%22%3E%3Cpath%20d=%22M352.016%20109.322h-18.62v33.317H308.887V31.542h45.54c26.587.0%2042.669%2015.7006%2042.669%2038.4065V70.2514c0%2025.715-20.051%2039.0416-45.051%2039.0416L352.016%20109.322v0zm20.207-38.885C372.223%2059.4847%20364.589%2053.6128%20352.32%2053.6128H333.367V87.5641H352.78c12.27.0%2019.414-7.3081%2019.414-16.8242V70.437H372.223z%22%20fill=%22%23fff%22/%3E%3Cpath%20d=%22M410.776%20142.648V31.542H494.84V53.3001H435.139V75.8497h52.527V97.6078H435.139V120.949h60.494v21.758H410.776V142.648v0z%22%20fill=%22%23fff%22/%3E%3Cpath%20d=%22M582.46%20142.648%20558.588%20107.104H539.331v35.544H514.822V31.542h50.939c26.284.0%2042.032%2013.815%2042.032%2036.6674V68.5123c0%2017.9282-9.702%2029.2128-23.872%2034.4497L611.145%20142.639H582.451L582.46%20142.648zM582.95%2069.4893C582.95%2059.0255%20575.62%2053.603%20563.694%2053.603H539.341V85.5026h24.843C576.12%2085.5026%20582.95%2079.1422%20582.95%2069.8019V69.4991%2069.4893z%22%20fill=%22%23fff%22/%3E%3Cpath%20d=%22M678.058%20145.618c-33.221.0-57.907-25.568-57.907-57.9171V87.3882C620.151%2055.3812%20644.337%2029.1678%20679.048%2029.1678c21.285.0%2034.055%207.0639%2044.54%2017.3616L707.781%2064.6922C699.059%2056.7979%20690.21%2051.9909%20678.891%2051.9909c-19.021.0-32.761%2015.7593-32.761%2035.0652V87.3687c0%2019.3063%2013.397%2035.3683%2032.761%2035.3683C691.788%20122.737%20699.706%20117.588%20708.585%20109.537l15.807%2015.916C712.76%20137.851%20699.863%20145.56%20678.088%20145.56L678.058%20145.618z%22%20fill=%22%23fff%22/%3E%3Cpath%20d=%22M789.963%20145.618c-34.858.0-59.858-25.9-59.858-57.9171V87.3882c0-32.007%2025.333-58.2204%2060.162-58.2204%2034.829.0%2059.858%2025.9007%2059.858%2057.9176V87.398c0%2032.007-25.333%2058.22-60.162%2058.22zm34.212-58.22C824.175%2068.0922%20809.975%2052.03%20789.963%2052.03%20769.952%2052.03%20756.095%2067.7893%20756.095%2087.0951V87.4078C756.095%20106.714%20770.295%20122.776%20790.306%20122.776%20810.318%20122.776%20824.175%20107.017%20824.175%2087.7107V87.398v0z%22%20fill=%22%23fff%22/%3E%3Cpath%20d=%22M985.089%20142.736%201039.93%2029.1678%201094.77%20142.746h-27.5L1039.93%2086.2256l-27.24%2056.5204H985.089V142.736z%22%20fill=%22%23fff%22/%3E%3Cpath%20d=%22M974.936%2031.5811V145.628L891.304%2078.0968V142.551H865.285V29.1678L948.917%2096.4354V31.5811h26.019z%22%20fill=%22%23fff%22/%3E%3C/g%3E%3Cpath%20d=%22M219.315%20146.829c28.718-18.788%2038.114-57.1102%2020.735-87.2301-8.708-15.108-22.784-25.9277-39.624-30.4456-15.602-4.1923-31.898-2.478-46.241%204.7743L134.603.0%2093.9541%2070.4613.0%20233.311H269.206l-49.891-86.482zM195.821%2046.4134c12.241%203.263%2022.427%2011.1294%2028.771%2022.0826%2012.47%2021.5912%205.993%2048.977-14.23%2062.808L163.128%2049.4361c10.176-4.8971%2021.653-5.9652%2032.693-3.0227zM134.603%2035.7593%20238.247%20215.426H177.605L104.268%2088.3409l30.329-52.5762L134.603%2035.7593zM30.9588%20215.426l62.99-109.168L156.939%20215.426H30.9588z%22%20fill=%22url(%23paint0_linear_1391_11470)%22/%3E%3Cpath%20d=%22M306.655%20202.335C306.655%20196.555%20307.958%20191.37%20310.565%20186.78%20313.172%20182.133%20316.713%20178.507%20321.19%20175.9%20325.723%20173.293%20330.738%20171.99%20336.235%20171.99%20342.695%20171.99%20348.333%20173.548%20353.15%20176.665%20357.967%20179.782%20361.48%20184.202%20363.69%20189.925H354.425C352.782%20186.355%20350.402%20183.607%20347.285%20181.68%20344.225%20179.753%20340.542%20178.79%20336.235%20178.79%20332.098%20178.79%20328.387%20179.753%20325.1%20181.68%20321.813%20183.607%20319.235%20186.355%20317.365%20189.925%20315.495%20193.438%20314.56%20197.575%20314.56%20202.335%20314.56%20207.038%20315.495%20211.175%20317.365%20214.745%20319.235%20218.258%20321.813%20220.978%20325.1%20222.905%20328.387%20224.832%20332.098%20225.795%20336.235%20225.795%20340.542%20225.795%20344.225%20224.86%20347.285%20222.99%20350.