Skip to content

fix: resolve WAL archiving performance and memory issues #746

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
leonardoce merged 7 commits into from
Jan 29, 2026
Merged

fix: resolve WAL archiving performance and memory issues #746

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
883ba6a
fix: use wheel-based build to fix bytecode staleness
mnencia Jan 28, 2026
a9d8dbb
fix: add compression library dependencies for barman
mnencia Jan 29, 2026
a29726e
fix: use distroless base image to reduce size and attack surface
mnencia Jan 29, 2026
c8220fb
fix: automate library dependency detection using distroless package list
mnencia Jan 29, 2026
4cab8f8
fix: compile all Python bytecode in final stage as root
mnencia Jan 29, 2026
2f1ca8a
fix: use sysconfig for Python stdlib path and remove x86_64 comment
mnencia Jan 29, 2026
b891526
docs: clean up Dockerfile comments for clarity and accuracy
mnencia Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 0 additions & 38 deletions .github/workflows/barman-base-image.yml
View file
Open in desktop

This file was deleted.

28 changes: 0 additions & 28 deletions Taskfile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -381,34 +381,6 @@ tasks:
build --dir . --file containers/Dockerfile.sidecar --platform linux/amd64 --platform linux/arm64
publish --ref {{.SIDECAR_IMAGE_NAME}} --tags {{.IMAGE_VERSION}}

publish-barman-base:
desc: Build and publish a barman-cloud base container image
vars:
BARMAN_BASE_IMAGE_NAME: ghcr.io/{{.GITHUB_REPOSITORY}}-base{{if not (hasPrefix "refs/heads/main" .GITHUB_REF)}}-testing{{end}}
BARMAN_VERSION:
sh: grep "^barman" containers/sidecar-requirements.in | sed -E 's/.*==([^ ]+)/\1/'
BUILD_DATE:
sh: date +"%Y%m%d%H%M"
requires:
# We expect this to run in a GitHub workflow, so we put a few GitHub-specific vars here
# to prevent running this task locally by accident.
vars:
- CI
- GITHUB_REPOSITORY
- GITHUB_REF
- GITHUB_REF_NAME
- REGISTRY_USER
- REGISTRY_PASSWORD
env:
# renovate: datasource=git-refs depName=docker lookupName=https://github.com/purpleclay/daggerverse currentValue=main
DAGGER_DOCKER_SHA: ee12c1a4a2630e194ec20c5a9959183e3a78c192
cmds:
- >
dagger call -m github.com/purpleclay/daggerverse/docker@${DAGGER_DOCKER_SHA}
--registry ghcr.io --username $REGISTRY_USER --password env:REGISTRY_PASSWORD
build --dir . --file containers/Dockerfile.barmanbase --platform linux/amd64 --platform linux/arm64
publish --ref {{.BARMAN_BASE_IMAGE_NAME}} --tags "{{.BARMAN_VERSION}}-{{.BUILD_DATE}}"

controller-gen:
desc: Run controller-gen
run: once
Expand Down
7 changes: 0 additions & 7 deletions containers/Dockerfile.barmanbase
View file
Open in desktop

This file was deleted.

88 changes: 73 additions & 15 deletions containers/Dockerfile.sidecar
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,22 +33,68 @@ COPY ../internal/ internal/
RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \
CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/manager/main.go

# Use plugin-barman-cloud-base to get the dependencies.
# pip will build everything inside /usr, so we copy every file into a new
# destination that will then be copied into the distroless container
FROM ghcr.io/cloudnative-pg/plugin-barman-cloud-base:3.17.0-202601131704 AS pythonbuilder
# Prepare a new /usr/ directory with the files we'll need in the final image
RUN mkdir /new-usr/ && \
cp -r --parents /usr/local/lib/ /usr/lib/*-linux-gnu/ /usr/local/bin/ \
/new-usr/

# Joint process
# Now we put everything that was build from the origin into our
# distroless container
FROM gcr.io/distroless/python3-debian12:nonroot
# Build Python virtualenv with all dependencies
# Using virtualenv ensures bytecode is compiled with correct timestamps
FROM debian:trixie-slim AS pythonbuilder
WORKDIR /build

