Support for Kubernetes Postgres Operators (CNPG)

[michaelGradial]

I have been running my Postgres database on Kubernetes with 'Cloud-Native Postgres Operator' https://cloudnative-pg.io/ with great success on the base postgres image. I'd like to try self hosting some subset of Supabase on Kubernetes, while still using the CNPG operator to manage my database, but haven't been able to figure it out.

Would be great to have some option on how to merge the supabase postgres image with Kubernetes operators like CNPG or Zalando, so a self-hosted Supabase, or really any Kubernetes Postgres implementattion, can take advantage of both the high availability management goodies of these operators, and also the baseline extensions and other functionality of this image.

[Towerful]

I'm currently working through this.

I have tinkered with it before, and I duplicated supabase's postgres Dockerfile, and added in the cnpg requirements. I got it working, but in the end didnt need it.
However, coming back to it a few months later to use it in anger, I have no idea where to start updating my mess of undocumented files to get them inline with the latest supabase requirements.

So I'm going to try a simple Dockerfile that will build on the supabase/postgres docker image and install the barman packages (the minimum requirements for cnpg) and see how it goes.

I have recently found this:
https://github.com/jniclas/supabase-cloudnativedb
Their Dockerfile looks amazingly similar to what I came up with, but seems like they've moved away from building their own, and are just using supabase/postgres directly.

I guess there are 3 ways of applying the migrations.

1. The cleanest is if there were some sort of postgres-bootstrap image that would run all the migrations against a postgres database, instead of the migrations being bundled in with the supabase/postgres image. Could be run as an initContainer from as part of another supabase service spec.
2. Find all the migrations, turn them into configmaps and pass them into the postInitApplicationSQLRefs of the cluster spec. This is the way I did it.
3. Run a supabase/postgres container standalone, and have cnpg bootstrap from an existing container. (https://cloudnative-pg.io/documentation/1.18/bootstrap/#bootstrap-from-a-live-cluster-pg_basebackup)

It would be amazing to have all the migrations built into a docker container that can run them against any postgres instance, as opposed to having them included in the supabase/postgres image.
This might be a good community resource to work on, actually.

I'll see where I get to with just brute-forcing barman into the supabase/postgres image. If that works easily enough, then I think working on a community supported (or officially supported?) container that centralizes all the required bootstraping migrations in something.
Unless bootstrapping from a live cluster method works out.

on a side note, there is a bug in supabase/realtime that prevents it from clustering correctly.
supabase/realtime#1075
I'm planning to revisit this, and see if I can come up with a decent PR that covers supabase's requirements and my requirements

[michaelGradial]

For my clarification, what defines the 'magic' that makes the supabase postgres container what it is. If I understand correctly, it is a combination of postgres extensions like wal2json and pgjwt to build a featureful generic postgres image, and then a series of initial migrations to create tables needed for other supabase components like auth and Realtime?

A sidecar init container sounds like a great idea. Package up all the migrations with a migrate script into a separate supabase/postgres-init, and then anyone could attach that to their existing postgres container to get the needed migrations. Maybe even configure the init container if you only plan to use certain parts of the supabase ecosystem, like how the current Kubernetes chart lets you enable or disable each piece.

I think the second part is how to handle all the postgres plugins themselves. I was starting with this article. where they recommend using the cnpg image at the base and installing more plugins on top. So, maybe we could use all the ansible automation from the supabase/postgres image as a way to package up supabase recommended plugins and treat it kind of like a 'standard library for postgres'. Then install on top of cnpg base. Then, that feels like it would generalize to other operators or custom images

1. Have whatever postgres image you want as a base
2. Build new image with a layer from supabase/postgres to install a kind of standard library of plugins
3. Runtime init container to perform migrations and make the db compatible with services like Realtime.

