edb-postgres-for-kubernetes-charts

EDB Kubernetes Operator Helm Charts

Helm charts to install the following Operators:

Available Charts

Chart Operator Operand Description
edb-postgres-for-kubernetes PG4K EDB Postgres Single-cluster PostgreSQL
edb-postgres-distributed-for-kubernetes PG4K-PGD 1.x PGD 5 + PGD Proxy Multi-region distributed PostgreSQL
edb-cloudnativepg-global-cluster PG4K-PGD 2.x PGD 6 Multi-region distributed PostgreSQL

Usage

Before deploying the charts, add the following repository by running:

helm repo add edb https://enterprisedb.github.io/edb-postgres-for-kubernetes-charts/

You can then run helm search repo edb to see the all the available charts.

Deployment of the EDB Postgres for Kubernetes operator (PG4K)

Both the operator and the operand images required by PG4K are pulled from the docker.enterprisedb.com/k8s repository, access to these images requires an active EDB subscription. See: obtaining an EDB subscription token

For example, to deploy the operator:

helm upgrade --install edb-pg4k \
  --namespace postgresql-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  edb/edb-postgres-for-kubernetes

This will create a deployment in the postgresql-operator-system namespace. You can check it’s ready:

$ kubectl get deployments -n postgresql-operator-system
NAME                                   READY   UP-TO-DATE   AVAILABLE   AGE
edb-pg4k-edb-postgres-for-kubernetes   1/1     1            1           11s

Once it is ready, you can verify that you can deploy the sample cluster suggested by the helm chart.

Single namespace installation

It is possible to limit the operator’s capabilities to solely the namespace in which it has been installed. With this restriction, the cluster-level permissions required by the operator will be substantially reduced, and the security profile of the installation will be enhanced.

You can install the operator in single-namespace mode by setting the config.clusterWide flag to false, as in the following example:

helm upgrade --install edb-pg4k \
  --namespace postgresql-operator-system \
  --create-namespace \
  --set config.clusterWide=false \
  --set image.imageCredentials.password=<THE-TOKEN> \
  edb/edb-postgres-for-kubernetes

IMPORTANT: the single-namespace installation mode can’t coexist with the cluster-wide operator. Otherwise there would be collisions when managing the resources in the namespace watched by the single-namespace operator. It is up to the user to ensure there is no collision between operators.

Deployment of the EDB CloudNativePG Global Cluster operator (PG4K-PGD 2.x)

The edb-cloudnativepg-global-cluster chart deploys the PG4K-PGD 2.x operator for managing EDB Postgres Distributed v6 workloads.

Similar to the PG4K helm chart installation, both the operator and the operand images are pulled from the docker.enterprisedb.com/k8s repository, access to these images requires an active EDB subscription. See: obtaining an EDB subscription token

The chart installs both the PG4K-PGD and PG4K operators in the same namespace. The PG4K operator installed is a stable version that is part of the latest long-term support release of PG4K.

The chart also installs the cert-manager operator as a dependency. You can avoid this if necessary. See the sub-section on deploying individually.

For example, to deploy the operator:

helm upgrade --dependency-update \
  --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  edb/edb-cloudnativepg-global-cluster

Once the above runs, a new namespace pgd-operator-system will be created, with several deployments, including the two operators.

$ kubectl get deployments -n pgd-operator-system
NAME                                               READY   UP-TO-DATE   AVAILABLE   AGE
edb-pg4k-pgd-cert-manager                          1/1     1            1           7m46s
edb-pg4k-pgd-cert-manager-cainjector               1/1     1            1           7m46s
edb-pg4k-pgd-cert-manager-webhook                  1/1     1            1           7m46s
edb-pg4k-pgd-cloudnativepg-global-cluster          1/1     1            1           7m46s
edb-pg4k-pgd-postgres-for-kubernetes-lts           1/1     1            1           7m46s

When the deployments are ready, you can verify that the steps suggested by the helm chart are working:

Customizing the PGD image

By default, the Helm chart-installed operator adds a default PGD image name to the configuration file. PGD groups created without spec.imageName will use that default. You can customize the default by setting it in the Helm values.