402%20221.063%20352.782%20218.315%20354.425%20214.745H363.69C361.48%20220.412%20357.967%20224.803%20353.15%20227.92%20348.333%20230.98%20342.695%20232.51%20336.235%20232.51%20330.738%20232.51%20325.723%20231.235%20321.19%20228.685%20316.713%20226.078%20313.172%20222.48%20310.565%20217.89%20307.958%20213.3%20306.655%20208.115%20306.655%20202.335zm130.259%2030.26C431.418%20232.595%20426.403%20231.32%20421.869%20228.77%20417.336%20226.163%20413.738%20222.565%20411.074%20217.975%20408.468%20213.328%20407.164%20208.115%20407.164%20202.335S408.468%20191.37%20411.074%20186.78C413.738%20182.133%20417.336%20178.535%20421.869%20175.985%20426.403%20173.378%20431.418%20172.075%20436.914%20172.075%20442.468%20172.075%20447.511%20173.378%20452.044%20175.985%20456.578%20178.535%20460.148%20182.105%20462.754%20186.695%20465.361%20191.285%20466.664%20196.498%20466.664%20202.335%20466.664%20208.172%20465.361%20213.385%20462.754%20217.975%20460.148%20222.565%20456.578%20226.163%20452.044%20228.77%20447.511%20231.32%20442.468%20232.595%20436.914%20232.595zm0-6.715C441.051%20225.88%20444.763%20224.917%20448.049%20222.99%20451.393%20221.063%20453.999%20218.315%20455.869%20214.745%20457.796%20211.175%20458.759%20207.038%20458.759%20202.335%20458.759%20197.575%20457.796%20193.438%20455.869%20189.925%20453.999%20186.355%20451.421%20183.607%20448.134%20181.68%20444.848%20179.753%20441.108%20178.79%20436.914%20178.79%20432.721%20178.79%20428.981%20179.753%20425.694%20181.68%20422.408%20183.607%20419.801%20186.355%20417.874%20189.925%20416.004%20193.438%20415.069%20197.575%20415.069%20202.335%20415.069%20207.038%20416.004%20211.175%20417.874%20214.745%20419.801%20218.315%20422.408%20221.063%20425.694%20222.99%20429.038%20224.917%20432.778%20225.88%20436.914%20225.88zm134.906-52.7V232H564.085V188.14L544.535%20232H539.095L519.46%20188.055V232H511.725V173.18H520.055L541.815%20221.8l21.76-48.62H571.82zm108.063.0V232H672.148V188.14L652.598%20232H647.158l-19.635-43.945V232H619.788V173.18H628.118l21.76%2048.62%2021.76-48.62H679.883zM735.416%20172.755V210.24C735.416%20215.51%20736.691%20219.42%20739.241%20221.97%20741.848%20224.52%20745.446%20225.795%20750.036%20225.795%20754.57%20225.795%20758.111%20224.52%20760.661%20221.97%20763.268%20219.42%20764.571%20215.51%20764.571%20210.24V172.755H772.306v37.4C772.306%20215.085%20771.315%20219.25%20769.331%20222.65%20767.348%20225.993%20764.656%20228.487%20761.256%20230.13%20757.913%20231.773%20754.145%20232.595%20749.951%20232.595%20745.758%20232.595%20741.961%20231.773%20738.561%20230.13%20735.218%20228.487%20732.555%20225.993%20730.571%20222.65%20728.645%20219.25%20727.681%20215.085%20727.681%20210.155v-37.4H735.416zM866.64%20232H858.905l-31.11-47.175V232H820.06V172.67H827.795l31.11%2047.09V172.67H866.64V232zm55.77-59.245V232H914.675V172.755H922.41zm84.5.0V179.045H990.758V232H983.023V179.045H966.788V172.755h40.122zm85.85.0-19.3%2036.89V232H1065.73V209.645L1046.35%20172.755H1054.93L1069.55%20202.76%201084.17%20172.755H1092.76z%22%20fill=%22%23fff%22/%3E%3Cdefs%3E%3ClinearGradient%20id=%22paint0_linear_1391_11470%22%20x1=%2230.363%22%20y1=%22238.463%22%20x2=%22230.327%22%20y2=%2238.6685%22%20gradientUnits=%22userSpaceOnUse%22%3E%3Cstop%20stop-color=%22%23fc3519%22/%3E%3Cstop%20offset=%221%22%20stop-color=%22%23f0d136%22/%3E%3C/linearGradient%3E%3CclipPath%20id=%22clip0_1391_11470%22%3E%3Crect%20width=%22962.614%22%20height=%22116.656%22%20fill=%22%23fff%22%20transform=%22translate(132.155%2028.9724)%22/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E)
Percona Community Live Stream will share a demo and some best practices on running Postgres on Kubernetes Operations. This is a part of a bi-weekly regular meetup to share experience and improve database opensource skills with Dave and Charly. Come up and ask questions.
