peerdb-flow-api

Apps

docker pull reg.mini.dev/peerdb-flow-api

Apps

Updated yesterday

docker pull reg.mini.dev/peerdb-flow-api

PeerDB-Flow-API Overview

Secure your stack with a hardened PeerDB-Flow-API image freshly-built by Minimus. Minimus images always include the most up-to-date package version for all packages and dependencies.

PeerDB-Flow-API is the API service for PeerDB, a Postgres-first ETL tool. It exposes the gRPC and REST endpoints used to create, manage, and monitor data-replication flows from PostgreSQL to warehouses, queues, storage engines, and other targets.

Try It Out

Take the Minimus PeerDB-Flow-API image for a test run. PeerDB provides an official Docker Compose file that handles all dependency orchestration (Postgres catalog, Temporal, Flow-Worker). The steps below use that upstream setup with Minimus images swapped in.

To begin, log into the Minimus registry:

echo "{token}" | docker login reg.mini.dev -u minimus --password-stdin

Clone and Override

Clone the PeerDB repository and create an override file that points to hardened Minimus images:

git clone --depth 1 https://github.com/PeerDB-io/peerdb.git
cd peerdb

Save the following to docker-compose.override.yml:

services:
  catalog:
    image: reg.mini.dev/postgres:latest
  temporal-admin-tools:
    # The upstream mounts a custom entrypoint script and uses the now 
    # deprecated tctl for its healthcheck. Clearing the
    # entrypoint restores the image's built-in CMD, and the healthcheck is
    # replaced with the Temporal CLI.
    image: reg.mini.dev/temporal-admin-tools
    entrypoint: []
    healthcheck:
      test: ["CMD", "temporal", "operator", "cluster", "health", "--address", "temporal:7233"]
      interval: 5s
      timeout: 5s
      retries: 30
      start_period: 45s
  temporal-ui:
    image: reg.mini.dev/temporal-ui
  flow-worker:
    image: reg.mini.dev/peerdb-flow-worker
  flow-snapshot-worker:
    image: reg.mini.dev/peerdb-snapshot-worker
  flow-api:
    image: reg.mini.dev/peerdb-flow-api
  peerdb:
    image: reg.mini.dev/peerdb-server
  peerdb-ui:
    image: reg.mini.dev/peerdb-ui

Print the resolved image list to verify the images:

docker compose config | grep "image:"

Note that Docker Compose will only auto-discover the override file if it is named exactly docker-compose.override.yml or docker-compose.override.yaml. Otherwise you will need to explicitly pass the file names like so:

docker compose -f docker-compose.yml -f my-docker-compose.override.yaml config | grep "image:"

Start the Services

docker compose up -d

Wait for all services to become healthy:

docker compose ps -a

Verify Flow-API

Once the services are running, verify that the PeerDB-Flow-API HTTP gateway is responding:

curl -s http://localhost:8113/v1/version

Clean Up

docker compose down -v

Technical Considerations

The PeerDB-Flow-API image provided by Minimus is a slim, security-hardened alternative to the public image from Docker Hub. The images are largely interchangeable, with a few differences as noted below.

PeerDB-Flow-API built by Minimus:

Runs as non-root by default for a security-first approach that protects against privilege escalation attacks.
Drill down on the version specification tab to see the default user, listening ports, entrypoint, volumes, environment variables, etc.

The Payoff

A hardened, minimal image that will remain more secure for the long run and accrue vulnerabilities at a slower rate.

See the risk reduction dashboard for a detailed CVE comparison over the past 30 days.
Review the compliance report to see the default hardening and security configurations for the image.

Terms & Info

Trademark

This catalog is published by Minimus. All product names, logos, and marks, other than those belonging to Minimus, shown are owned by their respective rights holders and appear here only to identify the open source software each image contains. Minimus claims no ownership of those marks and implies no affiliation with, endorsement by, certification by, or sponsorship by any rights holder.

Disclaimer

Images are provided "as-is" without warranty of any kind. "Hardened" refers to the security configuration applied at the time of build and does not constitute a guarantee of ongoing security or absence of vulnerabilities. The free tier is provided without support, SLA, or guaranteed patching timelines. Security updates may be applied to paid subscriptions before or instead of free tier images. By pulling or using any image you agree to our Terms of Use.