{"id":26116962,"url":"https://github.com/edgeflare/edge","last_synced_at":"2026-03-01T01:37:23.659Z","repository":{"id":281432536,"uuid":"940925173","full_name":"edgeflare/edge","owner":"edgeflare","description":"PostgreSQL backend in a binary, whose components scale as containers","archived":false,"fork":false,"pushed_at":"2025-05-10T08:49:47.000Z","size":270,"stargazers_count":16,"open_issues_count":6,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-10T09:31:37.662Z","etag":null,"topics":["envoy","kubernetes","minio","nats","oidc","pgo","postgresql","s3"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edgeflare.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-03-01T04:19:16.000Z","updated_at":"2025-05-10T08:49:51.000Z","dependencies_parsed_at":"2025-03-09T03:26:52.254Z","dependency_job_id":"2ea7d40e-8eb7-4241-bb07-89abc63188d4","html_url":"https://github.com/edgeflare/edge","commit_stats":null,"previous_names":["edgeflare/edge"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/edgeflare/edge","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgeflare%2Fedge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgeflare%2Fedge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgeflare%2Fedge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgeflare%2Fedge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edgeflare","download_url":"https://codeload.github.com/edgeflare/edge/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edgeflare%2Fedge/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29957451,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-28T22:53:01.873Z","status":"ssl_error","status_checked_at":"2026-02-28T22:52:50.699Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["envoy","kubernetes","minio","nats","oidc","pgo","postgresql","s3"],"created_at":"2025-03-10T10:53:24.909Z","updated_at":"2026-03-01T01:37:23.639Z","avatar_url":"https://github.com/edgeflare.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# edge: PostgreSQL backend in a binary, whose components scale as containers\n\nedge configures and manages:\n\n| Component         | Technology / Tool       | Description |\n|-------------------|-----------------------|-------------|\n| Platform          | Linux, Docker, [Kubernetes](https://kubernetes.io)            | Native and containerized deployments provideing ease and scalability |\n| Database          | [PostgreSQL](https://www.postgresql.org) + [pgvector](https://github.com/pgvector/pgvector)  | The world's most advanced open source database. Vector search using pgvector |\n| (IAM) AuthN/AuthZ | [ZITADEL](https://github.com/zitadel/zitadel) + [Postgres RLS](https://www.postgresql.org/docs/current/ddl-rowsecurity.html) | Comprehensive authN and authZ through ZITADEL, PostgreSQL Row-Level Security and envoy filters eg ext-authz |\n| Object Storage    | [MinIO](https://github.com/minio/minio) / [SeaweedFS](https://github.com/seaweedfs/seaweedfs)                 | Offers high-performance, Kubernetes-native object storage. |\n| REST API / Events | [edgeflare/pgo](https://github.com/edgeflare/pgo) | PostgREST-compatible REST API, Debezium-compatible CDC |\n| API Gateway       | [Istio](https://istio.io)/[Envoy](https://www.envoyproxy.io), [cert-manager](https://cert-manager.io) and optionally [Cloudflare](https://cloudflare.com)         | Manages, secures, and monitors traffic between microservices as well as from and to the Internet |\n\nfor a unified backend - similar to Firebase, Supabase etc. And with scaling capabilities. **We use [PostgREST](https://docs.postgrest.org) where reliability is important; writing similar in Go to be able to 1. embed in a go binary and 2. run in serverless env.**\n\n\n\n## Deployment options\n\n- A single binary (embeds official component binaries): planned\n- [Docker compose](./docker-compose.yaml) or Kubernetes resources: follow this README\n- Via a Kubernetes CRD: [Project](./example/project.yaml)\n\nedge is in very early stage. Interested in experimenting or contributing? See [CONTRIBUTING.md](./CONTRIBUTING.md).\n\n```sh\ngit clone git@github.com:edgeflare/edge.git \u0026\u0026 cd edge\n```\n\n### [docker-compose.yaml](./docker-compose.yaml)\n\n1. determine a root domain (hostname) eg `example.org`. if such a globally routable domain isn't available,\nutilize https://sslip.io resolver, which returns embedded IP address in domain name. that's what this demo setup does\n\n\u003e when containers dependent on zitadel (it being the centralized IdP) fail, try restarting it once zitadel is healthy\n\n```sh\nexport EDGE_DOMAIN_ROOT=192-168-0-121.sslip.io              # resolves to 192.168.0.121 (gateway/envoy IP). use LAN or accesible IP/hostname\n```\n\n2. generate `envoy/config.yaml` and `pgo/config.yaml`\n\n```sh\nsed  \"s/EDGE_DOMAIN_ROOT/${EDGE_DOMAIN_ROOT}/g\" internal/stack/envoy/config.template.yaml \u003e internal/stack/envoy/config.yaml\nsed  \"s/EDGE_DOMAIN_ROOT/${EDGE_DOMAIN_ROOT}/g\" internal/stack/pgo/config.template.yaml \u003e internal/stack/pgo/config.yaml\n```\n\n3. ensure zitadel container can write admin service account key which edge uses to configure zitadel\n\n```sh\nmkdir -p __zitadel\nchmod -R a+rw __zitadel\n```\n\n4. ensure ./tls.key ./tls.crt exist. Use something like\n\n```sh\nopenssl req -x509 -newkey rsa:4096 -keyout tls.key -out tls.crt -days 365 -nodes \\\n  -subj \"/CN=iam.example.local\" \\\n  -addext \"subjectAltName=DNS:*.example.local,DNS:*.