top of page

simplyblock and Kubernetes

Simplyblock provides high-IOPS and low-latency Kubernetes persistent volumes for your demanding database and other stateful workloads.

Production-grade PostgreSQL on Kubernetes with Álvaro Hernández Tortosa from OnGres

Updated: Apr 23

This interview is part of the Simplyblock Cloud Commute Podcast, available on Youtube, Spotify, iTunes/Apple Podcasts, Pandora, Samsung Podcasts, and our show site.


In this installment, we're talking to Álvaro Hernández Tortosa from OnGres, a company creating StackGres, a PostgreSQL operator to help operate PostgreSQL in a Kubernetes environment, as well as the Postgres ecosystem and why it is so hard to create a production-grade Postgres service.


Chris Engelbert: Welcome to this week's episode of Cloud Commute podcast by simplyblock. Today, I have another incredible guest, a really good friend, Álvaro Hernández from OnGres. He's very big in the Postgres community. So hello, and welcome, Álvaro.


Álvaro Hernández Tortosa: Thank you very much, first of all, for having me here. It's an honor.


Chris Engelbert: Maybe just start by introducing yourself, who you are, what you've done in the past, how you got here. Well, except me inviting you.


Álvaro Hernández Tortosa: OK, well, I don't know how to describe myself, but I would say, first of all, I'm a big nerd, big fan of open source. And I've been working with Postgres, I don't know, for more than 20 years, 24 years now. So I'm a big Postgres person. There's someone out there in the community that says that if you say Postgres three times, I will pop up there. It's kind of like Superman or Batman or these superheroes. No, I'm not a superhero. But anyway, professionally, I'm the founder and CEO of a company called OnGres. Let's guess what it means, On Postgres. So it's pretty obvious what we do. So everything revolves around Postgres, but in reality, I love all kinds of technology. I've been working a lot with many other technologies. I know you because of being a Java programmer, which is kind of my hobby. I love programming in my free time, which almost doesn't exist. But I try to get some from time to time. And everything related to technology in general, I'm also a big fan and supporter of open source. I have contributed and keep contributing a lot to open source. I also founded some open source communities, like for example, I'm a Spaniard. I live in Spain. And I founded Debian Spain, an association like, I don't know, 20 years ago. More recently, I also founded a foundation, a nonprofit foundation also in Spain called Fundación PostgreSQL. Again, guess what it does? And I try to engage a lot with the open source communities. We, by the way, organized a conference for those who are interested in Postgres in the magnificent island of Ibiza in the Mediterranean Sea in September this year, 9th to 11th September for those who want to join. So yeah, that's probably a brief intro about myself.


Chris Engelbert: All right. So you are basically the Beetlejuice of Postgres. That's what you're saying.


Álvaro Hernández Tortosa: Beetlejuice, right. That's more upper bid than superheroes. You're absolutely right.


Chris Engelbert: I'm not sure if he is a superhero, but he's different at least. Anyway, you mentioned OnGres. And I know OnGres isn't really like the first company. There were quite a few before, I think, El Toro, a database company.


Álvaro Hernández Tortosa: Yes, Toro DB.


Chris Engelbert: Oh, Toro DB. Sorry, close, close, very close. So what is up with that? You're trying to do a lot of different things and seem to love trying new things, right?


Álvaro Hernández Tortosa: Yes. So I sometimes define myself as a 0.x serial entrepreneur, meaning that I've tried several ventures and sold none of them. But I'm still trying. I like to try to be resilient, and I keep pushing the ideas that I have in the back of my head. So yes, I've done several ventures, all of them, around certain patterns. So for example, you're asking about Toro DB. Toro DB is essentially an open source software that is meant to replace MongoDB with, you guessed it, Postgres, right? There's a certain pattern in my professional life. And Toro DB was. I'm speaking in the past because it no longer unfortunately maintained open source projects. We moved on to something else, which is OnGres. But the idea of Toro DB was to essentially replicate from Mongo DB live these documents and in the process, real time, transform them into a set of relational tables that got stored inside of a Postgres database. So it enabled you to do SQL queries on your documents that were MongoDB. So think of a MongoDB replica. You can keep your MongoDB class if you want, and then you have all the data in SQL. This was great for analytics. You could have great speed ups by normalizing data automatically and then doing queries with the power of SQL, which obviously is much broader and richer than query language MongoDB, especially for analytics. We got like 100 times faster on most queries. So it was an interesting project.


Chris Engelbert: So that means you basically generated the schema on the fly and then generated the table for that schema specifically? Interesting.


Álvaro Hernández Tortosa: Yeah, it was generating tables and columns on the fly.


