Security

This article compares CloudNativePG and Crunchy PGO, two of the most adopted open-source operators for running PostgreSQL on Kubernetes. It covers architecture, image design, backup strategy, major version upgrades, observability, licensing and community health. As a co-founder and maintainer of CloudNativePG, I make no claim to neutrality, and I say so upfront. What I can offer is informed bias, grounded in years of daily work on the project and a genuine respect for what Crunchy Data built in this space.

This CNPG Recipe explores the latest enhancements to CloudNativePG’s software supply chain and image management. Learn how our new, fully controlled build process—complete with Snyk scanning, image signing, and SBOMs—delivers smaller, more secure PostgreSQL images. We also detail how to leverage the newly streamlined image catalogs for simplified, declarative cluster management and safer fleet-wide upgrades in Kubernetes.

Explore the secure defaults of a PostgreSQL cluster in this CloudNativePG recipe, aligning with the principle of least authority (PoLA). Our commitment to security and operational simplicity shines through default configurations, balancing robust protection with user-friendly settings. Advanced users can customize as needed. The article navigates default intricacies, PostgreSQL Host-Based Authentication, and the scenarios for enabling superuser access. We also touch on the careful use of the ALTER SYSTEM command, emphasizing our dedication to secure and simple operations.

Dive into the nitty-gritty of how CloudNativePG works its magic with PostgreSQL cluster stuff, zooming in on configmaps and secrets. Peek behind the curtain of the default Private Key Infrastructure – the secret sauce for stress-free mutual TLS authentication. Get to know the default user and database setups, all decked out for maximum security. This article is your go-to roadmap, cruising through CloudNativePG’s resource wizardry and dishing out real-world tips for a breeze in deploying and handling PostgreSQL clusters.