wants to merge 5 commits into
base: master
Choose a base branch
from
Open

ImagePullSecret for the pooler image #3026

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
46f4756
feat: imagePullSecret functionality
Jan 6, 2026
0350ce9
feat: documentation
mbuken Jan 6, 2026
3313a37
fix: imagePullSecrets in all necessary places
mbuken Jan 12, 2026
fb3e728
Merge remote-tracking branch 'upstream'
mbuken Mar 12, 2026
763b502
chore: update crds after make test
mbuken Mar 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions charts/postgres-operator/crds/postgresqls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,16 @@ spec:
connectionPooler:
type: object
properties:
imagePullSecrets:
type: array
nullable: true
items:
type: object
required:
- name
properties:
name:
type: string
dockerImage:
type: string
maxDBConnections:
Expand Down
3 changes: 3 additions & 0 deletions docs/reference/cluster_manifest.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,9 @@ for both master and replica pooler services (if `enableReplicaConnectionPooler`
User to create for connection pooler to be able to connect to a database.
You can also choose a role from the `users` section or a system user role.

* **imagePullSecrets**
References an existing Kubernetes secret to use when pulling a custom pooler image.

* **dockerImage**
Which docker image to use for connection pooler deployment.

Expand Down
18 changes: 18 additions & 0 deletions manifests/postgresql.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,24 @@ spec:
properties:
dockerImage:
type: string
imagePullSecrets:
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: array
maxDBConnections:
format: int32
type: integer
Expand Down
18 changes: 18 additions & 0 deletions pkg/apis/acid.zalan.do/v1/postgresql.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,24 @@ spec:
properties:
dockerImage:
type: string
imagePullSecrets:
items:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: array
maxDBConnections:
format: int32
type: integer
Expand Down
7 changes: 4 additions & 3 deletions pkg/apis/acid.zalan.do/v1/postgresql_type.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,9 +321,10 @@ type ConnectionPooler struct {
Schema string `json:"schema,omitempty"`
User string `json:"user,omitempty"`
// +kubebuilder:validation:Enum=session;transaction
Mode string `json:"mode,omitempty"`
DockerImage string `json:"dockerImage,omitempty"`
MaxDBConnections *int32 `json:"maxDBConnections,omitempty"`
Mode string `json:"mode,omitempty"`
DockerImage string `json:"dockerImage,omitempty"`
MaxDBConnections *int32 `json:"maxDBConnections,omitempty"`
ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`

*Resources `json:"resources,omitempty"`
}
Expand Down
5 changes: 5 additions & 0 deletions pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions pkg/cluster/connection_pooler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,10 @@ func (c *Cluster) generateConnectionPoolerPodTemplate(role PostgresRole) (
},
}

if len(connectionPoolerSpec.ImagePullSecrets) > 0 {
podTemplate.Spec.ImagePullSecrets = connectionPoolerSpec.ImagePullSecrets
}

nodeAffinity := c.nodeAffinity(c.OpConfig.NodeReadinessLabel, spec.NodeAffinity)
if c.OpConfig.EnablePodAntiAffinity {
labelsSet := labels.Set(c.connectionPoolerLabels(role, false).MatchLabels)
Expand Down