Chris Engelbert: Right. Ok, interesting. So now you're doing the OnGres thing. And OnGres has, I think, the main product, StackGres, as far as I know. Can you tell a little bit about that?


Álvaro Hernández Tortosa: Yes. So OnGres, as I said, means On Postgres. And one of our goals in OnGres is that we believe that Postgres is a fantastic database. I don't need to explain that to you, right? But it's kind of the Linux kernel, if I may use this parallel. It's a bit bare bones. You need something around it. You need a distribution, right? So Postgres is a little bit the same thing. The core is small, it's fantastic, it's very featureful, it's reliable, it's trustable. But it needs tools around it. So our vision in OnGres is to develop this ecosystem around this Postgres core, right? And one of the things that we experience during our professional lifetime is that Postgres requires a lot of tools around it. It needs monitoring, it needs backups, it needs high availability, it needs connection pooling. By the way, do not use Postgres without connection pooling, right? So you need a lot of tools around. And none of these tools come from a core. You need to look into the ecosystem. And actually, this is good and bad. It's good because there's a lot of options. It's bad because there's a lot of options. Meaning which one to choose, which one is good, which one is bad, which one goes with a good backup solution or the good monitoring solution and how you configure them all. So this was a problem that we coined as a stack problem. So when you really want to run Postgres in production, you need the stack on top of Postgres, right? To orchestrate all these components.

Now, the problem is that we've been doing this a lot of time for our customers. Typically, we love infrastructure scores, right? And everything was done with Ansible and similar tools and Terraform for infrastructure and Ansible for orchestrating these components. But the reality is that every environment into which we looked was slightly different. And we can just take our Ansible code and run it. You've got this stack. But now the storage is different. Your networking is different. Your entry point. Here, one is using virtual IPs. That one is using DNS. That one is using proxies. And then the compute is also somehow different. And it was not reusable. We were doing a lot of copy, paste, modify, something that was not very sustainable.

At some point, we started thinking, is there a way in which we can pack this stack into a single deployable unit that we can take essentially anywhere? And the answer was Kubernetes. Kubernetes provides us this abstraction where we can abstract away this compute, this storage, this bit working and code against a programmable API that we can indeed create this package. So that's a StackGres. So StackGres is the stack of components you need to run production Postgres, packaging a way that is uniform across any environment where you want to run it, cloud, on-prem, it doesn't matter. And is production ready! It's packaged at a very, very high level. So basically you barely need, I would say, you don't need Postgres knowledge to run a production ready enterprise quality Postgres cluster introduction. And that's the main goal of StackGres.


Chris Engelbert: Right, right. And as far as I know, I think it's implemented as a Kubernetes operator, right?


Álvaro Hernández Tortosa: Yes, exactly.


Chris Engelbert: And there's quite a few other operators as well. But I know that StackGres has some things which are done slightly differently. Can you talk a little bit about that? I don't know how much you wanna actually make this public right now.


Álvaro Hernández Tortosa: No, actually everything is open source. Our roadmap is open source, our issues are open source. I'm happy to share everything. Well, first of all, what I would say is that the operator pattern is essentially these controllers that take actions on your cluster and the CRDs. We gave a lot of thought to these CRDs. I would say that a lot of operators, CRDs are kind of a byproduct. A second thought, "I have my objects and then some script generates the CRDs." No, we said CRDs are our user-facing API. The CRDs are our extended API. And the goal of operators is to abstract the way and package business logic, right? And expose it with a simple user interface. So we designed our CRDs to be very, very high level, very amenable to the user, so that again, you don't require any Postgres expertise. So if you look at the CRDs, in practical terms, the YAMLs, right?

The YAMLs that you write to deploy something on StackGres, they should be able to deploy, right? You could explain to your five-year-old kid and your five-year-old kid should be able to deploy Postgres into a production-quality cluster, right? And that's our goal. And if we didn't fulfill this goal, please raise an issue on our public issue tracker on GitLab because we definitely have failed if that's not true. So instead of focusing on the Postgres usual user, very knowledgeable, very high level, most operators focused on low level CRDs and they require Postgres expertise, probably a lot. We want to make Postgres more mainstream than ever, right? Postgres increases in popularity every year and it's being adopted by more and more organizations, but not everybody's a Postgres expert. We want to make Postgres universally accessible for everyone. So one of the things is that we put a lot of effort into this design. And we also have, instead of like a big one, gigantic CRD. We have multiple. They actually can be attached like in an ER diagram between them. So you understand relationships, you create one and then you reference many times, you don't need to restart or reconfigure the configuration files. Another area where I would say we have tried to do something is extensions. Postgres extensions is one of the most loved, if not the most loved feature, right?

