EDB Postgres for Kubernetes Plugin v1
EDB Postgres for Kubernetes provides a plugin for kubectl
to manage a cluster in Kubernetes.
The plugin also works with oc
in an OpenShift environment.
Install
You can install the cnp
plugin using a variety of methods.
Note
For air-gapped systems, installation via package managers, using previously downloaded files, may be a good option.
Via the installation script
Using the Debian or RedHat packages
In the releases section of the GitHub repository, you can navigate to any release of interest (pick the same or newer release than your EDB Postgres for Kubernetes operator), and in it you will find an Assets section. In that section are pre-built packages for a variety of systems. As a result, you can follow standard practices and instructions to install them in your systems.
Debian packages
For example, let's install the 1.24.1 release of the plugin, for an Intel based
64 bit server. First, we download the right .deb
file.
Then, with super user privileges, install from the local file using dpkg
:
RPM packages
As in the example for .deb
packages, let's install the 1.24.1 release for an
Intel 64 bit machine. Note the --output
flag to provide a file name.
Then, with super user privileges, install with yum
, and you're ready to use:
Supported Architectures
EDB Postgres for Kubernetes Plugin is currently built for the following operating system and architectures:
- Linux
- amd64
- arm 5/6/7
- arm64
- s390x
- ppc64le
- macOS
- amd64
- arm64
- Windows
- 386
- amd64
- arm 5/6/7
- arm64
Configuring auto-completion
To configure auto-completion for the plugin, a helper shell script needs to be
installed into your current PATH. Assuming the latter contains /usr/local/bin
,
this can be done with the following commands:
Important
The name of the script needs to be exactly the one provided since is used by the kubectl auto-complete process
Use
Once the plugin was installed and deployed, you can start using it like this:
Note
The plugin automatically detects if the standard output channel is connected to a terminal.
In such cases, it may add ANSI colors to the command output. To disable colors, use the
--color=never
option with the command.
Generation of installation manifests
The cnp
plugin can be used to generate the YAML manifest for the
installation of the operator. This option would typically be used if you want
to override some default configurations such as number of replicas,
installation namespace, namespaces to watch, and so on.
For details and available options, run:
The main options are:
-n
: specifies the namespace in which to install the operator (default:cnp-system
).--control-plane
: if set to true, the operator deployment will include a toleration and affinity fornode-role.kubernetes.io/control-plane
.--replicas
: sets the number of replicas in the deployment.--watch-namespace
: specifies a comma-separated list of namespaces to watch (default: all namespaces).--version
: defines the minor version of the operator to be installed, such as1.23
. If a minor version is specified, the plugin installs the latest patch version of that minor version. If no version is supplied, the plugin installs the latestMAJOR.MINOR.PATCH
version of the operator.
An example of the generate
command, which will generate a YAML manifest that
will install the operator, is as follows:
The flags in the above command have the following meaning:
-n king
install the cnp operator into theking
namespace--version 1.23
install the latest patch version for minor version 1.23--replicas 3
install the operator with 3 replicas--watch-namespace "albert, bb, freddie"
have the operator watch for changes in thealbert
,bb
andfreddie
namespaces only
Status
The status
command provides an overview of the current status of your
cluster, including:
- general information: name of the cluster, PostgreSQL's system ID, number of instances, current timeline and position in the WAL
- backup: point of recoverability, and WAL archiving status as returned by
the
pg_stat_archiver
view from the primary - or designated primary in the case of a replica cluster - streaming replication: information taken directly from the
pg_stat_replication
view on the primary instance - instances: information about each Postgres instance, taken directly by each
instance manager; in the case of a standby, the
Current LSN
field corresponds to the latest write-ahead log location that has been replayed during recovery (replay LSN).
Important
The status information above is taken at different times and at different
locations, resulting in slightly inconsistent returned values. For example,
the Current Write LSN
location in the main header, might be different
from the Current LSN
field in the instances status as it is taken at
two different time intervals.
If you require more detailed status information, use the --verbose
option (or
-v
for short). The level of detail increases each time the flag is repeated:
With an additional -v
(e.g. kubectl cnp status sandbox -v -v
), you can
also view PostgreSQL configuration, HBA settings, and certificates.
