Alauda support for PostgreSQL

Architecture

Reference Document: Zalando Postgres Operator Official Documentation PostgreSQL Operator Architecture

The PostgreSQL Operator manages PostgreSQL clusters using the Kubernetes Operator pattern, primarily consisting of the following core components:

TOC

Core ComponentsData FlowRBAC ArchitectureOperator PermissionsRuntime RBACUser-Facing RolesRole AggregationDeployment Modes

Core Components

  1. Operator Controller

    • Listens to changes in PostgreSQL Custom Resource Definitions (CRD)
    • Responsible for cluster creation, scaling, configuration updates, and other operations
    • Manages the lifecycle of the cluster

  2. Patroni

    • Provides high availability guarantees
    • Handles primary and standby switching and failover
    • Manages cluster topology and member status

  3. Spilo

    • Provides the PostgreSQL container image
    • Integrates Patroni and PostgreSQL
    • Handles initialization configuration and startup

  4. Monitoring Component

    • Integrates Prometheus for metrics collection
    • Provides Grafana dashboards
    • Supports alert rule configuration

Data Flow

  1. Users create PostgreSQL Custom Resource through the Kubernetes API
  2. The Operator Controller listens for resource changes and creates the related Kubernetes resources
  3. Patroni is responsible for the initialization and high availability management of the cluster
  4. Spilo starts the PostgreSQL instance and applies the configuration
  5. The monitoring component collects metrics and displays them

RBAC Architecture

The PostgreSQL Operator implements a least-privilege RBAC model with segregation of duties for enterprise security compliance.

Operator Permissions

The operator follows the principle of least privilege. It only has the minimum permissions required to manage PostgreSQL clusters:

ResourcePermissionsNotes
CustomResourceDefinitionsget, list, watchRead-only (OLM manages CRDs)
PersistentVolumesget, list, watchRead-only (PV provisioner manages)
Rolesget, list, watchRead-only
RoleBindingsget, create, updateNamespace-scoped
ServiceAccountsget, createNo delete

The operator does not have cluster-level RBAC management permissions (ClusterRole, ClusterRoleBinding).

Runtime RBAC

When a PostgreSQL CR is created in a namespace, the operator automatically creates:

ResourceScopePurpose
ServiceAccountPer namespaceFor PostgreSQL pods
RoleBindingPer namespaceBind to operator ClusterRole

This is the standard Kubernetes operator pattern where ClusterRole permissions are controlled by OLM/admin.

User-Facing Roles

The operator provides role templates for segregation of duties:

RolePermissionsUse Case
adminFull CRUD on postgresqls, backups, restoresDBA, Platform Admin
editCreate/Update postgresqls (no delete)Developer
viewRead-only accessAuditor, Support
backupCreate/manage PostgresBackup onlyBackup Operator
restoreCreate/manage PostgresRestore onlyRestore Operator

Role Aggregation

User-facing roles aggregate to platform roles:

  • admin: Aggregates admin-base + backup + restore roles
  • edit/view: Aggregates to rbac.cpaas.io/aggregate-to-namespace-developer
  • All roles: Aggregate to rbac.cpaas.io/aggregate-to-scope-business-ns

Deployment Modes

The PostgreSQL Operator supports the following deployment modes:

  • Single Cluster Mode: Runs in a single Kubernetes cluster
  • Multi-Cluster Mode: Manages PostgreSQL instances across multiple Kubernetes clusters
  • High Availability Mode: Achieves automatic failover through Patroni