Installing VMware Tanzu™ SQL with Postgres for Kubernetes

This topic describes how to install Tanzu Postgres, which is provided as a single compressed tar archive downloadable from VMware Tanzu Network.

The steps cover:

  • Prerequisites for the Tanzu Postgres installation
  • Downloading and loading the Tanzu Postgres instance and Tanzu Postgres operator images to a local Docker registry
  • Pushing the docker images to a private container registry
  • Configuring a Kubernetes secret for accessing the private container registry

Note that this procedure also installs the psql and ODBC driver client components to the Kubernetes cluster.

Prerequisites

To run Tanzu Postgres you need:

  • Docker running and configured on your local computer, to access the Kubernetes cluster and Docker registry.

  • A running Kubernetes cluster - Google Kubernetes Engine (GKE), VMware Enterprise TKGi) or Minikube - and the kubectl command-line tool, configured and authenticated to communicate with your Kubernetes cluster. If you are using GKE, install the gcloud command-line tool on your local client.

  • Cert Manager installed on the Kubernetes cluster. Install it by running these commands from your local client:

    $ kubectl create namespace cert-manager
    $ helm repo add jetstack https://charts.jetstack.io
    $ helm repo update
    $ helm install cert-manager jetstack/cert-manager --namespace cert-manager  --version v1.0.2 --set installCRDs=true
    

    To verify the certification manager installation run:

    $ kubectl get all --namespace=cert-manager
    

    You should see output similar to:

    NAME                                           READY   STATUS    RESTARTS   AGE
    pod/cert-manager-57b65b7fc-x8vjt               1/1     Running   5          4d19h
    pod/cert-manager-cainjector-5f988f74c6-tgk25   1/1     Running   15         4d19h
    pod/cert-manager-webhook-7cf554f879-b5ss9      1/1     Running   4          4d19h
    
    NAME                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
    service/cert-manager           ClusterIP   10.106.253.7    <none>        9402/TCP   4d19h
    service/cert-manager-webhook   ClusterIP   10.108.17.113   <none>        443/TCP    4d19h
    
    NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
    deployment.apps/cert-manager              1/1     1            1           4d19h
    deployment.apps/cert-manager-cainjector   1/1     1            1           4d19h
    deployment.apps/cert-manager-webhook      1/1     1            1           4d19h
    
    NAME                                                 DESIRED   CURRENT   READY   AGE
    replicaset.apps/cert-manager-57b65b7fc               1         1         1       4d19h
    replicaset.apps/cert-manager-cainjector-5f988f74c6   1         1         1       4d19h
    replicaset.apps/cert-manager-webhook-7cf554f879      1         1         1       4d19h
    

Load Tanzu Postgres Images to Docker Registry

  1. Download the Tanzu Postgres distribution from VMware Tanzu Network. The Tanzu Postgres download filename has the format: postgres-for-kubernetes-v<version>.tar.gz

  2. Go to the directory where you downloaded Tanzu Postgres and unpack the downloaded software.

    $ cd ~/Downloads
    $ tar xzf postgres-for-kubernetes-v<version>.tar.gz
    

    This command unpacks the distribution into a new directory named postgres-for-kubernetes-v<version>, for example postgres-for-kubernetes-v1.0.0.

  3. Change to the new postgres-for-kubernetes-v<version> directory.

    cd ./postgres-for-kubernetes-v*
    
  4. Load the Postgres instance image to the Docker registry.

    $ docker load -i ./images/postgres-instance
    cc967c529ced: Loading layer [==================================================>]  65.57MB/65.57MB
    2c6ac8e5063e: Loading layer [==================================================>]  991.2kB/991.2kB
    6c01b5a53aac: Loading layer [==================================================>]  15.87kB/15.87kB
    e0b3afb09dc3: Loading layer [==================================================>]  3.072kB/3.072kB
    faee4b69eae8: Loading layer [==================================================>]  29.74MB/29.74MB
    6bc08b5f8a06: Loading layer [==================================================>]  4.096kB/4.096kB
    3bfb028071fa: Loading layer [==================================================>]  331.4MB/331.4MB
    6ef1a056590e: Loading layer [==================================================>]  57.86kB/57.86kB
    Loaded image: postgres-instance:v1.0.0
    
  5. Load the Postgres operator image to the Docker registry.

    $ docker load -i ./images/postgres-operator
    0d1435bd79e4: Loading layer [==================================================>]  3.062MB/3.062MB
    b50265a0f809: Loading layer [==================================================>]  40.87MB/40.87MB
    Loaded image: postgres-operator:v1.0.0
    
  6. Verify that the two Docker images are now available.

    $ docker images "postgres-*"
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    postgres-operator   v1.0.0              09f3bfbf93fb        10 days ago         42.7MB
    postgres-instance   v1.0.0              f28858b60d1f        10 days ago         413MB
    

Push Docker Images to a Private Container Registry

Push the Tanzu Postgres Docker images to the container registry of your choice. Set each image’s project and image repo name, tag the images, and then push them using the Docker command docker push.

This example tags and pushes the images to the Google Cloud Registry, using the default (core) project name for the example Google Cloud account.

$ gcloud auth configure-docker

$ PROJECT=$(gcloud config list core/project --format='value(core.project)')
$ REGISTRY="gcr.io/${PROJECT}"

$ INSTANCE_IMAGE_NAME="${REGISTRY}/postgres-instance:$(cat ./images/postgres-instance-tag)"
$ docker tag $(cat ./images/postgres-instance-id) ${INSTANCE_IMAGE_NAME}
$ docker push ${INSTANCE_IMAGE_NAME}

$ OPERATOR_IMAGE_NAME="${REGISTRY}/postgres-operator:$(cat ./images/postgres-operator-tag)"
$ docker tag $(cat ./images/postgres-operator-id) ${OPERATOR_IMAGE_NAME}
$ docker push ${OPERATOR_IMAGE_NAME}

Create a Kubernetes Access Secret

Create a docker-registry type secret to allow the Kubernetes cluster to authenticate with the private container registry so it can pull images. These example commands create a secret named regsecret using Google Cloud Registry (GCR), Amazon Elastic Container Registry (ECR), and Harbor.

IMPORTANT: The commands below create the secret in the default namespace. Only pods created in the same default namespace can reference the secret. To create a secret in a different namespace, use the --namespace flag.

GCR

$ kubectl create secret  docker-registry  regsecret \
        --docker-server=https://gcr.io \
        --docker-username=_json_key \
        --docker-password="$(cat ~/key.json)"

For information about how to obtain the key.json service account file, see Kubernetes Service Account

ECR

$ TOKEN=`aws ecr --region=$REGION get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2`
$ kubectl create secret docker-registry regsecret \
    --docker-server=https://${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com \
    --docker-username=AWS \
    --docker-password="${TOKEN}"

Harbor

$ kubectl create secret docker-registry regsecret \
    --docker-server=${HARBOR_URL} \
    --docker-username=${HARBOR_USER} \
    --docker-password="${HARBOR_PASSWORD}"

Next step is to Deploy a Postgres operator that will use this secret to allow the Kubernetes cluster to authenticate with the container registry to pull images.