Configuring Your System Databases

Page last updated:

This topic describes how to configure Tanzu Application Service for Kubernetes (TAS for Kubernetes) to use Tanzu Postgres for User Account and Authentication (UAA), Cloud Controller, and Usage service.

Overview

UAA, Cloud Controller, and Usage service require individual Tanzu Postgres databases.

To create and configure databases for these system components:

1. Provision Tanzu Postgres Databases
2. Configure Databases for the System Components

Prerequisites

Before you provision the databases, you must:

• Install Tanzu Postgres. See Installing VMware Tanzu Postgres.
• Create the Postgres operator release on your cluster. See Creating a Postgres Operator Release.

Provision Tanzu Postgres Databases

The UAA, Cloud Controller, and Usage service each need a Tanzu Postgres database.

To configure these three databases:

1. Create a file named postgres-databases.yml and store it outside of the scope of TAS for Kubernetes. Note that this file is only used for deploying the databases. It is not part of the TAS for Kubernetes configuration.

2. Copy and paste the following text into the postgres-databases.yml file:

   apiVersion: v1
   kind: Namespace
   metadata:
     name: postgres-dbs
   ---
   apiVersion: "sql.tanzu.vmware.com/v1"
   kind: "Postgres"
   metadata:
     name: ccdb
     namespace: postgres-dbs
   spec:
     memory: "800Mi"
     cpu: "0.5"
     storageClassName: STORAGE-CLASS
     serviceType: ClusterIP
     storageSize: 10G
     pgConfig:
       dbname: cloud_controller
       username: cloud_controller
   ---
   apiVersion: "sql.tanzu.vmware.com/v1"
   kind: "Postgres"
   metadata:
     name: uaadb
     namespace: postgres-dbs
   spec:
     memory: "800Mi"
     cpu: "0.5"
     storageClassName: STORAGE-CLASS
     serviceType: ClusterIP
     storageSize: 10G
     pgConfig:
       dbname: uaa
       username: uaa
   ---
   apiVersion: "sql.tanzu.vmware.com/v1"
   kind: "Postgres"
   metadata:
     name: usagedb
     namespace: postgres-dbs
   spec:
     memory: "800Mi"
     cpu: "0.5"
     storageClassName: STORAGE-CLASS
     serviceType: ClusterIP
     storageSize: 10G
     pgConfig:
       dbname: usage_service
       username: usage_service
   

   Where STORAGE-CLASS is the name you want to use for the Storage Class for databases.
   
   This YAML file defines a Postgres namespace and database for each of the following components:

   • Cloud Controller
   • UAA
   • Usage service

3. To create Postgres namespaces and databases for the above components, target your Kubernetes cluster and apply the YAML file:

   kubectl apply -f postgres-databases.yml
   

   The hostnames for each of the databases created are as follows:

   USAGE-SERVICE-DB-HOSTNAME=usagedb.postgres-dbs
   UAADB-HOSTNAME=uaadb.postgres-dbs
   CCDB-HOSTNAME=ccdb.postgres-dbs
   

4. To ensure that the new databases support case-insensitive strings, run the following script:

   kubectl exec -it -n postgres-dbs ccdb-0 -- psql -d cloud_controller -c "CREATE EXTENSION citext"
   kubectl exec -it -n postgres-dbs uaadb-0 -- psql -d uaa -c "CREATE EXTENSION citext"
   kubectl exec -it -n postgres-dbs usagedb-0 -- psql -d usage_service -c "CREATE EXTENSION citext"
   

5. Retrieve the password for each database. Use these passwords when configuring the system component databases. See Configure Databases for the System Components below.

   CCDBPW=`bosh interpolate --path='/data/password' <( kubectl get secret -n postgres-dbs ccdb-db-secret -o yaml ) | base64 --decode`
   UAADBPW=`bosh interpolate --path='/data/password' <( kubectl get secret -n postgres-dbs uaadb-db-secret -o yaml ) | base64 --decode`
   USAGEDBPW=`bosh interpolate --path='/data/password' <( kubectl get secret -n postgres-dbs usagedb-db-secret -o yaml ) | base64 --decode`
   
   cat <<EOT
   USAGE-SERVICE-DB-PASSWORD=${USAGEDBPW}
   UAADB-PASSWORD=${UAADBPW}
   CCDB-PASSWORD=${CCDBPW}
   EOT
   

Configure Databases for the System Components

To configure databases for the system components:

1. Change directory into the configuration-values directory and open the value.yml file.

2. Populate the system component section with the following:

   capi:
     database:
       host: "CCDB-HOSTNAME"
       user: cloud_controller
       password: "CCDB-PASSWORD"
       name: cloud_controller
   
   uaa:
     database:
       host: "UAADB-HOSTNAME"
       user: uaa
       password: "UAADB-PASSWORD"
       name: uaa
   
   usage_service:
     database:
       host: "USAGE-SERVICE-DB-HOSTNAME"
       user: usage_service
       password: "USAGE-SERVICE-DB-PASSWORD"
       name: usage_service
   

   Where:

   • host is the fully qualified domain name for the respective component database server.
   • user is the name of the user that accesses the respective database. The default user is the component name.
   • password is the password of database user.
   • name is the name of database. The default name is the component name.

   • (Optional) To use your own CA certificates for these databases, add the following lines below the database name:

     ca_cert: |
       -----BEGIN CERTIFICATE-----
       CCDB-CA-CERTIFICATE-CONTENT
       -----END CERTIFICATE-----
     

3. Save the file.

Next Steps

After configuring the databases, proceed to Configuring Apps Manager.