Postgres 17 Upgrade
This guide will walk you through the process of migrating a FOSSA-managed Postgres database (version 11.8) to a standalone Postgres 17.x instance. For customers deploying databases within Kubernetes, we provide example steps using the Bitnami Postgres Helm chart, but any properly configured Postgres 17.x database is supported.

Upgrade to Postgres 17 for each database (Core, Sparkle, Hubble)
FOSSA Postgres Helm Chart Deprecation
After June 16, 2025, FOSSA will no longer bundle a Postgres database within the FOSSA Helm charts. Customers who currently rely on the built-in provisioned Postgres instances (postgres.provisionInstance
, hubble.postgres.provisionInstance
, or sparklePostgres.provisionInstance
) will need to migrate to an externally provisioned Postgres 17 database to continue receiving updates.
For customers running Postgres inside their Kubernetes cluster, we recommend using the Bitnami Postgres 17 Helm chart as a convenient and tested deployment method. However, any properly configured Postgres 17.x database — including Amazon RDS, Aurora Postgres, or self-managed Postgres 17 — is supported.
Prerequisites
- postgresql client 17.x
- This guide assumes 17.2 as part of bitnami/postgresql/16.4.7 chart
- helm 3.17+
- kubectl 1.28+
- Kubernetes API access
Recommendations
- The default resource values for database deployments match FOSSA Core’s default settings. If your application has customized resource requirements, please adjust the database configuration files accordingly.
- If you use external Postgres services (e.g., RDS or self-hosted instances), ensure that:
- Required extensions (such as pgcrypto, uuid-ossp) are available.
- Your database instance is reachable from the FOSSA application. (SSL is not currently supported.)
- Authentication credentials and roles allow schema migrations.
- If your vulns updater is disabled, you can ignore the associated configuration steps in this guide.
Assumptions
- Your Helm release is named
fossa
. - Database credentials are:
fossa
/fossa123
for Coresparkle
/fossa123
for Sparklehubble
/fossa123
for Hubble
- Resource settings align with Core’s defaults unless otherwise specified.
- Vulns updater is enabled (unless noted otherwise).
Migration Steps
If you’re using Bitnami-managed Postgres 17 inside your cluster, follow these instructions:
Set namespace
- Set the namespace to
fossa
kubectl config set-context namespace=fossa
Create values files for each database for the Bitnami chart
- Create a new values file for core, sparkle and hubble databases with the appropriate auth credentials and database resources for the Bitnami Postgres chart.
Core bitnami-core-psql-values.yml
bitnami-core-psql-values.yml
auth:
username: fossa
password: fossa123
database: fossa
primary:
persistence:
size: 8Gi
resources:
limits:
cpu: 4000m
memory: 4Gi
requests:
cpu: 2000m
memory: 4Gi
Sparkle bitnami-sparkle-psql-values.yml
bitnami-sparkle-psql-values.yml
auth:
username: sparkle
password: fossa123
database: sparkle
primary:
persistence:
size: 8Gi
resources:
limits:
cpu: 4000m
memory: 4Gi
requests:
cpu: 2000m
memory: 4Gi
Hubble bitnami-hubble-psql-values.yml
bitnami-hubble-psql-values.yml
auth:
username: hubble
password: fossa123
database: hubble
primary:
persistence:
size: 8Gi
resources:
limits:
cpu: 4000m
memory: 4Gi
requests:
cpu: 2000m
memory: 4Gi
Install the Bitnami helm chart for each database
- Install the Bitnami Postgres chart using the new values file for core, sparkle and hubble databases.
helm upgrade -i fossa-core-db oci://registry-1.docker.io/bitnamicharts/postgresql --values bitnami-core-psql-values.yml --version 16.4.7 -n fossa
helm upgrade -i fossa-sparkle-db oci://registry-1.docker.io/bitnamicharts/postgresql --values bitnami-sparkle-psql-values.yml --version 16.4.7 -n fossa
helm upgrade -i fossa-hubble-db oci://registry-1.docker.io/bitnamicharts/postgresql --values bitnami-hubble-psql-values.yml --version 16.4.7 -n fossa
Set the application to maintenance mode
- Set the application to maintenance mode.
helm upgrade -i fossa fossa/fossa-core --set global.maintenanceMode.enabled=true --set vulns.updater.enabled=false --reuse-values
If your vulns updater is disabled, please ignore the vulns updater parameters and set the maintenance mode to true as follows:
helm upgrade -i fossa fossa/fossa-core --set global.maintenanceMode.enabled=true --reuse-values
Create database backups
- Make a backup of core, hubble and sparkle fossa databases and terminate the port-forward upon completion.