[Towerful]

I agree that the magic of supabase has to be maintained!
The migrations in this repo & in https://github.com/supabase/supabase/tree/master/docker/volumes/db are what make this happen, along with any migrations each individual service applies.
Its... kinda a mess!
some are handled by services, some are expected to already be on the database, some require env vars.....
I'm kinda hoping a 2.0 rolls round at some point and makes this all a lot easier (ie a central migrations repo with a docker image that applies them, and some env flags for features & values)
So whatever solution we come up with has to be able to handle env vars (eg https://github.com/supabase/supabase/blob/master/docker/volumes/db/jwt.sql )

I will say that, in my experience, a "bring your own base image" isnt feasible.
When I was playing with this idea, they were compiling/making/building a slim docker image from sources. it was... a lot to work out, but resulted in slim docker images!
seems like they have simplified things a bit? moving to nix or something? not sure: I'm still catching up on the last 6 months of development!

I think its easier to start with the supabase/postgres image, smash in barman/barman-cli/barman-cli-cloud, and figure out a way to make migrations work (sidecar, initcontainer, bootstrap from a standalone container... idk).
My plan is to work on this tomorrow. I'll let you know what I come up with

[Towerful]

The following Dockerfile is bringing up a CNPG cluster for supabase.
I haven't tested any Supabase services against it yet, tho. Still have migrations to do....

FROM supabase/postgres:15.8.1.017

# https://www.postgresql.org/download/linux/debian/
# Import the repository signing key:
RUN apt install curl ca-certificates
RUN install -d /usr/share/postgresql-common/pgdg
RUN curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc

# Create the repository configuration file:
RUN sh -c 'echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'

# https://docs.pgbarman.org/release/3.12.1/user_guide/installation.html
# Install barman:
RUN apt update && apt install -y --no-install-recommends \
    barman \
    barman-cli \
    barman-cli-cloud \
    && rm -rf /var/lib/apt/lists/*

# Change the uid of postgres to 26 - CNPG fails if this doesn't happen
RUN usermod -u 26 postgres
USER 26

Make sure your image name meets the requirements: https://cloudnative-pg.io/documentation/1.24/container_images/

Image Tag Requirements

To ensure the operator makes informed decisions, it must accurately detect the PostgreSQL major version. This detection can occur in two ways:

• Utilizing the major field of the imageCatalogRef, if defined.
• Auto-detecting the major version from the image tag of the imageName if not explicitly specified.

For auto-detection to work, the image tag must adhere to a specific format. It should commence with a valid PostgreSQL major version number (e.g., 15.6 or 16), optionally followed by a dot and the patch level.

Following this, the tag can include any character combination valid and accepted in a Docker tag, preceded by a dot, an underscore, or a minus sign.

---

I'm now working on getting migrations to happen.

I think I am going to build a "migrations" image with a bash script and the migrations from the various repos. The image can then run as a job and apply the migrations against the CNPG database.

Only issue with this is dealing with future migrations. There is no way to check if existing migrations have been run, so it will blindly apply all the migrations (which is fine for a first run, but will probably throw loads of errors if re-run considering there are CREATE TABLE but no IF NOT EXIST).
So I might investigate some sort of basic migration tool to track applied migrations.
I'm going to work on a basic bash-script container to apply the migrations first, tho. Lets me check supabase services against the CNPG cluster

[Towerful]

Working on the migrations atm, but I'm getting tired.
Anyway, seems like supabase use dbmate, so the sql files are already formatted for that as a migration tool.

I'm using dbmates latest container here.
I copy in a folder of migrations, then run a migrate script (I couldn't get the dbmate command to run directly, so i figured a quick shell script will work)

# it seems like supabase uses dbmate?
# https://github.com/supabase/postgres/tree/develop/migrations
# https://github.com/amacneil/dbmate

FROM ghcr.io/amacneil/dbmate:2.24.2@sha256:6e245cce5580567747cf440d84a7507121793c81564772fdd75f8ee0f45bbb79

COPY ./db ./db
COPY ./migrate.sh ./migrate.sh

RUN chmod +x ./migrate.sh

ENTRYPOINT ["./migrate.sh"]

the shell script

#!/usr/bin/env sh
echo "--------------------"
echo "Beginning migrations"

dbmate --migrations-dir "./db" --wait up


echo "     Complete"
echo "--------------------"

I got to here:

