hngopher.com

       [HN Gopher] Spilo: High Availability PostgreSQL cluster using Do...
       ___________________________________________________________________
        
       Spilo: High Availability PostgreSQL cluster using Docker
        
       Author : klaussilveira
       Score  : 41 points
       Date   : 2024-06-10 22:06 UTC (2 days ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | ko_pivot wrote:
       | Very cool. How does failover work? I see that Spilo expects a
       | standard load balancer in front of the cluster, but that load
       | balancer won't be able to track who the writer instance is on its
       | own.
        
         | bambambazooka wrote:
         | You can put HAProxy in front with a write- and a read-frontend
         | with a backend each and all servers in the backend. To
         | determine which server is a write instance or a standby you can
         | provide a `external-check command` to the backends. That
         | command can be a bash script, that connects to the server and
         | executes `SELECT pg_is_in_recovery();`.
        
       | blueflow wrote:
       | Zalando? For real? Just for their annoying Ads and having their
       | App installed on Android phones without their owners consent,
       | they should be shunned.
        
         | imbradn wrote:
         | It's based on Patroni - which they wrote and maintain and is
         | the most popular HA Failover software for Postgres.
        
       | briffle wrote:
       | Last closed issue was march, many initial issues mentioning
       | security vulnerabilities since April that have not been responded
       | to..
        
         | pella wrote:
         | imho:
         | 
         | A false positive CVE list is an issue elsewhere as well, and
         | it's important to understand that there's not much a Docker
         | Postgres maintainer can do if the problem lies in the Debian or
         | Ubuntu package and isn't getting fixed for some reason.
         | 
         | https://github.com/docker-library/faq#why-does-my-security-s...
         | 
         | It's also advisable not to use the default settings:
         | 
         | https://pythonspeed.com/articles/docker-security-scanner/
         | "trivy --ignore-unfixed <image>"
         | 
         | Of course, it is advisable for the image maintainer to rebuild
         | the Docker image weekly or bi-weekly to ensure all recent
         | patches are included.
         | 
         | However, for those who prioritize security, it is best to build
         | the image themselves to guarantee up-to-date packages.
        
           | blueflow wrote:
           | > e.g., CVE-2005-2541 is considered a High severity
           | vulnerability, but in Debian is considered "intended
           | behavior," making it a feature, not a bug.
           | 
           | CVE-2005-2541 is documented & required behavior for the tar
           | archive: https://marc.info/?l=bugtraq&m=112360016019030&w=2 .
           | Infuriating that the CVE was seen as valid enough to get a
           | number.
        
       | skullone wrote:
       | Another pgsql ha in docker? This one being abandoned? Meh
        
       | adamcharnock wrote:
       | Spilo has, in my experience, been poorly maintained for a while.
       | There has been some slow progress, but it doesn't seem to be
       | anyone's priority right now (happy to be corrected).
       | 
       | I was running my own Spilo builds for a while, which was hit-and-
       | miss. For my new (Kubernetes bare metal) cluster deployment I've
       | moved over to Stackgres. I also evaluated CNPG (promising, but
       | still early-ish days), as well as one other IIRC.
       | 
       | I found Stackgres to work most reliably. And it solves the
       | biggest pain with Spilo, which is building an image with the
       | required PG extensions. Stakgres instead has its own repository
       | of extensions that it can install from, which is a huge help.
        
         | ahachete wrote:
         | I'm very happy to hear that StackGres is helping you out. Your
         | feedback is greatly appreciated :)
        
       | gattacamovie wrote:
       | using zalando's patroni operator in k8s at scale for years
       | (mainly OCP but pure k8s as well). Features like in place major
       | version upgrade are no match for any of the alternatives checked.
       | Close to it is CNPG (cloudnative-pg) which is 2nd best and in 1yr
       | might take the crown. (for companies, best part is that cnpg has
       | enterprise support for it (named pg4k, a fork of cnpg).
       | 
       | But, above all, I would warmly recommed anyone to first do their
       | best to use cockroachDB (or yugadb if you like more) instead. The
       | benefits of distributed/horiz scaled DB usually overcome the
       | effort of moving to it (which should not be big as it's using
       | same pg client/protocol). And it's free if you don't need
       | enterprise features like partitions, etc.
        
       | znpy wrote:
       | At this point I wonder: why can't we have proper ha built-in into
       | Postgresql?
       | 
       | MySQL has PXC and Galera... Why nothing for PostgreSQL ?
        
       | remram wrote:
       | I was never clear about the difference between Spilo and Patroni.
       | I'm using this, is it Spilo or Patroni?
       | https://github.com/zalando/patroni/blob/master/kubernetes/pa...
        
       ___________________________________________________________________
       (page generated 2024-06-12 23:01 UTC)