Skip to content

feat: support serverAuth, imagePullSecrets and podLabels#85

Merged
levkk merged 2 commits intopgdogdev:mainfrom
MagicAbdel:main
Apr 16, 2026
Merged

feat: support serverAuth, imagePullSecrets and podLabels#85
levkk merged 2 commits intopgdogdev:mainfrom
MagicAbdel:main

Conversation

@MagicAbdel
Copy link
Copy Markdown
Contributor

@MagicAbdel MagicAbdel commented Apr 16, 2026

Hi there,

This PR introduces some configuration enhancements to the Helm chart:

  • imagePullSecrets: Allows the deployment to pull images from private container registries.
  • podLabels: Provides the ability to inject custom labels for better resource tracking / service mesh integration / Workload Identity.
  • serverAuth: Adds user-level configuration for server authentication.

These changes provide more flexibility for custom environments and security requirements

@MagicAbdel MagicAbdel mentioned this pull request Apr 16, 2026
Merged
levkk
levkk reviewed Apr 16, 2026
View reviewed changes
Comment thread values.yaml
levkk
levkk approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@levkk levkk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing, thank you!

@levkk levkk merged commit 0d7d4f9 into pgdogdev:main Apr 16, 2026
2 of 4 checks passed
levkk pushed a commit to pgdogdev/pgdog that referenced this pull request Apr 17, 2026
@MagicAbdel
feat: server_auth with Microsoft Workload Identity (#906)
d981e13 
This PR adds support for Microsoft Workload Identity for server
authentication on a per-user basis, following the existing pattern used
for `rds_iam`.

**Changes**:
-  Implemented token acquisition logic for Azure Entra ID.
-  Ensured parity with the rds_iam implementation for 

This is my first contribution in Rust! 🦀
I’ve done my best to follow the existing patterns in the codebase, but
I'm still learning the nuances of the language. Please be indulgent. If
there are more idiomatic ways to handle the logic, async calls, or error
handling, I am very happy to make changes based on your feedback!

Note: I also created a PR on the helm chart
([here](pgdogdev/helm#85)) to allow users to add
`azure.workload.identity/use: "true"` label to the pod for injecting
workload Identity.

Here are some logs I tested this solution in AKS with Workload Identity
directly injected into the pod:
<img width="805" height="376" alt="image"
src="https://github.com/user-attachments/assets/90183dc5-1768-4fdc-8749-ca2a698a7f6f"
/>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@levkk levkk levkk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MagicAbdel @levkk