Creating a custom EDB Postgres user name and password

You can set custom credentials for application users and superusers to connect to your EDB Postgres instances on IBM Cloud Pak® for Data.

About this task

By default, EDB Postgres credentials are automatically generated. Any custom user names and passwords you create are stored as a secret for each instance and user type.

Procedure

  1. Open a new EDB Postgres command window and create the secret to store your custom credentials. The commands that you use depend on whether you are creating custom credentials for application users or superusers.
    Application users:
    1. Create a secret to hold your credentials by modifying, then running the following script. Input your choice of password and username in the respective fields.
      apiVersion: v1
      data:
        password: cGFzc3dvcmQ=
        username: YXBw
      kind: Secret
      metadata:
        name: edb-advanced-app-user
      type: kubernetes.io/basic-auth
    2. Check your new secret by running the following command:
      kubectl get secret -o yaml edb-advanced-app-user -n ${PROJECT_CPD_INSTANCE}
    Superusers:
    1. Create a secret to hold your credentials by modifying, then running the following script. Input your choice of password and username in the respective fields.
      apiVersion: v1
      data:
        password: dU4zaTFIaDBiWWJDYzRUeVZBYWNCaG1TemdxdHpxeG1PVmpBbjBRSUNoc0pyU211OVBZMmZ3MnE4RUtLTHBaOQ==
        username: cG9zdGdyZXM=
      kind: Secret
      metadata:
        name: edb-advanced-superuser
      type: kubernetes.io/basic-auth
    2. Check your new secret by running the following command:
      kubectl get secret -o yaml edb-advanced-superuser -n ${PROJECT_CPD_INSTANCE}
  2. Apply the secret to an EDB Postgres instance by using the web console or using a custom resource.
    Using the web console:
    1. In the web console, click Add custom credentials (Optional).
    2. Input your custom secret. For example: edb-advanced-app-user
    Using a custom resource:
    Modify and run the following YAML file in the custom resource. Input your secret in the userSecret or superuserSecret field.
    apiVersion: edb.cpd.ibm.com/v1
    kind: CPDEdbInstance
    metadata:
      name: cpdedbinstance-sample
    spec:
      type: Standard
      imageRepository: "cp.stg.icr.io/cp/cpd"
      # Travis pipeline will insert here
      members: 3
      version: "12.9"
      storageClass: nfs-client
      storageSize: 100Gi
      resources:
        requests:
          cpu: 1
          memory: 4Gi
        limits:
          cpu: 1
          memory: 4Gi
      # # Use custom secret 
      userSecret: edb-advanced-app-user
    
      # # Use custom superuserSecret 
      # superuserSecret: edb-advanced-superuser
  3. Decode the secret with the following command:
    echo 'dU4zaTFIaDBiWWJDYzRUeVZBYWNCaG1TemdxdHpxeG1PVmpBbjBRSUNoc0pyU211OVBZMmZ3MnE4RUtLTHBaOQ==' | base64 -d

    The output you see should be similar to the following example:

    uN3i1Hh0bYbCc4TyVAacBhmSzgqtzqxmOVjAn0QIChsJrSmu9PY2fw2q8EKKLpZ9

    You have now decoded the username and password.

  4. Verify that the new credentials have been applied with the following command:
    Application users:
    oc exec -it cpdedbinstance-sample-user-edb-db-1 -n ${PROJECT_CPD_INSTANCE} bash

    The output you see should be similar to the following example:

    kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. bash-4.4$ psql -p 5432 -h 127.0.0.1 -U app Password for user app: password psql (12.9) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. app=>

    Superusers:
    oc exec -it cpdedbinstance-sample-superuser-edb-db-1 -n ${PROJECT_CPD_INSTANCE} bash

    The output you see should be similar to the following example:

    kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. bash-4.4$ psql -p 5432 -h 127.0.0.1 -U postgres Password for user postgres: uN3i1Hh0bYbCc4TyVAacBhmSzgqtzqxmOVjAn0QIChsJrSmu9PY2fw2q8EKKLpZ9 psql (12.9) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. postgres=#

Results

Users can now access the EDB Postgres instance with the custom username and password that you set.