provisioning
provisioningdev
K8s Provisioning
Built with Go + native client-go. No kubectl shell-outs. PostgreSQL fully functional. MySQL and MongoDB provisioners in progress.
Orchestrates best-of-breed Kubernetes operators to provide a unified REST API for multi-database provisioning, backup/restore, and lifecycle management.
Status
| Database | Status | Operator |
|---|---|---|
| PostgreSQL | Fully functional | CloudNativePG |
| MySQL | In progress | Vitess |
| MongoDB | In progress | MongoDB Community Operator |
What It Does
Instead of manually applying Kubernetes CRDs, you call a single REST endpoint. The provisioner handles:
- Namespace creation and isolation per tenant/project
- CRD deployment via native
client-godynamic client (no kubectl) - Credential generation with AES-256-GCM encryption
- Continuous WAL archiving and backup scheduling
- Point-in-time recovery (PITR)
- Per-pod CPU/memory monitoring via Kubernetes metrics-server
- pg_stat_statements performance insights
Architecture
┌────────────────────────────────────────┐
│ Go Server (27MB binary, <1s startup) │
├────────────────────────────────────────┤
│ chi router → Handler → Service │
│ ↓ │
│ Provisioner (Strategy pattern) │
│ ↓ │
│ client-go (dynamic + typed clients) │
│ ↓ │
│ K8s API → CloudNativePG Operator │
└────────────────────────────────────────┘
- No kubectl process spawning — all K8s operations use
client-gonatively - No Fabric8/JVM — 27MB static Go binary vs 200MB+ JVM
- 85%+ test coverage — unit tests with mock K8s client + k3s integration tests
8-Stage Provisioning Pipeline
Each stage is tracked independently and reported via the API.
PostgreSQL provisioning pipeline
| Stage | What Happens |
|---|---|
VALIDATING | Validate request, check project name uniqueness |
NAMESPACE_CREATION | Create isolated Kubernetes namespace {orgId}-{projectName} |
CRD_DEPLOYMENT | Apply CloudNativePG Cluster CRD via client-go dynamic client |
WAITING_FOR_READY | Poll all pods (primary + replicas) until Running and Ready |
CREDENTIAL_GEN | Extract credentials from auto-created K8s Secret, encrypt with AES-256-GCM |
BACKUP_CONFIG | Deploy ScheduledBackup CRD with WAL archiving to S3 |
METRICS_SETUP | Enable PodMonitor for STANDARD/ENTERPRISE tiers |
COMPLETED | Instance marked ACTIVE, credentials available |
Tiers
| Tier | Instances | HA | Storage | Memory | CPU | PodMonitor |
|---|---|---|---|---|---|---|
| FREE | 1 | No | 5Gi | 512Mi | 0.5 | No |
| STANDARD | 3 | Yes (1 primary + 2 replicas) | 50Gi | 4Gi | 2 | Yes |
| ENTERPRISE | 5 | Yes (1 primary + 4 replicas) | 500Gi | 16Gi | 4 | Yes |
STANDARD and ENTERPRISE use CloudNativePG streaming replication with automatic failover. Promotion happens in under 30 seconds.
Quick Start
See the Quick Start guide to get a database running in 5 minutes.