Instance Pod Configuration

Projected Volumes

CloudNativePG supports to mount custom files inside the Postgres pods through .spec.projectedVolumeTemplate, this is useful for several Postgres features and extensions that require additional data files. In CloudNativePG, .spec.projectedVolumeTemplate field is a projected volume template in kubernetes, which allows user to mount arbitrary data under /projected folder in Postgres pods.

Here is a simple example about how to mount an existing tls Secret (named sample-secret) as files into Postgres pods. The values for the Secret keys tls.crt and tls.key in sample-secret will be mounted as files into path /projected/certificate/tls.crt and /projected/certificate/tls.key in Postgres pod.

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cluster-example-projected-volumes
spec:
  instances: 3
  projectedVolumeTemplate:
    sources:
      - secret:
          name: sample-secret
          items:
            - key: tls.crt
              path: certificate/tls.crt
            - key: tls.key
              path: certificate/tls.key
  storage:
    size: 1Gi

You can find a complete example using projected volume template to mount Secret and Configmap in the cluster-example-projected-volume.yaml deployment manifest.

Environment variables

Some system behavior can be customized using environment variables. One example is the LDAPCONF variable, which may point to a custom LDAP configuration file. Another example is the TZ environment variable, which represents the timezone used by the PostgreSQL container.

CloudNativePG allows the user to set custom environment variables via the env and the envFrom stanza of the cluster specification.

The following is a definition of a PostgreSQL cluster using the Australia/Sydney timezone as the default cluster-level timezone:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cluster-example
spec:
  instances: 3

  env:
  - name: TZ
    value: Australia/Sydney

  storage:
    size: 1Gi

The envFrom stanza can refer to ConfigMaps or Secrets to use their content as environment variables:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cluster-example
spec:
  instances: 3

  envFrom:
  - configMapRef:
      name: config-map-name
  - secretRef:
      name: secret-name

  storage:
    size: 1Gi

The operator doesn't allow setting the following environment variables:

  • POD_NAME
  • NAMESPACE
  • any environment variable whose name starts with PG.

Any change in the env or in the envFrom section will trigger a rolling update of the PostgreSQL Pods.

If the env or the envFrom section refers to a Secret or a ConfigMap, the operator will not detect any changes in them and will not trigger a rollout. The Kubelet use the same behavior with Pods, and the user is supposed to trigger the Pod rollout manually.