From d5026ac74873cacc632c92eaecb3c1d9bfda53a7 Mon Sep 17 00:00:00 2001
From: William P <me@williamtpeebles.com>
Date: Thu, 13 Nov 2025 21:05:10 -0500
Subject: [PATCH] postgres: fix pooler config, tested

---
 postgres/config/clusters/main.yaml        |  9 +++++++-
 postgres/config/poolers/authquery.yaml    | 25 +++++++++++++++++++++++
 postgres/config/poolers/pooler-weyma.yaml |  3 +++
 3 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 postgres/config/poolers/authquery.yaml

diff --git a/postgres/config/clusters/main.yaml b/postgres/config/clusters/main.yaml
index 8642ad8..1962d33 100644
--- a/postgres/config/clusters/main.yaml
+++ b/postgres/config/clusters/main.yaml
@@ -59,4 +59,11 @@ spec:
       comment: netmaker
       login: true
       passwordSecret:
-        name: netmaker-auth
\ No newline at end of file
+        name: netmaker-auth
+    - name: pooler
+      ensure: present
+      comment: pooler
+      login: true
+      superuser: true
+      passwordSecret:
+        name: pgbouncer-auth-query
\ No newline at end of file
diff --git a/postgres/config/poolers/authquery.yaml b/postgres/config/poolers/authquery.yaml
new file mode 100644
index 0000000..354f280
--- /dev/null
+++ b/postgres/config/poolers/authquery.yaml
@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: pgbouncer-auth-query
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: pgbouncer_pw
+    secretKey: password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    template:
+      data:
+        username: pooler
+        password: "{{ .password }}"
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: pgbouncer-auth-query
diff --git a/postgres/config/poolers/pooler-weyma.yaml b/postgres/config/poolers/pooler-weyma.yaml
index 7f033ad..c154a9f 100644
--- a/postgres/config/poolers/pooler-weyma.yaml
+++ b/postgres/config/poolers/pooler-weyma.yaml
@@ -9,6 +9,9 @@ spec:
   type: rw
   pgbouncer:
     poolMode: session
+    authQuery: "SELECT usename, passwd FROM pg_shadow WHERE usename=$1"
+    authQuerySecret:
+      name: pgbouncer-auth-query
     parameters:
       max_client_conn: "1000"
       default_pool_size: "10"
\ No newline at end of file