This example changes the default PGD image:

helm upgrade --dependency-update \
  --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  --set global.pgdImageName=postgresql-pgd:18.1-pgd620-expanded-ubi9 \
  edb/edb-cloudnativepg-global-cluster

Note: You can find the latest released image catalogs for operand from PGD Operand images

Migrate from PG4K-PGD 1.x to PG4K-PGD 2.x

The helm chart edb-postgres-distributed-for-kubernetes and edb-cloudnativepg-global-cluster is not backword compatible, and they can’t be installed together in the same cluster. If you have an existing edb-postgres-distributed-for-kubernetes chart managing the PGD v5.x workloads, and want to migrate to PGD v6.x workloads, you need uninstall the edb-postgres-distributed-for-kubernetes chart and then install the edb-cloudnativepg-global-cluster chart first.

Before migration, you need to make sure the edb-postgres-distributed-for-kubernetes chart is v1.2.0 or above, and PGD operand image is 5.9.1 or above.

Note: You can find more information of the migration in the migration guide.

Deployment of the EDB Postgres Distributed for Kubernetes operator (PG4K-PGD 1.x)

The PG4K-PGD operator helm chart 1.x and 2.x are designed to manage different versions of PGD, and they can’t be installed together in the same cluster. The main difference between the two charts are:

So the installation of the PG4K-PGD 1.x is similar to the PG4K-PGD 2.x, but with a different chart name and image names.

For example, to deploy the PG4K-PGD 1.x operator chart:

helm upgrade --dependency-update \
  --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  edb/edb-postgres-distributed-for-kubernetes

Once the above runs, a new namespace pgd-operator-system will be created, with several deployments, including the two operators.

$ kubectl get deployments -n pgd-operator-system
NAME                                                   READY   UP-TO-DATE   AVAILABLE   AGE
edb-pg4k-pgd-cert-manager                              1/1     1            1           7m46s
edb-pg4k-pgd-cert-manager-cainjector                   1/1     1            1           7m46s
edb-pg4k-pgd-cert-manager-webhook                      1/1     1            1           7m46s
edb-pg4k-pgd-edb-postgres-distributed-for-kubernetes   1/1     1            1           7m46s
edb-pg4k-pgd-edb-postgres-for-kubernetes-lts           1/1     1            1           7m46s

We can also customize default PGD and PGD proxy image names by setting the following values in the Helm chart. PGD groups created without spec.imageName and spec.pgdProxy.imageName will use those defaults.

This example changes the default PGD and PGD proxy image:

helm upgrade --dependency-update \
  --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  --set global.pgdImageName=edb-postgres-advanced-pgd:17.6-pgd590-ubi9 \
  --set global.proxyImageName=edb-pgd-proxy:5.9.0-ubi9  \
  edb/edb-postgres-distributed-for-kubernetes

Deploying the operators and cert-manager individually

The PG4K-PGD charts are set by default to also install the cert-manager operator, which they depend on. When following this route, all operators will be installed in the same namespace. This is in contrast with other installation paths, where we may want the two operators reside in dedicated namespaces.

Installing all dependencies in the same namespace is a design limitation of Helm, but we can get around it by installing dependencies with separate invocations of helm.

If you would like to install the cert-manager in a separate namespace, please follow the steps below.

1. Setup cert-manager

EDB Postgres Distributed for Kubernetes requires Cert Manager 1.10 or higher.

Note: In case a supported version of the cert-manager operator is already deployed in your K8S setup, you can skip this section and go directly to the operator setup.

