Kaspersky Container Security
2.0
English

Contents

Creating a user for an external PostgreSQL database

For Kaspersky Container Security, you can use PostgreSQL databases included in the solution or your own PostgreSQL databases. To install an external PostgreSQL database that does not work with the Kaspersky Container Security schema, you must create a separate user. You can do this by installing the Helm Chart package with the schema parameters specified for the external PostgreSQL database.

To create a user with a custom schema for an external PostgreSQL database:

  1. Run the following command to create a separate namespace for the external PostgreSQL database:

    kubectl create ns kcspg

    where kcspg is the namespace for the external PostgreSQL database.

  2. To deploy an external PostgreSQL database:
    1. Specify the parameters for deploying the external PostgreSQL database in the pg.yaml configuration file.

      Parameters for deploying the external PostgreSQL database

      apiVersion: apps/v1

      kind: Deployment

      metadata:

      annotations:

      deployment.kubernetes.io/revision: "1"

      labels:

      app: postgres

      component: postgres

      name: postgres

      namespace: kcspg

      spec:

      replicas: 1

      selector:

      matchLabels:

      app: postgres

      component: postgres

      strategy:

      type: Recreate

      template:

      metadata:

      creationTimestamp: null

      labels:

      app: postgres

      component: postgres

      spec:

      containers:

      - name: postgres

      image: postgres:13-alpine

      ports:

      - containerPort: 5432

      env:

      - name: POSTGRES_DB

      value: api

      - name: POSTGRES_USER

      value: postgres

      - name: POSTGRES_PASSWORD

      value: postgres

      volumeMounts:

      - mountPath: "/var/lib/postgresql/data"

      name: "pgdata"

      imagePullSecrets:

      - name: ci-creds

      volumes:

      - hostPath:

      path: "/home/docker/pgdata"

      name: pgdata

      The parameters specify the password of the database. You must then specify this password in the infraconfig section of the values.yaml configuration file, which is part of the Helm Chart package included in the distribution kit of the solution.

    2. Run the following command:

      kubectl apply -f pg.yaml -n kcspg

    The name of this external database is formed as follows:

    <pod_name>.<namespace name>.<service>.cluster.local

    For example, postgres.kcspg.svc.cluster.local

  3. To deploy a Service object in a cluster:
    1. Specify the Service object deployment parameters in the svc.yaml configuration file.

      Parameters for deploying the Service object in a cluster

      apiVersion: v1

      kind: Service

      metadata:

      name: postgres

      spec:

      type: ClusterIP

      selector:

      component: postgres

      ports:

      - port: 5432

      targetPort: 5432

    2. Run the following command:

      kubectl apply -f svc.yaml -n kcspg

  4. To create a user, a schema, and a user-schema relation:
    1. Using the postgres element expanded at step 2b, log in to the pod.
    2. Start the psql interactive terminal:

      psql -h localhost -U postgres -d api

    3. Run the following commands:

      CREATE ROLE kks LOGIN PASSWORD 'kks' NOINHERIT CREATEDB;

      CREATE SCHEMA kks AUTHORIZATION kks;

      GRANT USAGE ON SCHEMA kks TO PUBLIC;

  5. In the values.yaml configuration file, specify the necessary parameters to use an external PostgreSQL database.

    Parameters in the values.yaml file

    default:

    postgresql:

    external: true

    configmap:

    infraconfig:

    type: fromEnvs

    envs:

    POSTGRES_HOST: postgres.kcspg.svc.cluster.local

    POSTGRES_PORT: 5432

    POSTGRES_DB_NAME: api

    secret:

    infracreds:

    type: fromEnvs

    envs:

    POSTGRES_USER: kks

    POSTGRES_PASSWORD: kks

    The values of the parameters specified in values.yaml must match the values of corresponding parameters in the pg.yaml and svc.yaml configuration files.

  6. Start a solution update.

    Example of commands to create a user with an external PostgreSQL database

    export KUBECONFIG=/root/.kube/config

    export CHART_URL=repo.kcs.kaspersky.com

    export CHART_USERNAME=<CHART_USERNAME>

    export CHART_PASSWORD=<CHART_PASSWORD>

    export VERSION=2.0.0

    export KCS_HOSTNAME=kcs.apps.aws.ext.company.com

    export IMAGE_URL=company.gitlab.examplecloud.com:5050

    export IMAGE_USERNAME=<repo_user>

    export IMAGE_PASSWORD=<repo_pass>

    cd /tmp

    helm registry login --username $IMAGE_USERNAME --password $IMAGE_PASSWORD company.gitlab.examplecloud.com:5050/company/kcs/chart

    helm pull oci://company.gitlab.examplecloud.com:5050/company/kcs/chart/kcs --version $VERSION

    tar -xf kcs*.tgz -C /tmp

    cp -rf /tmp/values.yaml /tmp/kcs

    cd /tmp/kcs

    helm upgrade --install kcs-release --create-namespace --namespace kcs --values values.yaml --version $VERSION --timeout 30m --wait --debug .

Page top
[Topic 292954]