Add CERN pgbouncer chart support
PGBouncer is currently bundled as part of omnibus-gitlab EE. To help achieve parity, we should have a supported configuration of PGBouncer in the charts.
Potential solution could be pgbouncer chart from CERN: https://gitlab.cern.ch:8443/pgbouncer/pgbouncer-helm-chart
We have attempted some work in !2973 (closed) which highlighted further refinements needed ( in particular, see !2973 (comment 1872161590) ):
PGBouncer container
- Consumes PG 13, and we currently expect 14+. Out of the box, this chart is 15. This would need updated.
- The container has not been built for some time, and likely needs updated for security purposes
- As a consideration, have a look at a regularly maintained image from an upstream provider, such as bitnami/pgbouncer.
PGBouncer chart
- Always attempts to create a Secret, though documentation added in !2973 (closed) says to add this secret manually. These could clash.
- Consumes raw secret content as a Helm value (see
.userlist), which is frowned upon. Here is a good article on the topic. - The chart currently has no license declared or defined in the project it comes from
📜 . We require this, hard stop.
The example values that are presented, are likely a bit in excess of what is needed to actually function.
GitLab integration
Concerns directly for GitLab's integration:
- Maintenance of the image & chart: Who will be responsible?
- We need to be able have solid documentation, and some troubleshooting items available, so that Support can help customers that run into issues.
- We need to know distinct value in excess of the current implementation via external PgBouncer (see Reference Architectures), in order to consider this a good replacement option.
Proposed iterations
- Iteration 1: Document how to consume pgbouncer from the GitLab Helm charts
- Iteration 2: Support deploying pgbouncer from the GitLab Helm charts (i.e. including it in
requirements.yamlalong with template and/or documentation updates on how to use it)
Edited by Dmytro Makovey