Creating Azure PostgreSQL instances by using a Carvel package (experimental)

This topic describes creating, updating, and deleting Azure PostgreSQL service instances using a Carvel package. For a more detailed and low-level alternative procedure, see Creating Service Instances that are compatible with Tanzu Application Platform.


Meet the prerequisites:

The Package Repository and service instance Package Bundles for this guide can be found in the Reference Service Packages GitHub repository.

Create an Azure PostgreSQL service instance using a Carvel package

Follow the steps in the following procedures.

Add a reference package repository to the cluster

The namespace tanzu-package-repo-global has a special significance. The kapp-controller defines a Global Packaging namespace. In this namespace, any package the is made available through a Package Respository, is available in every namespace.

When the kapp-controller is installed via Tanzu Application Platform, the namespace is tanzu-package-repo-global. If you install the controller in another way, verify which namespace is considered the Global Packaging namespace.

To add a reference package repository to the cluster:

  1. Use the Tanzu CLI to add the new Service Reference packages repository:

    tanzu package repository add tap-reference-service-packages \
        --url \
        -n tanzu-package-repo-global
  2. Create a ServiceAccount to provision PackageInstall resources by using the following example. The namespace of this ServiceAccount must match the namespace of the tanzu package install command in the next step.

    kubectl apply -f - <<'EOF'
    apiVersion: v1
    kind: ServiceAccount
      name: psql-install
    kind: Role
      name: psql-install
    - apiGroups: [""]
      resources: ["flexibleservers","flexibleserversdatabases","flexibleserversfirewallrules"]
      verbs:     ["*"]
    - apiGroups: [""]
      resources: ["resourcegroups"]
      verbs:     ["*"]  
    - apiGroups: ["", ""]
      resources: ["secrettemplates","passwords"]
      verbs:     ["*"]
    - apiGroups: [""]
      resources: ["serviceaccounts","configmaps"]
      verbs:     ["*"]
    - apiGroups: [""]
      resources: ["namespaces"]
      verbs:     ["get", "list"]  
    - apiGroups: [""]
      resources: ["roles","rolebindings"]
      verbs:     ["*"]
    kind: RoleBinding
      name: psql-install
    - kind: ServiceAccount
      name: psql-install
      kind: Role
      name: psql-install

Create a Azure PostgreSQL service instance through the Tanzu CLI

Before you create the values file, here are some values highlighted.

  • aso_controller_namespace: the Azure Service Operator has some potential conflicting behaviors with the kapp-controller. We reduce the conflicts by annotating the resources with the ASO installation namespace.
  • firewall_rules: by default, the FlexibleServer is not accessible. Setting as the start and end IP addresses for a firewall rule makes the server available from within Azure.
  • resource_group.use_existing: if you cannot create a Resource Group in Azure or have other reasons for using an existing one, set this to true. Else, the package makes a Resource Group with the name specified by the value.

The field will be used for the FlexibleServer resource name on Azure, otherwise name will be used. It is recommended to set the value of the name (and the optional field below from aso-psql to something unique, using only lowercase letters, digits and hyphens. This avoids naming conflicts, as Azure has a global naming namespace for FlexibleServer instances and this resource may already exist. Do make sure you also change the commands below using a aso-psql value, such as the aso-psql-bindable from the SecretTemplate,and replace aso-psql with the actual name.

  1. Create a file holding the configuration of the Azure PostgreSQL service instance:

    cat <<'EOF' > aso-psql-instance-values.yml
    name: aso-psql
    namespace: service-instances
    location: westeurope
    aso_controller_namespace: azureserviceoperator-system
    create_namespace: false
        administrator_name: trpadmin
        name: testdb
        - startIpAddress:
        use_existing: false
        name: aso-psql

    : To understand which settings are available for this package you can run:

    tanzu package available get \
      --values-schema \

    This shows a list of all configuration options you can use in the aso-psql-instance-values.yml file.

  2. Use the Tanzu CLI to install an instance of the reference service instance Package.

    tanzu package install aso-psql-instance \
       --package-name \
       --version 0.0.1-alpha \
       --service-account-name psql-install \
       --values-file aso-psql-instance-values.yml \

You can install the package multiple times to produce various Azure PostgreSQL Service instances. You create a separate <INSTANCE-NAME>-values.yml for each instance, set a different name value, and then install the package with the instance-specific data values file.

Verify the Azure Resources

  1. Verify the creation status for the Azure PostgreSQL instance by inspecting the conditions in the Kubernetes API. To do so, run:

    kubectl get aso-psql -o yaml
  2. After some time has passed, sometimes up to 10 minutes, you can find the binding-compliant secret produced by PackageInstall. To do so, run:

    kubectl get secrettemplate aso-psql-bindable -o jsonpath="{}"

Verify the Service Instance

Firstly wait until the PostgreSQL instance is ready. This may take 5 to 10 minutes.

kubectl wait aso-psql -n default --for=condition=Ready --timeout=5m

Next, ensure a bindable Secret was produced by the SecretTemplate. To do so, run:

kubectl wait SecretTemplate -n default aso-psql-bindable --for=condition=ReconcileSucceeded --timeout=5m

kubectl get Secret -n default aso-psql-bindable


You have learnt to use Carvel’s Package and PackageInstall APIs to create a Azure PostgreSQL service instance. If you want to learn more about the pieces that comprise this service instance package, see Creating Azure PostgreSQL Instances manually using kubectl.

Now that you have this available in the cluster, you can learn how to make use of it by continuing where you left off in Consuming Azure PostgreSQL on Tanzu Application Platform (TAP) with ASO.

check-circle-line exclamation-circle-line close-line
Scroll to top icon