Required application databse
A PostgreSQL compatible databse is needed to store application configuration information. By default, Privacy Dynamics will create an on-cluster database using CloudNativePG. If you wish to separately manage the database, Privacy Dynamics recommends using one of the managed database services, below.
- AWS RDS
- AWS Aurora
- GCP Cloud SQL
The cluster and database instance should live within the same VPC. If that is not possible, VPC peering can be set up.
Create the database instance
Create an AWS RDS instance in the same VPC as the cluster.
Select Cloud Provider
Connect to the database
Start a temporary container in the cluster to use as a PostgreSQL client.
$ kubectl run -i --tty debug --image=postgres:14 --restart=Never -- bash
# Run inside the container
root@debug:/# psql -h instance.region.rds.amazonaws.com -p 5432 -U postgres
Configure user and role
The following commands can be run as the
postgres user from the command line
CREATE USER pvcyuser WITH PASSWORD 'YH*****';
create database pvcydb;
create role pvcyrole;
ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO pvcyrole WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO pvcyrole WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES GRANT EXECUTE ON FUNCTIONS TO pvcyrole WITH GRANT OPTION;
ALTER DEFAULT PRIVILEGES GRANT USAGE ON TYPES TO pvcyrole WITH GRANT OPTION;
GRANT pvcyrole TO pvcyuser;
Cleanup temporary container
You should remove the temporary container that was created in the previous step.
# Exit the container, and clean it up
$ kubectl delete pod debug