Installation of PostgreSQL Operator RBAC

Installation of PostgreSQL Operator RBAC

For a list of the RBAC required to install the PostgreSQL Operator, please view the postgres-operator.yml file:

The first step is to install the PostgreSQL Operator RBAC configuration. This can be accomplished by running:

make installrbac

This script will install the PostreSQL Operator Custom Resource Definitions, CRD’s and creates the following RBAC resources on your Kubernetes cluster:

Setting Definition
Custom Resource Definitions pgclusters
Cluster Roles (cluster-roles.yaml) pgopclusterrole
Cluster Role Bindings (cluster-roles-bindings.yaml) pgopclusterbinding
Service Account (service-accounts.yaml) postgres-operator
Roles (rbac.yaml) pgo-role
Role Bindings (rbac.yaml) pgo-backrest-role-binding

Note that the cluster role bindings have a naming convention of pgopclusterbinding-$PGO_OPERATOR_NAMESPACE and pgopclusterbindingcrd-$PGO_OPERATOR_NAMESPACE. The PGO_OPERATOR_NAMESPACE environment variable is added to make each cluster role binding name unique and to support more than a single PostgreSQL Operator being deployed on the same Kubernertes cluster.

Also, the specific Cluster Roles installed depends on the Namespace Mode enabled via the PGO_NAMESPACE_MODE environment variable when running make installrbac. Please consult the Namespace documentation for more information regarding the Namespace Modes available, including the specific ClusterRoles required to enable each mode.