The command also supports output in yaml
and json
format.
Promote
The meaning of this command is to promote
a pod in the cluster to primary, so you
can start with maintenance work or test a switch-over situation in your cluster
Or you can use the instance node number to promote
Certificates
Clusters created using the EDB Postgres for Kubernetes operator work with a CA to sign a TLS authentication certificate.
To get a certificate, you need to provide a name for the secret to store the credentials, the cluster name, and a user for this certificate
After the secret is created, you can get it using kubectl
And the content of the same in plain text using the following commands:
Restart
The kubectl cnp restart
command can be used in two cases:
requesting the operator to orchestrate a rollout restart for a certain cluster. This is useful to apply configuration changes to cluster dependent objects, such as ConfigMaps containing custom monitoring queries.
request a single instance restart, either in-place if the instance is the cluster's primary or deleting and recreating the pod if it is a replica.
If the in-place restart is requested but the change cannot be applied without a switchover, the switchover will take precedence over the in-place restart. A common case for this will be a minor upgrade of PostgreSQL image.
Note
If you want ConfigMaps and Secrets to be automatically reloaded
by instances, you can add a label with key k8s.enterprisedb.io/reload
to it.
Reload
The kubectl cnp reload
command requests the operator to trigger a reconciliation
loop for a certain cluster. This is useful to apply configuration changes
to cluster dependent objects, such as ConfigMaps containing custom monitoring queries.
The following command will reload all configurations for a given cluster:
Maintenance
The kubectl cnp maintenance
command helps to modify one or more clusters
across namespaces and set the maintenance window values, it will change
the following fields:
- .spec.nodeMaintenanceWindow.inProgress
- .spec.nodeMaintenanceWindow.reusePVC
Accepts as argument set
and unset
using this to set the
inProgress
to true
in case set
and to false
in case of unset
.
By default, reusePVC
is always set to false
unless the --reusePVC
flag is passed.
The plugin will ask for a confirmation with a list of the cluster to modify and their new values, if this is accepted this action will be applied to all the cluster in the list.
If you want to set in maintenance all the PostgreSQL in your Kubernetes cluster, just need to write the following command:
And you'll have the list of all the cluster to update
Report
The kubectl cnp report
command bundles various pieces
of information into a ZIP file.
It aims to provide the needed context to debug problems
with clusters in production.
It has two sub-commands: operator
and cluster
.
report Operator
The operator
sub-command requests the operator to provide information
regarding the operator deployment, configuration and events.
Important
All confidential information in Secrets and ConfigMaps is REDACTED.
The Data map will show the keys but the values will be empty.
The flag -S
/ --stopRedaction
will defeat the redaction and show the
values. Use only at your own risk, this will share private data.
Note
By default, operator logs are not collected, but you can enable operator
log collection with the --logs
flag
- deployment information: the operator Deployment and operator Pod
- configuration: the Secrets and ConfigMaps in the operator namespace
- events: the Events in the operator namespace
- webhook configuration: the mutating and validating webhook configurations
- webhook service: the webhook service
- logs: logs for the operator Pod (optional, off by default) in JSON-lines format
The command will generate a ZIP file containing various manifest in YAML format
(by default, but settable to JSON with the -o
flag).
Use the -f
flag to name a result file explicitly. If the -f
flag is not used, a
default time-stamped filename is created for the zip file.
Note
The report plugin obeys kubectl
conventions, and will look for objects constrained
by namespace. The PG4K Operator will generally not be installed in the same
namespace as the clusters.
E.g. the default installation namespace is postgresql-operator-system
results in
With the -f
flag set:
Unzipping the file will produce a time-stamped top-level folder to keep the directory tidy:
will result in:
If you activated the --logs
option, you'd see an extra subdirectory:
Note
The plugin will try to get the PREVIOUS operator's logs, which is helpful when investigating restarted operators. In all cases, it will also try to get the CURRENT operator logs. If current and previous logs are available, it will show them both.
If the operator hasn't been restarted, you'll still see the ====== Begin …
and ====== End …
guards, with no content inside.
You can verify that the confidential information is REDACTED by default:
With the -S
(--stopRedaction
) option activated, secrets are shown:
You'll get a reminder that you're about to view confidential information: