Skip to content

Instantly share code, notes, and snippets.

@Vertiwell
Created November 15, 2021 02:08
Show Gist options
  • Save Vertiwell/60e7c55b07260ea90eef0eaee10024fb to your computer and use it in GitHub Desktop.
Save Vertiwell/60e7c55b07260ea90eef0eaee10024fb to your computer and use it in GitHub Desktop.
postgres.sh
#!/bin/bash
### Deploying Postgres Cluster on Kubernetes for Debian/Ubuntu based OS
## Baseline Guide: https://www.kubegres.io/doc/getting-started.html
# Type of Deployment: Script
#
### Minimum Requirements ###
## Three Worker Node Cluster (Tested on K0s, K3s, K8s)
## A Storage Backend (Tested on Ceph, OpenEBS, Local, Longhorn)
#
## The following base packages are required:
# Password generator
apt-get install pwgen -y && \
#
### Installation ###
## Set Variables:
# Set a StorageClass (kubectl get sc)
STORAGE=rook-ceph-fs
# Set a Kubegres Version
VERSION=v1.13
# Set a Postgres Version: https://hub.docker.com/_/postgres?tab=description
PGVERSION=14
# Set a namespace for Postgres to install to (note: the kubegres operator installs to kubegres-system regardless)
NAMESPACE=default
# Install the Kubegres Operator
kubectl apply -f https://raw.githubusercontent.com/reactive-tech/kubegres/$VERSION/kubegres.yaml && \
# Create a password for the default database (to be saved and this file deleted)
export PGPASS=$(pwgen -csn 24 1) && echo $PGPASS > temp-pass-store && \
### Where Vault agent is available uncomment the following single hashes # to store the Postgres password in Vault
## Set Variables
## Vault Token
#export VAULT_TOKEN=$(cat /tmp/vault-cert-token-via-agent)
## Set a domain to use (needs to be real if you want to access this externally from the internet)
#echo "Provide a domain to use (i.e: example.com):"
#read DOMAIN
## Write JSON files with some parameters to store the password in the vault
#printf '{\n "data": {\n "pgpass": "'"$PGPASS"'"\n }\n}' > pgpass.json && \
## Create the docker password with the JSON file as configuration data, sending the token to Vault
#curl --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data @pgpass.json https://vault.$DOMAIN:8200/v1/secret/data/pgpass && \
## Delete the JSON files containing the credentials
#rm pgpass.json temp-pass-store && \
### Done ###
#
# Create a secret to house the passwords of the default database
cat <<EOF >postgres-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: postgres-secret
namespace: $NAMESPACE
type: Opaque
stringData:
superUserPassword: "$PGPASS"
replicationUserPassword: "$PGPASS"
EOF
# Apply the secret to the cluster
kubectl apply -f postgres-secret.yaml && \
# Create a Postgres Cluster configuration file, one master, two replicas
cat <<EOF >postgres-cluster.yaml
apiVersion: kubegres.reactive-tech.io/v1
kind: Kubegres
metadata:
name: postgres
namespace: $NAMESPACE
spec:
replicas: 3
image: postgres:$PGVERSION
database:
size: 4Gi
storageClassName: $STORAGE
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: superUserPassword
- name: POSTGRES_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: replicationUserPassword
EOF
# Apply the configuration file
kubectl apply -f postgres-cluster.yaml && \
# Clean up don't forget to save and remove temp-pass-store
rm postgres-cluster.yaml postgres-secret.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment