Skip to content

Release v2.0.0 - Enterprise-Grade Database Proxy#2

Merged
hasirciogluhq merged 22 commits intomainfrom
development
Jan 12, 2026
Merged

Release v2.0.0 - Enterprise-Grade Database Proxy#2
hasirciogluhq merged 22 commits intomainfrom
development

Conversation

@hasirciogluhq
Copy link
Owner

@hasirciogluhq hasirciogluhq commented Jan 12, 2026

Release v2.0.0 - Enterprise-Grade Database Proxy 🚀

🎯 Overview

Major architectural overhaul transforming xdatabase-proxy into a production-ready, enterprise-grade database proxy solution with advanced runtime detection, flexible discovery modes, and comprehensive TLS management.

✨ Major Features

🔍 Runtime Environment Detection

  • Auto-detection: Automatically identifies execution environment (Kubernetes/Container/VM)
  • Multi-Runtime Support: Seamless operation across different deployment scenarios
  • Smart Configuration: Context-aware configuration with intelligent defaults

🌐 Flexible Discovery Modes

  • Kubernetes Discovery: Service discovery via label-based indexing with composite index support
  • Static Backends: Direct backend configuration for non-Kubernetes environments
  • Remote Cluster Access: Connect to Kubernetes clusters from VM/Container using KUBECONFIG
  • First-Match Semantics: Predictable routing with deployment_id + database_type + pooled composite index

🔐 Enterprise TLS Management

  • Optional TLS: TLS_ENABLED flag for TLS-optional deployments
  • Auto-Generation: TLS_AUTO_GENERATE creates self-signed certificates automatically
  • Auto-Renewal: TLS_AUTO_RENEW with configurable threshold (TLS_RENEWAL_THRESHOLD_DAYS)
  • Certificate Validation: Expiration checks and lifecycle management
  • Multi-Instance Safe: Race-condition-free certificate generation

⚙️ Professional Configuration System

  • Type-Safe Configuration: Enums for RuntimeEnvironment, DiscoveryMode, TLSMode
  • Validation-First: Comprehensive validation with helpful error messages
  • Smart Defaults: Intelligent auto-detection for all modes
  • Backward Compatible: Full support for legacy environment variables

🐘 PostgreSQL Protocol Enhancements

  • Database Parameter Handling: Intelligent defaulting when clients omit database name
  • Username Parsing: Automatic extraction of deployment_id and pool status
    • Format: username.deployment_id[.pool]
    • Example: alice.db-prod.poolusername=alice, deployment_id=db-prod, pooled=true
  • Client Compatibility: Detects and corrects psql auto-fill behavior (database=username)
  • StartupMessage Rebuild: Optimized per-connection message reconstruction
  • SSL Negotiation: Robust SSL request handling with TLS-optional support

🔧 Technical Improvements

Architecture Refactoring

  • Project Structure: Moved from apps/proxy to cmd/proxy with internal packages
  • Factory Pattern: Runtime-aware resolver and TLS factories
  • Proxy Manager: New component for advanced infrastructure management
  • Error Handling: Enhanced lifecycle management and error responses
  • Logging: Comprehensive structured logging with improved console formatting

Configuration Variables

New Variables:

  • DATABASE_TYPE: Database type (postgresql)
  • RUNTIME: Explicit runtime environment setting
  • DISCOVERY_MODE: Explicit discovery mode
  • TLS_MODE: Explicit TLS provider mode
  • TLS_ENABLED: Enable/disable TLS
  • TLS_AUTO_GENERATE: Auto-generate certificates
  • TLS_AUTO_RENEW: Auto-renew certificates
  • TLS_RENEWAL_THRESHOLD_DAYS: Renewal threshold
  • NAMESPACE: Professional naming (replaces POD_NAMESPACE)
  • STATIC_BACKENDS: Comma-separated backend list (deployment_id[.pool]=host:port)

Removed Variables:

  • PROXY_ENABLED: Proxy always runs (fail-fast on misconfiguration)
  • POD_NAMESPACE: Replaced by NAMESPACE
  • POSTGRESQL_PROXY_ENABLED: Replaced by DATABASE_TYPE
  • TLS_ENABLE_SELF_SIGNED: Replaced by TLS_AUTO_GENERATE

🐛 Critical Fixes

PostgreSQL Database Parameter Fix

  • ✅ Defaults to "postgres" when client omits database name
  • ✅ Detects client auto-fill behavior (database equals username)
  • ✅ Prevents "database does not exist" errors
  • ✅ Example: database=postgres.team-1992252154561database=postgres

Protocol Fixes

  • ✅ PostgreSQL resolver uses correct database type (was using mysql)
  • ✅ StartupMessage rebuild simplified and optimized
  • ✅ SSL request handling with TLS-disabled scenarios
  • ✅ Enhanced connection parameter logging

Infrastructure Fixes

  • ✅ Multi-instance TLS certificate race conditions
  • ✅ Kubernetes discovery from non-Kubernetes runtimes
  • ✅ Certificate lifecycle management
  • ✅ Configuration validation edge cases
  • ✅ Connection lifecycle in production environments

📊 Statistics

  • 39 files changed
  • 2,932 insertions
  • 1,425 deletions
  • 20+ commits with comprehensive refactoring

🔒 Security Enhancements

  • Enhanced certificate validation
  • Automatic certificate renewal prevents expired certs
  • Multi-instance safe certificate generation
  • Better TLS configuration validation
  • Memory-only certificate handling (no filesystem exposure)

📚 Documentation

  • README: Complete rewrite with enterprise focus and architecture diagram
  • CHANGELOG: Comprehensive version 2.0.0 changelog
  • Examples: Updated deployment YAMLs for development, production, and local-test
  • Scripts: Local deployment scripts for Kind clusters

