Created
November 15, 2021 02:08
-
-
Save Vertiwell/60e7c55b07260ea90eef0eaee10024fb to your computer and use it in GitHub Desktop.
postgres.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### Deploying Postgres Cluster on Kubernetes for Debian/Ubuntu based OS | |
## Baseline Guide: https://www.kubegres.io/doc/getting-started.html | |
# Type of Deployment: Script | |
# | |
### Minimum Requirements ### | |
## Three Worker Node Cluster (Tested on K0s, K3s, K8s) | |
## A Storage Backend (Tested on Ceph, OpenEBS, Local, Longhorn) | |
# | |
## The following base packages are required: | |
# Password generator | |
apt-get install pwgen -y && \ | |
# | |
### Installation ### | |
## Set Variables: | |
# Set a StorageClass (kubectl get sc) | |
STORAGE=rook-ceph-fs | |
# Set a Kubegres Version | |
VERSION=v1.13 | |
# Set a Postgres Version: https://hub.docker.com/_/postgres?tab=description | |
PGVERSION=14 | |
# Set a namespace for Postgres to install to (note: the kubegres operator installs to kubegres-system regardless) | |
NAMESPACE=default | |
# Install the Kubegres Operator | |
kubectl apply -f https://raw.githubusercontent.com/reactive-tech/kubegres/$VERSION/kubegres.yaml && \ | |
# Create a password for the default database (to be saved and this file deleted) | |
export PGPASS=$(pwgen -csn 24 1) && echo $PGPASS > temp-pass-store && \ | |
### Where Vault agent is available uncomment the following single hashes # to store the Postgres password in Vault | |
## Set Variables | |
## Vault Token | |
#export VAULT_TOKEN=$(cat /tmp/vault-cert-token-via-agent) | |
## Set a domain to use (needs to be real if you want to access this externally from the internet) | |
#echo "Provide a domain to use (i.e: example.com):" | |
#read DOMAIN | |
## Write JSON files with some parameters to store the password in the vault | |
#printf '{\n "data": {\n "pgpass": "'"$PGPASS"'"\n }\n}' > pgpass.json && \ | |
## Create the docker password with the JSON file as configuration data, sending the token to Vault | |
#curl --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data @pgpass.json https://vault.$DOMAIN:8200/v1/secret/data/pgpass && \ | |
## Delete the JSON files containing the credentials | |
#rm pgpass.json temp-pass-store && \ | |
### Done ### | |
# | |
# Create a secret to house the passwords of the default database | |
cat <<EOF >postgres-secret.yaml | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: postgres-secret | |
namespace: $NAMESPACE | |
type: Opaque | |
stringData: | |
superUserPassword: "$PGPASS" | |
replicationUserPassword: "$PGPASS" | |
EOF | |
# Apply the secret to the cluster | |
kubectl apply -f postgres-secret.yaml && \ | |
# Create a Postgres Cluster configuration file, one master, two replicas | |
cat <<EOF >postgres-cluster.yaml | |
apiVersion: kubegres.reactive-tech.io/v1 | |
kind: Kubegres | |
metadata: | |
name: postgres | |
namespace: $NAMESPACE | |
spec: | |
replicas: 3 | |
image: postgres:$PGVERSION | |
database: | |
size: 4Gi | |
storageClassName: $STORAGE | |
env: | |
- name: POSTGRES_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: postgres-secret | |
key: superUserPassword | |
- name: POSTGRES_REPLICATION_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: postgres-secret | |
key: replicationUserPassword | |
EOF | |
# Apply the configuration file | |
kubectl apply -f postgres-cluster.yaml && \ | |
# Clean up don't forget to save and remove temp-pass-store | |
rm postgres-cluster.yaml postgres-secret.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment