Skip to content

postgres command

The postgres command can be used to connect to a cloudsql postgres database with your personal user. It includes subcommands for granting personal access to an instance, setting up a cloudsql proxy, and connecting to the database using a psql shell.

Warning

Run the following command first before running any of the other commands:

gcloud auth login --update-adc

prepare

Prepare will prepare the postgres instance by connecting using the application credentials and modify the permissions on the public schema. All IAM users in your GCP project will be able to connect to the instance.

This operation is only required to run once for each postgresql instance.

nais postgres prepare appname
Argument Required Description
appname Yes Name of application owning the database
Flag Required Short Default Description
namespace No -n namespace set in kubeconfig Kubernetes namespace where app is deployed
cluster No -c context set in kubeconfig Kubernetes context where app is deployed
all-privs No false If true ALL is granted, else only SELECT is granted

grant

Grant yourself access to a Postgres database.

This is done by temporarily adding your user to the list of users that can administrate Cloud SQL instances and creating a database user with your email.

This operation is only required to run once for each postgresql database.

nais postgres grant appname
Argument Required Description
appname Yes Name of application owning the database
Flag Required Short Default Description
namespace No -n namespace set in kubeconfig Kubernetes namespace where app is deployed
cluster No -c context set in kubeconfig Kubernetes context where app is deployed

proxy

Update IAM policies by giving your user a timed sql.cloudsql.instanceUser role, then start a proxy to the instance.

nais postgres proxy appname
Argument Required Description
appname Yes Name of application owning the database
Flag Required Short Default Description
namespace No -n namespace set in kubeconfig Kubernetes namespace where app is deployed
cluster No -c context set in kubeconfig Kubernetes context where app is deployed
port No -p 5432 Local port for cloudsql proxy to listen on
host No -H localhost Host for the proxy

Note When using proxy to connect to the database, the auth method is username and password. The username is your full Google account email: e.g. ola.bruker@nais.io, and password is blank.

psql

Create a shell to the postgres instance by opening a proxy on a random port (see the proxy command for more info) and opening a psql shell.

nais postgres psql appname
Argument Required Description
appname Yes Name of application owning the database
Flag Required Short Default Description
namespace No -n namespace set in kubeconfig Kubernetes namespace where app is deployed
cluster No -c context set in kubeconfig Kubernetes context where app is deployed
verbose No -V false Verbose will print proxy log

users add

Adds a user to the database. By default the user is granted select privileges to the database public schema. The privilege level can be altered with the --privilege flag.

nais postgres users add username password appname
Argument Required Description
username Yes Name of the new database user
password Yes Password for the new database user
appname Yes Name of application owning the database
Flag Required Short Default Description
namespace No -n namespace set in kubeconfig Kubernetes namespace where app is deployed
cluster No -c context set in kubeconfig Kubernetes context where app is deployed
privilege No select The privilege level the user is granted

users list

Lists all users in a database.

nais postgres users list appname
Argument Required Description
appname Yes Name of application owning the database
Flag Required Short Default Description
namespace No -n namespace set in kubeconfig Kubernetes namespace where app is deployed
cluster No -c context set in kubeconfig Kubernetes context where app is deployed

Last update: 2023-05-31
Created: 2022-01-31