Environment 

Deployment Task 

How do I dynamically allocate a persistent volume with Azure Disk for the Aqua Database for my AKS deployment of the Aqua Server?


Deployment Steps

Step 1: Prerequisites 

  • Ensure that you use the appropriate disk type for your environment. In this example, we are using an Azure Managed Premium disk [0] which is deemed suitable for production workloads.
  • In addition, reference the sizing guide and choose suitable recommendations for your environment.

Step 2: Create a Persistent Volume Claim (PVC)

  • The first step is to create a PVC that will be used to automatically provision storage that is based on a storage class in Azure called managed-premium. [1]
    • Create a Kubernetes manifest that defines a PVC called example-managed-disk:

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

  name: example-managed-disk

  namespace: aqua-security

spec:

  accessModes:

  - ReadWriteOnce

  storageClassName: managed-premium

  resources:

    requests:

      storage: 250Gi

---

  • Save and deploy the manifest. Wait for it to be successfully bounded to the cluster/

$ kubectl create -f example-managed-disk-premium.yaml


Step 3: Modify the Aqua Database manifest in order to utilize the PVC created

  • While using the Aqua Kubernetes deployment guide [2] as a reference, modify the Aqua Database manifest, under the volumes section in the aqua-db configuration. Make changes so that the PVC created in Step 3 can be consumed/
    1. Here is a snippet of the volumes section that should be modified;

      volumes:

        - name: postgres-db

          persistentVolumeClaim:

            claimName: example-managed-disk

  • The next section to modify will be under volumeMounts. Make sure you specify "subPath: postgres" [3];

        volumeMounts:

          - mountPath: /var/lib/postgresql/data

            name: postgres-db

            subPath: postgres

  • Here is the complete version of the modified manifest for the Aqua Database deployment with the PVC and Azure Managed disk;

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

  name: example-managed-disk

  namespace: aqua-security

spec:

  accessModes:

  - ReadWriteOnce

  storageClassName: managed-premium

  resources:

    requests:

      storage: 250Gi

---

apiVersion: v1

kind: Service

metadata:

  name: aqua-db

  namespace: aqua-security

  labels:

    app: aqua-db

spec:

  ports:

    - port: 5432

  selector:

    app: aqua-db

---

apiVersion: apps/v1

kind: Deployment

metadata:

  name: aqua-db

  namespace: aqua-security

spec:

  replicas: 1

  selector:

    matchLabels:

      app: aqua-db

  template:

    metadata:

      labels:

        app: aqua-db

      name: aqua-db

    spec:

      serviceAccount: aqua

      containers:

      - name: aqua-db

        image: registry.aquasec.com/database:4.5

        env:

          - name: POSTGRES_PASSWORD

            valueFrom:

              secretKeyRef:

                name: aqua-db

                key: password

        volumeMounts:

          - mountPath: /var/lib/postgresql/data

            name: postgres-db

            subPath: postgres

        ports:

        - containerPort: 5432

      volumes:

        - name: postgres-db

          persistentVolumeClaim:

            claimName: example-managed-disk

---

Step 4: Deploy the modified Aqua database manifest

Once you are satisfied with the changes made, deploy the Aqua database manifest and ensure that the database is running successfully.

$ kubectl create -f aqua-db-with-managed-disk-premium.yaml

Step 5: Implement best practices

Once deployed, review our security best practices [4] that include ensuring high availability, secure connection, and automated backups for the database.

Related Information