clusterdatabase-as-a-servicedata-infrastructuregolangkubernetesmanaged-servicesoperatorpostgrespostgres-operatorpostgresql
2ef7d58578
* chore: update package dependencies when building image Install available updates alongside installation of packages to remove known vulnerabilities from images. Example for issues in plain alpine:3 image (v3.20): ```sh $ grype alpine:3 ✔ Vulnerability DB [updated] ✔ Loaded image alpine:3 ✔ Parsed image sha256:1d34ffeaf190be23d3de5a8de0a436676b758f48f ✔ Cataloged contents dac15f325cac528994a5efe78787cd03bdd796979bda52fd ├── ✔ Packages [14 packages] ├── ✔ File digests [77 files] ├── ✔ File metadata [77 locations] └── ✔ Executables [17 executables] ✔ Scanned for vulnerabilities [8 vulnerability matches] ├── by severity: 0 critical, 0 high, 6 medium, 0 low, 0 negligible (2 unknown) └── by status: 8 fixed, 0 not-fixed, 0 ignored NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY busybox 1.36.1-r28 1.36.1-r29 apk CVE-2023-42365 Medium busybox 1.36.1-r28 1.36.1-r29 apk CVE-2023-42364 Medium busybox-binsh 1.36.1-r28 1.36.1-r29 apk CVE-2023-42365 Medium busybox-binsh 1.36.1-r28 1.36.1-r29 apk CVE-2023-42364 Medium libcrypto3 3.3.0-r2 3.3.0-r3 apk CVE-2024-4741 Unknown libssl3 3.3.0-r2 3.3.0-r3 apk CVE-2024-4741 Unknown ssl_client 1.36.1-r28 1.36.1-r29 apk CVE-2023-42365 Medium ssl_client 1.36.1-r28 1.36.1-r29 apk CVE-2023-42364 Medium ``` Issue would be solved by also upgrading installed packages: ```sh $ apk -U upgrade --no-cache fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz (1/5) Upgrading busybox (1.36.1-r28 -> 1.36.1-r29) Executing busybox-1.36.1-r29.post-upgrade (2/5) Upgrading busybox-binsh (1.36.1-r28 -> 1.36.1-r29) (3/5) Upgrading libcrypto3 (3.3.0-r2 -> 3.3.1-r0) (4/5) Upgrading libssl3 (3.3.0-r2 -> 3.3.1-r0) (5/5) Upgrading ssl_client (1.36.1-r28 -> 1.36.1-r29) Executing busybox-1.36.1-r29.trigger OK: 8 MiB in 14 packages ``` Furthermore, this commit reduces accidental complexity from the Docker build process. Most notably, use pre-made official golang images for building postgres-operator. * Update docker/DebugDockerfile --------- Co-authored-by: Ida Novindasari <idanovinda@gmail.com> |
||
|---|---|---|
| .github | ||
| charts | ||
| cmd | ||
| docker | ||
| docs | ||
| e2e | ||
| hack | ||
| kubectl-pg | ||
| logical-backup | ||
| manifests | ||
| mocks | ||
| pkg | ||
| ui | ||
| .flake8 | ||
| .gitignore | ||
| .golangci.yml | ||
| .zappr.yaml | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| README.md | ||
| SECURITY.md | ||
| build-ci.sh | ||
| delivery.yaml | ||
| go.mod | ||
| go.sum | ||
| mkdocs.yml | ||
| run_operator_locally.sh | ||
README.md
Postgres Operator
The Postgres Operator delivers an easy to run highly-available PostgreSQL clusters on Kubernetes (K8s) powered by Patroni. It is configured only through Postgres manifests (CRDs) to ease integration into automated CI/CD pipelines with no access to Kubernetes API directly, promoting infrastructure as code vs manual operations.
Operator features
- Rolling updates on Postgres cluster changes, incl. quick minor version updates
- Live volume resize without pod restarts (AWS EBS, PVC)
- Database connection pooling with PGBouncer
- Support fast in place major version upgrade. Supports global upgrade of all clusters.
- Restore and cloning Postgres clusters on AWS, GCS and Azure
- Additionally logical backups to S3 or GCS bucket can be configured
- Standby cluster from S3 or GCS WAL archive
- Configurable for non-cloud environments
- Basic credential and user management on K8s, eases application deployments
- Support for custom TLS certificates
- UI to create and edit Postgres cluster manifests
- Compatible with OpenShift
PostgreSQL features
- Supports PostgreSQL 16, starting from 11+
- Streaming replication cluster via Patroni
- Point-In-Time-Recovery with pg_basebackup / WAL-E via Spilo
- Preload libraries: bg_mon, pg_stat_statements, pgextwlist, pg_auth_mon
- Incl. popular Postgres extensions such as decoderbufs, hypopg, pg_cron, pg_partman, pg_stat_kcache, pgq, pgvector, plpgsql_check, postgis, set_user and timescaledb
The Postgres Operator has been developed at Zalando and is being used in production for over five years.
Supported Postgres & K8s versions
| Release | Postgres versions | K8s versions | Golang |
|---|---|---|---|
| v1.12.2 | 11 → 16 | 1.27+ | 1.22.3 |
| v1.11.0 | 11 → 16 | 1.27+ | 1.21.7 |
| v1.10.1 | 10 → 15 | 1.21+ | 1.19.8 |
| v1.9.0 | 10 → 15 | 1.21+ | 1.18.9 |
| v1.8.2 | 9.5 → 14 | 1.20 → 1.24 | 1.17.4 |
Getting started
For a quick first impression follow the instructions of this tutorial.
Supported setups of Postgres and Applications
Documentation
There is a browser-friendly version of this documentation at postgres-operator.readthedocs.io