04-run-operator

Run Operator - Example: postgres-operator

Overview

We'll run PostgreSQL with and without postgres-operator and see how easy it is to create a new user with operator.

1. Run PostgreSQL With operator.

1. Install Postgres Operator

   There are two options:

   1. ConfigMaps-based (legacy):

      kubectl apply -k github.com/zalando/postgres-operator/manifests
      

   2. CRD-based:

      kubectl create -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/operatorconfiguration.crd.yaml # registers the CRD
      kubectl create -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/postgresql-operator-default-configuration.yaml
      
      kubectl create -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/operator-service-account-rbac.yaml
      kubectl create -f postgres-operator-with-crd.yaml
      

   For more details:

   1. Quickstart
   2. Configuration Parameters

2. Check API resource.

   kubectl api-resources | grep zalan
   postgresqls                       pg           acid.zalan.do/v1                       true         postgresql
   

3. Check CRD:

   1. list

      kubectl get customresourcedefinition postgresqls.acid.zalan.do
      NAME                        CREATED AT
      postgresqls.acid.zalan.do   2022-04-12T22:24:18Z
      

   2. Get yaml:

      curl -O https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/postgresql.crd.yaml
      

   3. Check contents.

4. Deploy the Operator UI

   kubectl apply -k github.com/zalando/postgres-operator/ui/manifests
   

   Check:

   kubectl port-forward svc/postgres-operator-ui 8081:80
   

   Open http://localhost:8081/

5. Create a Postgres cluster on UI.

   Create:

   

   Creation completed:

   

   you can also create postgres cluster with yaml

   kubectl create -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/minimal-postgres-manifest.yaml
   

   Roles and Databases initially created:

   yaml:

     users:
       zalando:  # database owner
       - superuser
       - createdb
       foo_user: []  # role for application foo
     databases:
       foo: zalando  # dbname: owner
     preparedDatabases:
       bar: {}

   roles:

   \du
                                                        List of roles
       Role name    |                         Attributes                         |               Member of
   -----------------+------------------------------------------------------------+----------------------------------------
    admin           | Create DB, Cannot login                                    | {foo_user,zalando,bar_owner}
    bar_data_owner  | Cannot login                                               | {bar_data_writer,bar_data_reader}
    bar_data_reader | Cannot login                                               | {}
    bar_data_writer | Cannot login                                               | {bar_data_reader}
    bar_owner       | Cannot login                                               | {bar_writer,bar_data_owner,bar_reader}
    bar_reader      | Cannot login                                               | {}
    bar_writer      | Cannot login                                               | {bar_reader}
    foo_user        |                                                            | {}
    postgres        | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
    robot_zmon      | Cannot login                                               | {}
    standby         | Replication                                                | {}
    zalando         | Superuser, Create DB                                       | {}
    zalandos        | Cannot login                                               | {}
   

   databases:

   \l
                                     List of databases
      Name    |   Owner   | Encoding |   Collate   |    Ctype    |   Access privileges
   -----------+-----------+----------+-------------+-------------+-----------------------
    bar       | bar_owner | UTF8     | en_US.utf-8 | en_US.utf-8 |
    foo       | zalando   | UTF8     | en_US.utf-8 | en_US.utf-8 |
    postgres  | postgres  | UTF8     | en_US.utf-8 | en_US.utf-8 |
    template0 | postgres  | UTF8     | en_US.utf-8 | en_US.utf-8 | =c/postgres          +
              |           |          |             |             | postgres=CTc/postgres
    template1 | postgres  | UTF8     | en_US.utf-8 | en_US.utf-8 | =c/postgres          +
              |           |          |             |             | postgres=CTc/postgres
   (5 rows)
   

6. Check

   # check the deployed cluster
   kubectl get postgresql
   
   # check created database pods
   kubectl get pods -l application=spilo -L spilo-role
   
   # check created service resources
   kubectl get svc -l application=spilo -L spilo-role
   

7. Connect to PostgreSQL cluster.

   kubectl exec -it acid-test-cluster-0 -- psql -Upostgres
   psql (14.0 (Ubuntu 14.0-1.pgdg18.04+1))
   Type "help" for help.
   
