Operations
Backup And Restores
Custom Secret
Monitoring
tpl
This guide explains how to deploy a PostgreSQL cluster in KubeBlocks with a custom password generation policy for the root user. By defining specific password rules, you can ensure strong, secure credentials for your cluster.
Before proceeding, ensure the following:
kubectl create ns demo
namespace/demo created
KubeBlocks uses a declarative approach for managing PostgreSQL clusters. Below is an example configuration for deploying a PostgreSQL cluster with 2 nodes (1 primary, 1 replicas) and custom password generation policy.
apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
name: pg-cluster
namespace: demo
spec:
terminationPolicy: Delete
clusterDef: postgresql
topology: replication
componentSpecs:
- name: postgresql
serviceVersion: 16.4.0
labels:
apps.kubeblocks.postgres.patroni/scope: pg-cluster-postgresql
disableExporter: true
replicas: 2
systemAccounts:
- name: postgres
passwordConfig:
length: 20 # Password length: 20 characters
numDigits: 4 # At least 4 digits
numSymbols: 2 # At least 2 symbols
letterCase: MixedCases # Uppercase and lowercase letters
symbolCharacters: '!' # set the allowed symbols when generating password
resources:
limits:
cpu: "0.5"
memory: "0.5Gi"
requests:
cpu: "0.5"
memory: "0.5Gi"
volumeClaimTemplates:
- name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
Explanation of Key Fields
systemAccounts
: Overrides system accounts defined in the referenced ComponentDefinition
.passwordConfig
: Customizes the password generation policy for the postgres
user.symbolCharacters
: Sets the allowed symbols when generating password.In KubeBlocks PostgreSQL Addon, a list of system accounts is defined. And only those accounts can be customized with a new secret.
To get the of accounts:
kubectl get cmpd postgresql-16-1.0.0 -oyaml | yq '.spec.systemAccounts[].name'
Expected Output:
postgres
kbadmin
...
Monitor the cluster status until it transitions to the Running state:
kubectl get cluster pg-cluster -n demo -w
Expected Output:
NAME CLUSTER-DEFINITION TERMINATION-POLICY STATUS AGE
pg-cluster postgresql Delete Creating 50s
pg-cluster postgresql Delete Running 4m2s
Once the cluster status becomes Running, your PostgreSQL cluster is ready for use.
If you are creating the cluster for the very first time, it may take some time to pull images before running.
KubeBlocks automatically creates a secret containing the PostgreSQL postgres credentials. Retrieve the credentials with the following commands:
PASSWORD=$(kubectl get secrets -n demo pg-cluster-postgresql-account-postgres -o jsonpath='{.data.password}' | base64 -d)
To connect to the cluster's primary node, use the PostgreSQL client with the custom password:
kubectl exec -it -n demo pg-cluster-postgresql-0 -c postgresql -- env PGUSER=postgres PGPASSWORD=$PASSWORD psql
To remove all created resources, delete the PostgreSQL cluster along with its namespace:
kubectl delete cluster pg-cluster -n demo
kubectl delete ns demo
In this guide, you: