Operations¶
Operational guides for running DB Provision Operator in production.
Overview¶
This section covers:
- Admin Account Setup - Set up least-privilege database admin accounts
- Migrations - Version upgrade migrations (
dbctl migrate) - Monitoring - Prometheus metrics, Grafana dashboards, alerting
- Events - Event reference and alerting integration
- Troubleshooting - Common issues and solutions
Operational Tasks¶
Checking Status¶
# All resources across namespaces
kubectl get databaseinstances,databases,databaseusers,databaseroles,databasegrants -A
# Specific namespace
kubectl get all -l app.kubernetes.io/managed-by=db-provision-operator -n myapp
# Detailed status
kubectl describe databaseinstance postgres-primary
Health Verification¶
# Check operator health
kubectl get pods -n db-provision-operator-system
# Check operator logs
kubectl logs -n db-provision-operator-system deployment/db-provision-operator -f
# Check specific resource events
kubectl get events --field-selector involvedObject.name=myapp-database
Credential Management¶
# Get generated credentials
kubectl get secret myapp-user-credentials -o jsonpath='{.data.password}' | base64 -d
# Rotate password (delete secret, operator regenerates)
kubectl delete secret myapp-user-credentials
# Or use annotation
kubectl annotate databaseuser myapp-user dbops.dbprovision.io/rotate-password=true
Backup Operations¶
# List backups
kubectl get databasebackups
# Check backup status
kubectl describe databasebackup myapp-backup
# Trigger manual backup from schedule
kubectl create job --from=cronjob/myapp-backup-schedule manual-backup-$(date +%s)
# List scheduled backups
kubectl get databasebackupschedules
Restore Operations¶
# Create restore
kubectl apply -f restore.yaml
# Monitor restore progress
kubectl get databaserestore myapp-restore -w
# Check restore logs
kubectl logs job/myapp-restore-job
Resource Lifecycle¶
Creation Order¶
For new deployments, create resources in this order:
- Secrets (admin credentials)
- DatabaseInstance
- Database
- DatabaseRole (optional)
- DatabaseUser
- DatabaseGrant
- DatabaseBackupSchedule (optional)
Deletion Order¶
For cleanup, delete in reverse order:
- DatabaseBackupSchedule
- DatabaseGrant
- DatabaseUser
- DatabaseRole
- Database
- DatabaseInstance
- Secrets
Finalizers¶
Resources use finalizers to ensure cleanup:
# Check finalizers
kubectl get database myapp -o jsonpath='{.metadata.finalizers}'
# Force delete (use with caution!)
kubectl patch database myapp -p '{"metadata":{"finalizers":null}}' --type=merge
Scaling¶
Operator Scaling¶
# Increase replicas for HA
apiVersion: apps/v1
kind: Deployment
metadata:
name: db-provision-operator
spec:
replicas: 3
Concurrent Reconciliation¶
Configure via Helm values:
Upgrades¶
Operator Upgrade¶
# Helm upgrade
helm upgrade db-provision-operator db-provision/db-provision-operator \
--namespace db-provision-operator-system \
--version X.Y.Z
# Verify upgrade
kubectl rollout status deployment/db-provision-operator -n db-provision-operator-system
CRD Upgrade¶
CRDs are upgraded automatically with Helm. For manual upgrade:
kubectl apply -f https://github.com/panteparak/db-provision-operator/releases/latest/download/crds.yaml
Maintenance Windows¶
Planned Maintenance¶
-
Scale down operator:
-
Perform maintenance
-
Scale up operator:
Emergency Procedures¶
Pause all reconciliation:
Resume:
Disaster Recovery¶
Backup Strategy¶
- Database backups - Managed by DatabaseBackupSchedule
- Kubernetes resources - Export CRDs for recovery
- Secrets - Backup encryption keys separately
Export Resources¶
# Export all DB Provision resources
kubectl get databaseinstances,databases,databaseusers,databaseroles,databasegrants,databasebackups,databasebackupschedules \
-A -o yaml > db-provision-backup.yaml
Recovery Steps¶
- Deploy operator
- Apply Secrets
- Apply DatabaseInstance (wait for Ready)
- Apply remaining resources
- Restore from DatabaseBackup if needed
Next Steps¶
- Monitoring - Set up monitoring and alerting
- Troubleshooting - Solve common problems