cleanstart/postgres

Verified Publisher

By CleanStart

•Updated about 14 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image

Databases & storage

10K+

Overview Tags

cleanstart/postgres repository overview

CleanStart Container for Postgres

Enterprise-grade PostgreSQL database container optimized for cloud-native deployments. This image provides a production-ready PostgreSQL database server with enhanced security features, automated backups, and performance optimization. Built on PostgreSQL, the world's most advanced open source database, this container includes built-in connection pooling, WAL-E backup tools, and monitoring capabilities. Designed for high-availability enterprise deployments with focus on data integrity and security compliance.

📌 CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features

ACID compliant relational database management system
Advanced indexing and query optimization capabilities
Built-in connection pooling and replication support
Enterprise-grade security with role-based access control

Common Use Cases

Enterprise application backend database
Microservices data persistence layer
Data warehousing and analytics
Geospatial applications with PostGIS extension

Quick Start

Pull Latest Image Download the database container image from the registry

docker pull cleanstart/postgres:latest
docker pull cleanstart/postgres:latest-dev

Production Deployment Deploy database with persistent storage and security settings

docker run -d --name postgres-prod \
  -p 5432:5432 \
  -e POSTGRES_PASSWORD=secure_password \
  -v postgres_data:/var/lib/postgresql/data \
  --security-opt=no-new-privileges \
  cleanstart/postgres:latest

Docker Compose Setup Complete database service configuration

version: '3.8'
services:
  postgres:
    image: cleanstart/postgres:latest
    container_name: postgres
    restart: unless-stopped
    ports:
      - "5432:5432"
    environment:
      POSTGRES_PASSWORD: secure_password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    security_opt:
      - no-new-privileges:true
volumes:
  postgres_data:

Connect to Database Access database shell for administration

docker exec -it postgres-prod psql -U postgres

Configuration

Environment Variables

Variable	Default	Description
PATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin	System PATH configuration
POSTGRES_PASSWORD		Required password for PostgreSQL superuser
POSTGRES_USER	postgres	PostgreSQL superuser name
POSTGRES_DB	postgres	Default database name

Security & Best Practices

Recommended Security Context

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ['ALL']

Best Practices

Use specific image tags for production (avoid latest)
Configure resource limits: memory and CPU constraints
Enable read-only root filesystem when possible
Run containers with non-root user (--user 1000:1000)
Use --security-opt=no-new-privileges flag
Regularly update container images for security patches
Implement proper network segmentation
Monitor container metrics for anomalies

Architecture Support

Multi-Platform Images

docker pull --platform linux/amd64 cleanstart/postgres:latest
docker pull --platform linux/arm64 cleanstart/postgres:latest

Resources & Documentation

CleanStart Website: https://www.cleanstart.com⁠
PostgreSQL Documentation: https://www.postgresql.org/docs/⁠
CleanStart Community Images: https://hub.docker.com/u/cleanstart⁠
CleanStart All Images: https://images.cleanstart.com/images/postgres/details⁠
How-to-Run CleanStart Images & Sample Projects: https://github.com/cleanstart-containers/postgres⁠,
- how-to-Run sample projects using dockerfile
- how-to-Deploy via Kubernete YAML
- how-to-Migrate from public images to CleanStart images

⁠Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Recent tags

Content type

Image

Digest

sha256:79314712f…

Size

167.8 MB

Last updated

about 14 hours ago

Run in Docker Desktop

Requires Docker Desktop 4.37.1 or later.