KubeBlocks
BlogsKubeBlocks Cloud
⌘K
​

Overview

Introduction
Concepts
Kubernetes and Operator 101
Supported addons
About this manual

Try out KubeBlocks with Playground

Try out KubeBlocks on cloud
Try out KubeBlocks on laptop

Installation

Prerequisite for Local Env

Prerequisite for Local Env
Install kbcli
Install KubeBlocks
Install Addons
Uninstall KubeBlocks and kbcli

Upgrade KubeBlocks

Upgrade to v0.8
Upgrade to v0.9.0
Upgrade to v0.9.3
FAQ

Connect Database

Overview
Testing environment
Production environment

Maintenance

Scale

Horizontal Scale
Vertical Scale

Backup and Restore

Introduction

Backup

Configure BackupRepo
Configure BackupPolicy
Scheduled backup
On-demand backup

Restore

Restore from backup set
PITR

In Place Update

Overview on in-place update
Enable in-place update

Resource Scheduling

Configure pod affinity for database clusters

Cross K8s Deployment

Deploy a Cluster across Multiple Kubernetes Clusters by KubeBlocks

Instance Template

Introduction of instance template
Apply instance template

Observability

Monitor database
Configure alert

User Management

Manage user accounts

Handle an Exception

Handle an exception
Full disk lock

Developer

Developer guides
Terminology

Add an add-on to KubeBlocks

Add-ons of KubeBlocks
Add an add-on
Backup and restore
Parameter template
Parameter configuration
Monitoring
Multi-component configuration
Environment variables and placeholders

External Component

Reference external component

API Reference

Cluster
Backup
Add-On

    Manage user accounts

    KubeBlocks offers a variety of services to enhance the usability, availability, and observability of database clusters. Different components require user accounts with different permissions to create connections.

    NOTE

    Currently, KubeBlocks only supports managing user accounts for ApeCloud MySQL, MySQL Community version, PostgreSQL, and Redis.

    Steps

    • Create a user account

      kbcli cluster create-account <clustername> --name <username> --password <pwd>

    • Grant a role to a user

      kbcli cluster grant-role  <clustername> --name <username> --role <rolename>

      KubeBlocks provides three role levels of permission.

      • Superuser: with all permissions.
      • ReadWrite: read and write.
      • ReadOnly: read only.

      For different database engines, the detailed permission are varied. Check the table below.

      RoleMySQLPostgreSQLRedis
      SuperuserGRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON * a userALTER USER WITH SUPERUSER+@ALL allkeys
      ReadWriteGRANT SELECT, INSERT, DELETE ON * TO a userGRANT pg_write_all_data TO a user-@ALL +@Write +@READ allkeys
      ReadOnlyGRANT SELECT, SHOW VIEW ON * TO a userGRANT pg_read_all_data TO a user-@ALL +@READ allkeys

    • Check the role level of a user account

      kbcli cluster describe-account <clustername> --name <username>

    • Revoke role from a user account

      kbcli cluster revoke-role <clustername> --name <name> --role <rolename>

    • List all user accounts

      kbcli cluster list-accounts  <clustername>
      NOTE

      For security reasons, the list-accounts command does not show all accounts. Accounts with high privilege such as operational accounts and superuser accounts that meet certain rules are hidden. Refer to the table below to view the hidden accounts.

      DatabaseHidden Accounts
      MySQLroot
      kb*
      Localhost = ''
      PostgreSQLPostgres
      kb*

    • Delete a user account

      kbcli cluster delete-account <clustername> --name <username>

    © 2025 ApeCloud PTE. Ltd.