2

We are planning to use Kube for Postgres deployments. Our applications will be microservices with separated schema (or logical database). For security sake, we'd like to have separate users for each schema/logical_db.

I suppose that the db/schema&user should be created by Kube, so the application itself does not need to have access to DB admin account.

In Stolon it seems there is just a possibility to create a single user and single database and this seems to be the case also for other HA Postgres charts.

Question: What is the preferred way in Microservices in Kube to create DB users?

Improve this question

1 Answer 1

Reset to default
3

When it comes to creating user, as you said, most charts and containers will have environment variables for creating a user at boot time. However, most of them do not consider the possibility of creating multiple users at boot time.

What other containers do is, as you said, have the root credentials in k8s secrets so they access the database and create the proper schemas and users. This does not necessarily need to be done in the application logic but, for example, using an init container that sets up the proper database for your application to run.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers

This way you would have a pod with two containers: one for your application and an init container for setting up the DB.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The init container gets run every time the microservice's pod is run. So it would need logic to only create the users and database if they don't already exist? Would a pre-install hook be a better solution? I don't know the answer, but I'm throwing it out there for other comments.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.