cleanstart/cloudnative-pg

Verified Publisher

By CleanStart

•Updated about 1 hour ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Content management system
0

50K+

cleanstart/cloudnative-pg repository overview

Container Documentation for Cloudnative-Pg

CloudNativePG is a Kubernetes operator that manages PostgreSQL workloads on any supported Kubernetes cluster. It provides high availability, scalability, and automated management features for PostgreSQL databases in cloud-native environments.

šŸ“Œ Base Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments from Cleanstart Registry.

Key Features Core capabilities and strengths of this container

  • Native Kubernetes integration for PostgreSQL management
  • Automated failover and high availability
  • Backup and recovery management
  • Rolling updates with zero downtime

Common Use Cases Typical scenarios where this container excels

  • Production PostgreSQL deployments on Kubernetes
  • High-availability database clusters
  • Cloud-native application databases
  • Disaster recovery and backup solutions

Pull Latest Image Download the container image from the registry

docker pull cleanstart/cloudnative-pg:latest
docker pull cleanstart/cloudnative-pg:latest-dev

Shell Inspection Access to Shell

 docker run -it --rm --entrypoint sh cleanstart/cloudnative-pg:latest-dev

Production Deployment Deploy with production security settings

docker run -d --name cnpg-prod \
  --read-only \
  --security-opt=no-new-privileges \
  --user 1000:1000 \
  -v pg-data:/var/lib/postgresql/data \
  cleanstart/cloudnative-pg:latest

Inspect Environment Inspect the environment

docker inspect cleanstart/cloudnative-pg:latest

Environment Variables Configuration options available through environment variables

VariableDefaultDescription
POSTGRES_PASSWORDPostgreSQL admin password
POSTGRES_USERpostgresPostgreSQL admin username
POSTGRES_DBpostgresDefault database name
PGDATA/var/lib/postgresql/dataData directory location

Security Best Practices Recommended security configurations and practices

  • Use strong passwords for database accounts
  • Enable SSL/TLS for client connections
  • Implement proper backup strategies
  • Regular security patches and updates
  • Configure network policies in Kubernetes
  • Use encrypted storage for sensitive data
  • Monitor database access and operations
  • Implement role-based access control

Kubernetes Security Context Recommended security context for Kubernetes deployments

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  fsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]

Multi-Platform Images

docker pull --platform linux/amd64 cleanstart/cloudnative-pg:latest
docker pull --platform linux/arm64 cleanstart/cloudnative-pg:latest

⁠Documentation Resources

Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/⁠

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart⁠
GitHub: https://github.com/cleanstart-containers⁠
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/⁠

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/⁠
YouTube: https://www.youtube.com/@CleanStartOfficial⁠

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/⁠


Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:2475be420…

Size

100.8 MB

Last updated

about 1 hour ago

docker pull cleanstart/cloudnative-pg:1.30.0-arm64-dev