$ kubectl get statefulset,pod -n {RELEASE_NAME} -l name={RELEASE_NAME}-database
NAME READY AGE
statefulset.apps/{RELEASE_NAME}-database 1/1 139d
NAME READY STATUS RESTARTS AGE
pod/{RELEASE_NAME}-database-0 1/1 Running 0 139d
Database
Default Database
To allow customers to install SD Elements in as few steps as possible, the Helm chart comes bundled with a database service that is enabled by default. On installation, the chart will provision an in-cluster Postgres service as a StatefulSet along with additional Kubernetes resources needed for storing configurations, credentials, and data
Supply the following values when deploying SD Elements to configure the default database service.
postgresql:
auth:
username: {PG_USER}
password: {PASSWORD}
(Optional) Enabling TLS
Autogenerated TLS Certificate
To enable TLS on the default database, supply the following values to auto generate a self-signed certificate.
postgresql:
tls:
enabled: true
autoGenerated: true
A Kubernetes TLS secret is created which contains the tls.crt, tls.key and ca.crt.
$ kubectl get secret {RELEASE_NAME}-database-crt -n {RELEASE_NAME}
NAME TYPE DATA AGE
{RELEASE_NAME}-database-crt kubernetes.io/tls 3 7d20h
After enabling TLS on the default database, see the TLS configuration page to enable TLS communication between the database and other SDE services.
(Optional) Specify a TLS certificate
Alternatively instead of auto generating a Kubenetes TLS secret, the secret can be externally created and referenced by supplying the following values.
Prerequisites:
-
An existing Kubernetes secret containing the TLS certificate
-
The secret is in the same namespace as SD Elements
postgresql:
tls:
enabled: true
certificatesSecret: my-tls-secret
certFilename: tls.crt
certKeyFilename: tls.key
certCAFilename: ca.crt
After enabling TLS on the default database, see the TLS configuration page to require TLS communication between the database and other SDE services.
Customer Managed Databases
Optionally, SD Elements can be configured to a database provisioned and managed external to the Helm chart (e.g. an Amazon RDS for PostgreSQL instance).
Supply the following values when deploying SD Elements to use a customer-managed instance.
postgresql:
enabled: false
external-database:
host: {DB_HOSTNAME}
user: {PG_USER}
password: {PASSWORD}
Prerequisites
-
An existing PostgreSQL instance
-
PostgreSQL version is compatible with the version of SD Elements being installed
-
The
citext
andpgvector
PostgreSQL extensions have been installed. See documentation for the managed PostgreSQL service for instructions on using PostgreSQL extensions with Amazon RDS for PostgreSQL. -
If TLS is enabled, see the TLS configuration page to require TLS communication between the database and other SDE services.