Percona Live ONLINE

Managing a single PostgreSQL instance can be challenging when failures happen. Replicas can be added and promoted when needed. However, application traffic has to be redirected to the new primary. At OVHcloud, a major cloud computing provider in Europe, we use load balancers in front of our databases clusters on production. In that case, PostgreSQL sees then all client connections coming from those IP addresses. That means we couldn't base the pg_hba.conf settings on source IP addresses. That also means, in the logs, all slow queries, DDL queries, connections and disconnections are obfuscated. In a world where where security and traceability is a strong requirement for PCI DSS compliant infrastructures, we had to find a solution. This talk will present you our findings and how we could implement transparent load balancing in a distributed database system.