PgConf.Russia 2020

Kubernetes is the new way of deploying software, programmatically, on almost any infrastructure (be it cloud or on-prem). But is a complex beast. How to get started? How to dive deeper? What are the specific best-practices and special hints for Postgres DBAs dealing with Kubernetes? Join this half-day tutorial to learn, practically, among other topics:

• How to quickly get started with Kubernetes
• Manage storage
• Manage services, networking and ingress/egress
• How to make Postgres cloud-native in Kubernetes
• Do a show-run of existing Postgres operators, including Zalando, CrunchyData and StackGres.

This tutorial is very practical. BYOL! (Bring Your Own Laptop). With Kubernetes installed! (check microk8s, minikube or k3s if you don’t have any installed.

I like stored procedures - it is great technology. But like any other technologies it allows to write not well optimized code. It is not easy to write optimized code, sql statements in complex large applications. On second hand, there are some tools, that can be used very easily, that can help. Postgres has built-in tracking functions possibility. There are PLProfiler and plpgsql_check. With these tools is easy work to detect slow part of applications.With this knowledge, the fix of performance issue is less magic.

pg_repack is one of the most popular instruments for removing bloat of tables and indexes in Postgres. In most cases, it works perfectly. But if you use such a feature of Postgres as deferred constraints, using pg_repack becomes more difficult or even impossible. I will talk about how we encountered the problem and will describe some workarounds - from internal instruments of Postgres to a small patch for pg_repack.

Role-based access control (RBAC) is one of the main mechanisms used for access control in many DBMS, including PostgreSQL. This model is a sub-type of traditional discretionary access control with its restrictions. In addition to DAC, many operating systems also use mandatory access control (MAC) based on security labels. This additional security mechanism is obligatory for protecting information that demands higher levels of security. Naturally, we would like to use MAC within DBMS when working in OS with mandatory access control switched on.
In this talk, we'll give an overview of existing MAC implementations in DBMS, as well as share our approach to using security mechanisms provided by SELinux, the sepgsql extension for PostgreSQL, and the standard mechanism of row-level security (RLS), which has been available in PostgreSQL starting from version 9.5.
In our presentation, we will use the "Airlines" demo database provided by the Postgres Professional company to show how to protect sensitive information and personal data, compare different ways of storing security labels, and assess performance of our solution.