Managing a single PostgreSQL instance can be challenging when failures happen. Replicas can be added and promoted when needed. However, application traffic has to be redirected to the new primary. At OVHcloud, a major cloud computing provider in Europe, we use load balancers in front of our databases clusters on production. In that case, PostgreSQL sees then all client connections coming from those IP addresses. That means we couldn't base the pg_hba.conf settings on source IP addresses.

That also means, in the logs, all slow queries, DDL queries, connections and disconnections are obfuscated. In a world where security and traceability is a strong requirement for PCI DSS compliant infrastructures, we had to find a solution. This talk will present you our findings and how we could implement transparent load balancing in a distributed database system.


Related Videos: PostgreSQL, Security

Why PostgreSQL Is Becoming A Migration Target For Enterprise
SQL Row Store vs Data Warehouse: Which Is Right for Your Application? - Robert Hodges - PLO October 2020
Introducing Kunlun Distributed Database Cluster - David Zhao Wei - Percona Live ONLINE 2020
pg_stat_monitor: A cool extension for better monitoring using PMM - Percona Live Online 2020
PostgreSQL WAL and Commit Synchronization, Optimization Opportunities - Jobin Augustine - PLO October 2020
SELinux Fun With MySQL and Friends - Matthias Crauwels - Percona Live ONLINE 2020
Achieving PCI Compliance With Percona Server for MongoDB, or Getting as Close as Possible