Video
Transcript
Dave Stokes:
Good morning, good afternoon. Good evening. Good wherever you are. I’m Dave Stokes. And with me today is Charly Batista. Forgive meΠ± I’m babysitting the neighbor’s dogs, my dogs tend to be a little bit bigger. And by the way, if they give you any advice on databases don’t believe them. They’re good ones SQL Server, but nothing about Postgres or MySQL or today, Charly is gonna explain to us how Percona runs on Kubernetes.
Charly Batista:
I see you have been busy these days, right? So we may get some advice for them. I can’t hear you.
Dave Stokes:
We’re not gonna have a simple query. So you’re actually more? We’re spreadsheet-type dogs.
Charly Batista:
Yeah, they look ΡΠ³Π΅Ρ. They look, they like attention. Right? So. Okay, yeah. Today, we’re gonna talk about Kubernetes? And how we run database and Kubernetes. Right. So last time. the talk was a bit more technical actually trying to understand how those things work underneath. The talk today is not supposed to be so technical. Because I’m not an expert at Kubernetes. Let’s put it this way. So I by no means expert at Kubernetes. We have other people inside of Percona then a lot more than I do. Right. But today, we’re going to try to understand a little bit how we run database on Kubernetes. Now that we have an overview on how things work, underneath of the container, what exactly is AI conveyed? Right? So it’s just an abstraction on the operational system of VLANs. And uses technology that’s already embedded in the kernel, right? It’s not like we have another OS running on top of the pyramid to have is just some abstraction in some ways. It’s not ritualization, as we saw last night, and this is important to keep in mind that all those containerization things, they are not ritualization. Right? So we’re just putting more abstractions to get a better isolation and control over our resources. And that’s one of the reason why running things on containers usually a lot faster than using running them on great machines. Okay, but that said, how do we run things on Kubernetes? Well, one of the first problems we need to solve is that initially, Kubernetes was not designed for applications like database that needs to keep a state, or we call it stateful applications, right? So in its beginning, Kubernetes was designed for applications that could be destroyed, and rebuilt, without keeping any context between what was before the new run of the application. Or, for example, if we have a web app, most of the web app, a lot of the information that’s on the class on the user, or for the web app, they’re kept for either on the client side, on the user side, or on the database side, not the application itself. So for a lot of applications, you can just destroy the application server and spin up a new application server. And if that is the client was connected to the old one, just send a new request. So it will send some information to capture the company contacts, for example, cookies, and all this kind of stuff that we are using on the web. The new server can get that one and ask for the database for to get some context or some idea of what was running before, right. So and those applications, don’t need to keep any contacts. They don’t need to persist information between the transactions. And this is one big difference for the database, actually, the database the main thing of the database is to keep the information right so we want our database to persist information to keep that information and we don’t want to lose everything when we restart the database as well. Crashes happen. Sometimes we need to restart the database, right? The main premise for our database is when we restart the database, or if something happens to the database, some crash happens when we start the database. Again, we still have the data. So we still need to persist all those information. And not only the data, but the database also needs to be reliable. For example, let’s say we have a crash, it’s not the maintenance, something happened, that database has a crash, and everything that was running on that database, memory here is not properly saved to the disk. When the database is stopped, it needs to be able to food to restart fully. So, roll back any transactions that were not finished and apply any finished transaction. Because for transactional databases, it has a premise, almost you commit the transaction, the transaction needs to be persisted, doesn’t matter what happens, it needs to be persistent. So this is a huge thing for the database. This is a huge promise that the database gives to us. So honestly, we finish a transaction. It’s its done. It’s there. It’s saved its own disk. And how do we actually how do we try to combine those things and make them live together in a environment like Kubernetes, which was originally designed to cannot work this way, did not care about that information, not care about if we need to restart or not an