Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 1. Updating Postgres Password (Non Keycloak)

Before updating the Postgres password at the secret level, you will need to first update the instance password.

This is because even if you update the secret, the database instance was already created prior to the secret update and hence would have created the relevant admin or integration users with the current secret.

Before undertaking this change, please ensure there is no one using the platform or if anyone is using the platform you will need to notify them of a disruption. Changing the password of the instance will cause a cascading effect and the following components will cease to function and go into a CrashLoop:

  1. cerebrum-api-server

  2. cerebrum-batch

  3. cerebrum-scheduler

  4. cerebrum-worker

1.1. Changing the Password on the Existing Instance

Log into your Postgres pod and access the psql command line

Code Block
languagebash
kubectl exec -it <postgres pod> /bin/bash
bash
psql -U postgres -d postgres

OR

oc rsh <postgres pod>
bash
psql -U postgres -d postgres

Once you are in update the postgres user password to the new password using the following Postgres SQL command

Code Block
languagesql
\password postgres

It will prompt you for the new password. Once this is complete, proceed to the next section to validate the change.

1.2. Updating Deployment Specifications and Re-Deploy

Update the POSTGRES_PASS variable in the secrets yaml for Postgres credentials.yaml to the new password.

Apply the secrets change using

Code Block
kubectl apply -f postgres/k8s/credentails.yaml

OR 

oc apply -f postgres/k8s/credentails.yaml

Validate the secrets was updated using

Code Block
kubectl get secrets

OR 

oc get secrets

Once the change has been applied you will need to restart all dependant pods on this secret in the next section.

1.3. Restart Dependant Pods

You will need to restart the following pods to take on the new Postgres password

  1. cerebrum-api-server

  2. cerebrum-batch

  3. cerebrum-scheduler

  4. cerebrum-worker

These pods should no longer be in a CrashLoop state after the restart.

 2. Updating Postgres Password (Keycloak)

Before updating the Postgres password at the secret level, you will need to first update the instance password.

This is because even if you update the secret, the database instance was already created prior to the secret update and hence would have created the relevant admin or integration users with the current secret.

Before undertaking this change, please ensure there is no one using the platform or if anyone is using the platform you will need to notify them of a disruption. Changing the password of the instance will cause a cascading effect and the following components will cease to function and go into a CrashLoop:

  1. keycloak

This may also cause a cascading effect that will cause the following to go into a pending state due to health checks:

  1. keycloak-internal-gateway

2.1. Changing the Password on the Existing Instance

Log into your Postgres pod and access the psql command line

Code Block
languagebash
kubectl exec -it <keycloak postgres pod> /bin/bash
bash
psql -U postgres -d postgres

OR

oc rsh <keycloak postgres pod>
bash
psql -U postgres -d postgres

Once you are in update the postgres user password to the new password using the following Postgres SQL command

Code Block
languagesql
\password postgres

It will prompt you for the new password. Once this is complete, proceed to the next section to validate the change.

2.2. Updating Deployment Specifications and Re-Deploy

Update the POSTGRES_PASSWORD variable in the secrets yaml for Postgres keycloak-credentials.yaml to the new password.

Apply the secrets change using

Code Block
kubectl apply -f keycloak/k8s/keycloak-credentials.yaml

OR 

oc apply -f keycloak/k8s/keycloak-credentials.yaml

Validate the secrets was updated using

Code Block
kubectl get secrets

OR 

oc get secrets

Once the change has been applied you will need to restart all dependant pods on this secret in the next section.

2.3. Restart Dependant Pods

You will need to restart the following pods to take on the new Postgres password

  1. keycloak

These pods should no longer be in a CrashLoop state after the restart. The keycloak-internal-gateway should also stabilise.