And StackGres is the operator that arguably supports the largest number of extensions, over 200 extensions of now and growing. And we did this because we developed a custom solution, which is also open source by StackGres, where we can load extensions dynamically into the cluster. So we don't need to build you a fat container with 200 images and a lot of security issues, right? But rather we deploy you a container with no extensions. And then you say, "I want this, this, this and that." And then they will appear in your cluster automatically. And this is done via simple YAML. So we have a very powerful extension mechanism.

And the other thing is that we not only expose the usual CRD YAML interface for interacting with StackGres, it's more than fine and I love it, but it comes with a fully fledged web console. Not everybody also likes the command line or GitOps approach. We do, but not everybody does. And it's a fully fledged web console which also supports single sign-on, where you can integrate with your AD, with your OIDC provider, anything that you want. Has detailed fine-grained permissions based on Kubernetes RBAC. So you can say, "Who can create clusters, who can view configurations, who can do anything?"

And last but not least, there's a REST API. So if you prefer to automate and integrate with another kind of solution, you can also use the REST API and create clusters and manage clusters via the REST API. And these three mechanisms, the YAML files, CRDs, the REST API and the web console are fully interchangeable. You can use one for one operation, the other one for everything goes back to the same. So you can use any one that you want. And lately we also have added sharding. So sharding scales out with solutions like Citus, but we also support foreign interoperability, Postgres with partitioning and Apache ShardingSphere. Our way is to create a cluster of multiple instances. Not only one primary and one replica, but a coordinator layer and then shards, and it shares a coordinator of the replica. So typically dozens of instances, and you can create them with a simple YAML file and very high-level description, requires some knowledge and wires everything for you. So it's very, very convenient to make things simple.


Chris Engelbert: Right. So the plugin mechanism or the extension mechanism, that was exactly what I was hinting at. That was mind-blowing. I've never seen anything like that when you showed it last year in Ibiza. The other thing that is always a little bit of like a hat-scratcher, I think, for a lot of people when they hear that a Kubernetes operator is actually written in Java. I think RedHat built the original framework. So it kind of makes sense that RedHat is doing that, I think the original framework was a Go library. And Java would probably not be like the first choice to do that. So how did that happen?


Álvaro Hernández Tortosa: Well, at first you're right. Like the operator framework is written in Go and there was nothing else than Go at the time. So we were looking at that, but our team, we had a team of very, very senior Java programmers and none of them were Go programmers, right? But I've seen the Postgres community and all the communities that people who are kind of more in the DevOps world, then switching to Go programmers is a bit more natural, but at the same time, they are not senior from a Go programming perspective, right? The same would have happened with our team, right? They would switch from Java to Go. They would have been senior in Go, obviously, right? So it would have taken some time to develop those skills. On the other hand, we looked at what is the technology behind, what is an operator? An operator is no more than essentially an HTTP server that receives callbacks from Kubernetes and a client because it makes calls to Kubernetes. And HTTP clients and servers can read written in any language. So we look at the core, how complicated this is and how much does this operator framework bring to you? How we saw that it was not that much. And actually something, for example, just mentioned before, the CRDs are kind of generated from your structures and we really wanted to do the opposite way. This is like the database. You use an ORM to read your database existing schema that we develop with all your SQL capabilities or you just create an object and let that generate a database. I prefer the format. So we did the same thing with the CRDs, right? And we wanted to develop them. So Java was more than okay to develop a Kubernetes operator and our team was expert in Java. So by doing it in Java, we were able to be very efficient and deliver a lot of value, a lot of features very, very fast without having to retrain anyone, learn a new language, or learn new skills.

On top of this, there's sometimes a concern that Java requires a JVM, which is kind of a heavy environment, right? And consumes memory and resources, and disk. But by default, StackGres uses a compilation technology and will build a whole project around it called GraalVM. And this allows you to generate native images that are indistinguishable from any other binary, Linux binary you can have with your system. And we deploy StackGres with native images. You can also switch JVM images if you prefer. We over expose both, but by default, there are native images. So at the end of the day, StackGres is several megabytes file, Linux binary and the container and that's it.


Chris Engelbert: That makes sense. And I like that you basically pointed out that the efficiency of the existing developers was much more important than like being cool and going from a new language just because everyone does. So we talked about the operator quite a bit. Like what are your general thoughts on databases in the cloud or specifically in Kubernetes? What are like the issues you see, the problems running a database in such an environment? Well, it's a wide topic, right? And I think one of the most interesting topics that we're seeing lately is a concern about cost and performance. So there's kind of a trade off as usual, right?


