Postgres 17 Upgrade

This guide will walk you through the process of migrating a FOSSA-managed Postgres database (version 11.8) to a standalone Postgres 17.x instance. For customers deploying databases within Kubernetes, we provide example steps using the Bitnami Postgres Helm chart, but any properly configured Postgres 17.x database is supported.

Upgrade to Postgres 17.2 for each database (Core, Sparkle, Hubble)

Upgrade to Postgres 17 for each database (Core, Sparkle, Hubble)

FOSSA Postgres Helm Chart Deprecation

After June 16, 2025, FOSSA will no longer bundle a Postgres database within the FOSSA Helm charts. Customers who currently rely on the built-in provisioned Postgres instances (postgres.provisionInstance, hubble.postgres.provisionInstance, or sparklePostgres.provisionInstance) will need to migrate to an externally provisioned Postgres 17 database to continue receiving updates.

For customers running Postgres inside their Kubernetes cluster, we recommend using the Bitnami Postgres 17 Helm chart as a convenient and tested deployment method. However, any properly configured Postgres 17.x database — including Amazon RDS, Aurora Postgres, or self-managed Postgres 17 — is supported.

Prerequisites


Recommendations

  • The default resource values for database deployments match FOSSA Core’s default settings. If your application has customized resource requirements, please adjust the database configuration files accordingly.
  • If you use external Postgres services (e.g., RDS or self-hosted instances), ensure that:
    • Required extensions (such as pgcrypto, uuid-ossp) are available.
    • Your database instance is reachable from the FOSSA application. (SSL is not currently supported.)
    • Authentication credentials and roles allow schema migrations.
  • If your vulns updater is disabled, you can ignore the associated configuration steps in this guide.

Assumptions

  • Your Helm release is named fossa.
  • Database credentials are:
    • fossa / fossa123 for Core
    • sparkle / fossa123 for Sparkle
    • hubble / fossa123 for Hubble
  • Resource settings align with Core’s defaults unless otherwise specified.
  • Vulns updater is enabled (unless noted otherwise).

Migration Steps

If you’re using Bitnami-managed Postgres 17 inside your cluster, follow these instructions:


Set namespace

  1. Set the namespace to fossa
kubectl config set-context namespace=fossa

Create values files for each database for the Bitnami chart

  1. Create a new values file for core, sparkle and hubble databases with the appropriate auth credentials and database resources for the Bitnami Postgres chart.

Core bitnami-core-psql-values.yml

auth:
  username: fossa
  password: fossa123
  database: fossa

primary:
  persistence:
    size: 8Gi
  resources:
    limits:
      cpu: 4000m
      memory: 4Gi
    requests:
      cpu: 2000m
      memory: 4Gi

Sparkle bitnami-sparkle-psql-values.yml

auth:
  username: sparkle
  password: fossa123
  database: sparkle

primary:
  persistence:
    size: 8Gi
  resources:
    limits:
      cpu: 4000m
      memory: 4Gi
    requests:
      cpu: 2000m
      memory: 4Gi

Hubble bitnami-hubble-psql-values.yml

auth:
  username: hubble
  password: fossa123
  database: hubble

primary:
  persistence:
    size: 8Gi
  resources:
    limits:
      cpu: 4000m
      memory: 4Gi
    requests:
      cpu: 2000m
      memory: 4Gi

Install the Bitnami helm chart for each database

  1. Install the Bitnami Postgres chart using the new values file for core, sparkle and hubble databases.
helm upgrade -i fossa-core-db oci://registry-1.docker.io/bitnamicharts/postgresql --values bitnami-core-psql-values.yml --version 16.4.7 -n fossa
helm upgrade -i fossa-sparkle-db oci://registry-1.docker.io/bitnamicharts/postgresql --values bitnami-sparkle-psql-values.yml --version 16.4.7 -n fossa
helm upgrade -i fossa-hubble-db oci://registry-1.docker.io/bitnamicharts/postgresql --values bitnami-hubble-psql-values.yml --version 16.4.7 -n fossa


Set the application to maintenance mode

  1. Set the application to maintenance mode.
helm upgrade -i fossa fossa/fossa-core --set global.maintenanceMode.enabled=true --set vulns.updater.enabled=false --reuse-values

