CloudNative-PG
Kubernetes operator for managing PostgreSQL clusters natively.
About
CloudNative-PG (CNPG) is a CNCF project that manages the full lifecycle of PostgreSQL clusters on Kubernetes via a Cluster CRD. It handles primary/replica streaming replication, automatic failover, point-in-time recovery, and scheduled backups. It is used in this cluster as the standard PostgreSQL provider — all apps that need a relational database deploy a CNPG Cluster rather than a standalone StatefulSet.
AlternativeTo
Self Hosted
| Tool | Open Source | Full Features | Notes |
|---|---|---|---|
| Zalando Postgres Operator | Yes | Yes | Alternative k8s Postgres operator with Patroni |
| KubeDB | Partial | Yes | Multi-database operator; commercial for full features |
| Bitnami PostgreSQL chart | Yes | Partial | Simple StatefulSet; no operator-level HA |
Installation
Architecture
HelmRelease cloudnative-pg in namespace cnpg-system, chart version 0.28.0 from https://cloudnative-pg.github.io/charts. CRDs installed via crds.create: true. Cluster-wide operator (config.clusterWide: true). Manages Cluster, Backup, ScheduledBackup, Pooler, and Database CRDs across all namespaces.
Security
Pod and container securityContext hardened: runAsNonRoot: true, runAsUser/Group: 10001, fsGroup: 10001, seccompProfile: RuntimeDefault, allowPrivilegeEscalation: false, capabilities: drop: ALL, readOnlyRootFilesystem: true. Webhook failurePolicy: Ignore set as a temporary workaround for a known upstream issue (#6271). RBAC is cluster-wide.
Updates
Managed by Renovate. Chart version is semver-pinned (0.28.0).
Administration
Usage
Applications deploy a Cluster resource to request a PostgreSQL cluster. CNPG provisions primary and replica pods, a read-write service, a read-only service, and manages credentials via Secrets. Backups are configured with ScheduledBackup resources pointing to an S3-compatible store. Apps annotate their CNPG clusters with k8up.io/backupcommand for logical dump backups via k8up.
Metadata
- HelmRelease:
cloudnative-pg@0.28.0