Because dogma. There are tons of places running production postgres, and indeed many other stateful services, in Kubernetes.
Edit because presumably GP downvoted me for contradicting them, since I’ve personally overseen this in production at Fortune 100 companies and unicorn startups alike:
And plenty of YouTube videos from various kubecons and CloudNativeCons. Kubernetes is a runtime and provides plenty of primitives for safely running stateful workloads even better than otherwise possible. Anyone who says otherwise hasn’t bothered directly learning enough about the possibilities and is likely citing oft-quoted dogma that dates back to the earliest days of k8s and was questionable even then.
The last 10 years, I managed 700 database Clusters. Anything from a few megs to terrabyte database sizes.
The main issues are:
huge pages. They work an bare metal, not so much in kubernetes ( I am not talking about transparent huge pages…)
Core/cache locality.
NUMA
And of course: maintainability. Especially in the PIT recovery.
Zalando has an open source operator + patroni bases images. They work for many cases, and are a great way if you can’t manage postgresql on bare metal.
And of course: if you have everything running on k8s, running a few bare metal servers for a db is a pain in the ass, and in such cases it is if course better to just deploy an operator in your cluster and let it handle the heavy lifting like backup and replication.
Generally if someone tells you to never do something, even if they’re a supposed authority, and they don’t offer reasoning, it’s probably better to investigate further.
Trying to do Postgresql TLS /w Internal PKI chain created by Cert-Manager made me want to throw my laptop out the window yesterday.
This stuff is hard.
Just tell the security team to handle it 😎
(My security team would NOT be amused by this joke suggestion)
I am the security team :'(
DevOpsSecSocNocSD
Not who you replied to, but mine would tell me no and then laugh at me
Use a postgresql operator for that.
How many postgresql databases without replication and backup if have seen … and 90% of then contained critical data.
If you really need to run the db inside containers, never by hand.
And as a full time postgresql dba: NEVER run your production databases inside k8s
Why not?
Because dogma. There are tons of places running production postgres, and indeed many other stateful services, in Kubernetes.
Edit because presumably GP downvoted me for contradicting them, since I’ve personally overseen this in production at Fortune 100 companies and unicorn startups alike:
https://dok.community/
https://github.com/zalando/postgres-operator
And plenty of YouTube videos from various kubecons and CloudNativeCons. Kubernetes is a runtime and provides plenty of primitives for safely running stateful workloads even better than otherwise possible. Anyone who says otherwise hasn’t bothered directly learning enough about the possibilities and is likely citing oft-quoted dogma that dates back to the earliest days of k8s and was questionable even then.
No, because of many factors:
The last 10 years, I managed 700 database Clusters. Anything from a few megs to terrabyte database sizes.
The main issues are:
And of course: maintainability. Especially in the PIT recovery.
Zalando has an open source operator + patroni bases images. They work for many cases, and are a great way if you can’t manage postgresql on bare metal.
And of course: if you have everything running on k8s, running a few bare metal servers for a db is a pain in the ass, and in such cases it is if course better to just deploy an operator in your cluster and let it handle the heavy lifting like backup and replication.
Generally if someone tells you to never do something, even if they’re a supposed authority, and they don’t offer reasoning, it’s probably better to investigate further.
Accidentally deleted. It said “why not?”