If your vulns updater is disabled, please ignore the vulns updater parameters and set the maintenance mode to true as follows:

helm upgrade -i fossa fossa/fossa-core --set global.maintenanceMode.enabled=true --reuse-values

Create database backups

  1. Make a backup of core, hubble and sparkle fossa databases and terminate the port-forward upon completion.

Core

### Core
kubectl port-forward service/fossa-core-postgres 5432:5432 &
pg_dumpall -h localhost -U fossa -f fossa-core-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg

Sparkle

kubectl port-forward service/fossa-sparkle-postgres 5432:5432 &
pg_dumpall -h localhost -U sparkle -f fossa-sparkle-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg

Hubble

kubectl port-forward service/fossa-hubble-postgres 5432:5432 &
pg_dumpall -h localhost -U hubble -f fossa-hubble-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg

Restore database backups

  1. Restore the fossa database from the backup for core, hubble and sparkle databases.

Core

### Core
kubectl port-forward service/fossa-core-db-postgresql 5432:5432 &
psql -h localhost -U fossa -d fossa -f fossa-core-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg

Sparkle

kubectl port-forward service/fossa-sparkle-db-postgresql 5432:5432 &
psql -h localhost -U sparkle -d fossa -f fossa-sparkle-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg

Hubble

kubectl port-forward service/fossa-hubble-db-postgresql 5432:5432 &
psql -h localhost -U hubble -d fossa -f fossa-hubble-backup.bkp
# Terminate the port-forward using `fg` and `Ctrl+C`
fg

Check the health of the databases

  1. Ensure the core, sparkle and hubble databases are running and healthy.
kubectl logs sts/fossa-core-db-postgresql -f
kubectl logs sts/fossa-sparkle-db-postgresql -f
kubectl logs sts/fossa-hubble-db-postgresql -f


Update the application

  1. Update the release to use the Bitnami database.

Core

helm upgrade -i fossa fossa/fossa-core --set postgres.host=fossa-core-db-postgresql --reuse-values

Sparkle

helm upgrade -i fossa fossa/fossa-sparkle --set sparklePostgres.host=fossa-sparkle-db-postgresql --reuse-values

Hubble

helm upgrade -i fossa fossa/fossa-hubble --set hubble.postgres.host=fossa-hubble-db-postgresql --reuse-values

Set the application to production mode

  1. Set the application to production mode
helm upgrade -i fossa fossa/fossa-core --set global.maintenanceMode.enabled=false --set vulns.updater.enabled=true --reuse-values

If your vulns updater is disabled, please ignore the vulns updater parameters and set the maintenance mode to false as follows:

helm upgrade -i fossa fossa/fossa-core --set global.maintenanceMode.enabled=false --reuse-values

Ensure the application is healthy

  1. Ensure the application is running and healthy.
kubectl logs deployment/fossa-fossa-core-api -f
kubectl logs deployment/fossa-fossa-core-workers-primary -f
kubectl logs deployment/fossa-fossa-hubble-api -f
kubectl logs deployment/fossa-fossa-core-sparkle-api -f

Update your main values file

  1. Finally after confirming the applications are running and healthy, update your values file to use the new databases.

Core

postgres:
  host: fossa-core-db-postgresql

Sparkle

sparklePostgres:
  host: fossa-sparkle-db-postgresql

Hubble

hubble:
  postgres:
    host: fossa-hubble-db-postgresql

Note on External Databases

If you are connecting FOSSA Core to an external Postgres 17.x service such as Amazon RDS, Aurora, or self-hosted Postgres:

  • You do not need to deploy Bitnami Postgres charts.
  • You should update your FOSSA Helm values to point to the appropriate external database hostnames.
  • Ensure proper firewall/endpoint access between FOSSA pods and your database.
  • Ensure required extensions (pgcrypto, uuid-ossp) are enabled.
  • Review resource sizing and connection pool settings to ensure application performance.

Example snippet for an external RDS database:

postgres:
  host: your-rds-endpoint.amazonaws.com
  username: fossa
  password: your-fossa-password
  database: fossa

Repeat similar configurations for Sparkle and Hubble if those services are deployed.

Final Verification

Once all updates are complete:

  • Ensure all FOSSA pods are healthy.
  • Verify schema migrations completed successfully.
  • Confirm that FOSSA Core, Sparkle, and Hubble services are operating normally.