--------------------
Beginning migrations
Creating: *
Applying: 00000000000000-initial-schema.sql
Applied: 00000000000000-initial-schema.sql in 17.589146ms
Applying: 00000000000001-auth-schema.sql
Applied: 00000000000001-auth-schema.sql in 115.798747ms
Applying: 00000000000002-storage-schema.sql
Applied: 00000000000002-storage-schema.sql in 69.478466ms
Applying: 00000000000003-post-setup.sql
Applied: 00000000000003-post-setup.sql in 8.589343ms
Applying: 10000000000000_demote-postgres.sql
Applied: 10000000000000_demote-postgres.sql in 4.182883ms
Applying: 20211115181400_update-auth-permissions.sql
Applied: 20211115181400_update-auth-permissions.sql in 1.18885ms
Error: pq: must be owner of table users
     Complete
--------------------

This is probably because of 10000000000000_demote-postgres.sql which I think will also mess with CNPG.
(Quick Edit:
Commenting out the contents of 10000000000000_demote-postgres.sql does allow all migrations to go through.
Only issue are the ones from the main supabase/supabase repo arent being applied. presumably because they do not match the format dbmate expects ({timestamp}_{name}.sql) so I'll see if I can work around that
)

---

Thought I'd share some progress. Going to circle back to this in the next few days, or at least before the New Year!

[Towerful]

Ok, so the migrations in the supabase/supabase repo use variable substitution to load env vars into the postgres db (JWT tokens mostly).
I'm working around this using gettext/envsubst and moreutils/sponge to preprocess all the sql files for env var substitutions before dbmate gets its hands on them.

The docker-compose file maps the migrations into a specific order that is not indicated by their filename. Which means those files need to be renamed to a dbmate compatible format, and organised in the correct order.
I was hoping this would be a "download the migrations, build an image" style pipeline. But manually configuring 4 or 5 files isn't so bad, I guess.

Which leads onto the next problem...
The supabase/supabase migrations need to be run directly in psql as they use psql commands to change/create databases (mostly the _supabase database for pooler and logs. potentially further tables that clutter up the studio interface).
There is 1 that also runs a transaction. As dbmate runs each migration in a transaction anyway, this seems to bugs out with a transaction-in-a-transaction (removing the transaction block allows the migration to be applied).

So, I think some manual code for these specific migrations is required.
But I think a "download the migrations, and add/edit some lines in a script" will do it.

---

Update: looks like migrations are working. Havent tested against supabase services yet

[Towerful]

Here is an all-in-one update of my progress so far:

CNPG+Supabase Compatible Dockerfile

FROM supabase/postgres:15.8.1.017

# Import the repository signing key:
RUN apt install curl ca-certificates
RUN install -d /usr/share/postgresql-common/pgdg
RUN curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc

# Create the repository configuration file:
RUN sh -c 'echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'

# Update the package lists:
RUN apt update && apt install -y --no-install-recommends \
    barman \
    barman-cli \
    barman-cli-cloud \
    && rm -rf /var/lib/apt/lists/*

# Change the uid of postgres to 26
RUN usermod -u 26 postgres
USER 26

Make sure you tag the image according to CNPG requirements https://cloudnative-pg.io/documentation/1.24/container_images/

Example cluster manifest:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: testing
spec:
  instances: 3
  imageName: <<<<IMAGE NAME>>>>
  imagePullPolicy: Always
  storage:
    size: 5Gi
  enableSuperuserAccess: true
  postgresql:
    pg_hba:
      # ripped from supabase/posgres/ansible/files/postgresql_config/pg_hba.conf
      - local all  supabase_admin       scram-sha-256
      - local all  all                  peer map=supabase_map
      - host  all  all  127.0.0.1/32    trust
      - host  all  all  ::1/128         trust
      - host  all  all  10.0.0.0/8      scram-sha-256
      - host  all  all  172.16.0.0/12   scram-sha-256
      - host  all  all  192.168.0.0/16  scram-sha-256
      - host  all  all  0.0.0.0/0       scram-sha-256
      - host  all  all  ::0/0           scram-sha-256
    pg_ident:
      # ripped from supabase/posgres/ansible/files/postgresql_config/pg_ident.conf
      - supabase_map  postgres   postgres
      - supabase_map  gotrue     supabase_auth_admin
      - supabase_map  postgrest  authenticator
      - supabase_map  adminapi   postgres
    # ripped from supabase/posgres/ansible/files/postgresql_config/postgresql.conf
    shared_preload_libraries:
      [
        pg_stat_statements,
        pg_stat_monitor,
        pgaudit,
        plpgsql,
        plpgsql_check,
        pg_cron,
        pg_net,
        timescaledb,
        auto_explain,
        pg_tle,
        supautils,
        # pgsodium # pgsodium crashes cnpg db pods 
      ]
  bootstrap:
    initdb:
      database: supabase
      # I think this has to be supabase_admin (due to migration hard coded strings), however I will investigate further
      owner: supabase_admin