application, one of the main premises was, okay, if I need to spin up a new way just to spin up, if I need to crash something if I just come back? Right? So those are things, those were problems, that the engineers that were working people are working with Cuban ice and wanted to put a database that they start asking, Okay, how can we solve the problem? And they came up with what they call operators. So in a very simplistic way, what are operators is a whole, let’s put this way whole infrastructure or that cordage names with the Cuban ATS to work with Stateful applications, right? So there is this whole massive orchestration that it does, under the hood, to make an environment that was initially thought and designed to be stateless. And now accommodate some Stateful applications, life medical bills, right? So then the apparatus is the guy responsible for his spin up a new database, to do backups. And to keep the database the data safe on its it needs to be persisted. So this is the new guy that came before for Kubernetes to help us to organize and coordinate the holes. So we can call it the coordinator, right, the D coordinator, the keeper that works on the Cuba nets. So, we can now start working with those Stateful applications. And this is one thing that we have, right, so most of the companies, if not all, that work with the database. Now when they are moving to Cuban X, they are building their operators, they are building some operators to help coordinate in their database to be deployed on a Kubernetes ecosystem. We are going to do the same, right? We have operators for MySQL, we have operators for MongoDB. And we have operator for football scores. So and the one we’re going to talk today, of course, is the operators for courses. Let me share my screen here.
So what I’m going to do here is so this is our main point I made the first point, main starting point, when we work when we start working with the operators for football suites. So what we’re gonna do today, as I said today is not going to be so tactical, especially because I don’t have that much knowledge about Kubernetes. I mean, they cannot like to start a Cuban ad, we’re not going to set up those things. That’s not the thing. What we’re going to do here today, I’m going to use a Cuban ad from Google. So when using the JIKI Cuban ads, so I’m going to deploy the ProCon operators here. And we’ll see how easy and fast is to deploy a cluster of database using the operators, right? So that’s the main thing. And there’s a lot of things that we can cover and we go on. So it’s a healing session, when things comes to cabinets, that’s a plethora of things that we will need to learn in work and things. So sometimes things get a little messy and complicated, especially for troubleshooting. And that’s why it’s so important to understand how things work under the hood, like we did in the last talk for the containers, right. So today, the focus is just to take a look at operators to see how that power works, what we need to do to deploy a cluster, we hear one of the flight costs we felt, so one primer and two replicas. And we’ll, we’ll look around to see what the is to see that we can connect to the database, how the base may operations for the different operators, right. So this is the documentation. So if when you come here, we’ll see that we have the requirements, we have a quick start guide. This is the one we’re going to use for tonight, we’re going to use this quick start guide, because you’re going to use the Digi key. And that’s the main thing. And yeah, that’s it. So the requirements here, it will tell us basically, or what are supported by our operating hyperikon operators right at the moment, what has officially supported by the platforms, we have the GK, the Google platform, the AWS and the OpenShift content. Of course, we can also have our own cluster, to build operators, right? To build a cluster. It’s, it’s a quite tedious and planning to fail operation. I did that a couple of times. All the times that I’ve tried to build my own philosophy, I failed. And that’s why I’m using coupon apps, because I wanted to use something that works. I’ll try to build a new one from scratch, if just a closer with three or four notes. And if that works, I’ll try to replicate and record a video. So we can walk through the whole story, how we build the cluster, the Kubernetes cluster, how we install the operators and everything. But yeah, my attempt here they were the Philippines. So I wanted you to build something that works. Right. So a bit about the designer architecture here. As I said, the greatest is the coordinator things, right. So the there is this huge API on Kubernetes that’s exposed a lot of operations that can be done by the operators. And the ones that we will care today are we’re gonna deploy our operators, and we will use it to connect to Postgres. And if you have time, we might use it to do one backup and recover the backup, but it’s not.
