Because dogma. There are tons of places running production postgres, and indeed many other stateful services, in Kubernetes.
Edit because presumably GP downvoted me for contradicting them, since I’ve personally overseen this in production at Fortune 100 companies and unicorn startups alike:
And plenty of YouTube videos from various kubecons and CloudNativeCons. Kubernetes is a runtime and provides plenty of primitives for safely running stateful workloads even better than otherwise possible. Anyone who says otherwise hasn’t bothered directly learning enough about the possibilities and is likely citing oft-quoted dogma that dates back to the earliest days of k8s and was questionable even then.
Generally if someone tells you to never do something, even if they’re a supposed authority, and they don’t offer reasoning, it’s probably better to investigate further.
Trying to do Postgresql TLS /w Internal PKI chain created by Cert-Manager made me want to throw my laptop out the window yesterday.
This stuff is hard.
Just tell the security team to handle it 😎
(My security team would NOT be amused by this joke suggestion)
I am the security team :'(
Not who you replied to, but mine would tell me no and then laugh at me
Use a postgresql operator for that.
How many postgresql databases without replication and backup if have seen … and 90% of then contained critical data.
If you really need to run the db inside containers, never by hand.
And as a full time postgresql dba: NEVER run your production databases inside k8s
deleted by creator
Because dogma. There are tons of places running production postgres, and indeed many other stateful services, in Kubernetes.
Edit because presumably GP downvoted me for contradicting them, since I’ve personally overseen this in production at Fortune 100 companies and unicorn startups alike:
https://dok.community/
https://github.com/zalando/postgres-operator
And plenty of YouTube videos from various kubecons and CloudNativeCons. Kubernetes is a runtime and provides plenty of primitives for safely running stateful workloads even better than otherwise possible. Anyone who says otherwise hasn’t bothered directly learning enough about the possibilities and is likely citing oft-quoted dogma that dates back to the earliest days of k8s and was questionable even then.
Accidentally deleted. It said “why not?”
Generally if someone tells you to never do something, even if they’re a supposed authority, and they don’t offer reasoning, it’s probably better to investigate further.