Creating a custom EDB Postgres user name and password
You can set custom credentials for application users and superusers to connect to your EDB Postgres instances on IBM Cloud Pak® for Data.
About this task
By default, EDB Postgres credentials are automatically generated. Any custom user names and passwords you create are stored as a secret for each instance and user type.
Procedure
-
Open a new EDB Postgres command window
and create the secret to store your custom credentials. The commands that you use depend on whether
you are creating custom credentials for application users or superusers.
- Application users:
-
- Create a secret to hold your credentials by modifying, then running the following script. Input
your choice of password and username in the respective
fields.
apiVersion: v1 data: password: cGFzc3dvcmQ= username: YXBw kind: Secret metadata: name: edb-advanced-app-user type: kubernetes.io/basic-auth
- Check your new secret by running the following
command:
kubectl get secret -o yaml edb-advanced-app-user -n ${PROJECT_CPD_INSTANCE}
- Create a secret to hold your credentials by modifying, then running the following script. Input
your choice of password and username in the respective
fields.
- Superusers:
-
- Create a secret to hold your credentials by modifying, then running the following script. Input
your choice of password and username in the respective
fields.
apiVersion: v1 data: password: dU4zaTFIaDBiWWJDYzRUeVZBYWNCaG1TemdxdHpxeG1PVmpBbjBRSUNoc0pyU211OVBZMmZ3MnE4RUtLTHBaOQ== username: cG9zdGdyZXM= kind: Secret metadata: name: edb-advanced-superuser type: kubernetes.io/basic-auth
- Check your new secret by running the following
command:
kubectl get secret -o yaml edb-advanced-superuser -n ${PROJECT_CPD_INSTANCE}
- Create a secret to hold your credentials by modifying, then running the following script. Input
your choice of password and username in the respective
fields.
- Apply the secret to an EDB Postgres
instance by using the web console or using a custom resource.
- Using the web console:
-
- In the web console, click Add custom credentials (Optional).
- Input your custom secret. For example: edb-advanced-app-user
- Using a custom resource:
- Modify and run the following YAML file in the custom resource. Input your
secret in the userSecret or superuserSecret
field.
apiVersion: edb.cpd.ibm.com/v1 kind: CPDEdbInstance metadata: name: cpdedbinstance-sample spec: type: Standard imageRepository: "cp.stg.icr.io/cp/cpd" # Travis pipeline will insert here members: 3 version: "12.9" storageClass: nfs-client storageSize: 100Gi resources: requests: cpu: 1 memory: 4Gi limits: cpu: 1 memory: 4Gi # # Use custom secret userSecret: edb-advanced-app-user # # Use custom superuserSecret # superuserSecret: edb-advanced-superuser
- Decode the secret with the following command:
echo 'dU4zaTFIaDBiWWJDYzRUeVZBYWNCaG1TemdxdHpxeG1PVmpBbjBRSUNoc0pyU211OVBZMmZ3MnE4RUtLTHBaOQ==' | base64 -d
The output you see should be similar to the following example:
uN3i1Hh0bYbCc4TyVAacBhmSzgqtzqxmOVjAn0QIChsJrSmu9PY2fw2q8EKKLpZ9
You have now decoded the username and password.
- Verify that the new credentials have been applied with the following command:
- Application users:
-
oc exec -it cpdedbinstance-sample-user-edb-db-1 -n ${PROJECT_CPD_INSTANCE} bash
The output you see should be similar to the following example:
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. bash-4.4$ psql -p 5432 -h 127.0.0.1 -U app Password for user app: password psql (12.9) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. app=>
- Superusers:
oc exec -it cpdedbinstance-sample-superuser-edb-db-1 -n ${PROJECT_CPD_INSTANCE} bash
The output you see should be similar to the following example:
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. bash-4.4$ psql -p 5432 -h 127.0.0.1 -U postgres Password for user postgres: uN3i1Hh0bYbCc4TyVAacBhmSzgqtzqxmOVjAn0QIChsJrSmu9PY2fw2q8EKKLpZ9 psql (12.9) SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) Type "help" for help. postgres=#