Skip to main content

Overview

PgDog is a high-performance PostgreSQL connection pooler, load balancer, and sharding proxy written in Rust. It sits transparently in front of one or more PostgreSQL instances and appears to clients as a standard PostgreSQL server — no application code changes required, only a connection string update. PgDog parses SQL queries to automatically route writes (INSERT, UPDATE, DELETE, DDL) to a primary backend and distribute SELECT queries across replicas. Works with any PostgreSQL-compatible backend including the Control Plane PostgreSQL and PostgreSQL Highly Available templates, or any external PostgreSQL endpoint.

Architecture

  • PgDog workload — Stateless proxy that multiplexes client connections into a smaller pool of real backend connections. Scales horizontally; each replica maintains its own connection pool.
  • pgdog.toml — Main configuration rendered as a secret and mounted at startup. Defines backend databases, pool settings, timeouts, and load balancing strategy.
  • users.toml — Credentials configuration rendered as a separate secret. Defines which users can connect to PgDog and which backend databases they map to.

What Gets Created

  • Standard PgDog Workload — Stateless proxy workload listening on port 6432.
  • Identity & Policy — Identity for the workload with access to credential secrets.
  • Secrets — Two opaque secrets: one for pgdog.toml (database and pooling config) and one for users.toml (user credentials).
This template does not create a GVC or a PostgreSQL instance. Deploy it into an existing GVC and point it at an existing PostgreSQL backend.

Prerequisites

This template has no external prerequisites. To install, follow the instructions for your preferred method:

UI

Browse, install, and manage templates visually

CLI

Manage templates from your terminal

Terraform

Declare templates in your Terraform configurations
Pulumi Icon Streamline Icon: https://streamlinehq.com

Pulumi

Declare templates in your Pulumi programs

Configuration

The default values.yaml for this template:

Backend Databases

The databases list defines the PostgreSQL backends PgDog proxies. Each entry maps to a [[databases]] block in pgdog.toml. Multiple entries sharing the same name form a cluster — PgDog routes writes to primary backends and distributes reads across replica backends.
Using with the PostgreSQL template — Set host to {release-name}-postgres.{gvc}.cpln.local. Using with the PostgreSQL Highly Available template — Point the primary entry at the HA proxy ({release-name}-postgres-ha-proxy.{gvc}.cpln.local) and add replica entries using the replicaDirect hostnames (replica-{n}.{release-name}-postgres-ha.{location}.{gvc}.cpln.local).

Users

The users list defines which clients can connect to PgDog. Each entry maps to a [[users]] block in users.toml. The database field must match a name from the databases list.
PgDog uses the name and password to authenticate incoming clients, then uses the same credentials to connect to the backend PostgreSQL server.

Connection Pooling

Load Balancing

readWriteSplit: include_primary allows the primary to also serve reads when no replicas are available.

Timeouts

All timeout values are in milliseconds.

Admin Database

PgDog exposes an internal admin database for stats and introspection.
Always set admin.password explicitly. If omitted, PgDog generates a random password at each startup, making the admin database inaccessible across restarts.
Connect to the admin database with any PostgreSQL client:

Access

  • internalAccess.type — Controls which workloads can reach PgDog internally: same-gvc, same-org, workload-list, or none.
  • publicAccess.enabled — When true, Control Plane provisions a public TCP load balancer. The assigned hostname (e.g. pgdog-name-hash.cpln.app:6432) is visible in the Control Plane console or via cpln workload get <name> -o yaml.
  • publicAccess.address — Optional custom domain to attach when public access is enabled.

Scaling

PgDog is stateless and scales horizontally by increasing replicas. Each replica maintains its own connection pool — scale pooling.defaultPoolSize down proportionally when adding replicas to avoid overloading the backend with too many open connections.

Logging

Connecting

Applications connect to PgDog exactly as they would connect to PostgreSQL — PgDog implements the full PostgreSQL wire protocol. Example connection string:

Important Notes

  • PgDog does not manage PostgreSQL — it is a proxy only. Deploy a PostgreSQL backend separately before pointing PgDog at it.
  • Port 6432, not 5432 — PgDog listens on port 6432. Update application connection strings accordingly.
  • Transaction mode and session features — If your application uses SET variables, prepared statements, temporary tables, or advisory locks, use pooling.mode: session instead of transaction.
  • Admin password — Always set admin.password explicitly. Omitting it causes PgDog to generate a random password at each restart, making the admin database unreachable across restarts.
  • Scaling and pool sizing — Each PgDog replica maintains its own pool. When scaling replicas, reduce pooling.defaultPoolSize proportionally to avoid opening too many total connections to the backend.

External References

PgDog Documentation

Official PgDog configuration and architecture reference

PgDog GitHub

Source code and issue tracker

PostgreSQL Template

Single-instance PostgreSQL template for use with PgDog

PostgreSQL Highly Available Template

HA PostgreSQL with Patroni — primary + replicas for PgDog read/write splitting