   postgres=#
   

8. Check Secret is automatically created for PostgreSQL users.

   kubectl get secret | grep postgresql
   postgres.acid-test-cluster.credentials.postgresql.acid.zalan.do    Opaque                                2      60s
   standby.acid-test-cluster.credentials.postgresql.acid.zalan.do     Opaque                                2      60s
   test-user.acid-test-cluster.credentials.postgresql.acid.zalan.do   Opaque                                2      60s
   

9. Create a new user test_user2 on UI.

   

10. Check on PostgreSQL.

    kubectl exec -it acid-test-cluster-0 -- psql -Upostgres
    psql (14.0 (Ubuntu 14.0-1.pgdg18.04+1))
    Type "help" for help.
    
    postgres=# \du
                                              List of roles
     Role name  |                         Attributes                         |       Member of
    ------------+------------------------------------------------------------+------------------------
     admin      | Create DB, Cannot login                                    | {test_user,test_user2}
     postgres   | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
     robot_zmon | Cannot login                                               | {}
     standby    | Replication                                                | {}
     test_user  |                                                            | {}
     test_user2 |                                                            | {}
     zalandos   | Create DB, Cannot login                                    | {}
    

11. Check Secret again.

    kubectl get secret | grep postgresql
    postgres.acid-test-cluster.credentials.postgresql.acid.zalan.do     Opaque                                2      2m18s
    standby.acid-test-cluster.credentials.postgresql.acid.zalan.do      Opaque                                2      2m18s
    test-user.acid-test-cluster.credentials.postgresql.acid.zalan.do    Opaque                                2      2m18s
    test-user2.acid-test-cluster.credentials.postgresql.acid.zalan.do   Opaque                                2      6s
    

12. Clean up.

    postgresql (cluster):

    kubectl delete postgresql acid-test-cluster
    # kubectl delete -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/minimal-postgres-manifest.yaml

    UI:

    kubectl delete -k github.com/zalando/postgres-operator/ui/manifests
    

    operator (configmap-based):

    kubectl delete -k github.com/zalando/postgres-operator/manifests
    

    operator (crd-based):

    kubectl delete -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/postgresql-operator-default-configuration.yaml
    kubectl delete -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/operatorconfiguration.crd.yaml
    
    kubectl delete -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/operator-service-account-rbac.yaml
    kubectl delete -f postgres-operator-with-crd.yaml
    

2. Run PostgreSQL without operator.

1. Create postgres with simple StatefulSet.

   For simplicity, we just set replica is 1. (Just increasing replica cannot form a postgres cluster.)

   kubectl apply -f postgres-sts.yaml
   

2. Check deployed Pod.

   kubectl get po postgres-0
   NAME         READY   STATUS    RESTARTS   AGE
   postgres-0   1/1     Running   0          17s
   

3. Create a new user.

   kubectl exec -it postgres-0 -- psql postgres postgres
   psql (14.2 (Debian 14.2-1.pgdg110+1))
   Type "help" for help.
   
   postgres=#
   

   postgres=# create user test_user with encrypted password 'password';
   CREATE ROLE
   postgres=# create database test_db owner test_user;
   CREATE DATABASE
   postgres=# \du
                                      List of roles
    Role name |                         Attributes                         | Member of
   -----------+------------------------------------------------------------+-----------
    postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
    test_user |                                                            | {}
   postgres=# \list
                                    List of databases
      Name    |   Owner   | Encoding |  Collate   |   Ctype    |   Access privileges
   -----------+-----------+----------+------------+------------+-----------------------
    postgres  | postgres  | UTF8     | en_US.utf8 | en_US.utf8 |
    template0 | postgres  | UTF8     | en_US.utf8 | en_US.utf8 | =c/postgres          +
              |           |          |            |            | postgres=CTc/postgres
    template1 | postgres  | UTF8     | en_US.utf8 | en_US.utf8 | =c/postgres          +
              |           |          |            |            | postgres=CTc/postgres
    test_db   | test_user | UTF8     | en_US.utf8 | en_US.utf8 |
   (4 rows)
   

4. Clean up.

   kubectl delete -f postgres-sts.yaml
   

Other Postgres Operator

• https://www.kubegres.io/