We at least go through the documentation. So what we’re going to have on our cluster for operators to pre-cut operators, I said we have a cluster with one primary and two replicas, right. And we also have some side costs on things that help with the mundaneness of the cluster. For example, as we can see here, we have the PG bouncer for connection pooling. So we have the PG bouncer in front of our closer here to have this connection pooling. Then we also have the PG backrest to help correlate with backups. So when we deploy and receivables when we deploy our operators here, they all come together and they are already installed to weave with the operators. So sorry, my mobile, put our mute here I don’t want to stop Yeah. All of these here, and the steps are pretty easy. We are not going through all this information, you guys can go through that. So it explains what is there. So a little bit what our pause, then the two things. So inside of Kubernetes. And as the main topic today is not to explain Kubernetes, but actually to have at least a cluster installed, and just going into closer to some operations. So I’m not going to discuss all those postings here. And to make things faster, instead of just going through here, I could just copy and paste those things here. So I did it before. And I have here my scripts that we got to run tonight. So then if we go here, all the documentation, this is the documentation for GTA GT, it will tell you that you need to have an account, of course, we need to connect your account, we need to install the cube CTL things I don’t have those those those things here. So then it’s the default configuration here for each zone we’re using. I read down the default configuration. And then we start creating our classroom. So for DTE, the first thing that I need to do is any great micro answer. So these will provision the machines is in inside of the cloud computer. So when around this here, I’m telling that I want to create a cluster, right, so let’s containers, this is the Google Cloud API. So I want to create a cluster. And this is the name of the cluster, then I’m creating. So the machine type that I want to use is standard four. So in one is one of the most standard types, the standard four, will give me four CPU cores, pair, per machine per virtual machine. And if I’m not mistaken, 15 gigabytes. So I will have 15 gigabytes in each of the machines and four CPU cores. And I want to my cluster to have three nodes here, creating the physical infrastructure that’s built on this way. So Google Cloud, gonna spin up for me, three machines, each machine lives for CPU core, 15-gigabyte memory, 45-gigabyte disk space, and we will build a Kubernetes cluster for me. So copy and paste, it will take some time yet to create the cluster that will validate the classroom with everything that’s that’s needed to be created. And one thing that I wanted to talk as well is all projects that we have in recon, the operator is also an open source project. So it means that anybody can collaborate with the project. So we can go to GitHub, GitHub,, will find the Postgres operator for Percona. So everything is here, all the project is open source, we find that the same look mentation here, all the code bases. Its main developments been done in Go language. So for you all there that likes to cook, collaborative, open source project. So you are really welcome to cooperate with all of the open source projects that we have, including the operators for postfix.
A lot of people they might say I’m not a developer, I don’t know how to do those things. I don’t like to do those things or doesn’t matter the reason. So I don’t want to develop so. But if you use any if you find a bug or a problem, or if you find a feature that is missing or something, just go there, and you can file a bug. It’s a good way for collaborate. You don’t need to collaborate with only with code, filing bugs, or find feature requests or something that’s missing or something that’s not working out. As expected I suppose to be, this is a huge way of collaboration as well, and always welcomed and doesn’t matter. Like sometimes you see something that time on your perspective is really tiny. But maybe that is the tiny problem that you see there, it’s causing trouble for 1000s of other people that use them. And that tying it collaboration, sometimes you think it’s a time cooperation might be a huge improvement for an open source software. Right? in open source, there is no tiny collaborations, all collaborations are very valuable. Everything we take in consideration everything like we would take, we listen to people, because we really want to improve the software. And we believe that to improve the notes, we also improve the community by making the community stronger, and huger when the product is better. Right. So this is something that I really wanted to talk about before. But I took the standard way of waiting here for the cluster to be built. So yeah, cooperation, and love, we’re almost there. So the cluster was created. Now it’s doing a health check. So check in if the master the practice is healthy. They usually are I don’t see any fault. But we help. Listen, while we were still waiting for them, I expected to be a bit better. So I’m going to use here, the Percona Operators. There are many other operators for posting, not only for posts, there are operators for MySQL for mongoose be for all the databases come to my mind. Now, even for some proprietary ones, you can find operators out there. And they’re really easy to the point. But you see that we have some YAML files here. So those YAML files, they’re basically the configuration to the operators, they tell the operators what we want to do, right?
Because it was multiple is established. So but we need to do it anyway. Right. So let me call it a will be saved some time. Now that my glossary is built is done, I will get the credentials for my classroom. So it will get the credentials. And it will install in some configuration files here. We don’t need to, to see them. So now, from now on. When I tried to use this cluster here, it will use the credentials that have been generated and installed here. So I want to bind to my user, as in using the Google API. I have a user for Google so I’ve already authenticated. And now I’m binding those credentials that I have there. We’ve also those credentials that we have for our Kubernetes cluster here. So data going into the bind, we don’t need to do much okay I record so, as I was saying the configuration files, right? So everything that did when we started working on with operators on Cuba nets, our configurations will be stored in YAMLfiles here. So and this one, for example.
