The PostgreSQL operator suite consists of the following operators.
- PostgreSQL server - Deploys an
Azure Database for PostgreSQL server
given the Location and Resource group - PostgreSQL database - Deploys a database under the given
Azure Database for PostgreSQL server
- PostgreSQL firewall rule - Deploys a firewall rule to allow access to the
Azure Database for PostgreSQL server
from the specified IP range
Here is a sample YAML for the PostgreSQL server.
The value for kind, PostgreSQLServer
is the Custom Resource Definition (CRD) name.
postgresqlserver-sample
is the name of the PostgreSQL server resource that will be created.
The values under spec
provide the values for the location where you want to create the PostgreSQL server at and the Resource group in which you want to create it under. It also contains other values that are required to create the server like the serverVersion
, sslEnforcement
and the sku
information.
If sslEnforcement
is enabled, applications can connect to the PostgreSQL server using SSL. If you would like to connect using the full SSL verification enabled (sslmode=verify-full) that validates the server certificate, you would need the root certificate installed on your client. This link documents the root certificate to use.
Note The root certificate documented in the above link (https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem
) only applies to instances on Azure Public Cloud. If you are deploying Azure Database for PostgreSQL instances on Azure China Cloud, you should use this one - https://dl.cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
Along with creating the PostgreSQL server, this operator also generates the admin username and password for the PostgreSQL server and stores it in a kube secret or keyvault (based on what is specified) with the same name as the PostgreSQL server.
This secret contains the following fields.
fullyqualifiedservername
: Fully qualified name of the PostgreSQL server such as postgresqlservername.postgres.database.azure.compostgresqlservername
: PostgreSQL server nameusername
: Server adminpassword
: Password for the server adminfullyqualifiedusername
: Fully qualified user name that is required by some apps such as @
For more information on where and how secrets are stored, look here
The PostgreSQL server operator can also be used to create Read Replicas given the sourceserverid
.
The replica inherits the admin account from the master server. All user accounts on the master server are replicated to the read replicas.
For more information on read replicas, refer here
Here is a sample YAML for PostgreSQL database
Update the resourcegroup
to where you want to provision the PostgreSQL database. server
is the name of the PostgreSQL server where you want to create the database in.
The PostgreSQL firewall rule operator allows you to add a firewall rule to the PostgreSQL server.
Here is a sample YAML for PostgreSQL firewall rule
The server
indicates the PostgreSQL server on which you want to configure the new PostgreSQL firewall rule on and resourceGroup
is the resource group of the PostgreSQL server. The startIpAddress
and endIpAddress
indicate the IP range of sources to allow access to the SQL server.
Note: When the startIpAddress
and endIpAddress
are 0.0.0.0, it denotes a special case that adds a firewall rule to allow all Azure services to access the SQL server.
You can follow the steps here to deploy, view and delete resources.