Skip to main content
pgAgroal Enterprise docs · pgAgroal Enterprise

pgAgroal Enterprise

pgAgroal Enterprise documentation

pgAgroal Enterprise is the commercial operations layer for standard pgagroal. Its image bundles the same pooler as the free container and adds fleet management, hardened Kubernetes deployment, observability, policy enforcement, supported upgrades, and compliance evidence — one product, never a fork.

What pgAgroal Enterprise is

pgAgroal is a high-performance connection pooler for PostgreSQL. The pgAgroal Container packages the open-source pooler for Docker and Kubernetes and is free to use. pgAgroal Enterprise is a separately-licensed managed distribution of that same pooler: its image bundles standard pgagroal (unmodified, pinned) and adds the operations layer around it — so you run one product, not the free container plus an add-on, and you do not need to deploy the free container separately. It does not change the data path and does not fork upstream pgagroal. Everything the pooler does is documented in the pgagroal manual; these pages cover what Enterprise adds around it.

Enterprise attaches alongside the pooler, not in front of it. If the control plane is unavailable, your pools keep serving traffic — the Enterprise layer manages and observes the fleet, it is not on the query path. See Architecture.

What it adds

  • Fleet control plane — inventory, health, configuration drift detection and apply, and a tamper-evident audit log across every pooler instance.
  • Hardened deployment — an operator and Helm chart that ship non-root, read-only-root-filesystem pods with dropped capabilities, seccomp, resource limits, PodDisruptionBudgets and NetworkPolicies by default.
  • Operations — GitOps and air-gapped install paths, control-plane backup/restore, preflight readiness checks, a redacted support-bundle collector, and health-gated upgrades.
  • Observability — curated Grafana dashboards and Prometheus alerting rules for saturation, queueing, backend failures, auth anomalies and certificate expiry.
  • Compliance readiness — policy guardrails (Kyverno), a controls-to-evidence map aligned with SOC 2 and ISO 27001, a VEX policy, signed artifacts and SBOMs.

Start here

Open core, by commitment

We never block upstream pgagroal and we never put data-path features behind a paywall. Improvements to the pooler itself go upstream; the Enterprise layer sells the operation of pgagroal at scale — not the pooler. If a capability belongs in the pooler, it ships in the open container. See the open-core boundary for the exact split.