Andrew L'Ecuyer
Andrew L'Ecuyer
The Crunchy PostgreSQL Operator supports various forms of storage for provisioning PostgreSQL clusters in a Kubernetes environment. One such provider is Rook , which provides an abstract layer around multiple storage systems available in Kubernetes, which makes it even more convenient to choose between multiple storage engines. One storage engine that Rook supports is Ceph , which provides several types of distributed storage platforms including block-level storage, which is very helpful f...
Read MoreJonathan S. Katz
Jonathan S. Katz
In a lot of PostgreSQL environments, it’s common practice to protect user accounts with a password. Starting with PostgreSQL 10, the way PostgreSQL manages password-based authentication got a major upgrade with the introduction of SCRAM authentication , a well-defined standard that is a significant improvement over the current system in PostgreSQL. What’s better is that almost all PostgreSQL drivers now support this new method of password authentication, which should help drive further adop...
Read MorePaul Ramsey
Paul Ramsey
One of the most popular features of PostGIS 2.5 was the introduction of the "vector tile" output format, via the ST_AsMVT() function. Vector tiles are a transport format for efficiently sending map data from a server to a client for rendering. The vector tile specification describes how raw data are quantized to a grid and then compressed using delta-encoding to make a very small package. Prior to ST_AsMVT() , if you wanted to produce vector tiles from PostGIS you would use a rendering prog...
Read MoreDouglas Hunley
Douglas Hunley
Crunchy Data has recently announced an update to the CIS PostgreSQL Benchmark by the Center for Internet Security , a nonprofit organization that provides publications around standards and best practices for securing technologies systems. This newly published CIS PostgreSQL 11 Benchmark joins the existing CIS Benchmarks for PostgreSQL 9.5 , 9.6 , and 10 while continuing to build upon Crunchy Data's efforts with the PostgreSQL Security Technical Implementation Guide (PostgreSQL STIG )....
Read MoreJoe Conway
Joe Conway
In Part 1 of this blog, we covered quite a bit of information with respect to how a PostgreSQL database is initially configured by default from the perspective of discretionary access control. We also saw how to inspect those default behaviors using the crunchy_check_access extension. In Part 2, we will explore the situation identified in CVE-2018-1058 and discuss how to protect yourself. Finally we have come to the Pièce De Résistance! CVE-2018-1058 describes how a user can create object...
Read MoreJoe Conway
Joe Conway
Recently I gave a "deep dive" talk on the topic of PostgreSQL security, and I wanted to capture one part of that content into a blog since this format is both better for making that content stand on its own and for expanding on it a bit. Specifically, in this two-part blog, we will cover a PostgreSQL extension that I wrote called crunchy_check_access -- the motivation behind it and what it does -- and then use that extension to probe and understand the consequences of the default, out of the...
Read MoreJonathan S. Katz
Jonathan S. Katz
The PostgreSQL Global Development Group provided an out-of-cycle update release for all supported to provide a fix for the CVE-2019-10164 vulnerability. This vulnerability only affects people running PostgreSQL 10, 11 or the 12 beta, and it is effectively remediated by simply upgrading all of your PostgreSQL installations to the latest versions. What follows is some more insight about what this vulnerability is, the impact it can have in your environment, how to ensure you have patched all of...
Read MorePatrick McLaughlin
Patrick McLaughlin
The Crunchy PostgreSQL Operator 4.0 provides an open source PostgreSQL-as-a-Service for Kubernetes platform. This post provides some easy steps to help you get started, specifically deploying the Crunchy PostgreSQL Operator in Google Kubernetes Engine ( GKE ) making use of the Crunchy PostgreSQL Operator Ansible Installer . The Crunchy PostgreSQL Operator 4.0 provides Ansible playbooks to automate the installation. These Ansible playbooks allow users to deploy the operator to a variety o...
Read MoreJeff McCormick
Jeff McCormick
Crunchy Data is pleased to release PostgreSQL Operator 4.0 . Crunchy PostgreSQL Operator extends Kubernetes to give you the power to easily create, configure and manage PostgreSQL clusters at scale. When combined with the Crunchy PostgreSQL Container Suite , the Crunchy PostgreSQL Operator provides an open source software solution for PostgreSQL scaling, high-availability, disaster recovery, monitoring, and more. All of this capability comes with the repeatability and automation that comes fr...
Read MoreDave Cramer
Dave Cramer
Kubernetes is a very popular container orchestration framework. I’ll show you how to get Symmetric-DS working on a single Kubernetes instance. I had previously explored how to build an active-active PostgreSQL cluster using Symmetric-DS. The steps are essentially the same on Kubernetes: 1. Start 2 PostgreSQL pods 2. Create a user and a database on each pod/instance 3. Start the primary symmetric-ds pod 4. Add the symmetric-ds triggers and routes 5. Open registration 6. Start the secondary s...
Read More