Upgrade Postgres Major Version

[rc9000]

TL;DR: do not just merge this right now :)

I did some digging how to navigate an upgrade of the Postgres version, as 13 will be out of support next year. Unfortunately this is a bit of a support headache, since it needs manual converting of the Postgres files. I tried to include an easy one-command approach using the pgautoupgrade project: https://github.com/pgautoupgrade/docker-pgautoupgrade

How to use it is in the README_UPGRADE.md, which the PG 17 container also just dumps into the container log if there is a mismatch.

However most users probably start the container in the background, in Docker Desktop etc. and will still not immediately see it. So we should find a good time to create a new release in Netdisco proper, declare this the cutoff for netdisco-docker PG13, and then I'd hang out in the issues & IRC for a week or two, because people will probably need help :)

To try the instructions or just test Netdisco with PG17 in general, you can get the new container from my Dockerhub account - just use rc9000/netdisco:latest-pg17 as a drop-in replacement for netdisco:latest-postgresql.

Actual EOL for PG13 is November 13, 2025 so there is no rush.

[rc9000]

IRC log: after some discussions we decided that a separate container with pg17 would be nice, that the user can enable at will instead of being forced into it:

14:01 < rc9000> one way i could see instead: we make an alternative netdisco-postgresql17 
                container that includes the autoupgrade but is commented out in docker-compose, plus some notes that the user can
                switch to it when they know they have a valid backup or don't care, or just want to start over with a new db?
14:01 < rc9000> this would be nontrivial since we need to merge the whole pgautoupgrade into our entrypoint, but definitely doable.
14:01 < rc9000> (the relevant bits are around here https://github.com/pgautoupgrade/docker-pgautoupgrade/blob/main/postgres-docker-entrypoint.sh#L567)
15:01 < oliver> rc9000: yes I was thinking along these lines ... a straightforward thing the user could do (change a text config and restart) to opt in to the upgrade
17:10 < rc9000> oliver: ok let's rescope the pr so there is a new container that can be enabled, and then we can slowly get people into switching over.
17:11 < rc9000> that's also nice because there is no big bang
17:14 < rc9000> should we just append the major version like so?
17:14 < rc9000> netdisco:2.084002-postgresql17
17:14 < rc9000> netdisco:latest-postgresql17
17:14 < rc9000> ... time passes
17:14 < rc9000> netdisco:2.084002-postgresql22
17:14 < rc9000> netdisco:latest-postgresql22
17:15 < rc9000> and we could also push the current one additionally as netdisco:latest-postgresql13 for symmetry
17:52 < oliver> rc9000: yes would be OK but I'd like to check for anything like a loop over the suffix on the image name which would be caught out 
                (like for i in do backend frontend postgresql...)

[rc9000]

I did some experiments with integration docker-pgautoupgrade directly into our postgres container: https://github.com/rc9000/netdisco-docker/tree/pg17

It works, but it has some major downsides:

1. Major: the biggest one is that the image must contain the old and the new postgres version. So once Postgres 13 is unsupported and has racked up some CVE that are no longer fixed, the image will be flagged in all the enterprise scanning tools. I don't know how many people this would affect, but it would certainly affect me because everybody here loves their grype and Artifactory reports and going after people with them.
2. Minor: image size is greatly increased
3. Major: pgautoupgrade can not guarantee to work and not corrput the db, and needs careful DBAing around it (disk space, backups etc.) to prevent that. The safest route is to let the user deal with that and be responsible, that's also the reason why the official postgres image doesn't have such features

So currently I think the original approach of this PR might be better.

[Copilot]

Pull Request Overview

This PR upgrades PostgreSQL from version 13 to 17 in the netdisco-docker container, introducing a breaking change that requires manual database migration for existing installations.

• Upgrades PostgreSQL base image from 13.4-alpine to 17.4-alpine
• Adds version check that prevents startup if existing data is not PostgreSQL 17
• Provides comprehensive upgrade documentation with automated migration instructions

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
netdisco-postgresql/Dockerfile	Updates base image to PostgreSQL 17.4-alpine and adds su-exec package
netdisco-postgresql/netdisco-db-entrypoint.sh	Adds version check that exits with upgrade instructions if not PostgreSQL 17
netdisco-postgresql/README_UPGRADE.md	New comprehensive upgrade guide with backup and migration procedures

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}