Kustomize

Installing Crunchy Postgres for Kubernetes Using Kustomize

If you are deploying using the installer from the Crunchy Data Customer Portal, please refer to the guide there for alternative setup information.

Prerequisites

First, go to GitHub and fork the Postgres Operator examples repository, which contains the Crunchy Postgres for Kubernetes Kustomize installer.

https://github.com/CrunchyData/postgres-operator-examples/fork

Once you have forked this repo, you can download it to your working environment with a command similar to this:

YOUR_GITHUB_UN="$YOUR_GITHUB_USERNAME"
git clone --depth 1 "git@github.com:${YOUR_GITHUB_UN}/postgres-operator-examples.git"
cd postgres-operator-examples

For Powershell environments:

$env:YOUR_GITHUB_UN="YOUR_GITHUB_USERNAME"
git clone --depth 1 "git@github.com:$env:YOUR_GITHUB_UN/postgres-operator-examples.git"
cd postgres-operator-examples

The Crunchy Postgres for Kubernetes installation project is located in the kustomize/install directory.

Configuration

While the default Kustomize install should work in most Kubernetes environments, it may be necessary to further customize the Kustomize project(s) according to your specific needs.

For instance, to customize the image tags utilized for the Crunchy Postgres for Kubernetes Deployment, the images setting in the kustomize/install/default/kustomization.yaml file can be modified:

images:
- name: postgres-operator
  newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
  newTag: ubi8-5.7.2-0

If you are deploying using the images from the Crunchy Data Customer Portal, please refer to the private registries guide for additional setup information.

Please note that the Kustomize install project will also create a namespace for Crunchy Postgres for Kubernetes by default (though it is possible to install without creating the namespace, as shown below). To modify the name of namespace created by the installer, the kustomize/install/namespace/namespace.yaml should be modified:

apiVersion: v1
kind: Namespace
metadata:
  name: custom-namespace

The namespace setting in kustomize/install/default/kustomization.yaml should be modified accordingly.

namespace: custom-namespace

By default, Crunchy Postgres for Kubernetes deploys with debug logging turned on. If you wish to disable this, you need to set the CRUNCHY_DEBUG environmental variable to "false" that is found in the kustomize/install/manager/manager.yaml file. Alternatively, you can add the following to your kustomize/install/manager/kustomization.yaml to disable debug logging:

patchesStrategicMerge:
- |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: pgo
  spec:
    template:
      spec:
        containers:
        - name: operator
          env:
          - name: CRUNCHY_DEBUG
            value: "false"

You can also create additional Kustomize overlays to further patch and customize the installation according to your specific needs.

Installation Mode

When Crunchy Postgres for Kubernetes is installed, it can be configured to manage PostgreSQL clusters in all namespaces within the Kubernetes cluster, just those within a single namespace, or, starting in CPK 5.7, those in a select set of namespaces. When managing PostgreSQL clusters in multiple namespaces, a ClusterRole and ClusterRoleBinding is created to ensure Crunchy Postgres for Kubernetes has the permissions it requires to properly manage PostgreSQL clusters across all namespaces. However, when Crunchy Postgres for Kubernetes is configured to manage PostgreSQL clusters within a single namespace only, a Role and RoleBinding is created instead.

The installation of the necessary resources for a cluster-wide or a single-namespace-limited operator is done automatically by Kustomize, as described below in the Install section. If you wish for the operator to only manage PostgreSQL clusters in a select set of namespaces, you will need to make a change to the kustomize/install/manager/manager.yaml file. Open the file and to the list of operator container environment variables, add a variable with the name PGO_TARGET_NAMESPACES, and for the value enter the desired namespaces in a double-quoted, comma-separated list. For example:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgo
spec:
  template:
    spec:
      containers:
      - name: operator
        env:
        - name: PGO_TARGET_NAMESPACES
          value: "namespace-one,namespace-two,namespace-three"

The only other potential change you may need to make is to the Namespace resource and the namespace field if using a namespace other than the default postgres-operator.

High Availability

Starting in CPK 5.7, the operator can run in a typical hot/cold high availability configuration. When enabled, one pod will be the leader, while others wait to become the leader should the current leader fail. This capability is controlled by the PGO_CONTROLLER_LEASE_NAME environment variable on the PGO deployment. That value names the Lease object used to elect a leader of the deployment. The default is cpk-leader-election-lease, so you can achieve high availability by setting the Deployment replicas greater than one.

