operator allow to create cluster with TLS disabled but pooler - not

[baznikin]

Operator allow to create cluster without enforced secure connections, but bundled pgBouncer enforce it.

• Which image of the operator are you using? e.g. registry.opensource.zalan.do/acid/postgres-operator:v1.11.0
• Where do you run it - cloud or metal? Kubernetes or OpenShift? [DigitalOcean K8s]
• Are you running Postgres Operator in production? yes
• Type of issue? Bug report

We set ALLOW_NOSSL: "true" for our clusters via ConfigMap and now we want to use connection pooler. However it is enforce secure connections:

server_tls_sslmode = require
server_tls_ca_file = /etc/ssl/certs/pgbouncer.crt
server_tls_protocols = secure
client_tls_sslmode = require

Please, make it configurable or allow insecure connections with looser restrictions:

server_tls_sslmode = prefer
client_tls_sslmode = prefer

It is backward compatible with existent configurations and do not harm anyone

[vadimsabynich-flant]

Hello! This is really useful settings for configuration application's connection to pgbouncer much fluently.

[kamenskiyyyy]

I fixed this using a custom docker image

FROM registry.opensource.zalan.do/acid/pgbouncer:master-32

RUN sed -i '/#/!s/\(server_tls_sslmode[[:space:]]*=[[:space:]]*\)\(.*\)/\1prefer/' /etc/pgbouncer/pgbouncer.ini.tmpl
RUN sed -i '/#/!s/\(client_tls_sslmode[[:space:]]*=[[:space:]]*\)\(.*\)/\1prefer/' /etc/pgbouncer/pgbouncer.ini.tmpl

values.yaml

configConnectionPooler:
  connection_pooler_image: registry.local/pgbouncer:master-32.2