Managed PostgreSQL (Planned)

Purpose: For platform engineers, explains the planned Managed PostgreSQL service — operator selection, capabilities, backup model, and timeline.

Status

Preview — Q2 2026 start, targeting Q3 2026 GA.

Operator selection between CloudNativePG and Zalando postgres-operator is in progress. Both candidates meet the selection criteria; final decision pending production validation.

Why PostgreSQL

Most requested database from customers
Required before CDC (Debezium captures from PostgreSQL)
Mature operator ecosystem with two strong candidates
Horizontal dependency for many application architectures

Included in v1

Capability	Description
Cluster provisioning	Single-primary with streaming replicas
High availability	Automated failover (operator-managed)
Backup	Scheduled base backup + continuous WAL archiving
Point-in-time recovery	Restore to any WAL position within retention window
Rolling upgrades	Minor and major version upgrades with managed switchover
Connection pooling	PgBouncer sidecar or dedicated pool
Monitoring	Prometheus exporter + Grafana dashboards + alerting rules
TLS	cert-manager issued certificates for client and replication
Authentication	SCRAM-SHA-256, certificate-based
GitOps lifecycle	CRDs in Git, FluxCD reconciliation
Air-gap support	All images mirrorable

Excluded from v1

Capability	Rationale
Logical replication	Complexity; defer to CDC service (Q1 2027)
Multi-region	Requires cross-cluster networking; future scope
Read replicas with load balancing	Deferred pending demand signal
Custom extensions	Security review required per extension; curated list only
Managed PgBouncer (standalone)	Connection pooling via sidecar is sufficient for v1

Operator Comparison

Criteria	CloudNativePG	Zalando postgres-operator
Maturity	GA, CNCF Sandbox	GA, production at Zalando
Backup	Barman-based, object storage	Logical + physical, S3/GCS/Azure
Failover	Automated, raft-based leader election	Automated via Patroni
Upgrades	In-place minor, managed major	In-place minor, managed major
CRD API	`Cluster` (single CRD)	`postgresql` + `OperatorConfiguration`
Monitoring	Built-in Prometheus exporter	Sidecar exporter
Community	Active, regular releases	Active, large user base
Air-gap	Standard images, no external calls	Standard images, no external calls

Selection criteria: day-2 operations maturity, backup/PITR reliability, upgrade safety, CRD API stability, community activity.

Backup and Restore Model

Operation	Mechanism	RPO
Base backup	Scheduled (daily default) to object storage	24h (configurable)
WAL archiving	Continuous streaming to object storage	Seconds (near-zero)
Point-in-time recovery	Restore base + replay WAL to target timestamp	Seconds
Cluster clone	Create new cluster from backup	N/A

Object storage backends: S3-compatible (MinIO in air-gap), or cloud provider object store.

Support Boundary

openCenter Responsibility	Customer Responsibility
Operator deployment and upgrades	Database schema design
Cluster provisioning and HA	Application queries and indexes
Backup scheduling and retention	Data content and quality
Monitoring and alerting	Application connection management
TLS and credential rotation	Performance tuning (query-level)
Failover and recovery	Capacity planning input

Naming

Product: openCenter Managed PostgreSQL
Namespace: data-postgres
Blueprint: managed-postgres-v1
Helm release: per operator choice

See Naming Standards for full conventions.

Dependencies

Dependency	Purpose
cert-manager	TLS certificates
kube-prometheus-stack	Metrics and alerting
Loki	Log aggregation
Kyverno	Policy enforcement
FluxCD	GitOps reconciliation
Object storage	Backup target (S3-compatible)
Velero	Operator state backup

Timeline

Milestone	Target
Operator selection finalized	Q2 2026
Preview (backup/restore validated)	Q2 2026
GA (full day-2 operations)	Q3 2026

Status​

Why PostgreSQL​

Included in v1​

Excluded from v1​

Operator Comparison​

Backup and Restore Model​

Support Boundary​

Naming​

Dependencies​

Timeline​

Further Reading​