Creating a custom EDB Postgres user name and password

Important: IBM Cloud Pak® for Data Version 4.6 will reach end of support (EOS) on 31 July, 2025. For more information, see the Discontinuance of service announcement for IBM Cloud Pak for Data Version 4.X.

Upgrade to IBM Software Hub Version 5.1 before IBM Cloud Pak for Data Version 4.6 reaches end of support. For more information, see Upgrading IBM Software Hub in the IBM Software Hub Version 5.1 documentation.

You can set custom credentials for application users and superusers to connect to your EDB Postgres instances on IBM Cloud Pak for Data.

About this task

By default, EDB Postgres credentials are automatically generated. Any custom user names and passwords you create are stored as a secret for each instance and user type.

Procedure

  1. Open a new EDB Postgres command window and create the secret to store your custom credentials. The commands that you use depend on whether you are creating custom credentials for application users or superusers.
    Application users:
    1. Create a secret to hold your credentials by modifying, then running the following script. Input your choice of password and username in the respective fields.
      apiVersion: v1
data:
  password: cGFzc3dvcmQ=
  username: YXBw
kind: Secret
metadata:
  name: edb-advanced-app-user
type: kubernetes.io/basic-auth
    2. Check your new secret by running the following command:
      kubectl get secret -o yaml edb-advanced-app-user -n ${PROJECT_CPD_INSTANCE}
    Superusers:
    1. Create a secret to hold your credentials by modifying, then running the following script. Input your choice of password and username in the respective fields.
      apiVersion: v1
data:
  password: dU4zaTFIaDBiWWJDYzRUeVZBYWNCaG1TemdxdHpxeG1PVmpBbjBRSUNoc0pyU211OVBZMmZ3MnE4RUtLTHBaOQ==
  username: cG9zdGdyZXM=
kind: Secret
metadata:
  name: edb-advanced-superuser
type: kubernetes.io/basic-auth
    2. Check your new secret by running the following command:
      kubectl get secret -o yaml edb-advanced-superuser -n ${PROJECT_CPD_INSTANCE}
  2. Apply the secret to an EDB Postgres instance by using the web console or using a custom resource.
    Using the web console:
    1. In the web console, click Add custom credentials (Optional).
    2. Input your custom secret. For example: edb-advanced-app-user
    Using a custom resource:
    Modify and run the following YAML file in the custom resource. Input your secret in the userSecret or superuserSecret field.
    apiVersion: edb.cpd.ibm.com/v1
kind: CPDEdbInstance
metadata:
  name: cpdedbinstance-sample
spec:
  type: Standard
  imageRepository: "cp.stg.icr.io/cp/cpd"
  # Travis pipeline will insert here
  members: 3
  version: "12.9"
  storageClass: nfs-client
  storageSize: 100Gi
  resources:
    requests:
      cpu: 1
      memory: 4Gi
    limits:
      cpu: 1
      memory: 4Gi
  # # Use custom secret 
  userSecret: edb-advanced-app-user

  # # Use custom superuserSecret 
  # superuserSecret: edb-advanced-superuser
  3. Decode the secret with the following command: 
    echo 'dU4zaTFIaDBiWWJDYzRUeVZBYWNCaG1TemdxdHpxeG1PVmpBbjBRSUNoc0pyU211OVBZMmZ3MnE4RUtLTHBaOQ==' | base64 -d

    The output you see should be similar to the following example:

    uN3i1Hh0bYbCc4TyVAacBhmSzgqtzqxmOVjAn0QIChsJrSmu9PY2fw2q8EKKLpZ9

    You have now decoded the username and password.

  4. Verify that the new credentials have been applied with the following command:
    Application users:
    oc exec -it cpdedbinstance-sample-user-edb-db-1 -n ${PROJECT_CPD_INSTANCE} bash

    The output you see should be similar to the following example:

    kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. bash-4.4$ psql -p 5432 -h 127.0.0.1 -U app Password for user app: password psql (12.9) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. app=>

    Superusers:
    oc exec -it cpdedbinstance-sample-superuser-edb-db-1 -n ${PROJECT_CPD_INSTANCE} bash

    The output you see should be similar to the following example:

    kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. bash-4.4$ psql -p 5432 -h 127.0.0.1 -U postgres Password for user postgres: uN3i1Hh0bYbCc4TyVAacBhmSzgqtzqxmOVjAn0QIChsJrSmu9PY2fw2q8EKKLpZ9 psql (12.9) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. postgres=#

Results

Users can now access the EDB Postgres instance with the custom username and password that you set.