You can provision and configure Postgres through nais.yaml.
When you deploy your application with database config, NAIS will ensure the database exists in a Google Cloud SQL instance with the specified Postgres version, and configure the application with means to connect to it.
{% hint style="tip" %} This feature is only available in GCP clusters. {% endhint %}
Below is an example of the minimal configuration needed. See all configuration options in the nais.yaml reference.
...
kind: Application
metadata:
name: myapp
spec:
gcp:
sqlInstances:
- type: POSTGRES_11
databases:
- name: mydbTo connect your application to the database, use information from the environment variables below.
The prefix NAIS_DATABASE_MYAPP_MYDB is automatically generated from the instance name myapp (defaults to application name) and mydb (from database spec). You can customize these environment variable names by setting .spec.gcp.sqlInstances[].databases[].envVarPrefix. For instance, setting this to DB will give you DB_HOST, DB_USERNAME, etc.
| key | environment variable | default |
|---|---|---|
| hostname | NAIS_DATABASE_MYAPP_MYDB_HOST |
127.0.0.1 |
| port | NAIS_DATABASE_MYAPP_MYDB_PORT |
5432 |
| database name | NAIS_DATABASE_MYAPP_MYDB_DATABASE |
.spec.gcp.sqlInstances[].databases[].name |
| database user | NAIS_DATABASE_MYAPP_MYDB_USERNAME |
.spec.gcp.sqlInstances[].name |
| database password | NAIS_DATABASE_MYAPP_MYDB_PASSWORD |
(randomly generated) |
| database url with credentials | NAIS_DATABASE_MYAPP_MYDB_URL |
postgres://username:[email protected]:5432/mydb |
The application will connect to the database using Cloud SQL Proxy, ensuring that the database communication happens in secure tunnel, authenticated with automatically rotated credentials.
NAIS will add and configure the proxy client container as a sidecar in the pod, making it available on localhost for the application. The application will then connect to the proxy using standard database protocol just as if it was the actual database.
For more detailed information, check out the Cloud SQL Proxy documentation
By default, the database server has 1 vCPU, 614 MB RAM and 10GB of SSD storage with no automatic storage increase. If you need to change the defaults you can do this in nais.yaml.
The database is provisioned into the teams own project in GCP. Here the team has full access to view logs, create and restore backups and other administrative database tasks.
The database is backed up nightly at 3 AM (GMT+1) by default, but can be overridden in nais.yaml by setting spec.gcp.sqlInstances[].autoBackupTime.
The database is not automatically removed when deleting your NAIS application. Remove unused databases to avoid incurring unnecessary costs.
Google will automatically perform upgrades, fix bugs and apply security patches to prevent exploits. Your application should be able to handle occational downtime as this maintenance is performed. Read more on maintenance windows here.
NAIS will automatically configure the maintenance window to 4 AM (GMT+1), but can be overridden in nais.yaml.
If you wish to be notified about upcoming maintenance, you can opt-in for this on the Communications page in the GCP console.
Check the events on the Config Connector resources
$ kubectl describe sqlinstance <myapp>
$ kubectl describe sqldatabase <mydb>
$ kubectl describe sqluser <myapp>
Check the logs of the Cloud SQL Proxy
$ kubectl logs <pod> -c cloudsql-proxy
See max example.