⚙️Configure an external database
If you are hosting your database elsewhere, you can configure the Toucan Helm Stack to connect to it. However, some database migrations must be executed manually.
2
Create the users and databases
Open your database client and run the following commands:
CREATE USER toucan WITH PASSWORD '<password>';
-- Curity (Authentication Service)
CREATE DATABASE curity;
GRANT ALL PRIVILEGES ON DATABASE curity TO toucan;
-- Dataset
CREATE DATABASE dataset;
-- (optional) Create a schema for the dataset
CREATE SCHEMA dataset;
GRANT ALL PRIVILEGES ON DATABASE dataset TO toucan;
-- Layout
CREATE DATABASE layout;
CREATE SCHEMA layout;
CREATE SCHEMA workspace;
GRANT ALL PRIVILEGES ON DATABASE layout TO toucan;
-- SpiceDB
CREATE DATABASE spicedb;
GRANT ALL PRIVILEGES ON DATABASE spicedb TO toucan;
-- Vault
CREATE DATABASE vault;
GRANT ALL PRIVILEGES ON DATABASE vault TO toucan;
3
Execute manual migrations
Curity
Download Curity from their developer portal and run the migration in the idsvr/etc/postgres-create_database.sql
directory.
DO NOT run the one stored at idsvr/etc/postgres-create_database.sql
.
Vault
Execute the migrations shown in their documentation.
4
5
Configure the database connection
For the example, we assume the database is hosted at postgresql.example.com
, with the default port 5432
, set these parameters in your values file:
layout:
config:
database_postgres:
url: 'postgresql://toucan:[[ getenv "LAYOUT_POSTGRESQL_PASSWORD" ]]@postgresql.example.com:5432/layout?schema=layout'
url_admin: 'postgresql://toucan:[[ getenv "LAYOUT_POSTGRESQL_PASSWORD" ]]@postgresql.example.com:5432/layout?schema=layout'
specific:
workspace_database_postgres:
url: 'postgresql://toucan:[[ getenv "LAYOUT_POSTGRESQL_PASSWORD" ]]@postgresql.example.com:5432/layout?schema=workspace'
url_admin: 'postgresql://toucan:[[ getenv "LAYOUT_POSTGRESQL_PASSWORD" ]]@postgresql.example.com:5432/layout?schema=workspace'
initconfig:
secrets:
LAYOUT_POSTGRESQL_PASSWORD:
name: toucan-postgresql
key: postgresql-password
dataset:
config:
schema: dataset
url: 'postgresql://toucan:[[ getenv "DATASET_POSTGRESQL_PASSWORD" ]]@postgresql.example.com:5432/dataset'
url_admin: 'postgresql://toucan:[[ getenv "DATASET_POSTGRESQL_PASSWORD" ]]@postgresql.example.com:5432/dataset'
initconfig:
secrets:
DATASET_POSTGRESQL_PASSWORD:
name: toucan-postgresql
key: postgresql-password
spicedb:
config:
datastore:
uri: 'postgresql://toucan:$(PG_PASSWORD)@postgresql.example.com:5432/spicedb'
# For the init container to run migrations
migration:
extraEnvVars:
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: toucan-postgresql
key: postgresql-password
# For the main container
extraEnvVars:
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: toucan-postgresql
key: postgresql-password
vault:
toucanEnvVars:
- name: ADMIN_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: '{{- include "toucan-stack.curity.oauth2.secretName" . -}}'
key: curity-toucan-admin-management-client-secret
- name: MICRO_SERVICE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: '{{- include "toucan-stack.curity.oauth2.secretName" . -}}'
key: curity-toucan-micro-service-client-secret
- name: TOUCAN_VAULT_TOKEN
valueFrom:
secretKeyRef:
name: '{{- include "toucan-stack.vault.oauthapp.secretName" . -}}'
key: vault-token
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: 'toucan-postgresql'
key: 'postgresql-password'
- name: VAULT_PG_CONNECTION_URL
value: 'postgresql://toucan:$(PG_PASSWORD)@postgresql.example.com:5432/vault'
curity:
config:
dataSrouce:
connectionString: 'jdbc:postgresql://postgresql.example.com:5432/curity'
username: toucan
password:
secretName: toucan-postgresql
secretKey: postgresql-password
Last updated
Was this helpful?