crunchy-postgres
PostgreSQL (pronounced “post-gress-Q-L”) is an open source, ACID compliant, relational database management system (RDBMS) developed by a worldwide team of volunteers. The crunchy-postgres container image is unmodified, open source PostgreSQL packaged and maintained by professionals.
Features
The following features are supported by the crunchy-postgres
container:
- Kubernetes and OpenShift secrets
- Backup and restoration from various tools:
pgbackrest
,pg_basebackup
andpg_dump
/pg_restore
. - Custom mounted configuration files (see below)
- Async and Sync Replication
Packages
The crunchy-postgres Docker image contains the following packages (versions vary depending on PostgreSQL version):
- PostgreSQL (11.5, 10.10, 9.6.15 and 9.5.19)
- pgBackRest (2.17)
- CentOS7 - publicly available
- RHEL7 - customers only
Environment Variables
Required
Name | Default | Description |
---|---|---|
PG_DATABASE | None | Set this value to create an initial database |
PG_PRIMARY_PORT | None | Set this value to configure the primary PostgreSQL port. It is recommended to use 5432. |
PG_MODE | None | Set to primary , replica or set to specify the mode of the database |
PG_USER | None | Set this value to specify the username of the general user account |
PG_PASSWORD | None | Set this value to specify the password of the user role |
PG_PRIMARY_USER | None | Set this value to specify the username of the replication user |
PG_PRIMARY_PASSWORD | None | Set this value to specify the password of the replication user |
PG_ROOT_PASSWORD | None | Set this value to specify the password of the superuser role |
Optional
Name | Default | Description |
---|---|---|
ARCHIVE_MODE | Off | Set this value to on to enable continuous WAL archiving |
ARCHIVE_TIMEOUT | 60 | Set to a number (in seconds) to configure archive_timeout in postgresql.conf |
CHECKSUMS | true | Enables data-checksums during initialization of the database. Can only be set during initial database creation. Set to false to disable data checksums. |
CRUNCHY_DEBUG | FALSE | Set this to true to enable debugging in logs. Note: this mode can reveal secrets in logs. |
LOG_STATEMENT | none | Sets the log_statement value in postgresql.conf |
LOG_MIN_DURATION_STATEMENT | 60000 | Sets the log_min_duration_statement value in postgresql.conf |
MAX_CONNECTIONS | 100 | Sets the max_connections value in postgresql.conf |
MAX_WAL_SENDERS | 6 | Set this value to configure the max number of WAL senders (replication) |
PG_LOCALE | UTF-8 | Set the locale of the database |
PG_PRIMARY_HOST | None | Set this value to specify primary host. Note: only used when PG_MODE != primary |
PG_REPLICA_HOST | None | Set this value to specify the replica host label. Note; used when PG_MODE is set |
PGAUDIT_ANALYZE | None | Set this to enable pgaudit_analyze |
PGBOUNCER_PASSWORD | None | Set this to enable pgBouncer support by creating a special pgbouncer user for authentication through the connection pooler. |
PGMONITOR_PASSWORD | None | Set this to enable pgMonitor support by creating a special ccp_monitoring user for collecting metrics from PostgreSQL servers. Required for the crunchy-collect container. |
PGDATA_PATH_OVERRIDE | None | Set this value to override the /pgdata directory name. By default /pgdata uses hostname of the container. In some cases it may be required to override this with a custom name (such as in a Statefulset) |
SHARED_BUFFERS | 128MB | Set this value to configure shared_buffers in postgresql.conf |
SYNC_REPLICA | None | Set this value to specify the names of replicas that should use synchronized replication |
TEMP_BUFFERS | 8MB | Set this value to configure temp_buffers in postgresql.conf |
WORK_MEM | 4MB | Set this value to configure work_mem in postgresql.conf |
XLOGDIR | None | Set this value to configure PostgreSQL to send WAL to the /pgwal volume (by default WAL is stored in /pgdata ) |
PGBACKREST | false | Set this value to true in order to enable and initialize pgBackRest in the container |
BACKREST_SKIP_CREATE_STANZA | false | Set this value to true in order to skip the configuration check and the automatic creation of a stanza while initializing pgBackRest in the container |
PG_CTL_OPTS | None | Set this value to supply custom pg_ctl options (ex: -c shared_preload_libraries=pgaudit ) during the initialization phase the container start. |
PG_CTL_START_TIMEOUT | 60 | Set this value to determine how long pg_ctl will wait for start to complete. This is set to 60 by default, which is the default value set in PostgreSQL. |
PG_CTL_STOP_TIMEOUT | 60 | Set this value to determine how long pg_ctl will wait for shutdown to complete after the container is terminated. This is set to 60 by default, which is the default value set in PostgreSQL. It is recommended that in a Kubernetes environment that you set the terminationGracePeriodSeconds parameter to be two (2) seconds higher than this value. |
PG_CTL_PROMOTE_TIMEOUT | 60 | Set this value to determine how long pg_ctl will wait for a promotion to complete. This is set to 60 by default, which is the default value set in PostgreSQL. |
Volumes
Name | Description |
---|---|
/backrestrepo | Volume used by the pgbackrest backup tool to store physical backups. |
/pgconf | Volume used to store custom configuration files mounted to the container. |
/pgdata | Volume used to store the data directory contents for the PostgreSQL database. |
/pgwal | Volume used to store Write Ahead Log (WAL) when XLOGDIR environment variable is set to true. |
/recover | Volume used for Point In Time Recovery (PITR) during startup of the PostgreSQL database. |
Custom Configuration
The following configuration files can be mounted to the /pgconf
volume in the crunchy-postgres
container to customize the runtime:
Name | Description |
---|---|
ca.crt |
Certificate of the CA used by the server when using SSL authentication |
ca.crl |
Revocation list of the CA used by the server when using SSL authentication |
pg_hba.conf |
Client authentication rules for the database |
pg_ident.conf |
Mapping of external users (such as SSL certs, GSSAPI, LDAP) to database users |
postgresql.conf |
PostgreSQL settings |
server.key |
Key used by the server when using SSL authentication |
server.crt |
Certificate used by the server when using SSL authentication |
setup.sql |
Custom SQL to execute against the database. Note: only run during the first startup (initialization) |