Aiven Operator for Kubernetes®#
Aiven Operator for Kubernetes® allows users to manage Aiven services through the Kubernetes® API by using Custom Resource Definitions (CRD).
Only Aiven for PostgreSQL®, Aiven for Apache Kafka®, Aiven for ClickHouse®, Aiven for Redis®*, and Aiven for OpenSearch® are supported at this time.
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications. Kubernetes Operators are software extensions to Kubernetes that make use of custom resources to manage applications and their components. Kubernetes website.
Take your first steps by configuring the Aiven Operator and deploying a PostgreSQL® database.
You’ll also need an Aiven account. If you don’t have one yet, sign up for Aiven (and enjoy a free trial for new accounts). Once you have your account set, please generate and note down the authentication token and your project name, they will be used to authenticate the Kubernetes operator with Aiven’s API.
Install the operator#
Once you have a Kubernetes cluster and an Aiven authentication token, we can proceed to install the operator.
cert-manager with the command below. It is used to manage the webhook TLS certificates used by our operator.
You can use the operator without
cert-manager and the admission webhooks, skip this step and move on to the Helm chart section.
For GKE version >=1.21 VPC users, firewall rule to explicitly allow ingress to port 9443 needs to be added for admission webhook.
If you are running a GKE “Autopilot” cluster in Google Cloud Platform, you will need to be using GKE version >=1.21 and install
cert-manager into the
cert-manager namespace, as per this GitHub issue comment
kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml
cert-manager installation by checking if their pods are up and running:
kubectl get pod -n cert-manager
When you see pods in the list with their status showing “Running”, then you are ready to proceed.
Add the Aiven Helm chart repository and update your local Helm information:
helm repo add aiven https://aiven.github.io/aiven-charts helm repo update
Now let’s install the CRD and then the operator itself:
helm install aiven-operator-crds aiven/aiven-operator-crds helm install aiven-operator aiven/aiven-operator
You can use
helm install aiven-operator aiven/aiven-operator --set webhooks.enabled=false to disable the admission webhooks.
Verify the installation by making sure the operator pod is running with the get pod command:
kubectl get pod -l app.kubernetes.io/name=aiven-operator
If your pod is listed with status “Running” then all is well.
Before creating a service, we need to authenticate the operator with Aiven’s API. To do so, create the Kubernetes secret with the command below, substituting the
<your-token-here> with the authentication token generated in the “Requirements” section above. This needs to be created in the namespace which is going to be used to create your Aiven services.
kubectl create secret generic aiven-token --from-literal=token="<your-token-here>"
Deploying Aiven for PostgreSQL#
It’s showtime! Let’s create an Aiven for PostgreSQL service using the Custom Resource provided by the operator. Create a file named
pg-sample.yaml with the content below, substituting the
<your-project-name> with your Aiven project name. Take a look at the commented lines to understand better what each field represents.
apiVersion: aiven.io/v1alpha1 kind: PostgreSQL metadata: name: pg-sample spec: # gets the authentication token from the `aiven-token` secret authSecretRef: name: aiven-token key: token # outputs the PostgreSQL connection on the `pg-connection` secret connInfoSecretTarget: name: pg-connection # add your Project name here project: <your-project-name> # cloud provider and plan of your choice # you can check all of the possibilities here https://aiven.io/pricing cloudName: google-europe-west1 plan: startup-4 # general Aiven configuration maintenanceWindowDow: friday maintenanceWindowTime: 23:00:00 # specific PostgreSQL configuration userConfig: pg_version: '11'
Apply the resource with the command below:
kubectl apply -f pg-sample.yaml
You can verify the status of your service with the following command.
kubectl get postgresqls.aiven.io pg-sample
Check the output of the command for your service; once the
STATE field has the value
RUNNING, it is ready to use.
Using the service#
Once the service is up and running (you can see your database in the Aiven web console as well at this point) let’s deploy a pod to test the connection to PostgreSQL from Kubernetes.
Create a file named
pod-psql.yaml with the content below:
apiVersion: v1 kind: Pod metadata: name: psql-test-connection spec: restartPolicy: Never containers: - image: postgres:11-alpine name: postgres command: ['psql', '$(DATABASE_URI)', '-c', 'SELECT version();'] # the pg-connection secret becomes environment variables envFrom: - secretRef: name: pg-connection
The connection information in this case, the PostgreSQL service URI, is automatically created by the operator within a Kubernetes secret named after the value from the
Go ahead and run
apply to create the pod and test the connection:
kubectl apply -f pod-psql.yaml
It will run, output the PostgreSQL version and terminate. We can see the logs with the following command:
kubectl logs psql-test-connection
Well done, you have an Aiven for PostgreSQL service deployed through Kubernetes.
To destroy the resources created, execute the following commands:
kubectl delete pod psql-test-connection kubectl delete postgresqls.aiven.io pg-sample
To remove the operator and
cert-manager (if installed), use the following:
helm uninstall aiven-operator helm uninstall aiven-operator-crds kubectl delete -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml
Check out these resources to learn more about Kubernetes and our operator:
If you have any comments or want to contribute to the tool, please join us on the GitHub repository.