Instance Pod Configuration
Projected Volumes
CloudNativePG supports to mount custom files inside the Postgres pods through
.spec.projectedVolumeTemplate
, this is useful for several Postgres features and extensions
that require additional data files. In CloudNativePG, .spec.projectedVolumeTemplate
field is a
projected volume template in kubernetes,
which allows user to mount arbitrary data under /projected
folder in Postgres pods.
Here is a simple example about how to mount an existing tls Secret (named sample-secret) as files
into Postgres pods. The values for the Secret keys tls.crt
and tls.key
in sample-secret will be mounted
as files into path /projected/certificate/tls.crt
and /projected/certificate/tls.key
in Postgres pod.
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: cluster-example-projected-volumes
spec:
instances: 3
projectedVolumeTemplate:
sources:
- secret:
name: sample-secret
items:
- key: tls.crt
path: certificate/tls.crt
- key: tls.key
path: certificate/tls.key
storage:
size: 1Gi
You can find a complete example using projected volume template to mount Secret and Configmap in the cluster-example-projected-volume.yaml deployment manifest.
Environment variables
Some system behavior can be customized using environment variables. One example is
the LDAPCONF
variable, which may point to a custom LDAP configuration file. Another
example is the TZ
environment variable, which represents the timezone used by the
PostgreSQL container.
CloudNativePG allows the user to set custom environment variables via the env
and
the envFrom
stanza of the cluster specification.
The following is a definition of a PostgreSQL cluster using the Australia/Sydney
timezone as the default cluster-level timezone:
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: cluster-example
spec:
instances: 3
env:
- name: TZ
value: Australia/Sydney
storage:
size: 1Gi
The envFrom
stanza can refer to ConfigMaps or Secrets to use their content
as environment variables:
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: cluster-example
spec:
instances: 3
envFrom:
- configMapRef:
name: config-map-name
- secretRef:
name: secret-name
storage:
size: 1Gi
The operator doesn't allow setting the following environment variables:
POD_NAME
NAMESPACE
- any environment variable whose name starts with
PG
.
Any change in the env
or in the envFrom
section will trigger a rolling
update of the PostgreSQL Pods.
If the env
or the envFrom
section refers to a Secret or a ConfigMap, the
operator will not detect any changes in them and will not trigger a rollout.
The Kubelet use the same behavior with Pods, and the user is supposed to
trigger the Pod rollout manually.