Where is the Dockerfile of the pgbouncer image?

[pierreozoux]

I plan to use a docker image to have pgbouncer in a cluster, but for something else than postgres-operator, and I was wondering where is the code of the image so that I can reuse it.
(Seems like the other option is bitnami or "personal" image, I'd prefer to rely on zalando and its beautiful community!)

Thanks :)

[FxKu]

We haven't yet open sourced the image. It also includes some patches to pgBouncer. Would like to publish, but other topics had a higher priority so far

[szelenka]

I'm running into a similar situation, where it seems there's some custom config applied to the pgbouncer image that expects these lines in the pgbouncer.ini.tmpl file:

stats_users_prefix = robot_

When the open source pgbouncer attempts to start with that in the ini file, it will error out. Any insight into what Spilo is doing with pgbouncer to expect that in the ini file would be welcome!

[FactorT]

+1 for publishing Dockerfile of pgBouncer

[francoispqt]

+1 for publishing the Dockerfile, or at least be transparent on what are the patches to pgbouncer. We want to know what we are running on our system.

[andyndang]

+1 for publishing the docker image. We want to deploy to ARM64 and this is currently blocking us

[bwrobc]

+1 for publishing the Dockerfile and PGBouncer patches, for all the above reasons. It's been about nine months since this issue was opened.

[raviranjanelastisys]

Hi Guys

Any luck on this ? Will really appreciate if you can move it forward.

[kaiba42]

+1 for Dockerfile and/or patches. Trying to deploy to a cluster running both arm64 and amd64 nodes, and can't set a nodeSelector for the connectionPooler settings in Postgresql custom resource yaml.

[tarunmittal24]

+1, please upload the dockerfile, needs to update the pgbouncer version and other settings like ssl

[raviranjanelastisys]

Any update here?

[dwyanepolinski]

+1, pgbouncer 1.21 was released with added supprot for prepared statements https://www.pgbouncer.org/2023/10/pgbouncer-1-21-0. The newest version of pgbouncer image is 1.20 and its even unsafe to create own build

[wzrdtales]

This can be reconstructed through the history

ENTRYPOINT ["/bin/sh" "/entrypoint.sh"]
USER pgbouncer:pgbouncer
RUN chown -R pgbouncer:pgbouncer /var/log/pgbouncer /var/run/pgbouncer /etc/pgbouncer /etc/ssl/certs
ADD file:b786bad4b80758c015464593955e6c0bfc6909746c39c0ded33335db3ac5ecaf in ./
ADD file:4f6edf15149a40369c216c4da6706e69f622a1432739e77b3dbaf69d115d403c in /etc/pgbouncer/
ADD file:80e4d3a584326304f10ea949bd4641f3e52a5693c7b950fe7afb40518dfd3475 in /etc/pgbouncer/
COPY file:45132f8b9fc583334b10ac78d68178c82d5d0a2a37d1c08563b92a67be17ffac in /bin/pgbouncer
RUN addgroup -S pgbouncer && adduser -S pgbouncer && mkdir -p /etc/pgbouncer /var/log/pgbouncer /var/run/pgbouncer
WORKDIR /
RUN apk --update add libevent openssl c-ares gettext ca-certificates postgresql-client
COPY zalando-marker / # buildkit
RUN apk update && apk upgrade && rm -rf /var/cache/apk/* /tmp/* # buildkit
CMD ["/bin/sh"]
ADD file:37a76ec18f9887751cd8473744917d08b7431fc4085097bb6a09d81b41775473 in /

ENTRYPOINT ["/bin/sh" "/entrypoint.sh"]
USER pgbouncer:pgbouncer

RUN chown -R pgbouncer:pgbouncer /var/log/pgbouncer /var/run/pgbouncer /etc/pgbouncer /etc/ssl/certs

ADD file:b786bad4b80758c015464593955e6c0bfc6909746c39c0ded33335db3ac5ecaf in ./
ADD file:4f6edf15149a40369c216c4da6706e69f622a1432739e77b3dbaf69d115d403c in /etc/pgbouncer/
ADD file:80e4d3a584326304f10ea949bd4641f3e52a5693c7b950fe7afb40518dfd3475 in /etc/pgbouncer/
COPY file:45132f8b9fc583334b10ac78d68178c82d5d0a2a37d1c08563b92a67be17ffac in /bin/pgbouncer
RUN addgroup -S pgbouncer && adduser -S pgbouncer && mkdir -p /etc/pgbouncer /var/log/pgbouncer /var/run/pgbouncer
WORKDIR /
RUN apk --update add libevent openssl c-ares gettext ca-certificates postgresql-client
COPY zalando-marker / # buildkit
RUN apk update && apk upgrade && rm -rf /var/cache/apk/* /tmp/* # buildkit
CMD ["/bin/sh"]
ADD file:37a76ec18f9887751cd8473744917d08b7431fc4085097bb6a09d81b41775473 in /

So the missing part is actually the compiled pgbouncer binary. So given that, building an image from the latest pgbouncer image should be fine if it is just about adding things to the config.

[L1ghtman2k]

What is the usecase for the robot user? If we put our own pgbouncer image, what would we need to expect to have on it?

[mamccorm]

Hey @FxKu, any updates here? we're hoping to leverage this operator in a secure environment but have concerns around CVEs in the image, as well as there being closed-source modifications to pgbouncer. It also looks like there is potentially another zalando-marker application at play as well.

Can you publish the source for those? I'm guessing they are light patches to make compatible with the operators settings. or alternatively, publish them as archives somewhere that users could re-use to build their own image?

[slimm609]

agreed. This is a major issue of zalando doing closed-source modifications in what is already an open source product and releases it publicly.

[marcinpolinski]

Found the solution for this, just don't use postgres-operator from zalando (I switched to cloudnative-pg, way better)