search

zalando / postgres-operator

Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
https://postgres-operator.readthedocs.io/
MIT License
4.32k stars 980 forks source link

Where is the Dockerfile of the pgbouncer image? #1964

Open pierreozoux opened 2 years ago

pierreozoux commented 2 years ago

I plan to use a docker image to have pgbouncer in a cluster, but for something else than postgres-operator, and I was wondering where is the code of the image so that I can reuse it. (Seems like the other option is bitnami or "personal" image, I'd prefer to rely on zalando and its beautiful community!)

Thanks :)

FxKu commented 2 years ago

We haven't yet open sourced the image. It also includes some patches to pgBouncer. Would like to publish, but other topics had a higher priority so far

szelenka commented 2 years ago

I'm running into a similar situation, where it seems there's some custom config applied to the pgbouncer image that expects these lines in the pgbouncer.ini.tmpl file:

stats_users_prefix = robot_

When the open source pgbouncer attempts to start with that in the ini file, it will error out. Any insight into what Spilo is doing with pgbouncer to expect that in the ini file would be welcome!

FactorT commented 2 years ago

+1 for publishing Dockerfile of pgBouncer

francoispqt commented 1 year ago

+1 for publishing the Dockerfile, or at least be transparent on what are the patches to pgbouncer. We want to know what we are running on our system.

andyndang commented 1 year ago

+1 for publishing the docker image. We want to deploy to ARM64 and this is currently blocking us

bwrobc commented 1 year ago

+1 for publishing the Dockerfile and PGBouncer patches, for all the above reasons. It's been about nine months since this issue was opened.

raviranjanelastisys commented 1 year ago

Hi Guys

Any luck on this ? Will really appreciate if you can move it forward.

kaiba42 commented 9 months ago

+1 for Dockerfile and/or patches. Trying to deploy to a cluster running both arm64 and amd64 nodes, and can't set a nodeSelector for the connectionPooler settings in Postgresql custom resource yaml.

tarunmittal24 commented 9 months ago

+1, please upload the dockerfile, needs to update the pgbouncer version and other settings like ssl

raviranjanelastisys commented 9 months ago

Any update here?

dwyanepolinski commented 9 months ago

+1, pgbouncer 1.21 was released with added supprot for prepared statements https://www.pgbouncer.org/2023/10/pgbouncer-1-21-0. The newest version of pgbouncer image is 1.20 and its even unsafe to create own build

wzrdtales commented 8 months ago

This can be reconstructed through the history

ENTRYPOINT ["/bin/sh" "/entrypoint.sh"]
USER pgbouncer:pgbouncer
RUN chown -R pgbouncer:pgbouncer /var/log/pgbouncer /var/run/pgbouncer /etc/pgbouncer /etc/ssl/certs
ADD file:b786bad4b80758c015464593955e6c0bfc6909746c39c0ded33335db3ac5ecaf in ./
ADD file:4f6edf15149a40369c216c4da6706e69f622a1432739e77b3dbaf69d115d403c in /etc/pgbouncer/
ADD file:80e4d3a584326304f10ea949bd4641f3e52a5693c7b950fe7afb40518dfd3475 in /etc/pgbouncer/
COPY file:45132f8b9fc583334b10ac78d68178c82d5d0a2a37d1c08563b92a67be17ffac in /bin/pgbouncer
RUN addgroup -S pgbouncer && adduser -S pgbouncer && mkdir -p /etc/pgbouncer /var/log/pgbouncer /var/run/pgbouncer
WORKDIR /
RUN apk --update add libevent openssl c-ares gettext ca-certificates postgresql-client
COPY zalando-marker / # buildkit
RUN apk update && apk upgrade && rm -rf /var/cache/apk/* /tmp/* # buildkit
CMD ["/bin/sh"]
ADD file:37a76ec18f9887751cd8473744917d08b7431fc4085097bb6a09d81b41775473 in /

ENTRYPOINT ["/bin/sh" "/entrypoint.sh"]
USER pgbouncer:pgbouncer

RUN chown -R pgbouncer:pgbouncer /var/log/pgbouncer /var/run/pgbouncer /etc/pgbouncer /etc/ssl/certs

ADD file:b786bad4b80758c015464593955e6c0bfc6909746c39c0ded33335db3ac5ecaf in ./
ADD file:4f6edf15149a40369c216c4da6706e69f622a1432739e77b3dbaf69d115d403c in /etc/pgbouncer/
ADD file:80e4d3a584326304f10ea949bd4641f3e52a5693c7b950fe7afb40518dfd3475 in /etc/pgbouncer/
COPY file:45132f8b9fc583334b10ac78d68178c82d5d0a2a37d1c08563b92a67be17ffac in /bin/pgbouncer
RUN addgroup -S pgbouncer && adduser -S pgbouncer && mkdir -p /etc/pgbouncer /var/log/pgbouncer /var/run/pgbouncer
WORKDIR /
RUN apk --update add libevent openssl c-ares gettext ca-certificates postgresql-client
COPY zalando-marker / # buildkit
RUN apk update && apk upgrade && rm -rf /var/cache/apk/* /tmp/* # buildkit
CMD ["/bin/sh"]
ADD file:37a76ec18f9887751cd8473744917d08b7431fc4085097bb6a09d81b41775473 in /

So the missing part is actually the compiled pgbouncer binary. So given that, building an image from the latest pgbouncer image should be fine if it is just about adding things to the config.

L1ghtman2k commented 5 months ago

What is the usecase for the robot user? If we put our own pgbouncer image, what would we need to expect to have on it?

mamccorm commented 5 months ago

Hey @FxKu, any updates here? we're hoping to leverage this operator in a secure environment but have concerns around CVEs in the image, as well as there being closed-source modifications to pgbouncer. It also looks like there is potentially another zalando-marker application at play as well.

Can you publish the source for those? I'm guessing they are light patches to make compatible with the operators settings. or alternatively, publish them as archives somewhere that users could re-use to build their own image?

slimm609 commented 2 weeks ago

agreed. This is a major issue of zalando doing closed-source modifications in what is already an open source product and releases it publicly.

marcinpolinski commented 2 weeks ago

Found the solution for this, just don't use postgres-operator from zalando (I switched to cloudnative-pg, way better)