So this one, we will describe what we want to do here, this is the file that will create our cluster with one primary and two replicas. And here it will describe exactly what we want to do. Right so we have the versions we have the database might have the data source, and here we describe the primary okay, what is with the image. This is the Docker image that will be used to build the machine So, how many resource that we are going to use CPUs? How much memory we’re going to use the volumes disk space that are being used. So how will it be exposed if we’re going to have a fractured storage inside and how that storage would be exposed here. So all the configurations for the nodes, will be here on those files, right? For example, we have replicas, okay, how many replicas, so we have to wrap this here, there, that the Hot Standby, we have to the volumes, how they have been created. And if we have order, sidecar nodes, everything, so everything is being described on those EML files. So what we can do is, if we need more nodes, or if new changes or anything, we can just call the report just like it here. And we can go through the configurations here and change the configuration and make it as the way that we need to, to work for for our needs, right? So they’re all here. For now, I’m not going to change the configuration. So I’m going to we’re going to create a namespace, the namespace we call here, people. We could have created whatever namespace right with whatever name, but I think it’s the namespace here, the been described inside some of those YAML files. So if we change the namespace, we need to carefully change some of those files.
As you’ll see here, some of those files they use. Yeah, some of those files, they use the namespace people, right, so we need to be careful, we can change of gods, because we, we need to change them accordingly. When you’re like here, on when you go for the operators, the operator namespace, they’ve been hard coded here. So those are the things that we need to be careful. If we change, sometimes, we just need to go and change inside of the configuration files, right? For now, we don’t want to bother all those things. We’re going to everything by default. So inviting, create the namespace, and set the contracts because when we are using it, we’ll see if you pay attention for the camera I’m using this cube CTL command. So when I change the namespace, when actually create the namespace, and I want to use that namespace, I want every time to try to type here, the dash namespace and using cube. So it’s quite annoying, right? Because if I don’t do it will create the default, it will going to use the default namespace. So what I’m going to do here is just set my default namespace, the context here is only for this context, the namespace that I want to use is the Pico. So for now, I don’t need to type the dash namespace, I don’t need to tell the cube CTL whenever they’re running, I want to run on the Pico namespace, because it knows. And one thing that I always want to do is I want to run this common here against all odds. Because what are the cons, bonds are the the machines, let’s put them this way the run that Kubernetes creates every time that we create something or an instance, inside of Kubernetes it will call it a pod. It’s not the best name way to describe it. It’s very simplistic. It’s like an instance of something a virtual machine inside of Kubernetes or a container inside of Kubernetes. In a very simplistic way. So, we don’t have any as we see here, no resource phones in the Beagle namespace. And now we want to start deploying the thing. The first thing we need to deploy is the operator itself. So though the whole infrastructure whole things it needs to deploy inside the Kubernetes right, so I’m going to deploy here, this is the operators that we’re using here are going to deployed operators. And as you see here, so yeah, it started see, it’s going to create its own container inside of the cluster. And this will be the guy responsible of taking care of everything. He’s is the operator. And after the flying operator. Now we need to deploy our cluster, we need to create our cluster here, these these. Remember that one we saw, the primary, the rapid crowd, the bouncer backrest, and all this kind of stuff? Yeah, this is the guy here. So if everything goes fine, yep, we didn’t see any error message. I saw an error message here. Okay. Oh. Yeah, that’s one thing on on purpose, because we’re still waiting for this last guy here to be created. So sometimes, it takes a little while for us for the closer to create all the resources. And some resources, have dependencies. Like, for example, for me to to create the cluster using the operator, I need to wait for this operator cluster to be Craven. Alright, so theoretically, if I run it, now, it should be able to work because the one that we are waiting for the dependency that we’re waiting for, is being treated. And that’s what happened here. Now, we don’t have any error messages anymore. So now, this is when the match is done. So the first thing that has been created here is the PG backrest. So it has a chat. So inside our operators, we have a shirt, disk space, a repo that is controlled by these guys here from the PG backgrounds, all the backups that you create, they bind the full will be stored here. So we can access this machine and will do it later. And we can check the files and folders and everything. So every time that we create the backup, by default, we don’t change our configurations here. But those YAML files by default, they will be stored somewhere here inside of this chat. Right. And I should now have a primary cluster, a primary node by these guys here. It’s a primary node, and we can access them, just like we when we do for Docker, we can use the cube CTL command cube CTL as that dash t, the name of the node we want to access and run the bean bash inside. Oops.
