smoketurner
diff --git a/‎Cargo.lock‎
Lines changed: 127 additions & 21 deletions b/‎Cargo.lock‎
Lines changed: 127 additions & 21 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 5 additions & 3 deletions b/‎Cargo.toml‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎src/controller/reconciler.rs‎
Lines changed: 19 additions & 0 deletions b/‎src/controller/reconciler.rs‎
Lines changed: 19 additions & 0 deletions
@@ -1,6 +1,6 @@
 [package]
 name = "postgres-operator"
-version = "0.1.1"
+version = "0.2.0"
 edition = "2024"
 rust-version = "1.92"
 description = "A Kubernetes operator for managing PostgreSQL clusters"
@@ -56,7 +56,7 @@ tracing-subscriber = { version = "=0.3.22", default-features = false, features =
 
 # HTTP server for health endpoints and metrics
 axum = { version = "=0.8.8", default-features = false, features = ["http1", "tokio", "json"] }
-axum-server = { version = "=0.7.3", default-features = false, features = ["tls-rustls-no-provider"] }
+axum-server = { version = "=0.8.0", default-features = false, features = ["tls-rustls-no-provider"] }
 prometheus-client = { version = "=0.24.0", default-features = false }
 rustls-pemfile = { version = "=2.2.0", default-features = false, features = ["std"] }
 
@@ -81,7 +81,9 @@ hostname = { version = "=0.4.2", default-features = false }
 
 [dev-dependencies]
 tokio-test = { version = "=0.4.5", default-features = false }
-tokio-postgres = { version = "=0.7.13", default-features = false, features = ["runtime"] }
+tokio-postgres = { version = "=0.7.15", default-features = false, features = ["runtime"] }
+tokio-postgres-rustls = { version = "=0.13.0", default-features = false }
+rustls-pki-types = { version = "=1.13.2", default-features = false, features = ["std"] }
 uuid = { version = "=1.19.0", default-features = false, features = ["v4"] }
 serde_yaml = { version = "=0.9.34", default-features = false }
 proptest = { version = "=1.9.0", default-features = false, features = ["std"] }
 
@@ -857,6 +857,16 @@ async fn reconcile_cluster(cluster: &PostgresCluster, ctx: &Context, ns: &str) -
     if pgbouncer::is_pgbouncer_enabled(cluster) {
         info!("PgBouncer is enabled for cluster {}", name);
 
+        // Apply PgBouncer TLS certificate if TLS is enabled
+        // This must be done before the deployment so the secret is ready
+        if let Some(cert) = certificate::generate_pgbouncer_certificate(cluster) {
+            apply_certificate(ctx, ns, &cert).await?;
+            debug!(
+                "Applied cert-manager Certificate for PgBouncer pooler {}",
+                name
+            );
+        }
+
         // Apply PgBouncer ConfigMap
         let pgbouncer_config = pgbouncer::generate_pgbouncer_configmap(cluster);
         apply_resource(ctx, ns, &pgbouncer_config).await?;
@@ -884,6 +894,15 @@ async fn reconcile_cluster(cluster: &PostgresCluster, ctx: &Context, ns: &str) -
         if pgbouncer::is_replica_pooler_enabled(cluster) {
             info!("Replica PgBouncer pooler is enabled for cluster {}", name);
 
+            // Apply replica PgBouncer TLS certificate if TLS is enabled
+            if let Some(cert) = certificate::generate_pgbouncer_replica_certificate(cluster) {
+                apply_certificate(ctx, ns, &cert).await?;
+                debug!(
+                    "Applied cert-manager Certificate for PgBouncer replica pooler {}",
+                    name
+                );
+            }
+
             let pgbouncer_replica_config = pgbouncer::generate_pgbouncer_replica_configmap(cluster);
             apply_resource(ctx, ns, &pgbouncer_replica_config).await?;