Extensions have played a crucial role in PostgreSQL’s rise as the most popular and versatile database engine. Yet managing extensions is one of the biggest challenges when running PostgresQL on Kubernetes. Or at least, it will until PostgreSQL 18 is released. Because I believe CloudNativePG is on the verge of a breakthrough, with two game-changing features – the extension_control_path option and image volumes. Together, these features are about to transform the way extensions are managed.
The price of immutable extensions
Kubernetes has always demanded immutable container images, which means PostgreSQL container images must remain read-only to maintain security standards and systematically manage updates. Yet PostgreSQL's power comes from extensibility. Until now, running third-party extensions like PostGIS or pgvector with CloudNativePG required embedding them in container images, which caused issues like:
- Bloated images
- Limited extension options
- Operational complexity
Resolving these issues called for improving both PostgreSQL and Kubernetes.
Immutability meets extensibility with two key innovations
By adding two new features to PostgreSQL and Kubernetes, we enabled dynamic extension loading without breaking immutability:
- PostgreSQL's extension_control_path (proposed for PostgreSQL 18)
- Allows specifying multiple directories for extension files
- Breaks free from single system-wide location constraint
- Kubernetes' ImageVolume feature (introduced as an alpha feature in v1.31 with the intention of being promoted to a beta release state in Kubernetes 1.33.)
- Mounts container images as read-only and immutable volumes in running pods
- Enables extension packaging as independent, immutable images
- Enables PostgreSQL extensions packaged as independent OCI-compliant container images to be mounted inside CloudNativePG clusters at a known directory
Get the details on who worked on these patches, see how to deploy extensions declaratively, and find out what’s happening under the hood in my blog article.
Opening the door to innovation with CloudNativePG
This new approach to revolutionizing PostgreSQL extension management on Kubernetes is designed to bridge the gap between those who build extensions and those who use them.
As we move forward, there’s another critical component to address: the distribution of PostgreSQL extensions. It’s time for Postgres extension developers to embrace OCI images as first-class artifacts alongside traditional RPM and Debian packages.
By packaging extensions as independent OCI-compliant images, PostgreSQL operand images can finally be decoupled from extensions, which empowers all of us to:
- Install extensions dynamically without rebuilding images
- Keep core database images minimal
- Simplify extension testing and upgrades
- Ensure strict immutability while enhancing security and maintainability
With these new enhancements making Postgres extensions immutable yet flexible, plus CloudNativePG's recent acceptance into the Cloud Native Computing Foundation (CNCF) Sandbox, we believe we’ve only just begun to unlock the potential of CloudNativePG. These advancements open the door for adoption in several domains such as vector GIS, time-series, databases, and AI workloads.
We can’t wait to see the future unfold, and we hope you’ll join us in putting these enhancements to good use!