Install PostgreSQL Operator Monitoring

PostgreSQL Operator Monitoring Installer

Quickstart

If you believe that all the default settings in the installation manifest work for you, you can take a chance by running the metrics manifest directly from the repository:

kubectl create namespace pgo
kubectl apply -f https://raw.githubusercontent.com/CrunchyData/postgres-operator/v4.7.4/installers/metrics/kubectl/postgres-operator-metrics.yml

Note that in OpenShift and CodeReady Containers you will need to set the disable_fsgroup to true attribute to true if you are using the restricted Security Context Constraint (SCC). If you are using the anyuid SCC, you will need to set disable_fsgroup to false.

However, we still advise that you read onward to see how to properly configure the PostgreSQL Operator Monitoring infrastructure.

Overview

The PostgreSQL Operator comes with a container called pgo-deployer which handles a variety of lifecycle actions for the PostgreSQL Operator Monitoring infrastructure, including:

  • Installation
  • Upgrading
  • Uninstallation

After configuring the Job template, the installer can be run using kubectl apply and takes care of setting up all of the objects required to run the PostgreSQL Operator.

The installation manifest, called postgres-operator-metrics.yml, is available in the installers/metrics/kubectl/postgres-operator-metrics.yml path in the PostgreSQL Operator repository.

Requirements

RBAC

The pgo-deployer requires a ServiceAccount and ClusterRoleBinding to run the installation job. Both of these resources are already defined in the postgres-operator-metrics.yml, but can be updated based on your specific environmental requirements.

By default, the pgo-deployer uses a ServiceAccount called pgo-metrics-deployer-sa that has a ClusterRoleBinding (pgo-metrics-deployer-crb) with several ClusterRole permissions. This ClusterRole is needed for the initial configuration and deployment of the various applications comprising the monitoring infrastructure. This includes permissions to create:

  • RBAC for use by Prometheus and/or Grafana
  • The metrics namespace

The required list of privileges are available in the postgres-operator-metrics.yml file:

https://raw.githubusercontent.com/CrunchyData/postgres-operator/v4.7.4/installers/metrics/kubectl/postgres-operator-metrics.yml

If you have already configured the ServiceAccount and ClusterRoleBinding for the installation process (e.g. from a previous installation), then you can remove these objects from the postgres-operator-metrics.yml manifest.

Config Map

The pgo-deployer uses a Kubernetes ConfigMap to pass configuration options into the installer. The ConfigMap is defined in the postgres-operator-metrics.yaml file and can be updated based on your configuration preferences.

Namespaces

By default, the PostgreSQL Operator Monitoring installer will run in the pgo Namespace. This can be updated in the postgres-operator-metrics.yml file. Please ensure that this namespace exists before the job is run.

For example, to create the pgo namespace:

kubectl create namespace pgo

Configuration - postgres-operator-metrics.yml

The postgres-operator-metrics.yml file contains all of the configuration parameters for deploying PostgreSQL Operator Monitoring. The example file contains defaults that should work in most Kubernetes environments, but it may require some customization.

Note that in OpenShift and CodeReady Containers you will need to set the disable_fsgroup to true attribute to true if you are using the restricted Security Context Constraint (SCC). If you are using the anyuid SCC, you will need to set disable_fsgroup to false.

For a detailed description of each configuration parameter, please read the PostgreSQL Operator Monitoring Installer Configuration Reference

Configuring to Update and Uninstall

The deploy job can be used to perform different deployment actions for the PostgreSQL Operator Monitoring infrastructure. When you run the job it will install the monitoring infrastructure by default but you can change the deployment action to uninstall or update. The DEPLOY_ACTION environment variable in the postgres-operator-metrics.yml file can be set to install-metrics, update-metrics, and uninstall-metrics.

Image Pull Secrets

If you are pulling PostgreSQL Operator Monitoring images from a private registry, you will need to setup an imagePullSecret with access to the registry. The image pull secret will need to be added to the installer service account to have access. The secret will need to be created in each namespace that the PostgreSQL Operator will be using.

After you have configured your image pull secret in the Namespace the installer runs in (by default, this is pgo), add the name of the secret to the job yaml that you are using. You can update the existing section like this:

apiVersion: v1
kind: ServiceAccount
metadata:
    name: pgo-metrics-deployer-sa
    namespace: pgo
imagePullSecrets:
  - name: <image_pull_secret_name>

If the service account is configured without using the job yaml file, you can link the secret to an existing service account with the kubectl or oc clients.

# kubectl
kubectl patch serviceaccount <deployer-sa> -p '{"imagePullSecrets": [{"name": "myregistrykey"}]}' -n <install-namespace>

# oc
oc secrets link <registry-secret> <deployer-sa> --for=pull --namespace=<install-namespace>

Installation

Once you have configured the PostgreSQL Operator Monitoring installer to your specification, you can install the PostgreSQL Operator Monitoring infrastructure with the following command:

kubectl apply -f /path/to/postgres-operator-metrics.yml

Post-Installation

To clean up the installer artifacts, you can simply run:

kubectl delete -f /path/to/postgres-operator-metrics.yml

Note that if you still have the ServiceAccount and ClusterRoleBinding in there, you will need to have elevated privileges.