Core
### Core
kubectl port-forward service/fossa-core-postgres 5432:5432 &
pg_dumpall -h localhost -U fossa -f fossa-core-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg
Sparkle
kubectl port-forward service/fossa-sparkle-postgres 5432:5432 &
pg_dumpall -h localhost -U sparkle -f fossa-sparkle-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg
Hubble
kubectl port-forward service/fossa-hubble-postgres 5432:5432 &
pg_dumpall -h localhost -U hubble -f fossa-hubble-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg
Restore database backups
- Restore the fossa database from the backup for core, hubble and sparkle databases.
Core
### Core
kubectl port-forward service/fossa-core-db-postgresql 5432:5432 &
psql -h localhost -U fossa -d fossa -f fossa-core-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg
Sparkle
kubectl port-forward service/fossa-sparkle-db-postgresql 5432:5432 &
psql -h localhost -U sparkle -d fossa -f fossa-sparkle-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg
Hubble
kubectl port-forward service/fossa-hubble-db-postgresql 5432:5432 &
psql -h localhost -U hubble -d fossa -f fossa-hubble-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg
Check the health of the databases
- Ensure the core, sparkle and hubble databases are running and healthy.
kubectl logs sts/fossa-core-db-postgresql -f
kubectl logs sts/fossa-sparkle-db-postgresql -f
kubectl logs sts/fossa-hubble-db-postgresql -f
Update the application
- Update the release to use the Bitnami database.
Core
helm upgrade -i fossa fossa/fossa-core --set postgres.host=fossa-core-db-postgresql --reuse-values
Sparkle
helm upgrade -i fossa fossa/fossa-sparkle --set sparklePostgres.host=fossa-sparkle-db-postgresql --reuse-values
Hubble
helm upgrade -i fossa fossa/fossa-hubble --set hubble.postgres.host=fossa-hubble-db-postgresql --reuse-values
Set the application to production mode
- Set the application to production mode
helm upgrade -i fossa fossa/fossa-core --set global.maintenanceMode.enabled=false --set vulns.updater.enabled=true --reuse-values
If your vulns updater is disabled, please ignore the vulns updater parameters and set the maintenance mode to false as follows:
helm upgrade -i fossa fossa/fossa-core --set global.maintenanceMode.enabled=false --reuse-values
Ensure the application is healthy
- Ensure the application is running and healthy.
kubectl logs deployment/fossa-fossa-core-api -f
kubectl logs deployment/fossa-fossa-core-workers-primary -f
kubectl logs deployment/fossa-fossa-hubble-api -f
kubectl logs deployment/fossa-fossa-core-sparkle-api -f
Update your main values file
- Finally after confirming the applications are running and healthy, update your values file to use the new databases.
Core
postgres:
host: fossa-core-db-postgresql
Sparkle
sparklePostgres:
host: fossa-sparkle-db-postgresql
Hubble
hubble:
postgres:
host: fossa-hubble-db-postgresql
Note on External Databases
If you are connecting FOSSA Core to an external Postgres 17.x service such as Amazon RDS, Aurora, or self-hosted Postgres:
- You do not need to deploy Bitnami Postgres charts.
- You should update your FOSSA Helm values to point to the appropriate external database hostnames.
- Ensure proper firewall/endpoint access between FOSSA pods and your database.
- Ensure required extensions (pgcrypto, uuid-ossp) are enabled.
- Review resource sizing and connection pool settings to ensure application performance.
Example snippet for an external RDS database:
postgres:
host: your-rds-endpoint.amazonaws.com
username: fossa
password: your-fossa-password
database: fossa
Repeat similar configurations for Sparkle and Hubble if those services are deployed.
Final Verification
Once all updates are complete:
- Ensure all FOSSA pods are healthy.
- Verify schema migrations completed successfully.
- Confirm that FOSSA Core, Sparkle, and Hubble services are operating normally.
Updated 8 days ago