Configuring PostgreSql Database in Kubernetes


This document will guide you through configuring a PostgreSql database in a Kubernetes environment. It will explain the deployment steps in Kubernetes and the corresponding configurations for PostgreSql.

Creating Relevant Configuration Files

Before creating relevant configuration files, it is recommended to create a folder to centrally store these files. Additionally, create a namespace to store these resources to avoid conflicts with other resources.

In this example, I am creating a folder named 'database' and a namespace named 'database,' and I will create the relevant configuration files in this folder.

Copy Successful
# Create a folder
mkdir database
Copy Successful
# Create a namespace
kubectl create namespace database

You can also label nodes and specify nodeSelector in the deployment to deploy the application only on specified nodes.

In this example, I am labeling a node with the 'database' label and specifying nodeSelector in the deployment.

Copy Successful
# Label the node
# <node-name> is the node server name.
kubectl label node <node-name> worker=database

Create the storage.yaml file with the following content:

Copy Successful
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: database
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Retain

Create the volume.yaml file with the following content:

Copy Successful
# <path> is the path to the database storage
# Example: path: "/mnt/disks/data/database"
apiVersion: v1
kind: PersistentVolume
metadata:
name: database
labels:
app: database
spec:
storageClassName: database
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
hostPath:
path: <path>
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: database
namespace: database
labels:
app: database
spec:
storageClassName: database
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi

Create the config.yaml file with the following content:

Copy Successful
# <password> Set your password.
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres
namespace: database
labels:
app: postgres
data:
POSTGRES_PASSWORD: <password>

Create the deployment.yaml file with the following content:

Copy Successful
# To align with the later use of Harbor, the database version is specified directly here.
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: database
labels:
app: postgres
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
nodeSelector:
worker: database
containers:
- name: postgres
image: postgres:16
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 0
runAsGroup: 0
ports:
- containerPort: 5432
envFrom:
- configMapRef:
name: postgres
args:
- -c
- shared_buffers=1GB
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres
subPath: postgres
- mountPath: /dev/shm
name: shm
volumes:
- name: postgres
persistentVolumeClaim:
claimName: database
- name: shm
emptyDir:
medium: Memory

Create the service.yaml file with the following content:

Copy Successful
# For external connectivity, NodePort is used here. If internal connectivity is sufficient, ClusterIP can be used.
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: database
labels:
app: postgres
spec:
type: NodePort
ports:
- name: postgres
port: 5432
nodePort: 5432
targetPort: 5432
selector:
app: postgres
Copy Successful
# Deploy storage
kubectl apply -f storage.yaml
Copy Successful
# Deploy volume
kubectl apply -f volume.yaml
Copy Successful
# Deploy config
kubectl apply -f config.yaml
Copy Successful
# Deploy deployment
kubectl apply -f deployment.yaml
Copy Successful
# Deploy service
kubectl apply -f service.yaml

GCP Firewall Configuration

If you are using GCP and opening connections to the external world, you need to add a rule in the firewall to allow connections on port 5432.

After logging into the GCP platform, navigate to the left-hand menu:

Virtual Private Cloud > Firewall

0

Click the 'Create Firewall Rule' button at the top and add a rule to allow TCP port 5432 connections.

0

Test the Connection

Since NodePort is used in this example, you can connect directly from outside using the node's IP. You can test the connection using commonly used database tools such as DataGrip, Navicat, etc.

The default account is 'postgres', and the password is the one you set in config.yaml.