# Install postgresql-common and setup pgdg repository first
RUN apt-get update && \
apt-get install -y --no-install-recommends postgresql-common && \
/usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y

# Install build dependencies
# After pgdg repo setup, this ensures we get updated versions from apt.postgresql.org
RUN apt-get update && \
apt-get install -y --no-install-recommends \
python3 \
python3-venv \
python3-dev \
build-essential \
libpq-dev \
liblz4-dev \
libsnappy-dev

# Copy requirements
COPY containers/sidecar-requirements.txt .

# Create virtualenv and install dependencies
RUN python3 -m venv /venv && \
/venv/bin/pip install --upgrade pip setuptools wheel && \
/venv/bin/pip install --no-cache-dir -r sidecar-requirements.txt

# Download and extract runtime library packages and their dependencies
# Using apt-cache to automatically resolve dependencies, filtering out packages
# already present in the distroless base image.
# Distroless package list from: https://github.com/GoogleContainerTools/distroless/blob/main/base/config.bzl
# and https://github.com/GoogleContainerTools/distroless/blob/main/python3/config.bzl
RUN mkdir -p /dependencies /build/downloads && \
cd /build/downloads && \
DISTROLESS_PACKAGES="libc6 libssl3t64 libzstd1 zlib1g libgcc-s1 libstdc++6 \
libbz2-1.0 libdb5.3t64 libexpat1 liblzma5 libsqlite3-0 libuuid1 \
libncursesw6 libtinfo6 libcom-err2 libcrypt1 libgssapi-krb5-2 \
libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libnsl2 \
libreadline8t64 libtirpc3t64 libffi8 libpython3.13-minimal \
libpython3.13-stdlib python3.13-minimal python3.13-venv" && \
apt-cache depends --recurse --no-recommends --no-suggests \
--no-conflicts --no-breaks --no-replaces --no-enhances \
$DISTROLESS_PACKAGES 2>/dev/null | grep "^\w" | sort -u > /tmp/distroless.txt && \
apt-cache depends --recurse --no-recommends --no-suggests \
--no-conflicts --no-breaks --no-replaces --no-enhances \
libpq5 liblz4-1 libsnappy1v5 2>/dev/null | grep "^\w" | sort -u | \
grep -v -F -x -f /tmp/distroless.txt > /tmp/packages.txt && \
apt-get download $(cat /tmp/packages.txt) && \
for deb in *.deb; do \
dpkg -x "$deb" /dependencies; \
done

# Final sidecar image
# Using distroless base for minimal size and less extra packages
FROM gcr.io/distroless/python3-debian13:nonroot

ENV SUMMARY="CloudNativePG Barman plugin" \
DESCRIPTION="Container image that provides the barman-cloud sidecar"
DESCRIPTION="Container image that provides the barman-cloud sidecar" \
PATH="/venv/bin:$PATH"

LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
Expand All @@ -60,7 +106,19 @@ LABEL summary="$SUMMARY" \
version="" \
release="1"

COPY --from=pythonbuilder /new-usr/* /usr/
# Copy virtualenv with pre-compiled bytecode
COPY --from=pythonbuilder /venv /venv

# Copy runtime libraries from extracted packages
# All libraries are in /usr/lib/x86_64-linux-gnu
COPY --from=pythonbuilder /dependencies/usr/lib /usr/lib

# Copy Go manager binary
COPY --from=gobuilder /workspace/manager /manager

# Compile all Python bytecode as root to avoid runtime compilation
USER 0:0
RUN ["/venv/bin/python3", "-m", "compileall", "-q", "/usr/lib/python3.13", "/venv"]

USER 26:26
ENTRYPOINT ["/manager"]
6 changes: 0 additions & 6 deletions renovate.json5
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,12 +79,6 @@
enabled: false,
},
packageRules: [
{
matchPackageNames: [
'ghcr.io/cloudnative-pg/plugin-barman-cloud-base',
],
versioning: 'loose',
},
{
matchDatasources: [
'go',
Expand Down
Loading