Kubegres allows to override its default configurations and bash scripts based on your requirements.
For each namespace where a Kubegres resource is created, Kubegres controller creates a base ConfigMap resource with this contents. That base ConfigMap contains the default configs for all Kubegres resource(s) in that namespace. It defines default contents for "postgres.conf", "pg_hba.conf" and a backup logic in "backup_database.sh".
You can override the following configurations in that base ConfigMap:
- primary_init_script.sh: a bash script which runs the 1st time a Primary PostgreSql container is created. This happens when a new Kubegres resource is deployed to create a new PostgreSql cluster. It is the right place to add instructions creating custom database(s) and user(s) for your requirement.
- backup_database.sh: if you enabled backup for your Kubegres resource, this bash script defines the actions to perform during a backup. It is executed regularly by a dedicated CronJob.
- postgres.conf: the official PostgreSql configs used for both Primary and Replica servers.
- pg_hba.conf: the host-based authentication configs for both Primary and Replica servers.
Examples from Kubegres user(s)
@laukaichung published a great example in GitHub showing how the scripts "backup_database.sh" and "primary_init_script.sh" were overridden in order to use S3 for backup storage and initialization.
How to override the default configurations for all running Kubegres resources?
As mentioned above, Kubegres automatically creates a base ConfigMap named base-kubegres-config in each namespace where Kubegres resources are running.
If you would like to change that base ConfigMap, you can do so by using the tool "kubectl" and edit the resource with name "base-kubegres-config". That change would apply to all Kubegres resources in the same namespace:
kubectl edit configmap base-kubegres-config -n [namespace]
How to override the default configurations for a specific Kubegres resource?
If you would like to override the default configs for a specific PostgreSql cluster only, you can create a custom ConfigMap in that namespace and set its name to the property "spec.customConfig" in your Kubegres YAML, as follows:
apiVersion: kubegres.reactive-tech.io/v1
kind: Kubegres
metadata:
name: mypostgres
namespace: default
spec:
replicas: 3
image: postgres:16.1
port: 5432
database:
size: 200Mi
customConfig: mypostgres-conf
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: mySecretResource
key: superUserPassword
- name: POSTGRES_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: mySecretResource
key: replicationUserPassword
And in your custom ConfigMap you can override one or many of these configs: primary_init_script.sh, backup_database.sh, postgres.conf and pg_hba.conf. Please see the examples below.
Override primary_init_script.sh
The bash script below runs only the 1st time a Primary PostgreSql container is created. It overrides "primary_init_script.sh" in a custom ConfigMap, by creating a custom user and a database and grant to that user access rights:
apiVersion: v1
kind: ConfigMap
metadata:
name: mypostgres-conf
namespace: default
data:
primary_init_script.sh: |
#!/bin/bash
set -e
# This script assumes that the env-var $POSTGRES_MY_DB_PASSWORD contains the password of the custom user to create.
# You can add any env-var in your Kubegres resource config YAML.
dt=$(date '+%d/%m/%Y %H:%M:%S');
echo "$dt - Running init script the 1st time Primary PostgreSql container is created...";
customDatabaseName="my_app_db"
customUserName="my_username"
echo "$dt - Running: psql -v ON_ERROR_STOP=1 --username $POSTGRES_USER --dbname $POSTGRES_DB ...";
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
CREATE USER $customUserName WITH PASSWORD '$POSTGRES_MY_DB_PASSWORD';
CREATE DATABASE $customDatabaseName;
\connect $customDatabaseName;
GRANT ALL ON SCHEMA public TO $customUserName;
EOSQL
echo "$dt - Init script is completed";
This script above assumes that the env-var $POSTGRES_MY_DB_PASSWORD contains the password of the custom user to create. Please see an example about how to add a custom env-variable.