To deploy cert-manager in its own namespace

$ helm repo add jetstack https://charts.jetstack.io &&
  helm upgrade --install cert-manager jetstack/cert-manager \
  --create-namespace \
  --namespace cert-manager \
  --version "v1.16.1" \
  --set installCRDs=true \
  --wait

In case you choose this option, remember to also specify --set cert-manager.enabled=false during the installation of the PG4K-PGD helm chart in the next section.

2. Setup the PG4K-PGD operator

Once the above deployments are ready, you can deploy the PG4K-PGD helm chart taking care to set cert-manager.enabled to false if cert-manager is installed separately.

For example, deploy chart edb-cloudnativepg-global-cluster for PG4K-PGD 2.x operator:

helm upgrade --dependency-update \
  --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  --set cert-manager.enabled=false \
  edb/edb-cloudnativepg-global-cluster

or deploy chart edb-postgres-distributed-for-kubernetes for PG4K-PGD 1.x operator:

helm upgrade --dependency-update \
  --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  --set cert-manager.enabled=false \
  edb/edb-postgres-distributed-for-kubernetes

You should now have a separate namespace for each operator:

$ kubectl get ns
NAME                         STATUS   AGE
…
cert-manager                 Active   24m
pgd-operator-system          Active   55s

Migrating existing deployments to the unified k8s repository

If you have existing Helm deployments using the previous separate repositories (k8s_enterprise, k8s_standard, k8s_enterprise_pgd, k8s_standard_pgd), you need to migrate them to the new unified docker.enterprisedb.com/k8s repository.

For EDB Postgres for Kubernetes (PG4K) releases:

helm upgrade --reuse-values \
  --set image.repository=docker.enterprisedb.com/k8s/edb-postgres-for-cloudnativepg \
  --set image.imageCredentials.username=k8s \
  edb-pg4k \
  edb/edb-postgres-for-kubernetes

For EDB Postgres Distributed for Kubernetes (PG4K-PGD 1.x) releases:

helm upgrade --reuse-values \
  --set global.repository=docker.enterprisedb.com/k8s \
  --set image.imageCredentials.username=k8s \
  edb-pg4k-pgd \
  edb/edb-postgres-distributed-for-kubernetes

For more details, see the official migration guide.

Deployment using local chart

Deployment PG4K using local chart

To deploy an operator from source, first clone the current repository locally and then run the following command: (Example for EDB-PG4K)

helm upgrade --install edb-pg4k \
  --namespace postgresql-operator-system \
  --create-namespace \
  charts/edb-postgres-for-kubernetes

Deployment PG4K-PGD using local chart

Navigate to the charts directory of local chart or source code,

for PG4K-PGD v2.x

helm upgrade --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  charts/edb-cloudnativepg-global-cluster

or for PG4K-PGD v1.x

helm upgrade --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  charts/edb-postgres-distributed-for-kubernetes

To deploy the PG4K LTS subchart separately in a different namespace.

helm upgrade --install edb-pg4k-lts \
  --namespace postgresql-operator-system \
  --create-namespace \
  --set image.imageCredentials.create=true \
  --set image.imageCredentials.password=<THE-TOKEN> \
  charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts

and then deploy the PG4K-PGD chart with edb-postgres-for-kubernetes-lts.enabled=false set.

helm upgrade --install edb-pg4k-pgd \
  --namespace pgd-operator-system \
  --create-namespace \
  --set image.imageCredentials.password=<THE-TOKEN> \
  --set edb-postgres-for-kubernetes-lts.enabled=false \
  charts/edb-postgres-distributed-for-kubernetes

If you update the version of the dependency charts and want to install from source, remember to run helm dependency update and helm dependency build in the chart directory before installing from the source.

edb-postgres-for-kubernetes-charts is distributed under Apache License 2.0.

IMPORTANT: Both the operators and the operand images are distributed under different license terms, in particular the EDB Postgres for Kubernetes operator and the EDB Postgres Distributed for Kubernetes operator are distributed under the EnterpriseDB End User License Agreement.

Copyright (C) 2021 EnterpriseDB Corporation.

This site is open source. Improve this page.