Configuring Your System Databases

Page last updated:

This topic describes how to configure Tanzu Application Service for Kubernetes (TAS for Kubernetes) to use Tanzu Postgres for User Account and Authentication (UAA), Cloud Controller, and Usage service.

Overview

UAA, Cloud Controller, and Usage service require individual Tanzu Postgres databases.

To create and configure databases for these system components:

  1. Provision Tanzu Postgres Databases
  2. Configure Databases for the System Components

Prerequisites

Before you provision the databases, you must:

Provision Tanzu Postgres Databases

The UAA, Cloud Controller, and Usage service each need a Tanzu Postgres database.

To configure these three databases:

  1. Create a file named postgres-databases.yml and store it outside of the scope of TAS for Kubernetes. Note that this file is only used for deploying the databases. It is not part of the TAS for Kubernetes configuration.

  2. Copy and paste the following text into the postgres-databases.yml file:

    apiVersion: v1
    kind: Namespace
    metadata:
      name: postgres-dbs
    ---
    apiVersion: "sql.tanzu.vmware.com/v1"
    kind: "Postgres"
    metadata:
      name: ccdb
      namespace: postgres-dbs
    spec:
      memory: "800Mi"
      cpu: "0.5"
      storageClassName: STORAGE-CLASS
      serviceType: ClusterIP
      storageSize: 10G
      pgConfig:
        dbname: cloud_controller
        username: cloud_controller
    ---
    apiVersion: "sql.tanzu.vmware.com/v1"
    kind: "Postgres"
    metadata:
      name: uaadb
      namespace: postgres-dbs
    spec:
      memory: "800Mi"
      cpu: "0.5"
      storageClassName: STORAGE-CLASS
      serviceType: ClusterIP
      storageSize: 10G
      pgConfig:
        dbname: uaa
        username: uaa
    ---
    apiVersion: "sql.tanzu.vmware.com/v1"
    kind: "Postgres"
    metadata:
      name: usagedb
      namespace: postgres-dbs
    spec:
      memory: "800Mi"
      cpu: "0.5"
      storageClassName: STORAGE-CLASS
      serviceType: ClusterIP
      storageSize: 10G
      pgConfig:
        dbname: usage_service
        username: usage_service
    

    Where STORAGE-CLASS is the name you want to use for the Storage Class for databases.

    This YAML file defines a Postgres namespace and database for each of the following components:

    • Cloud Controller
    • UAA
    • Usage service
  3. To create Postgres namespaces and databases for the above components, target your Kubernetes cluster and apply the YAML file:

    kubectl apply -f postgres-databases.yml
    

    The hostnames for each of the databases created are as follows:

    USAGE-SERVICE-DB-HOSTNAME=usagedb.postgres-dbs
    UAADB-HOSTNAME=uaadb.postgres-dbs
    CCDB-HOSTNAME=ccdb.postgres-dbs
    
  4. To ensure that the new databases support case-insensitive strings, run the following script:

    kubectl exec -it -n postgres-dbs ccdb-0 -- psql -d cloud_controller -c "CREATE EXTENSION citext"
    kubectl exec -it -n postgres-dbs uaadb-0 -- psql -d uaa -c "CREATE EXTENSION citext"
    kubectl exec -it -n postgres-dbs usagedb-0 -- psql -d usage_service -c "CREATE EXTENSION citext"
    
  5. Retrieve the password for each database. Use these passwords when configuring the system component databases. See Configure Databases for the System Components below.

    CCDBPW=`bosh interpolate --path='/data/password' <( kubectl get secret -n postgres-dbs ccdb-db-secret -o yaml ) | base64 --decode`
    UAADBPW=`bosh interpolate --path='/data/password' <( kubectl get secret -n postgres-dbs uaadb-db-secret -o yaml ) | base64 --decode`
    USAGEDBPW=`bosh interpolate --path='/data/password' <( kubectl get secret -n postgres-dbs usagedb-db-secret -o yaml ) | base64 --decode`
    
    cat <<EOT
    USAGE-SERVICE-DB-PASSWORD=${USAGEDBPW}
    UAADB-PASSWORD=${UAADBPW}
    CCDB-PASSWORD=${CCDBPW}
    EOT
    

Configure Databases for the System Components

To configure databases for the system components:

  1. Change directory into the configuration-values directory and open the value.yml file.

  2. Populate the system component section with the following:

    capi:
      database:
        host: "CCDB-HOSTNAME"
        user: cloud_controller
        password: "CCDB-PASSWORD"
        name: cloud_controller
    
    uaa:
      database:
        host: "UAADB-HOSTNAME"
        user: uaa
        password: "UAADB-PASSWORD"
        name: uaa
    
    usage_service:
      database:
        host: "USAGE-SERVICE-DB-HOSTNAME"
        user: usage_service
        password: "USAGE-SERVICE-DB-PASSWORD"
        name: usage_service
    

    Where:

    • host is the fully qualified domain name for the respective component database server.
    • user is the name of the user that accesses the respective database. The default user is the component name.
    • password is the password of database user.
    • name is the name of database. The default name is the component name.
    • (Optional) To use your own CA certificates for these databases, add the following lines below the database name:

      ca_cert: |
        -----BEGIN CERTIFICATE-----
        CCDB-CA-CERTIFICATE-CONTENT
        -----END CERTIFICATE-----
      
  3. Save the file.

Next Steps

After configuring the databases, proceed to Configuring Apps Manager.