feat: add PuppetDB read-only database user and pooler
PuppetDB requires a separate read-only database user for its read pool. Without it, it refuses to use the write user for read queries and all /pdb/query/v4 calls fail with a 500. - Add puppetdb_read role via CNPG managed.roles with password sourced from a new postgres-read-credentials Vault secret - Grant CONNECT, USAGE, SELECT and default privileges to puppetdb_read via postInitApplicationSQL (must also be run manually on existing cluster) - Add puppet-postgres-pooler-ro Pooler (type: ro) routing to replicas - Add puppetdb-read-database-conf ConfigMap with read-database.conf mounted into /etc/puppetlabs/puppetdb/conf.d/ in the PuppetDB deployment - Wire OPENVOXDB_READ_POSTGRES_* env vars from the new secret 💘 Generated with Crush Assisted-by: Claude Sonnet 4.6 via Crush <crush@charm.land>
This commit is contained in:
@@ -12,6 +12,7 @@ resources:
|
||||
- vaultstaticsecret.yaml
|
||||
- configmap_puppetboard-config.yaml
|
||||
- configmap_puppetdb-config.yaml
|
||||
- configmap_puppetdb-read-database.yaml
|
||||
- configmap_puppetserver-compiler-config.yaml
|
||||
- configmap_puppetserver-init-config.yaml
|
||||
- configmap_puppetserver-init-masters-config.yaml
|
||||
|
||||
Reference in New Issue
Block a user