---

Migrations:

db
 - base
   - [migrations from supabase/postgres]
 - final
   - [migrations from supabase/supabase]
Dockerfile
migrate.sh

NOTE: comment out the contents of 10000000000000_demote-postgres.sql
This file removes superuser access of the postgres user, which is needed by CNPG as well as the rest of the migrations

Dockerfile:

# it seems like supabase uses dbmate?
# https://github.com/supabase/postgres/tree/develop/migrations
# https://github.com/amacneil/dbmate

FROM ghcr.io/amacneil/dbmate:2.24.2@sha256:6e245cce5580567747cf440d84a7507121793c81564772fdd75f8ee0f45bbb79

COPY ./db ./db
COPY ./migrate.sh ./migrate.sh

RUN chmod +x ./migrate.sh

# Install 
#   gettext for the envsubst bin
#   moreutils for the sponge bin (allows reading/writing from the same file for in-situ envsubst)
RUN apk add --no-cache gettext moreutils

ENTRYPOINT ["./migrate.sh"]

migrate.sh:

#!/usr/bin/env sh
echo "--------------------"
echo "Beginning migrations"

# in-situ env_var substitution
echo "Variable Substitution"
for migration in ./db/final/*.sql; do
    envsubst '$POSTGRES_USER, $POSTGRES_PASSWORD, $POSTGRES_DB, $JWT_SECRET, $JWT_EXP' < $migration | sponge $migration
done

# build from parts, as the CNPG superuser targets "*" database.
# Superuser credentials, and the App DB
db_uri="postgresql://${SUPERUSER_USER}:${SUPERUSER_PASSWORD}@${SUPERUSER_HOST}:${SUPERUSER_PORT}/${POSTGRES_DB}"

echo "Running base migrations"
# MIGRATION_SCHEMA as first search_path so the dbmate migrations table gets created in a seperate schema (not polluting the public schema, and not interfering with Realtime's schema_migrations table)
dbmate_uri="${db_uri}?search_path=${MIGRATION_SCHEMA},public"
# https://github.com/amacneil/dbmate
dbmate --url $dbmate_uri --migrations-dir "./db/base" --wait --no-dump-schema up

echo "Running final migrations"
echo "_supabase.sql"
psql -d $db_uri -f "./db/final/_supabase.sql"
echo "webhooks.sql"
psql -d $db_uri -f "./db/final/webhooks.sql"
echo "jwt.sql"
psql -d $db_uri -f "./db/final/jwt.sql"
echo "logs.sql"
psql -d $db_uri -f "./db/final/logs.sql"
echo "realtime.sql"
psql -d $db_uri -f "./db/final/realtime.sql"
echo "poolers.sql"
psql -d $db_uri -f "./db/final/poolers.sql"
echo "roles.sql"
psql -d $db_uri -f "./db/final/roles.sql"


echo "     Complete"
echo "--------------------"

