Installing Crunchy Postgres for Kubernetes Monitoring Using Kustomize

This section provides instructions for installing and configuring Crunchy Postgres for Kubernetes Monitoring using Kustomize.


First, go to GitHub and fork the Postgres Operator examples repository, which contains the Monitoring Kustomize installer.


Once you have forked this repo, you can download it to your working environment with a command similar to this:

git clone --depth 1 "git@github.com:${YOUR_GITHUB_UN}/postgres-operator-examples.git"
cd postgres-operator-examples

To add the Crunchy Postgres Exporter sidecar to your cluster, open the kustomize/postgres/postgres.yaml file and add the following YAML to the spec:

      image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.3.8-0

The Monitoring project is located in the kustomize/monitoring directory.


While the default Kustomize install should work in most Kubernetes environments, it may be necessary to further customize the project according to your specific needs.

For instance, by default fsGroup is set to 26 for the securityContext defined for the various Deployments comprising the Monitoring stack:

  fsGroup: 26

In most Kubernetes environments this setting is needed to ensure processes within the container have the permissions needed to write to any volumes mounted to each of the Pods comprising the Monitoring stack. However, when installing in an OpenShift environment (and more specifically when using the restricted Security Context Constraint), the fsGroup setting should be removed since OpenShift will automatically handle setting the proper fsGroup within the Pod's securityContext.

Additionally, within this same section it may also be necessary to modify the supplementalGroups setting according to your specific storage configuration:

  supplementalGroups: 65534

Therefore, the following files (located under kustomize/monitoring) should be modified and/or patched (e.g. using additional overlays) as needed to ensure the securityContext is properly defined for your Kubernetes environment:

  • deploy-alertmanager.yaml
  • deploy-grafana.yaml
  • deploy-prometheus.yaml

Those files should also be modified to set appropriate constraints on compute resources for the Grafana, Prometheus and/or AlertManager deployments. And to modify the configuration for the various storage resources (i.e. PersistentVolumeClaims) created by the Monitoring installer, the kustomize/monitoring/pvcs.yaml file can also be modified.

Additionally, it is also possible to further customize the configuration for the various components comprising the Monitoring stack (Grafana, Prometheus and/or AlertManager) by modifying the following configuration resources:

  • alertmanager-config.yaml
  • alertmanager-rules-config.yaml
  • grafana-datasources.yaml
  • prometheus-config.yaml

Finally, please note that the default username and password for Grafana can be updated by modifying the Grafana Secret in file kustomize/monitoring/grafana-secret.yaml. If not updated, the configured defaults for the username and password will be admin:admin and should be updated immediately.


Once the Kustomize project has been modified according to your specific needs, Monitoring can then be installed using kubectl and Kustomize:

kubectl apply -k kustomize/monitoring

Once installed, a simple way to immediately access the various Monitoring stack components is by using the kubectl port-forward command. For example, to access the Grafana dashboards, you would use a command similar to

kubectl -n postgres-operator port-forward service/crunchy-grafana 3000:3000

and then login via a web browser pointed to localhost:3000.


And similarly, once Monitoring has been installed, it can uninstalled using kubectl and Kustomize:

kubectl delete -k kustomize/monitoring

Further Information

For further information about monitoring features, see our tutorial.