Skip to content

Install Percona Distribution for PostgreSQL on OpenShift

Percona Operator for PostgreSQL is a Red Hat Certified Operator . This means that Percona Operator is portable across hybrid clouds and fully supports the Red Hat OpenShift lifecycle.

Installing Percona Distribution for PostgreSQL on OpenShift includes two steps:

  • Installing the Percona Operator for PostgreSQL,
  • Install Percona Distribution for PostgreSQL using the Operator.

Install the Operator

You can install Percona Operator for PostgreSQL on OpenShift using the Red Hat Marketplace web interface or using the command line interface.

Install the Operator via the command-line interface

  1. First of all, clone the percona-postgresql-operator repository:

    $ git clone -b v2.4.0
    $ cd percona-postgresql-operator


    It is crucial to specify the right branch with -b option while cloning the code on this step. Please be careful.

  2. The Custom Resource Definition for Percona Distribution for PostgreSQL should be created from the deploy/crd.yaml file. Custom Resource Definition extends the standard set of resources which OpenShift “knows” about with the new items (in our case ones which are the core of the Operator). Apply it as follows:

    $ oc apply --server-side -f deploy/crd.yaml

    This step should be done only once; it does not need to be repeated with any other Operator deployments.

  3. Create the OpenShift namespace for your cluster if needed (for example, let’s name it postgres-operator):

    $ oc create namespace postgres-operator


    To use different namespace, specify other name instead of postgres-operator in the above command, and modify the -n postgres-operator parameter with it in the following two steps. You can also omit this parameter completely to deploy everything in the default namespace.

  4. The role-based access control (RBAC) for Percona Distribution for PostgreSQL is configured with the deploy/rbac.yaml file. Role-based access is based on defined roles and the available actions which correspond to each role. The role and actions are defined for Kubernetes resources in the yaml file. Further details about users and roles can be found in specific OpenShift documentation )

    $ oc apply -f deploy/rbac.yaml -n postgres-operator


    Setting RBAC requires your user to have cluster-admin role privileges. For example, those using Google OpenShift Engine can grant user needed privileges with the following command:

    $ oc create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)
  5. If you are going to use the operator with anyuid security context constraint please execute the following command:

    $ sed -i '/disable_auto_failover: "false"/a \ \ \ \ disable_fsgroup: "false"' deploy/operator.yaml
  6. Start the Operator within OpenShift:

    $ oc apply -f deploy/operator.yaml -n postgres-operator

    Optionally, you can add PostgreSQL Users secrets and TLS certificates to OpenShift. If you don’t, the Operator will create the needed users and certificates automatically, when you create the database cluster. You can see documentation on Users and TLS certificates if still want to create them yourself.


    You can simplify the Operator installation by applying a single deploy/bundle.yaml file instead of running commands from the steps 2 and 4:

    $ oc apply -f deploy/bundle.yaml

    This will automatically create Custom Resource Definition, set up role-based access control and install the Operator as one single action.

  7. After the Operator is started Percona Distribution for PostgreSQL cluster can be created at any time with the following command:

    $ oc apply -f deploy/cr.yaml -n postgres-operator

    Creation process will take some time. The process is over when both Operator and replica set Pods have reached their Running status:

    $ oc get pg -n postgres-operator
    Expected output
    NAME       ENDPOINT                                   STATUS   POSTGRES   PGBOUNCER   AGE
    cluster1   cluster1-pgbouncer.postgres-operator.svc   ready    3          3           143m

Verifying the cluster operation

When creation process is over, oc get pg command will show you the cluster status as ready, and you can try to connect to the cluster.

During the installation, the Operator has generated several secrets , including the one with password for default PostgreSQL user. This default user has the same login name as the cluster name.

  1. Use oc get secrets command to see the list of Secrets objects. The Secrets object you are interested in is named as <cluster_name>-pguser-<cluster_name> (substitute <cluster_name> with the name of your Percona Distribution for PostgreSQL Cluster). The default variant will be cluster1-pguser-cluster1.

  2. Use the following command to get the password of this user. Replace the <cluster_name> and <namespace> placeholders with your values:

    $ oc get secret <cluster_name>-<user_name>-<cluster_name> -n <namespace> --template='{{.data.password | base64decode}}{{"\n"}}'
  3. Create a pod and start Percona Distribution for PostgreSQL inside. The following command will do this, naming the new Pod pg-client:

    $ oc run -i --rm --tty pg-client --image=perconalab/percona-distribution-postgresql:16 --restart=Never -- bash -il
    Executing it may require some time to deploy the corresponding Pod.

  4. Run a container with psql tool and connect its console output to your terminal. The following command will connect you as a cluster1 user to a cluster1 database via the PostgreSQL interactive terminal.

    [postgres@pg-client /]$ PGPASSWORD='pguser_password' psql -h cluster1-pgbouncer.postgres-operator.svc -p 5432 -U cluster1 cluster1
    Sample output
    psql (16)
    SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
    Type "help" for help.

Get expert help

If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services. Join K8S Squad to benefit from early access to features and “ask me anything” sessions with the Experts.

Last update: 2024-07-04