And this should be my primary node. So if I do a SQL, I should be able to connect to my database. This is my primary node inside of the database. Right?. So and like but I already can access my primary node. Right? So we can for example, see what are database we have here, I have the database DG dB. And as we are using the PG bouncer, we should ideally not access the database directly like we did here. We should ideally access the database to the PG bouncer. And the nice thing is we have a service that’s been created to respond to PG bouncer see that I have to use the cube CTL API I have to type the whole name of the cluster here who also I mean the node articles and then the name of my node here is created by Cluster One that is the name of the book Also, and some sort of UI D. And that’s definitely not the best way to for application, right?
Because what happens if one of those nodes here they crash. So if there’s no one of those nodes here, crash Cubanas, and we will spin up a new node to replace. And obviously, this idea in the end will change. So to solve that, we have this PG bouncer service here. So that it has the name of our cluster, and PG, bouncer, dash PG bouncer in the image. So we can access our services using that name. And to give an example, what are you going to do here, I will create an audit old seat, let’s pay attention to that we have 1-234-567-8910 ports, those are the ports that we have, are going to create another port, we call this port Fiji client. And they’re going to use this image to create a fault. So I’m spinning a new container inside of my class. And I want to use is an example like, for example, that was an application connecting to the database, write an application, how would application be able to connect to the database? So as you see here, it’s been created, this is a container that’s been created the name I gave it, so and it only has the it has a PG client, the Postgres client here, right? So and I will try to connect my database. So, but I don’t have a username and password to connect to my database. How I’m connecting to my database? That’s a good question. Our operators, it’s exposes that we have to this. It exposes one service that we can get the secrets from Kubernetes itself. Remember all those things here? So when you create the closer here, the Cubanas. The parade’s itself, it creates one user ad with a password and defined for the database, and we can get that user and that password for that database. So I call it service. Of course, I need to change my namespace here. It’s on the ego space, not only the following space. Yep, the name of my cluster actually is closer one. And here we go. I have password and a username here that I can use to connect to the database using that information, and but those here those are using basics default, right? So let me get first let me get better the username. Okay, this is the way to do user. And it’s correct here. And the password can be saved for the password. Here I have my password for replacing here, this is the password. So I now can use this information from inside here and connect to my data is that going to fail because the name is wrong? I need to use the closer one. This is the name of my classroom teacher. Right? So okay, if everything goes well, I should be able to connect to my database. But now I need to connect into my database using PG bouncer. I’m not connecting to the database directly anymore. And how can we validate this information? So now we’re connecting right to the database. And if I go to SQL, I can create a new user, I’m going to create a new user, Charlyβ Boss for my boss. Give it the superuser password. 123 - very secure password. So I have this user, I can bash you Charly. Of course, these should be dice age. Okay, I can connect. And I can also this is because I don’t have an entry for the local branch. So I need to use the TCP IP. And I can also use 127. Right? So because I’m inside 270, inside of this very same box, so I can come up here, this is the primary.
However, if I do the same, yes, well. I’m not I won’t be able to use the user trolley, even though I don’t have an entry on the bouncer. I don’t have any user trolley defined in my PG bouncer here. So it won’t let me connect I need to go to my PG bouncer and change the configuration. And this is a good thing. So we should not allow direct connections to our database. All the connections here should be directed should be through the PG bouncer. And of course, the users. On the PG bouncer, one thing that we need to pay close attention is this user here, this user has really limited privileges. So let me see if we can create the user this user. No, we’re not able to repeat the data because, as I said, this user here, he has some limited privileges. And by default, it’s the outer of this database here. Not the other way. It has to be right at least table. It has to watch to change this database schema here. Yeah, here we have a fully cluster installed. We can access our cluster using PG bouncer. This guy here, this name here is accessible inside of this, this, this cluster, the Kubernetes cluster, it has its own DNS provider. So all these names and everything here, it’s accessible here. So our application running on the same cluster, they will be able to access the database using this main here. And the good thing is, if any of those nodes, they crash, and we have a field here, if any of those be bouncer nodes, we have three nodes here for PgBouncer. If any of them they crash. So the post today, the Kubernetes will just spin up a new node. And we will to do all the internal configuration and properly change the DNS and whatever. So the high availability for the PG bouncer is done by the operators inside of the Cuban ants as well. We don’t need to care about that. We don’t need to