Override backup_database.sh
Please see below an example of an overridden "backup_database.sh" in a custom ConfigMap, which contains the logic to dump PostgreSql Primary's database:
apiVersion: v1
kind: ConfigMap
metadata:
name: mypostgres-conf
namespace: default
data:
backup_database.sh: |
#!/bin/bash
set -e
dt=$(date '+%d/%m/%Y %H:%M:%S');
fileDt=$(date '+%d_%m_%Y_%H_%M_%S');
backUpFileName="$KUBEGRES_RESOURCE_NAME-backup-$fileDt.gz"
backUpFilePath="$BACKUP_DESTINATION_FOLDER/$backUpFileName"
echo "$dt - Starting DB backup of Kubegres resource $KUBEGRES_RESOURCE_NAME into file: $backUpFilePath";
echo "$dt - Running: pg_dumpall -h $BACKUP_SOURCE_DB_HOST_NAME -U postgres -c | gzip > $backUpFilePath"
pg_dumpall -h $BACKUP_SOURCE_DB_HOST_NAME -U postgres -c | gzip > $backUpFilePath
if [ $? -ne 0 ]; then
rm $backUpFilePath
echo "Unable to execute a BackUp. Please check DB connection settings"
exit 1
fi
echo "$dt - DB backup completed for Kubegres resource $KUBEGRES_RESOURCE_NAME into file: $backUpFilePath";
Override postgres.conf
When overriding postgres.conf, there are 2 properties to be aware of:
- "listen_addresses": by default PostgreSql set it to "localhost". But Kubegres explicitly set it to "*". When defining your own postgres.conf, do not forget to set it to "*". Not setting it or using an alternative value could break Kubegres replication capability.
- "wal_level": By default, PostgreSql set the property 'wal_level' to 'replica'. You can modify the value of 'wal_level' in 'postgres.conf'. Kubegres was tested with "wal_level = replica" and "wal_level = logical".
Please see below an example of an overridden "postgres.conf" in a custom ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
name: mypostgres-conf
namespace: default
data:
postgres.conf: |
# Replication configs
listen_addresses = '*'
max_wal_senders = 10
wal_keep_segments = 48 #in Mb
max_connections = 100
shared_buffers = 128MB
# Logging
log_destination = 'stderr,csvlog'
logging_collector = on
log_directory = 'pg_log'
log_filename= 'postgresql-%Y-%m-%d_%H%M%S.log'
Override pg_hba.conf
Please see below an example of an overridden "pg_hba.conf" in a custom ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
name: mypostgres-conf
namespace: default
data:
pg_hba.conf: |
# TYPE DATABASE USER ADDRESS METHOD
# Replication connections by a user with the replication privilege
host replication replication all md5
# As long as it is authenticated, all connections allowed except from "0.0.0.0/0"
local all all md5
host all all all md5
host all all 0.0.0.0/0 reject
Note about applying ConfigMap changes to existing PostgreSql pods
When we make a change to a ConfigMap, Kubernetes does not notify the Kubegres controller about that update. Consequently, if we want to apply those changes to existing running PostgreSql pods, when have to manually restart them.
However, restarting pods could trigger the failover process and Kubegres may wrongly think that the primary PostgreSql pod is not available and would failover to a Replica PostgreSql pod. To avoid Kubegres controller to failover, we need to pause it.
The instructions to follows are:
- Update your ConfigMap (e.g. "base-kubegres-config", or your custom ConfigMap)
-
Disable the automatic failover in your Kubegres YAML by setting the property
"spec.failover.isDisabled" to true:
apiVersion: kubegres.reactive-tech.io/v1 kind: Kubegres metadata: name: mypostgres namespace: default spec: replicas: 3 image: postgres:16.1 ... failover: isDisabled: true ... -
Restart the StatefulSets of your Postgres cluster. In this example the Postgres cluster's name
is "mypostgres" and I have 3 pods running:
kubectl rollout restart statefulset mypostgres-1 mypostgres-2 mypostgres-3 -
From that point your pods are using the latest version of the ConfigMap. Check the pods are
in a running state:
kubectl get pods -
If the pods are running and healthy, then re-enable the automatic failover in your Kubegres YAML
by setting the property "spec.failover.isDisabled" to false (you could also remove that property):
apiVersion: kubegres.reactive-tech.io/v1 kind: Kubegres metadata: name: mypostgres namespace: default spec: replicas: 3 image: postgres:16.1 ... failover: isDisabled: false ...
