This topic describes how to install Tanzu Postgres, which is provided as a single compressed tar archive downloadable from VMware Tanzu Network.
The steps cover:
Note that this procedure also installs the psql
and ODBC driver client components to the Kubernetes cluster.
To run Tanzu Postgres you need:
Docker running and configured on your local computer, to access the Kubernetes cluster and Docker registry.
A running Kubernetes cluster - Google Kubernetes Engine (GKE), VMware Enterprise TKGi) or Minikube - and the kubectl command-line tool, configured and authenticated to communicate with your Kubernetes cluster. If you are using GKE, install the gcloud command-line tool on your local client.
The latest Cert Manager installed on the Kubernetes cluster.
To verify the certification manager installation run:
$ kubectl get all --namespace=cert-manager
Download the Tanzu Postgres distribution from VMware Tanzu Network. The Tanzu Postgres download filename has the format: postgres-for-kubernetes-v<version>.tar.gz
Go to the directory where you downloaded Tanzu Postgres and unpack the downloaded software.
$ cd ~/Downloads
$ tar xzf postgres-for-kubernetes-v<version>.tar.gz
This command unpacks the distribution into a new directory named postgres-for-kubernetes-v<version>
, for example postgres-for-kubernetes-v1.0.0
.
Change to the new postgres-for-kubernetes-v<version>
directory.
cd ./postgres-for-kubernetes-v*
Load the Postgres instance image to the Docker registry.
$ docker load -i ./images/postgres-instance
cc967c529ced: Loading layer [==================================================>] 65.57MB/65.57MB
2c6ac8e5063e: Loading layer [==================================================>] 991.2kB/991.2kB
6c01b5a53aac: Loading layer [==================================================>] 15.87kB/15.87kB
e0b3afb09dc3: Loading layer [==================================================>] 3.072kB/3.072kB
faee4b69eae8: Loading layer [==================================================>] 29.74MB/29.74MB
6bc08b5f8a06: Loading layer [==================================================>] 4.096kB/4.096kB
3bfb028071fa: Loading layer [==================================================>] 331.4MB/331.4MB
6ef1a056590e: Loading layer [==================================================>] 57.86kB/57.86kB
Loaded image: postgres-instance:v1.0.0
Load the Postgres operator image to the Docker registry.
$ docker load -i ./images/postgres-operator
0d1435bd79e4: Loading layer [==================================================>] 3.062MB/3.062MB
b50265a0f809: Loading layer [==================================================>] 40.87MB/40.87MB
Loaded image: postgres-operator:v1.0.0
Verify that the two Docker images are now available.
$ docker images "postgres-*"
REPOSITORY TAG IMAGE ID CREATED SIZE
postgres-operator v1.0.0 09f3bfbf93fb 10 days ago 42.7MB
postgres-instance v1.0.0 f28858b60d1f 10 days ago 413MB
Push the Tanzu Postgres Docker images to the container registry of your choice. Set each image's project and image repo name, tag the images, and then push them using the Docker command docker push
.
This example tags and pushes the images to the Google Cloud Registry, using the default (core) project name for the example Google Cloud account.
$ gcloud auth configure-docker
$ PROJECT=$(gcloud config list core/project --format='value(core.project)')
$ REGISTRY="gcr.io/${PROJECT}"
$ INSTANCE_IMAGE_NAME="${REGISTRY}/postgres-instance:$(cat ./images/postgres-instance-tag)"
$ docker tag $(cat ./images/postgres-instance-id) ${INSTANCE_IMAGE_NAME}
$ docker push ${INSTANCE_IMAGE_NAME}
$ OPERATOR_IMAGE_NAME="${REGISTRY}/postgres-operator:$(cat ./images/postgres-operator-tag)"
$ docker tag $(cat ./images/postgres-operator-id) ${OPERATOR_IMAGE_NAME}
$ docker push ${OPERATOR_IMAGE_NAME}
Create a docker-registry
type secret to allow the Kubernetes cluster to authenticate with the private container registry so it can pull images. These example commands create a secret named regsecret
using Google Cloud Registry (GCR), Amazon Elastic Container Registry (ECR), and Harbor.
IMPORTANT: The commands below create the secret in the default
namespace. Only pods created in the same default
namespace can reference the secret. To create a secret in a different namespace, use the --namespace
flag.
GCR
$ kubectl create secret docker-registry regsecret \
--docker-server=https://gcr.io \
--docker-username=_json_key \
--docker-password="$(cat ~/key.json)"
For information about how to obtain the key.json
service account file, see Kubernetes Service Account
ECR
$ TOKEN=`aws ecr --region=$REGION get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2`
$ kubectl create secret docker-registry regsecret \
--docker-server=https://${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com \
--docker-username=AWS \
--docker-password="${TOKEN}"
Harbor
$ kubectl create secret docker-registry regsecret \
--docker-server=${HARBOR_URL} \
--docker-username=${HARBOR_USER} \
--docker-password="${HARBOR_PASSWORD}"
Next step is to Deploy a Postgres operator that will use this secret to allow the Kubernetes cluster to authenticate with the container registry to pull images.