Installation of PostgreSQL Operator RBAC
Installation of PostgreSQL Operator RBAC
For a list of the RBAC required to install the PostgreSQL Operator, please view the postgres-operator.yml file:
The first step is to install the PostgreSQL Operator RBAC configuration. This can be accomplished by running:
make installrbac
This script will install the PostreSQL Operator Custom Resource Definitions, CRD’s and creates the following RBAC resources on your Kubernetes cluster:
| Setting | Definition |
|---|---|
| Custom Resource Definitions | pgclusters |
| pgpolicies | |
| pgreplicas | |
| pgtasks | |
| pgupgrades | |
| Cluster Roles (cluster-roles.yaml) | pgopclusterrole |
| pgopclusterrolecrd | |
| Cluster Role Bindings (cluster-roles-bindings.yaml) | pgopclusterbinding |
| pgopclusterbindingcrd | |
| Service Account (service-accounts.yaml) | postgres-operator |
| pgo-backrest | |
| Roles (rbac.yaml) | pgo-role |
| pgo-backrest-role | |
| Role Bindings (rbac.yaml) | pgo-backrest-role-binding |
| pgo-role-binding |
Note that the cluster role bindings have a naming convention of pgopclusterbinding-$PGO_OPERATOR_NAMESPACE and pgopclusterbindingcrd-$PGO_OPERATOR_NAMESPACE. The PGO_OPERATOR_NAMESPACE environment variable is added to make each cluster role binding name unique and to support more than a single PostgreSQL Operator being deployed on the same Kubernertes cluster.
Also, the specific Cluster Roles installed depends on the Namespace Mode enabled via the PGO_NAMESPACE_MODE environment variable when running make installrbac. Please consult the Namespace documentation for more information regarding the Namespace Modes available, including the specific ClusterRoles required to enable each mode.