Job example manifest:

apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-migration
spec:
  template:
    spec:
      containers:
        - name: supabase-migration
          image: <<<<CONTAINER NAME>>>>
          env: 
            - name: SUPERUSER_HOST
              valueFrom:
                secretKeyRef:
                  name: testing-superuser
                  key: host
            # Use the Superuser CNPG secret for migration connection
            - name: SUPERUSER_PORT
              valueFrom:
                secretKeyRef:
                  name: testing-superuser
                  key: port
            # Use the Superuser CNPG secret for migration connection
            - name: SUPERUSER_USER
              valueFrom:
                secretKeyRef:
                  name: testing-superuser
                  key: user
            # Use the Superuser CNPG secret for migration connection
            - name: SUPERUSER_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: testing-superuser
                  key: password
            # Schema where dbmate will store base migration details, so it doesnt pollute the `public` schema
            - name: MIGRATION_SCHEMA
              value: dbmate
            # use the App secret, for variable substitution in supabase migrations
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: testing-app
                  key: password
            # use the App secret, for variable substitution in supabase migrations
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: testing-app
                  key: user
            # use the App secret, for variable substitution in supabase migrations
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: testing-app
                  key: dbname
            # for variable substitution in supabase migrations
            - name: JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-jwt
                  key: secret
            # for variable substitution in supabase migrations
            - name: JWT_EXP
              valueFrom:
                secretKeyRef:
                  name: supabase-jwt
                  key: expiry

      restartPolicy: Never
  backoffLimit: 4

the secrets testing-superuser and testing-app are created by CNPG (make sure spec.enableSuperuserAccess: true is set).
I'm using a supabase-jwt secret that describes anon, service, expiry & secret keys.

---

Notes on migration:

Any new migrations in supabase/postgres can be loaded into the ./db/base directory, rebuild & deploy, db mate will handle their application.

Probably worth adding some sort of flag or check to disable the ./db/final migrations (from supabase/supabase), as these are intended to only be applied against a fresh database.
New migrations will need to be manually added to the migrate.sh file, and ensure they are run in the correct order according to the docker-compose services.db.volumes section

---

And finally:
Sorry for the spam on this.
This question came along at just the right time to nerd-snipe me, and push me through getting this working for myself.
At some point before New Years, I will run up postgrest, auth, realtime & meta services and make sure that is all working.
After which, I might make a repo of all this & publish some containers (maintained in best-effort, tbh)

---

24/12/27 UPDATE

Ok, I had some issues with migrations, schemas, connection strings etc.
supabase-realtime is now coming up and correctly connecting to the postgres database without any errors.
I have updated the above snippets to reflect the changes

Changes:

• dbmate connection string is built from components and includes an additional schema for dbmate (so it doesnt pollute the public schema and so that dbmates schema_migrations table doesnt block supabase-realtime from starting)
• psql connection string is built from components
• CNPG cluster does not need env vars. These were required for the original docker-compose deployment, as they would get substituted during migrations (now handled by the separate job)
• Only the migrations job is ran as superuser. All other supabase components should run as the app user defined in the cluster spec - which I think HAS to be supabase_admin due to hard coded migration strings.

I will work on getting the other services up.
I think there will be an issue with the jwt.sql migration, as this is adding the JWT secrets to the default postgres database. I think this needs to be set dynamically to the chosen dbname.
If this turns out to be the case, then I will go through the other migrations and look for similar hard-coded values, get them to be dynamically set, and try and get a pull-request through for supabase

---

04/01/25.
Noted pgsodium extension isn't included

[AntonOfTheWoods]

How did you get the individual services working? I worked on updating the now abandoned bitnami helm chart with the missing services before stepping back for a few months. I'm now back fully trying to get this working, but this time not using the bitnami postgresql chart but rather trying to work with an operator. I got most of the way there with stackgres but it just seems too opinionated and can't use upstream supabase/postgres images. Now supabase have finally started publishing their >pg15 images (17-orioledb anyway), I'm very keen to try and get a proper operator working with a helm chart that provides the services with their new images.

I'm raring to go so if you have any repo I can test, I've got some time to work on this starting today :-).

[Towerful]

What services are you struggling with?

I've just been writing the manifests for supabase services according to their docker-compose.
I'm not interested in supavisor, logging and functions at the moment.
I'm also using the new Gateway resources, so I'm transferring the Kong config over to HttpRoutes.

