Setting up a standby cluster with AWS #1809
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In case you are using AWS, please make sure that the AWS user you provided its credentials with `STANDBY_AWS_ACCESS_KEY_ID`, `STANDBY_AWS_SECRET_ACCESS_KEY` and `STANDBY_AWS_REGION` has permissions to deal with s3, and that you have created a role with following policies:
Policy:
```json
{
"Statement": [
{
"Action": [
"ec2:Describe*",
"ec2:Describe*",
"ec2:ModifyVolumeAttribute"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
}
```
Role:
```json
{
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
}
```
Then, add the name of the role name to `kube_iam_role` [param](https://github.com/zalando/postgres-operator/blob/c10d30903e049bc75ce29e0a9342ff45434deeb5/manifests/configmap.yaml#L52) or the annotation `iam.amazonaws.com/role: "postgres-operator-role"` to the operator deployment.
DadiAnas
requested review from
sdudoladov,
Jan-M,
CyberDem0n and
FxKu
as code owners
In case you are using AWS, please make sure that the AWS user you provided its credentials with `STANDBY_AWS_ACCESS_KEY_ID`, `STANDBY_AWS_SECRET_ACCESS_KEY` and `STANDBY_AWS_REGION` has permissions to deal with s3, and that you have created a role with following policies:
Policy:
```json
{
"Statement": [
{
"Action": [
"ec2:Describe*",
"ec2:Describe*",
"ec2:ModifyVolumeAttribute"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
}
```
Role:
```
{
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
}
```
Then, add the role name to `kube_iam_role` [param](https://github.com/zalando/postgres-operator/blob/c10d30903e049bc75ce29e0a9342ff45434deeb5/manifests/configmap.yaml#L52) or the annotation `iam.amazonaws.com/role: "postgres-operator-role"` to the operator deployment.
|
Always open to improve docs. This would be better suited for the admin docs, I believe. Can you check this paragraph if something can be added there? I would prefer yaml over json examples. We do not list the policy yet. For the user docs it might make sense to add just one sentence that cloning / standby from s3 only works if continuous archiving is set up correctly. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In case you are using AWS, please make sure that the AWS user you provided its credentials with
STANDBY_AWS_ACCESS_KEY_ID,STANDBY_AWS_SECRET_ACCESS_KEYandSTANDBY_AWS_REGIONhas permissions to deal with s3, and that you have created a role with following policies:Policy:
{ "Statement": [ { "Action": [ "ec2:Describe*", "ec2:Describe*", "ec2:ModifyVolumeAttribute" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }Role:
Then, add the role name to
kube_iam_roleparam or the annotationiam.amazonaws.com/role: "postgres-operator-role"to the operator deployment.