PostgreSQL User Group Estonia

Join us in Tallinn on July 2nd at 18:00 for our next meetup, hosted by Entigo! This time, we will explore the ins and outs of building and managing your own PostgreSQL setup, guided by two amazing speakers.

We are going to explore building/managing own PostgreSQL setup with help of two amazing speakers.

Henrietta (Hettie) Dombrovskaya
Making Access Control Management Easy: Introducing pg_acm

PostgreSQL does not have any prescribed guidelines for the use of schemas, also called namespaces. A namespace is just one of many attributes of an object, whether an object is a table, a view, a function, or any other object type available in PostgreSQL. One of the common reasons for using schemas is to simplify access control management. The idea is straightforward: all objects within one schema should have identical access privileges. As simple as it sounds, the practical implementation of this approach can quickly turn into an operational nightmare unless all participants agree to follow a set of rules that are difficult to enforce. That is, unless you use pg_acm: an access control management tool for PostgreSQL, which we are going to introduce in this talk. The only thing you need to do is to define an access management policy for your database. Once it is defined, a CREATE SCHEMA command will invoke the creation of a set of event triggers and roles. All of them, working together, will ensure your access policy enforcement. No more accidental grants to PUBLIC. No more mysterious “permission denied” errors. You are in control.

Martin Vool
How Hard Can a Simple Kubernetes PostgreSQL Self-Service Be?

"How hard can it be?" We thought building a simple self-service was easy: let developers order a PostgreSQL instance, its databases, and users straight from the Kubernetes API, without caring which cloud runs underneath. Using managed services like AWS RDS behind a clean Crossplane-based interface, the first prototype came together fast and then day 2 arrived. This talk is a field report on everything between "it works!" and production: Kubernetes finalizers and RDS deletion protection that trap objects in limbo, backups you can only restore into a brand-new instance, and the day a user deleted an entire namespace and took our teardown logic with it. Along the way we leaned on Kyverno policies as duct tape and an upstream PR still stuck in review. If you build self-service infrastructure on Kubernetes or just enjoy other people's operational scar tissue you'll leave with concrete patterns and a healthy respect for the word "simple."

Additionally:

• A Word from Our Host: A brief welcome from the team hosting us.
• Lightning Talks: Have a topic or idea? Let the organizers know if you'd like to present!
• Hallway Track: Enjoy a cozy and practical space for networking and conversations between presentations.

Organizational Details:

• Check-in: There will be a secondary RSVP at the doors (Entigo will act as the data controller).
• Parking: Free parking is available behind the building.
• Recording: We are planning to record the event on video and will share more details once they are finalized.

Looking forward to seeing you there!