be concerned about that because it will be taken care of by Cuba. That’s the same way for the database. So the database, if we have on crash of the database, we will also be taking care of the Kubernetes. Right, all those things giving up by the by the Kubernetes. And if we go back to the recommendation, we’ll see here on the documentation that we have some management guide here, and we have backup restore, we have horizontally scaling, monitoring using PMM. So all those things that can be done here, they deserve the ohm, on call. But, like, when we go for backup, remember that I said that we have a shared purpose? Well, it’s a volume that’s been created here. And the insurance, even if these guys crashes, that all it will proceed this a persistent volume, so we don’t lose the database thankful for the database. So the database, they have a persistent volume, and a volume group has been created. So all those inside of those volume groups, we all have those, they are described on both YAML files. So we can go there and check and change. We can do watchings here. But a nice thing is for backup, for example, we can use s3 buckets. So not only Amazon or any s3 compatible storage, they’re the ones on Google on Azure. Or even the ones that we built by ourselves, right? And we can, they can, PG backrest can use them to do the backups to do all those things. Right. And it’s easy, mostly that we need to do is we need to have the bucket. And then we do a configuration file, we have a configuration file a YAML file that we put the secrets there, we put the keys, the metadata all here, and then we just do a cube CTL apply. And that’s it. So this one will add the configuration to our operator. And we just apply that apply, and we have a backup. So the operations, the amazing thing about operators is that bulls operations like backup operations, recover operations, even that high availability thing, a lot of those operations, they can be simplified, using Kubernetes. When I mean using operators on Kubernetes. So this is one thing that is really appealing. A lot of companies, a lot of people there, they start moving P or at least planning to use Kubernetes for database, because it can make life a lot easier for the operations. For the other hand, things are not so easy when we need to troubleshoot, because now we have a lot more layers on top of what we usually do. Right? For example, in this cluster here. Remember, I built the cluster with three machines. So what exactly is my database on here? We have no control over that. Like, there are some configurations. We can pin on thing here and there. But then we are just stuff limiting the Cuban accent operators and how they are going to work if it’s not to put too many constraints here. Right? So the troubleshooting, they sometimes start being a lot more complex when we are using those tools that we built. Even though the operators they’ve been for us for some years now. They still sort of newish things. So we still need a lot of tooling to help troubleshoot and things. And those tool sets they build tools like PMM helps a lot to investigate. And we’ve been building more tools to look inside of Kubernetes as well from the PMM perspective and also from the database perspective. It helps a lot, but still a complex thing that we definitely need to get hands-on. And it’s not as simple as just deploying things. The troubleshooting process, it’s a lot more complex. Yeah, those are the things that I wanted to show you guys today. I see there may have some questions
Dave Stokes:
We had to first was from attache I’m sorry if I’m butchering. And he also asked about his advisable use Postgres databases on Kubernetes, can security be compromised? Specifically, when using Cloud provided? Clusters? You’re gonna make it and more on using the cloud providers.
Charly Batista:
Yeah, like, exactly when you talk about about security. And if you do not trust the provider, so it’s not saying right, you don’t trust them? Right. So if you’re moving to the cloud, it doesn’t matter if you cube minutes, or if more and more virtual machines. So it’s uncalled, right? If you don’t trust the cloud. I think like, the technology you’re using, it’s it doesn’t matter, unless you use for encryption. And even using for encryption, one thing that people need to keep in mind is the key it needs to be transferred somewhere at some point to the bots and we’d be kept in memory. So if you don’t trust your cloud, they can, for example, have a memory dump and get your evidence. So and that’s the biggest thing. So is it secure? How much do you trust your provider?
Dave Stokes:
Someone who used to run in secure and better classify things with their security is more using the cloud folks.
Unknown Speaker
Yeah, yeah.
Dave Stokes:
If you’re trying to use drive for Postgres, you got to make sure the speeds there and unfortunately, forget the network. storage devices are not fast enough to keep up with you. The latency network will tell you what device but that’s it for today, and the dogs. And if you have anything you want to see Charly covering a future episode, I’m at Stoker on Twitter, hunt us down and let us know. And with that, we’d like to thank you for tuning in today. And thanks again to Charly for sharing his wonderful expertise. And if you haven’t tried Kubernetes yet, give it a try. I’ve been playing with AWS and it’s still not easy. Still not simple, but it’s getting better. So
Charly Batista:
Yeah, and as long as you don’t you don’t need to build a Kubernetes cluster yourself. Yeah, that’s that’s true. Because I’ve been having nightmares of those Muay Thai like a couple of times and failed miserably to build my own class.
Dave Stokes:
Thank you, folks, and we’ll see you hopefully in two weeks with our next broadcast, and keep safe. Talk to you. Thanks. β