The only real work I've had to do is with CNPG, which I've documented above (and will eventually repo). And with Realtime due to its environment setup nuking any chance of getting it to cluster properly (which I've documented in the linked issue, and I'm going to PR to get fixed).
Everything else has been working.

The supabase helm charts are a useful reference for stuff, and the docker-compose has the updated image tags and env vars.

[AntonOfTheWoods]

I'm not struggling with the services, I'm struggling with getting a reasonably robust supabase/postgres setup (i.e, using an operator) that can support the supabase supported versions of pg (so at least 15 and 17 for now?). I am pretty keen to use a helm chart to deploy all the services, and to use kong rather than HttpRoutes. There aren't any official helm charts, and the templates there for the community chart are pretty basic, and don't properly support multi-node deployments.

If you can confirm I should be getting a properly working db-side setup with the above elements, I'll give it a whirl (I haven't even tried a hello-world cnpg yet though, so your excerpts will no doubt make more sense once I've done that!)

[Towerful]

With what I've documented above, I am packaging barman into the supabase/postgres-15 image. And CNPG is happy to launch a 3 replica cluster with the image and the above manifest.

The only postgres config that differs from supabase (that I can find, I am NOT a database engineer) is that pgsodium library isn't working. It crashes postgres because some script isn't in the right place. So I don't load it.
I haven't actually mentioned this. I'll edit my post so it's all in 1 place.
I believe supabase is depreciating pgsodium, and I don't use it. Which is why I haven't fixed that.

I guess the other concern would be that CNPG tweaks some wal/replication settings that mess with large scale realtime stuff. I haven't noticed any issues in the single-user testing I have done.

I have tested it with meta/rest/realtime through studio. I'm working on storage/imgproxy.
Auth isn't indicating any issues, however I think I need some actual JWTs flying about to see if there are any issues.
I have noted some concerns about hard coded migration strings, but haven't fully investigated their impact.

It's very much a WIP, but I don't think you are wasting your time using the above as a starting point that will get you 90% of the way there (maybe further)

Update:
Seems like storage is deploying fine, however I cannot test it through studio because I am using a self signed certificate.
I wont be able to update DNS records until Monday to get an LE wildcard cert.
After that, my app deployment shouldn't take long. I imagine I will have found & ironed out most of the issues by next weekend (10th ish?)

[nimbit-software]

@Towerful Thanks for the detailed description. I tried following along but im getting an error when deploying the cluster.

I think its related to this
FATAL: configuration file "/var/lib/postgresql/data/pgdata/custom.conf" contains errors"

I tried removing the file or placing an empty file but that causes an error

{"level":"info","ts":"2025-01-26T00:07:37.419765172Z","msg":"DB not available, will retry","logger":"instance-manager","logging_pod":"testing-sb-1","err":"failed to connect to `user=postgres database=postgres`: /controller/run/.s.PGSQL.5432 (/controller/run): dial error: dial unix /controller/run/.s.PGSQL.5432: connect: no such file or directory"}
{"level":"info","ts":"2025-01-26T00:07:37.431121416Z","logger":"postgres","msg":"2025-01-26 00:07:37.431 GMT [26] LOG:  unrecognized configuration parameter \"allow_alter_system\" in file \"/var/lib/postgresql/data/pgdata/custom.conf\" line 1","pipe":"stderr","logging_pod":"testing-sb-1"}
{"level":"info","ts":"2025-01-26T00:07:37.431140302Z","logger":"postgres","msg":"2025-01-26 00:07:37.431 GMT [26] FATAL:  configuration file \"/var/lib/postgresql/data/pgdata/custom.conf\" contains errors","pipe":"stderr","logging_pod":"testing-sb-1"}
{"level":"info","ts":"2025-01-26T00:07:37.432158735Z","msg":"postmaster exited","logger":"instance-manager","logging_pod":"testing-sb-1","postmasterExitStatus":"exit status 1","postMasterPID":26}
{"level":"info","ts":"2025-01-26T00:07:37.432198861Z","msg":"Extracting pg_controldata information","logger":"instance-manager","logging_pod":"testing-sb-1","reason":"postmaster has exited"}

did you experience something similar?