Description PgBouncer-FIPS is a lightweight connection pooler for PostgreSQL that provides FIPS 140-2 validated cryptographic operations. It helps manage database connections efficiently while maintaining security compliance requirements for regulated environments. This container is specifically hardened and configured for enterprise use in environments requiring FIPS compliance.
Key Features Core capabilities and strengths of this container
FIPS 140-2 validated cryptographic operations Efficient PostgreSQL connection pooling Security-hardened configuration for enterprise use High-performance connection management Common Use Cases Typical scenarios where this container excels
Enterprise PostgreSQL connection management FIPS-compliant database environments High-traffic database applications Regulated industry deployments Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/pgbouncer-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/pgbouncer-fips:latest-devBasic Run Run the container with basic configuration
bash docker run -d --name pgbouncer \
-p 6432:6432 \
-e DB_HOST=postgres.example.com \
-e DB_PORT=5432 \
-e DB_USER=dbuser \
-e DB_PASSWORD=secretpassword \
clnstrt-images.cleanstart.com/$ORGANIZATION/pgbouncer-fips:latestProduction Deployment Deploy with production security settings
bash docker run -d --name pgbouncer-prod \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
-p 6432:6432 \
-v pgbouncer-config:/etc/pgbouncer \
-e DB_HOST=postgres.example.com \
-e DB_PORT=5432 \
-e MAX_CLIENT_CONN=100 \
clnstrt-images.cleanstart.com/$ORGANIZATION/pgbouncer-fips:latestVolume Mount Mount local configuration directory
bash docker run -d \
-v $(pwd)/pgbouncer.ini:/etc/pgbouncer/pgbouncer.ini \
clnstrt-images.cleanstart.com/$ORGANIZATION/pgbouncer-fips:latestPort Forwarding Run with custom port mappings
bash docker run -d -p 5432:6432 clnstrt-images.cleanstart.com/$ORGANIZATION/pgbouncer-fips:latestEnvironment Variables Configuration options available through environment variables
DB_HOST PostgreSQL server hostname localhostDB_PORT PostgreSQL server port 5432DB_USER Database user postgresMAX_CLIENT_CONN Maximum number of client connections 100POOL_MODE Pool mode (session, transaction, statement) sessionSecurity Best Practices Recommended security configurations and practices
Use FIPS mode for cryptographic operations Implement proper authentication mechanisms Configure SSL/TLS for encrypted connections Regularly rotate credentials and certificates Monitor connection pools for unusual activity Implement proper access controls Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefaultDocumentation Resources Essential links and resources for further information