Álvaro Hernández Tortosa: There's a trade off between the convenience I want to run a database and almost forget about it. And that's why you switched to a cloud managed service which is not always true by the way, because forgetting about it means that nobody's gonna then back your database, repack your tables, right? Optimize your queries, analyze if you haven't used indexes. So if you're very small, that's more than okay. You can assume that you don't need to touch your database even if you grow over a certain level, you're gonna need the same DBAs, the same, at least to operate not the basic operations of the database which are monitoring, high availability and backups. So those are the three main areas that a managed service provides to you. But so there's convenience, but then there's an additional cost. And this additional cost sometimes is quite notable, right? So it's typically around 80% premium on a N+1/N number of instances because sometimes we need an extra even instance for many cloud services, right? And that multiply by 1.8 ends up being two point something in the usual case. So you're overpaying that. So you need to analyze whether this is good for you from this perspective of convenience or if you want to have something else. On the other hand, almost all cloud services use network disks. And these network disks are very good and have improved performance a lot in the last years, but still they are far from the performance of a local drive, right? And running databases with local drives has its own challenges, but they can be addressed. And you can really, really move the needle by kind of, I don't know if that's the right term to call it self-hosting, but this trend of self-hosting, and if we could marry the simplicity and the convenience of managed services, right?

With the ability of running on any environment and running on any environment at a much higher performance, I think that's kind of an interesting trend right now and a good sweet spot. And Kubernetes, to try to marry all the terms that you mentioned in the question, actually is one driver towards this goal because it enables us infrastructure independence and it enables both network disks and local disks and equally the same. And it's kind of an enabler for this pattern that I see more trends, more trends as of now, more important and one that definitely we are looking forward to.


Chris Engelbert: Right, I like that you pointed out that there's ways to address the local storage issues, just shameless plug, we're actually working on something.


Álvaro Hernández Tortosa: I heard something.


Chris Engelbert: Oh, you heard something. (laughing) All right, last question because we're also running out of time. What do you see as the biggest trend right now in containers, cloud, whatever? What do you think is like the next big thing? And don't say AI, everyone says that.


Álvaro Hernández Tortosa: Oh, no. Well, you know what? Let me do a shameless plug here, right?


Chris Engelbert: All right. I did one. (laughing)


Álvaro Hernández Tortosa: So there's a technology we're working on right now that works for our use case, but will work for many use cases also, which is what we're calling dynamic containers. So containers are essential as something that is static, right? You build a container, you have a build with your Dockerfile, whatever you use, right? And then that image is static. It is what it is. Contains the layers that you specified and that's all. But if you look at any repository in Docker Hub, right? There's plenty of tags. You have what, for example, Postgres. There's Postgres based on Debian. There's Postgres based on Alpine. There's Postgres with this option. Then you want this extension, then you want this other extension. And then there's a whole variety of images, right? And each of those images needs to be built independently, maintained, updated independently, right? But they're very orthogonal. Like upgrading the Debian base OS has nothing to do with the Postgres layer, has nothing to do with the timescale extension, has nothing to do with whether I want the debug symbols or not. So we're working on technology with the goal of being able to, as a user, express any combination of items I want for my container and get that container image without having to rebuild and maintain the image with the specific parameters that I want.


Chris Engelbert: Right, and let me guess, that is how the Postgres extension stuff works.


Álvaro Hernández Tortosa: It is meant to be, and then as a solution for the Postgres extensions, but it's actually quite broad and quite general, right? Like, for example, I was discussing recently with some folks of the OpenTelemetry community, and the OpenTelemetry collector, which is the router for signals in the OpenTelemetry world, right? Has the same architecture, has like around 200 plugins, right? And you don't want a container image with those 200 plugins, which potentially, because many third parties may have some security vulnerabilities, or even if there's an update, you don't want to update all those and restart your containers and all that, right? So why don't you kind of get a container image with the OpenTelemetry collector with this source and this receiver and this export, right? So that's actually probably more applicable. Yeah, I think that makes sense, right? I think that is a really good end, especially because the static containers in the past were in the original idea was that the static gives you some kind of consistency and some security on how the container looks, but we figured out over time, that is not the best solution. So I'm really looking forward to that being probably a more general thing. To be honest, actually the idea, I call it dynamic containers, but in reality, from a user perspective, they're the same static as before. They are dynamic from the registry perspective.


Chris Engelbert: Right, okay, fair enough. All right, thank you very much. It was a pleasure like always talking to you. And for the other ones, I see, hear, or read you next week with my next guest. And thank you to Álvaro, thank you for being here. It was appreciated like always.


Álvaro Hernández Tortosa: Thank you very much.


Comments


bottom of page