[Feature]: Allow customisation of authentication-related options in PgBouncer #8673
Description
Is there an existing issue already for this feature request/idea?
- I have searched for an existing issue, and could not find anything. I believe this is a new feature request to be evaluated.
What problem is this feature going to solve? Why should it be added?
Some PgBouncer authentication parameters are currently hard-coded in CloudNativePG and cannot be overridden:
auth_type→ fixed tohbaserver_tls_sslmode→ fixed toverify-caclient_tls_sslmode→ fixed toprefer
This limits flexibility for users needing different authentication behaviours to meet their security, compliance, or application requirements.
See also: #8672
Describe the solution you'd like
Enable customisation of these PgBouncer options, while preserving the current defaults, in the .spec.pgbouncer.parameters section:
auth_type(default:hba)server_tls_sslmode(default:verify-ca)client_tls_sslmode(default:prefer)
The operator would continue to provide sensible defaults, but responsibility for overriding them rests with the user.
Describe alternatives you've considered
N/A
Additional context
N/A
Backport?
No
Are you willing to actively contribute to this feature?
Yes
Code of Conduct
- I agree to follow this project's Code of Conduct