search

reactive-tech / kubegres

Kubegres is a Kubernetes operator allowing to deploy one or many clusters of PostgreSql instances and manage databases replication, failover and backup.
https://www.kubegres.io
Apache License 2.0
1.32k stars 74 forks source link

login issue #173

Open rbeygi opened 8 months ago

rbeygi commented 8 months ago

Hi

I've installed v1.17 and i set superuserpassword and replicapassword and config primary init script for create custom user but i can not login with postgres user and replication does not work and every time I've got below error

FATAL: password authentication failed for user "postgres"

I check the env on container and all envs are exist and several times I've tried to change pg_hba config file. these are my files.

kind: ConfigMap
metadata:
  name: postgres-conf
  namespace: test-psql
data:
  primary_init_script.sh: |
    #!/bin/bash
    set -e

    dt=$(date '+%d/%m/%Y %H:%M:%S');
    echo "$dt - Running init script the 1st time Primary PostgreSql container is created...";

    echo "$dt - Running: psql -v ON_ERROR_STOP=1 --username $POSTGRES_USER --dbname $POSTGRES_DB ...";

    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
    CREATE USER '$POSTGRES_MY_USERNAME' WITH PASSWORD '$POSTGRES_MY_DB_PASSWORD';
    CREATE DATABASE '$POSTGRES_MY_DB';
    \connect $POSTGRES_MY_DB';
    GRANT ALL ON SCHEMA public TO '$POSTGRES_MY_USERNAME';
    EOSQL

    echo "$dt - Init script is completed";

  backup_database.sh: |
    #!/bin/bash
    set -e

    dt=$(date '+%d/%m/%Y %H:%M:%S');
    fileDt=$(date '+%d_%m_%Y_%H_%M_%S');
    backUpFileName="$KUBEGRES_RESOURCE_NAME-backup-$fileDt.gz"
    backUpFilePath="$BACKUP_DESTINATION_FOLDER/$backUpFileName"

    echo "$dt - Starting DB backup of Kubegres resource $KUBEGRES_RESOURCE_NAME into file: $backUpFilePath";
    echo "$dt - Running: pg_dumpall -h $BACKUP_SOURCE_DB_HOST_NAME -U postgres -c | gzip > $backUpFilePath"

    pg_dumpall -h $BACKUP_SOURCE_DB_HOST_NAME -U postgres -c | gzip > $backUpFilePath

    if [ $? -ne 0 ]; then
      rm $backUpFilePath
      echo "Unable to execute a BackUp. Please check DB connection settings"
      exit 1
    fi

    echo "$dt - DB backup completed for Kubegres resource $KUBEGRES_RESOURCE_NAME into file: $backUpFilePath";

  postgres.conf: |
    # Replication configs
    listen_addresses = '*'
    max_wal_senders = 10
    # wal_keep_segments = 48 #in Mb
    max_connections = 5000
    shared_buffers = 128MB
    # Logging
    # log_destination = 'stderr,csvlog'
    # logging_collector = on
    # log_directory = 'pg_log'
    # log_filename= 'postgresql-%Y-%m-%d_%H%M%S.log'

  pg_hba.conf: |
    # TYPE  DATABASE        USER            ADDRESS                 METHOD
    # Replication connections by a user with the replication privilege
    host    replication     replication     all                     md5
    # As long as it is authenticated, all connections allowed except from "0.0.0.0/0"
    local   all             all                                     md5
    host    all             all             all                     md5
    host    all             all             0.0.0.0/0               reject

#############

kind: Secret
metadata:
  name: postgres-secret
  namespace: test-psql
type: Opaque
stringData:
  superUserPassword: "QWEqwe123"
  replicationUserPassword: "QWEqwe123"
  myDbUserPassword: "qweqweqwe"
  myDbUser: "test"
  myDbName: "test"

#########

apiVersion: kubegres.reactive-tech.io/v1
kind: Kubegres
metadata:
  name: postgresql-replica
  namespace: test-psql
spec:
  replicas: 3
  image: 'postgres:16.1'
  customConfig: postgres-conf
  failover:
    isDisabled: false
  database:
    size: 1Gi
  backup:
    schedule: '*/15 * * * *'
    pvcName: postgres-backup-pvc
    volumeMount: /var/lib/backup
  env:
    - name: POSTGRES_USER
      value: "postgres"
    - name: POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          name: postgres-secret
          key: superUserPassword
    - name: POSTGRES_REPLICATION_PASSWORD
      valueFrom:
        secretKeyRef:
          name: postgres-secret
          key: replicationUserPassword
    - name: POSTGRES_MY_DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: postgres-secret
          key: myDbUserPassword
    - name: POSTGRES_MY_USERNAME
      valueFrom:
        secretKeyRef:
          name: postgres-secret
          key: myDbUser
    - name: POSTGRES_MY_DB
      valueFrom:
        secretKeyRef:
          name: postgres-secret
          key: myDbName
  probe:
    livenessProbe:
      exec:
        command:
          - sh
          - '-c'
          - exec pg_isready -U postgres -h $POD_IP
      failureThreshold: 10
      initialDelaySeconds: 60
      periodSeconds: 20
      successThreshold: 1
      timeoutSeconds: 15
    readinessProbe:
      exec:
        command:
          - sh
          - '-c'
          - exec pg_isready -U postgres -h $POD_IP
      failureThreshold: 3
      initialDelaySeconds: 5
      periodSeconds: 5
      successThreshold: 1
      timeoutSeconds: 3