Product Documentation

Appearance

EE: All cloud platforms

Multi-Instance Configuration

After installation, Yellowbrick Manager supports provisioning and managing additional instances. When working with multi-instance deployments, it can be helpful to automatically configure them in a consistent manner.

Yellowbrick Operator supports automatic execution of a custom initialization script for each instance in order to centralize certain policies, for example making sure auto-suspend is automatically set, or that single sign-on is configured consistently across instances.

The Operator makes sure that the initialization script is run once, when an instance is provisioned. It is deployed as a shell script inside a Kubernetes ConfigMap. The script can run SQL statements or invoke other provisioning activities.

Kubernetes ConfigMap

The Kubernetes ConfigMap containing customization script logic must be named yb-operator-custominit-config and be placed in the namespace that you installed Yellowbrick Operator. A simple example appears below:

yaml
kind: ConfigMap
metadata:
  name: yb-operator-custominit-config
apiVersion: v1
data:
  inst-setup.sh: |
    echo "Hello, world"

Save this content to a file custom-init-configmap.yaml and apply it using kubernetes kubectl:

txt
% kubectl -n ${NAMESPACE} apply -f custom-init-configmap.yaml

To see the echo output for the script, look at the pod logs for the ybinst-pg container using kubectl.

Example: Auto-Suspend Policy

This example sets up a common policy for new instances that cause them to auto-suspend when not in use for an hour.

yaml
kind: ConfigMap
metadata:
  name: yb-operator-custominit-config
apiVersion: v1
data:
  inst-setup.sh: |
    # Do the sql initialization
    cat <<EOF | ybsql yellowbrick

    -- Setup instance idle time.
    ALTER SYSTEM SET ybd_instance_idle_time to 3600;
    SELECT pg_reload_conf();

    EOF
    rc=$?
    if [ "$rc" != "0" ]; then
      echo "Setup failed"
      exit 1
    fi

Example: Single Sign-On Policy

When setting up a common identity provider, it is a best-practice to also setup the identity provider EXTERNAL AUTHENTICATION object for new instances so they participate in Single Sign-On. This example runs a SQL statement to configure accordingly:

yaml
kind: ConfigMap
metadata:
  name: yb-operator-custominit-config
apiVersion: v1
data:
  inst-setup.sh: |
    # Do the sql initialization
    cat <<EOF | ybsql yellowbrick

    -- Add our external authentication customization.
    DROP EXTERNAL AUTHENTICATION IF EXISTS ad;
    CREATE EXTERNAL AUTHENTICATION ad
      issuer 'https://sts.windows.net/{{TENANT_ID}}/'
      user_mapping_claim 'upn'
      grant ('consumer')
      audience ('{{CILENT_ID}}')
      auto_create
      enabled;

    EOF
    rc=$?
    if [ "$rc" != "0" ]; then
      echo "Setup failed"
      exit 1
    fi

Note to replace the TENANT_ID and CLIENT_ID variables if using Microsoft Entra (formerly Azure AD). See Single Sign-On for more information.