Skip to main content
Version: Next

pgAdmin

PgAdmin serves as the administration and management tool for PostgreSQL databases within the organization. It provides a centralized interface for managing servers, databases, and user access configurations.

For logging into pgAdmin, the keycloak user credentials must be used.

pgAdmin Startpage

4.1. Initial Configuration

All databases are pre-registered in pgAdmin. To this end, their respective servers are defined within pgAdmin including the databases.

The users are configured with passwords, which are not automatically saved during the initial setup.

pgAdmin Server Configuration

All connections in pgAdmin are preconfigured as _owner_user (see next section).

4.2. Retrieving database credentials

pgAdmin comes pre-configured, i.e., all known databases are automatically added during platform deployment. The passwords for accessing these databases must be provided by the platform's central admin. Passwords can be retrieved using a kubectl command.

The following example assumes that you have installed the central database for all components in the namespace ccp-database-stack.

First, list the existing secrets on the namespace with the following command.

kubectl -n <namespace> get secrets

Example:

kubectl -n ccp-database-stack get secrets

NAME                                                                               TYPE     DATA   AGE
frost-owner-user.central-db.credentials.postgresql.acid.zalan.do                   Opaque   2      46h
frost-reader-user.central-db.credentials.postgresql.acid.zalan.do                  Opaque   2      46h
frost-writer-user.central-db.credentials.postgresql.acid.zalan.do                  Opaque   2      46h
geodata-owner-user.central-db.credentials.postgresql.acid.zalan.do                 Opaque   2      46h
geodata-reader-user.central-db.credentials.postgresql.acid.zalan.do                Opaque   2      46h
geodata-writer-user.central-db.credentials.postgresql.acid.zalan.do                Opaque   2      46h
keycloak-owner-user.central-db.credentials.postgresql.acid.zalan.do                Opaque   2      46h
keycloak-reader-user.central-db.credentials.postgresql.acid.zalan.do               Opaque   2      46h
keycloak-writer-user.central-db.credentials.postgresql.acid.zalan.do               Opaque   2      46h
postgres.central-db.credentials.postgresql.acid.zalan.do                           Opaque   2      46h
quantumleap-owner-user.central-db.credentials.postgresql.acid.zalan.do             Opaque   2      46h
quantumleap-reader-user.central-db.credentials.postgresql.acid.zalan.do            Opaque   2      46h
quantumleap-writer-user.central-db.credentials.postgresql.acid.zalan.do            Opaque   2      46h
standby.central-db.credentials.postgresql.acid.zalan.do                            Opaque   2      46h
stellio-search-owner-user.central-db.credentials.postgresql.acid.zalan.do          Opaque   2      46h
stellio-search-reader-user.central-db.credentials.postgresql.acid.zalan.do         Opaque   2      46h
stellio-search-writer-user.central-db.credentials.postgresql.acid.zalan.do         Opaque   2      46h
stellio-subscription-owner-user.central-db.credentials.postgresql.acid.zalan.do    Opaque   2      46h
stellio-subscription-reader-user.central-db.credentials.postgresql.acid.zalan.do   Opaque   2      46h
stellio-subscription-writer-user.central-db.credentials.postgresql.acid.zalan.do   Opaque   2      46h
superset-owner-user.central-db.credentials.postgresql.acid.zalan.do                Opaque   2      46h
superset-reader-user.central-db.credentials.postgresql.acid.zalan.do               Opaque   2      46h
superset-upload-owner-user.central-db.credentials.postgresql.acid.zalan.do         Opaque   2      46h
superset-upload-reader-user.central-db.credentials.postgresql.acid.zalan.do        Opaque   2      46h
superset-upload-writer-user.central-db.credentials.postgresql.acid.zalan.do        Opaque   2      46h
superset-writer-user.central-db.credentials.postgresql.acid.zalan.do               Opaque   2      46h

The postgres operator creates three users per database. The usernames start with the respective database names.

  • <database>_reader_user
  • <database>_writer_user
  • <database>_owner_user

For example, database keycloak has the following three users assigned, with read, write and owner rights on the full database:

  • keycloak-owner-user
  • keycloak-reader-user
  • keycloak-writer-user

To get a username or password for one secret the following two commands can be used:

Username:

kubectl -n <namespace> get secrets/<secret-name>  --template={{.data.username}} | base64 -D

Example:

kubectl -n ccp-database-stack get secrets/keycloak-writer-user.central-db.credentials.postgresql.acid.zalan.do  --template={{.data.username}} | base64 -D
keycloak_writer_user

This prints the decoded value of the secret.

Same for the passwords:

kubectl -n <namespace> get secrets/<secret-name>  --template={{.data.password}} | base64 -D

Example:

kubectl -n ccp-database-stack get secrets/keycloak-writer-user.central-db.credentials.postgresql.acid.zalan.do  --template={{.data.password}} | base64 -D
hrIRc9cLzxzWt3LMthwQdeAFdhutn77kUNiUziw7A57qsg3NvAPjTeqOdx2Ds2bC

Both values can then be used to connect to the respective database.