PgBouncer

Lumie still uses PgBouncer semantics for PostgreSQL connection pooling, but the live implementation is the CNPG-native Pooler CRD, not the old standalone storage/pgbouncer Helm application.

Source paths

Active poolers:
- lumie-infra/applications/lumie/manifests/pooler.yaml
- lumie-infra/applications/lumie/develop/manifests/pooler.yaml
Legacy chart left in repo:
- lumie-infra/storage/pgbouncer/argocd-prod.yaml
- lumie-infra/storage/pgbouncer/base-values.yaml
- lumie-infra/storage/pgbouncer/overlays/prod-values.yaml
Retirement note:
- lumie-infra/storage/kustomization.yaml

Current runtime shape

The live pooler definitions are:

kind: Pooler
metadata:
  name: lumie-pooler
spec:
  type: rw
  pgbouncer:
    poolMode: session
    parameters:
      max_client_conn: "200"
      default_pool_size: "20"

Source path: lumie-infra/applications/lumie/manifests/pooler.yaml

Verified current state

A read-only kubectl get poolers.postgresql.cnpg.io -A on June 14, 2026 showed:

lumie-pooler in lumie-db
lumie-dev-pooler in lumie-dev

The same date's ArgoCD application list did not show a live pgbouncer-prod application, which matches the retirement comment in storage/kustomization.yaml.

Public surface

Product backend runtime uses DB_HOST=lumie-pooler.lumie-db.svc.cluster.local from lumie-infra/applications/lumie/backend/common-values.yaml.
The chatbot checkpointer uses lumie-pooler.lumie-db.svc.cluster.local:5432 through its Vault-rendered DSN in lumie-infra/applications/lumie/worker/chatbot-svc/common-values.yaml.
Dev workloads use lumie-dev-pooler.lumie-dev.svc:5432.

Ownership boundaries

storage/pgbouncer/** is legacy configuration and should not be treated as the active source of truth for production pooling.
applications/lumie/**/pooler.yaml is the live source of truth for pooler size, pool mode, and lifecycle.
CNPG owns pooler auth internals. The old userlist-secret model from the standalone Helm chart is no longer the active contract.

Failure modes

Pointing applications at *-db-rw directly instead of the pooler bypasses connection-pool limits and may change behavior under burst load.
Assuming the old pgbouncer-userlist secret still matters leads to stale operational playbooks; CNPG now owns the pooler user path.
Pooler pods can look healthy while the target database cluster is degraded; always check both Pooler and Cluster resources.

Verification

kubectl get poolers.postgresql.cnpg.io -A
kubectl get pods -n lumie-db | rg pooler
kubectl get pods -n lumie-dev | rg pooler
kubectl describe pooler -n lumie-db lumie-pooler
kubectl describe pooler -n lumie-dev lumie-dev-pooler

Observability

Pooler lifecycle health is exposed through CNPG reconciliation and pooler pods rather than a standalone ArgoCD application.
Product services depending on the pooler surface their own failure patterns in Prometheus and Grafana when connection setup stalls.

Source paths​

Current runtime shape​

Verified current state​

Public surface​

Ownership boundaries​

Failure modes​

Verification​

Observability​

Related pages​