If you wish to disable this capability, empty or remove the PGO_CONTROLLER_LEASE_NAME environment variable and set replicas to 1.

Health Probes

Starting in CPK 5.7, the operator has the ability to perform liveness and readiness health probes. These probes are set on the operator Deployment and are enabled by default with the following settings:

livenessProbe:
  httpGet:
    path: /readyz
    port: 8081
  initialDelaySeconds: 15
  periodSeconds: 20
readinessProbe:
  httpGet:
    path: /healthz
    port: 8081
  initialDelaySeconds: 5
  periodSeconds: 10

To disable these probes, simply remove them from the operator Deployment.

Install

Once the Kustomize project has been modified according to your specific needs, Crunchy Postgres for Kubernetes can then be installed using kubectl and Kustomize. To create the target namespace, run the following:

kubectl apply -k kustomize/install/namespace

This will create the default postgres-operator namespace, unless you have edited the kustomize/install/namespace/namespace.yaml resource. That Namespace resource should have the same value as the namespace field in the kustomization.yaml file (located either at kustomize/install/default or kustomize/install/singlenamespace, depending on whether you are deploying the operator with cluster-wide or single-namespace-limited permissions).

To install Crunchy Postgres for Kubernetes itself in cluster-wide mode (or multi-namespace mode if you have added the PGO_TARGET_NAMESPACES environment variable), apply the kustomization file in the default folder:

kubectl apply --server-side -k kustomize/install/default

To install Crunchy Postgres for Kubernetes itself in single-namespace-limited mode, apply the kustomization file in the singlenamespace folder:

kubectl apply --server-side -k kustomize/install/singlenamespace

The kustomization.yaml files in those folders take care of applying the appropriate permissions.

Install the Custom Resource Definition using Older Kubectl

This installer is optimized for Kustomize v4.0.5 or later, which is included in kubectl v1.21. If you are using an earlier version of kubectl to manage your Kubernetes objects, you should be able to create the namespace as described above, but when you run the kubectl apply --server-side -k kustomize/install/default command, you will get an error like:

Error: json: unknown field "labels"

To fix this error, download the most recent version of Kustomize. Once you have installed Kustomize v4.0.5 or later, you can use it to produce valid Kubernetes yaml:

kustomize build kustomize/install/default

The output from the kustomize build command can be captured to a file or piped directly to kubectl:

kustomize build kustomize/install/default | kubectl apply --server-side -f -

Automated Upgrade Checks

By default, Crunchy Postgres for Kubernetes will automatically check for updates to itself and software components by making a request to a URL. If Crunchy Postgres for Kubernetes detects there are updates available, it will print them in the logs. As part of the check, Crunchy Postgres for Kubernetes will send aggregated, anonymized information about the current deployment to the endpoint. An upcoming release will allow for Crunchy Postgres for Kubernetes to opt-in to receive and apply updates to software components automatically.

Crunchy Postgres for Kubernetes will check for updates upon startup and once every 24 hours. Any errors in checking will have no impact on the operation of Crunchy Postgres for Kubernetes. To disable the upgrade check, you can set the CHECK_FOR_UPGRADES environmental variable on the pgo Deployment to "false".

For more information about collected data, see the Crunchy Data collection notice.

Uninstall

Once Crunchy Postgres for Kubernetes has been installed, it can also be uninstalled using kubectl and Kustomize. To uninstall Crunchy Postgres for Kubernetes (assuming it was installed in cluster-wide mode), the following command can be utilized:

kubectl delete -k kustomize/install/default

To uninstall Crunchy Postgres for Kubernetes installed with only namespace permissions, use:

kubectl delete -k kustomize/install/singlenamespace

The namespace created with this installation can likewise be cleaned up with:

kubectl delete -k kustomize/install/namespace

Next Step: Create a Postgres Cluster

Now that you've installed Crunchy Postgres for Kubernetes, you're ready to Create a Postgres Cluster.

Next Step: Install Monitoring

No installation of Crunchy Postgres for Kubernetes is complete without monitoring! See our tutorial on installing monitoring with Kustomize for details.