🎯 Breaking Changes

  • Environment variable renames (backward compatible transition period)
  • Project structure reorganization (apps/proxycmd/proxy)
  • Configuration validation now fail-fast on errors
  • TLS now optional (previously required)

🚦 Testing

All changes tested with:

  • ✅ Kind Kubernetes clusters
  • ✅ PostgreSQL 17 backends
  • ✅ TLS enabled/disabled scenarios
  • ✅ Static and Kubernetes discovery modes
  • ✅ Username parsing with deployment_id suffixes
  • ✅ Database parameter defaulting

📦 Deployment

Ready for production deployment with:

  • DaemonSet configuration
  • Health check endpoints
  • Graceful shutdown
  • Resource limits
  • Security contexts

Ready to merge: All tests passing, comprehensive changelog, production-ready architecture.

/cc @hasirciogluhq

@hasirciogluhq
[+] updated deploy.yaml to add linux/arm64 and linux/386 platforms ba…
2372fbb 
…ck to build configuration in both build-and-push-development and create-release jobs

[*] adjusted platforms in both jobs to include linux/amd64, linux/arm64, and linux/386
@hasirciogluhq
username change + folder structure update. Old folder structure is su…
0811304 
…cks.
@hasirciogluhq
new system implemented
068a65f
@hasirciogluhq
tls provider updated, added self signed cert generation. updated new …
8eead25 
…providers. And old database instance id system will be implemented soon
@hasirciogluhq
ols tls and discovery system implemented. Old postgresql protocl pars…
c215f77 
…er will be imöplementedç.
@hasirciogluhq
old postgresql parser implemented.
29bd03a
@hasirciogluhq
Server test run script moved into scripts folder.
136cc77 
Client test connection script added into scripts folder.
Gitignore updated for development data folder for local development testing.
@hasirciogluhq
Huge logger added. Console will be looking good.
1aef19c
@hasirciogluhq
the connection handler converted like old handle. Because fatal error…
d677c72 
… response and lifecycle is not good as well for production environments.
@hasirciogluhq
Proxy manager added. I am exploring the proxy manager in depth and th…
4eabe14 
…inking about how to address the challenges of the infrastructure I aim to build.
@hasirciogluhq
the cmd path updated in dockerfile and other files.
d7c7a5d
@hasirciogluhq
added database type into resolver's
7488b1a
@hasirciogluhq
Merge branch 'main' into development
534318c
@hasirciogluhq
Update CHANGELOG for version 2.0.0: add new features, changes, fixes,…
de6436f 
… and security enhancements
@hasirciogluhq
Update deployment configuration and Dockerfile for xdatabase-proxy
d437033 
- Modify GitHub Actions workflow to include test job with matrix strategy for different OS and Go versions.
- Update Dockerfile to specify GOOS and GOARCH for building the binary.
- Change Kubernetes deployment ports from 5432 to 4545 and update health check ports to 8080.
@hasirciogluhq
Update CHANGELOG, README, and deployment configurations for version 2…
381e42b 
….0.0

- Added multi-platform Docker build support and automated TLS certificate creation.
- Enhanced TLS configuration with multiple priority levels and static backend support.
- Introduced health check and readiness endpoints, along with debug logging mode.
- Updated Dockerfile for cross-platform compatibility and improved GitHub Actions workflow.
- Fixed macOS build compatibility issues and race conditions in TLS certificate generation.
- Added comprehensive environment variable documentation in README.
- Created development deployment configuration for Kubernetes.
@hasirciogluhq
Refactor xdatabase-proxy configuration and deployment settings
0f6de58 
- Updated environment variables in development and production deployment YAML files to enhance configurability.
- Introduced new environment variables for TLS settings, including auto-generation and renewal options.
- Modified health check endpoint from /healthz to /health for consistency.
- Enhanced start-proxy-test and test-server scripts to align with new configuration standards.
- Added comprehensive README documentation detailing features, installation, configuration, and usage scenarios.
- Implemented a new configuration management system in config.go to handle environment variables and legacy support.
- Created a factory pattern for proxy and resolver creation, allowing for better separation of concerns and easier future extensions.
- Established TLS management with support for file-based, Kubernetes secret, and in-memory certificate handling.
- Added validation for configuration settings to ensure coherence and correctness.
- Introduced structured logging for better observability and debugging.
@hasirciogluhq
Update README to clarify STATIC_BACKENDS format and enhance Kubernete…
50ee250 
…s service discovery section
@hasirciogluhq
Enhance SSL handling in PostgresProxy handshake and update PostgreSQL…
2cddb3e 
… image version in deployment
@hasirciogluhq
Refactor PostgresProxy to resolve backend address for PostgreSQL and …
bf59a8b 
…remove outdated Kubernetes deployment files
@hasirciogluhq
Fix PostgreSQL database handling and enhance connection logging in proxy
b9dc8c9
@hasirciogluhq
Update CHANGELOG to include sections for Added, Changed, Fixed, Remov…
d719f3f 
…ed, and Security
@hasirciogluhq
Copy link
Owner Author

hasirciogluhq commented Jan 12, 2026

@copilot Can you run code security and optimization checks ?

cause it says: "Merging is blocked
Cannot update this protected ref.
Code scanning is waiting for results from CodeQL for the commits 96aeaab or d719f3f."

i dont wanna merge forcely

Copy link

Copilot AI commented Jan 12, 2026

@hasirciogluhq I've opened a new pull request, #3, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Jan 12, 2026
Closed
@hasirciogluhq hasirciogluhq merged commit cabcc46 into main Jan 12, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hasirciogluhq