Skip to content

docs(pgbouncer): add credentialsFromExistingSecret usage to Kubernete… #7037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
germangarces merged 1 commit into from
Mar 25, 2026
Merged

docs(pgbouncer): add credentialsFromExistingSecret usage to Kubernete… #7037

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 20 additions & 1 deletion docs/docs/deployment-self-hosting/hosting-guides/kubernetes-openshift.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -343,7 +343,24 @@ api:

### PgBouncer

By default, Flagsmith connects directly to the database - either in-cluster or external. You can enable PgBouncer with `pgbouncer.enabled: true` to have Flagsmith connect to PgBouncer, and zPgBouncer connect to the database.
By default, Flagsmith connects directly to the database - either in-cluster or external. You can enable PgBouncer with `pgbouncer.enabled: true` to have Flagsmith connect to PgBouncer, and PgBouncer connect to the database.

If you use `databaseExternal.urlFromExistingSecret` to provide the database URL from a pre-existing Kubernetes secret, you must also provide PgBouncer's credentials via a separate existing secret using `pgbouncer.credentialsFromExistingSecret`. This is because Helm cannot read secret values at template time to parse the database URL into PgBouncer's required components.

```yaml
pgbouncer:
enabled: true
credentialsFromExistingSecret:
enabled: true
name: my-pgbouncer-credentials # must contain POSTGRESQL_HOST, POSTGRESQL_DATABASE, POSTGRESQL_USER, POSTGRESQL_PASSWORD

databaseExternal:
enabled: true
urlFromExistingSecret:
enabled: true
name: my-db-url-secret # DATABASE_URL pointing through PgBouncer
key: DATABASE_URL
```

### All-in-one Docker image

Expand Down Expand Up @@ -505,6 +522,8 @@ The following table lists the configurable parameters of the chart and their def
| `influxdbExternal.tokenFromExistingSecret.enabled` | Use reference to a k8s secret not managed by this chart | `false` |
| `influxdbExternal.tokenFromExistingSecret.name` | Referenced secret name | |
| `influxdbExternal.tokenFromExistingSecret.key` | Key within the referenced secret to use | |
| `pgbouncer.credentialsFromExistingSecret.enabled` | Use an existing secret for PgBouncer credentials instead of generating one. The secret must contain keys: `POSTGRESQL_HOST`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`. | `false` |
| `pgbouncer.credentialsFromExistingSecret.name` | Name of the existing secret containing PgBouncer credentials. | |
| `pgbouncer.enabled` | | `false` |
| `pgbouncer.image.repository` | | `bitnami/pgbouncer` |
| `pgbouncer.image.tag` | | `1.16.0` |
Expand Down
Loading