Top
Enterprise Postgres 18 for Kubernetes User's Guide
Chapter 5 Post-Deployment Operations > 5.4 FEPPGPool2 Configuration Change
PreviousNext

5.4 FEPPGPool2 Configuration Change

This section describes changes to the FEPPGPool2 configuration.

List FEPPGPool2

Equivalent Kubernetes command: kubectl get FEPPGPool2 (-A)

This operation lists all FEPPGPool2 in the namespace in the following format:. Alternatively, if the -A option is specified, will list all FEPPGPool2 in all namespace.

Field

Value

Details

Name

.metadata.name

Name of pgpool2


Example)

# kubectl get feppgpool2 -A

NAMESPACE       NAME
namespace1      fep1-pgpool2
namespace2      fep2-pgpool2

Delete FEPPGPool2

Equivalent Kubernetes command: kubectl delete FEPPGPool2 <pgpool2_name>

This operation will remove the FEPPGPool2 by the pgpool2_name.

Update FEPPGPool2

Equivalent Kubernetes command: kubectl apply -f <new_spec>

Refer to "FEPPgpool2 Custom Resource Parameters" in the Reference and specify the parameters to be updated. Only the following parameters can be specified.

Custom Resource spec

Change Effect

.spec.count: n

Increase the number of nodes in the cluster to n.

.spec.serviceport

Change the TCP port for connecting to the Pgpool-II.

.spec.statusport

Change the TCP port for connecting to the PCP process.

.spec.limits.cpu

Change limits of cpus.

.spec.limits.memory

Change limits of memory.

.spec.requests.cpu

Change requests of cpus.

.spec.requests.memory

Change requests of memory.

.spec.fepclustername

Change fepcluster to connect.

.spec.customhba

Change pool_hba.conf file.

.spec.customparams

Change pgpool2 parameters

.spec.custompcp

Change pcp.conf file.

.spec.customsslkey

Change key content

.spec.customsslcert

Change the contents of the public x 509 certificate.

.spec.customsslcacert

Change the contents of the CA root certificate in PEM format.


Some of the customparams parameters, customhba and custompcp, require a restart of pgpool2.

Equivalent Kubernetes command: Kubectl apply -f <new_spec>

"pgpool2_restart" action type expects users to specify the name of the pgpool2 that they want to restart from.

Specify the metadata.Name of the FEPPGPool2 CR in the targetPgpool2Name section of the FEPAction CR, as below:

spec:
    targetPgpool2Name: fep1-pgpool2
    fepAction:
        type: pgpool2_restart

Note

When updating FEPPGPool2, the Pod of FEPPGPool2 is restarted. If configured with more than one FEPPGpool2, they are rebooted sequentially. The application should be designed to reconnect the connection because the connection being connected is broken.

Update each resource used for client authentication using scram-sha-256 authentication

Set password for new database user

When you add a new user to the database, you must notify the FEPpgpool2 container of the user and password.
In this case, in addition to the information of the existing user, add the information of the new user to the secret as follows.

apiVersion: v1
kind: Secret
metadata:
  name: test-secret
type: Opaque
data:
  user_name_1:cGFzc3dvcmRfMQ==
  user_name_2:cGFzc3dvcmRfMg==
  user_name_new:cGFzc3dvcmRfbmV3

After updating the secret, the FEPpgpool2 container automatically updates the contents of the password file pool_passwd.
If you want to edit the operator-created secret to add new user information, delete the postgres key entry. If there are still postgres key entries, the new user information will not be reflected.

Update passwords for existing database users

The FEPCluster container may update the passwords of database users for reasons such as password expiration.
In this case, keep the information of the existing user, and update the user information secret for the updated password as follows.

apiVersion: v1
kind: Secret
metadata:
  name: test-secret
type: Opaque
data:
  user_name_1:cGFzc3dvcmRfMQ==
  user_name_2:cGFzc3dvcmRfMl9uZXc=

After updating the secret, the FEPpgpool2 container automatically updates the contents of the password file pool_passwd.

Update encryption key file pgpoolkey

If you want to update the encryption key file pgpoolkey, update the contents of the secret defined in the encryption key secret pgpoolkeySecret.

apiVersion: v1
kind: Secret
metadata:
  name: pgpoolkey-secret
type: Opaque
data:
  pgpoolkey:bmV3LXBncG9vbGtleXBhc3N3b3Jk

If you want to update the encryption key file pgpoolkey, you must use the updated pgpoolkey and encrypt it again with scram-sha-256. You will also need to restart pgpool2 after updating the encryption key secret.

After updating the secret, the FEPpgpool2 container automatically updates the contents of the password file pool_passwd with the updated pgpoolkey.

PreviousNext
Copyright 2021-2025 Fujitsu Limited