postgres command ¶

The postgres command can be used to connect to a cloudsql postgres database with your personal user It includes subcommands for granting personal access to an instance, setting up a cloudsql proxy, and connecting to the database using a psql shell.

All commands have the following common flags available:

Note all flags has to appear before arguments (otherwise the flags will be interpreted as arguments). So the common flags for Postgres needs to be positioned after nais postgres <cmd>, but before arguments:

OK ✅:

nais postgres prepare --context dev-gcp --namespace dreamteam appname

Not OK ❌:

nais postgres prepare appname --context dev-gcp --namespace dreamteam

gcloud auth login --update-adc

prepare ¶

Prepare will prepare the postgres instance by connecting using the application credentials and by default modify the permissions on the public schema. All IAM users in your GCP project will be able to connect to the instance.

This operation is only required to run once for each postgresql instance and schema.

nais postgres prepare appname

revoke ¶

Revokes the privileges given to the role cloudsqliamuser in the given schema (default public). Does not remove access for users to log in to the database or the roles/cloudsql.admin given to the user in GCP console.

This operation is only required to run once for each postgresql instance.

nais postgres revoke appname

grant ¶

Grant yourself access to a Postgres database.

This is done by temporarily adding your user to the list of users that can administrate Cloud SQL instances and creating a database user with your email.

This operation is only required to run once for each postgresql database.

nais postgres grant appname

proxy ¶

Update IAM policies by giving your user a timed sql.cloudsql.instanceUser role, then start a proxy to the instance.

nais postgres proxy appname

Note When using proxy to connect to the database, the auth method is username and password. The username is your full Google account email: e.g. ola.bruker@nais.io, and password is blank.

psql ¶

Create a shell to the postgres instance by opening a proxy on a random port (see the proxy command for more info) and opening a psql shell.

nais postgres psql appname

users add ¶

Adds a user to the database By default the user is granted select privileges to the database public schema The privilege level can be altered with the --privilege flag.

nais postgres users add appname username password

users get ¶

Get all users in a database.

nais postgres users get appname

password rotate ¶

Rotate the Postgres database password, both in GCP and in the Kubernetes secret.

nais postgres password rotate appname

migrate ¶

Commands used for migrating to a new postgres instance.

See also Migrating to a new SQLInstance

All the migrate subcommands require the following arguments:

migrate setup ¶

Setup will create a new (target) instance with updated configuration, and enable continuous replication of data from the source instance.

nais postgres migrate setup appname new-instance-name

Setup supports the following optional flags:

These flags must be specified before arguments, e.g:

nais postgres migrate setup --tier $TIER --type $TYPE --disk-size $DISK_SIZE appname new-instance-name

migrate promote ¶

Promote will promote the target instance to the new primary instance, and update the application to use the new instance.

nais postgres migrate promote appname new-instance-name

migrate finalize ¶

Finalize will remove the source instance and associated resources after a successful migration.

nais postgres migrate finalize appname new-instance-name

migrate rollback ¶

Rollback will roll back the migration, and restore the application to use the original instance.

nais postgres migrate rollback appname new-instance-name