${EDGE_DOMAIN_ROOT}\"\n\n# for envoy container to access keypair\nchmod 666 tls.crt\nchmod 666 tls.key\n```\n\nenvoy needs TLS config for end-to-end (even non-TLS) HTTP/2 required by zitadel management API. zitadel API bugs with self-signed certificates.\nFor publicly trusted certificates, enable TLS by updating env vars in ZITADEL.\n\n5. start containers\n```sh\ndocker compose up -d\n```\n\nCheck zitadel health with `curl http://iam.${EDGE_DOMAIN_ROOT}/debug/healthz` or `docker exec -it edge_edge_1 /edge healthz`\n\n#### Use the centralized IdP for authorization in Postgres via `pgo rest` (PostgREST API) as well as minio-s3, NATS etc\n\nedge so far creates the OIDC clients on ZITADEL. a bit works needed to for configuring consumers of client secrets.\nThe idea is to use `edge` to serve config for each component, much like envoy control plane which is already embeded in edge for envoy to pull config dynamically.\n\nFor now, visit ZITADEL UI at http://iam.${EDGE_DOMAIN_ROOT}, login (see docker-compose.yaml) and regenerate client-secrets for oauth2-proxy and minio clients in edge project. Then\n\n- update `internal/stack/pgo/config.yaml` with the values\n- update relevant env vars in minio container\n\nAnd `docker compose down \u0026\u0026 docker compose up -d`\n\n#### `pgo rest`: PostgREST-compatible REST API\n\nCreate a table in app-db for REST and pipeline demo. See pgo repo for more examples\n\n```sh\nPGUSER=postgres PGPASSWORD=postgrespw PGHOST=localhost PGDATABASE=main PGPORT=5432 psql\n```\n\n```sql\nCREATE SCHEMA IF NOT EXISTS iam;\n\nCREATE TABLE IF NOT EXISTS iam.users (\n  id TEXT DEFAULT gen_random_uuid()::TEXT PRIMARY KEY\n);\n\n-- wide-open for demo. use GRANT and RLS for granular ACL\nGRANT USAGE ON SCHEMA iam to anon;\nGRANT ALL ON iam.users to anon;\n```\n\n`docker restart edge_pgo-rest_1` to reload schema cache if it bugs.\nNow we can GET, POST, PATCH, DELETE on the users table in iam schema like:\n\n```sh\ncurl http://api.${EDGE_DOMAIN_ROOT}/iam/users\n```\n\n##### `pgo pipeline`: Debezium-compatible CDC for realtime-event/replication etc\n\nThe demo pgo-pipeline container syncs users from auth-db (in projections.users14 table) to app-db (in iam.users)\n\n#### minio-s3\nensure minio MINIO_IDENTITY_OPENID_CLIENT_ID and MINIO_IDENTITY_OPENID_CLIENT_SECRET are set withc appropriate values. console ui is at http://minio.${EDGE_DOMAIN_ROOT}.\n\n### Kubernetes\nIf you already have a live k8s cluster, great just copy-paste-enter.\nFor development and lightweight prod, [k3s](https://github.com/k3s-io/k3s) seems a great option.\nSee [example/cluster](./example/cluster) for setup.\n\n```sh\nkubectl apply -f example/k8s/00-secrets.yaml\n\n# Database: PostgreSQL\nhelm upgrade --install example-postgres oci://registry-1.docker.io/bitnamicharts/postgresql -f example/k8s/01-postgres.values.yaml\nkubectl apply -f example/k8s/01-postgres.tcproute.yaml\nkubectl wait --for=condition=Ready pod -l app.kubernetes.io/instance=example-postgres --timeout=-1s\n\n# AuthN / AuthZ: ZITADEL\nhelm upgrade --install example-zitadel oci://registry-1.docker.io/edgeflare/zitadel -f example/k8s/02-zitadel.values.yaml\nkubectl apply -f example/k8s/02-zitadel.httproute.yaml\n```\n\n```sh\nkubectl get secrets zitadel-admin-sa -o jsonpath='{.data.zitadel-admin-sa\\.json}' | base64 -d \u003e __zitadel-machinekey/zitadel-admin-sa.json\n\nexport ZITADEL_ADMIN_PW=$(kubectl get secrets example-zitadel-firstinstance -o jsonpath='{.data.ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD}' | base64 -d)\n```\n\nConfigure zitadel like in docker-compose. Then apply something like `https://raw.githubusercontent.com/edgeflare/pgo/refs/heads/main/k8s.yaml`\n\n## Cleanup\n\n```sh\nkubectl delete -f example/k8s/00-secrets.yaml -f example/k8s/01-postgres.tcproute.yaml -f example/k8s/02-zitadel.httproute.yaml -f example/k8s/03-postgrest.yaml\n\nhelm uninstall example-zitadel\nhelm uninstall example-postgres\n\nkubectl delete cm zitadel-config-yaml\nkubectl delete secret zitadel-admin-sa\nkubectl delete jobs.batch example-zitadel-init example-zitadel-setup\n\nkubectl delete $(kubectl get pvc -l app.kubernetes.io/instance=example-postgres -o name)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedgeflare%2Fedge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedgeflare%2Fedge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedgeflare%2Fedge/lists"}