Charmed PostgreSQL
- Canonical
- Databases
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 591 | 10 Apr 2025 | |
| latest/stable | 239 | 09 Feb 2022 | |
| latest/stable | 226 | 01 Apr 2021 | |
| 14/stable | 553 | 04 Feb 2025 | |
| 14/stable | 552 | 04 Feb 2025 | |
| 14/candidate | 593 | 16 Apr 2025 | |
| 14/candidate | 592 | 16 Apr 2025 | |
| 14/beta | 605 | 27 Apr 2025 | |
| 14/beta | 606 | 27 Apr 2025 | |
| 14/edge | 741 | 06 May 2025 | |
| 14/edge | 740 | 06 May 2025 | |
| 16/candidate | 610 | 25 Apr 2025 | |
| 16/candidate | 609 | 25 Apr 2025 | |
| 16/beta | 610 | 24 Apr 2025 | |
| 16/beta | 609 | 24 Apr 2025 | |
| 16/edge | 758 | 07 May 2025 | |
| 16/edge | 757 | 07 May 2025 |
juju deploy postgresql --channel 14/stable
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
How to enable LDAP authentication
LDAP (Lightweight Directory Access Protocol) enables centralized authentication for PostgreSQL clusters, reducing the overhead of managing local credentials and access policies.
This guide goes over the steps to integrate LDAP as an authentication method with the PostgreSQL charm, all within the Juju ecosystem.
Prerequisites
- Charmed PostgreSQL channel
14/edgeor16/edge(revision600or higher) - Juju
v3.6or higher
Deploy an LDAP server in a K8s environment
Disclaimer: In this guide, we use self-signed certificates provided by the self-signed-certificates operator.
This is not recommended for a production environment.
For production environments, check the collection of Charmhub operators that implement the tls-certificate interface, and choose the most suitable for your use-case.
Switch to the Kubernetes controller:
juju switch <k8s_controller>
Deploy the GLAuth charm:
juju add-model glauth
juju deploy self-signed-certificates
juju deploy postgresql-k8s --channel 14/stable --trust
juju deploy glauth-k8s --channel edge --trust
Integrate (formerly known as “relate”) the three applications:
juju integrate glauth-k8s:certificates self-signed-certificates
juju integrate glauth-k8s:pg-database postgresql-k8s
Deploy the GLAuth-utils charm, in order to manage LDAP users:
juju deploy glauth-utils --channel edge --trust
Integrate (formerly known as “relate”) the two applications:
juju integrate glauth-k8s glauth-utils
Expose cross-controller URLs
Enable the required micro-k8s plugin:
IPADDR=$(ip -4 -j route get 2.2.2.2 | jq -r '.[] | .prefsrc')
sudo microk8s enable metallb $IPADDR-$IPADDR
Deploy the Traefik charm, in order to expose endpoints from the K8s cluster:
juju deploy traefik-k8s --trust
Integrate (formerly known as “relate”) the two applications:
juju integrate glauth-k8s:ingress traefik-k8s
Expose cross-model relations
To offer the GLAuth interfaces, run:
juju offer glauth-k8s:ldap ldap
juju offer glauth-k8s:send-ca-cert send-ca-cert
Enable LDAP
Switch to the VM controller:
juju switch <lxd_controller>:postgresql
To have LDAP offers consumed:
juju consume <k8s_controller>:admin/glauth.ldap
juju consume <k8s_controller>:admin/glauth.send-ca-cert
To have LDAP authentication enabled, integrate the PostgreSQL charm with the GLAuth charm:
juju integrate postgresql:ldap ldap
juju integrate postgresql:receive-ca-cert send-ca-cert
Map LDAP users to PostgreSQL
To have LDAP users available in PostgreSQL, provide a comma separated list of LDAP groups to already created PostgreSQL authorization groups. To create those groups before hand, refer to the Data Integrator charm page.
juju config postgresql ldap_map="<ldap_group>=<psql_group>"
Disable LDAP
You can disable LDAP removing the following relations:
juju remove-relation postgresql.receive-ca-cert send-ca-cert
juju remove-relation postgresql.ldap ldap