| contentTags | ||||
|---|---|---|---|---|
|
This page describes how to configure external services for use with either a new CircleCI server v4.4 installation or migrating internal PostgreSQL and MongoDB data from existing CircleCI server v4.4 installation to your externalized datastores.
|
Note
|
Your externalized PostgreSQL instance needs to be version 12.1 or higher. |
Consider running at least two PostgreSQL replicas to allow recovery from primary failure and for backups. The table below shows the recommended specifications for PostgreSQL machines:
| # of Daily Active Users | # of PostgreSQL Replicas | CPU | RAM | Disk | NIC Speed |
|---|---|---|---|---|---|
<50 |
2 |
8 Cores |
16 GB |
100 GB |
1 Gbps |
50 - 250 |
2 |
8 Cores |
16 GB |
200 GB |
1 Gbps |
250 - 1000 |
3 |
8 Cores |
32 GB |
500 GB |
10 Gbps |
1000 - 5000 |
3 |
8 Cores |
32 GB |
1 TB |
10 Gbps |
5000+ |
3 |
8 Cores |
32 GB |
1 TB |
10 Gbps |
{% include snippets/server/migrate-internal-postgres-to-external.adoc %}
Once you have set up your external PostgreSQL instance, add the following to your values.yaml file so that your CircleCI server instance can access it.
postgresql:
internal: false
postgresqlHost: <domain> # The domain or IP address of your PostgreSQL instance
postgresqlPort: <port> # The port of your PostgreSQL instance|
Note
|
postgresql.internal: false will remove any previously deployed PostgreSQL instance deployed internally
|
Create the secret and then add the following values to values.yaml:
kubectl create secret generic postgresql \
--from-literal=postgres-password=<postgres-password>postgresql:
...
auth:
username: <username>
existingSecret: postgresqlAdd the following to
the values.yaml file. CircleCI will create the secret automatically:
postgresql:
...
auth:
username: <username> # A user with the appropriate privileges to access your PostgreSQL instance.
password: <password> # The password of the user account used to access your PostgreSQL instance.The changes will take effect upon running helm install/upgrade. If you are completing a migration to an externalized PostgreSQL instance then when you perform helm upgrade, the scaled down pods will be scaled back to their replica numbers as defined by your values.yaml.
PostgreSQL provides official documentation for backing up and restoring your PostgreSQL 12 install, which can be found here.
We strongly recommend the following:
-
Take daily backups
-
Keep at least 30 days of backups
-
Use encrypted storage for backups as databases might contain sensitive information
-
Perform a backup before each upgrade of CircleCI server
|
Note
|
If using your own MongoDB instance, it needs to be version 3.6 or higher. |
{% include snippets/server/migrate-internal-mongo-to-external.adoc %}
Once you have configured your external MongoDB instance, add the following to your values.yaml file to connect your CircleCI server instance.
mongodb:
internal: false
hosts: <hostname:port> # this can be a comma-separated list of multiple hosts for sharded instances
ssl: <ssl-enabled>
# If using an SSL connection with custom CA or self-signed certs, set this
# to true
tlsInsecure: false
# Any other options you'd like to append to the MongoDB connection string.
# Format as query string (key=value pairs, separated by &, special characters
# need to be URL encoded)
options: <additional-options>
auth:
database: <authentication-source-database
mechanism: SCRAM-SHA-1Create the secret and then add the following values to values.yaml:
kubectl create secret generic mongodb \
--from-literal=mongodb-root-password=<root-password> \
--from-literal=mongodb-password=dontmattermongodb:
...
auth:
...
username: <username>
existingSecret: mongodbAdd the following to
the values.yaml file. CircleCI will create the secret automatically:
mongodb:
...
auth:
...
username: <username>
rootPassword: <root-password>
password: <password>The changes will take effect upon running helm install/upgrade. If you are completing a migration to an externalized MongoDB instance then when you perform helm upgrade, the scaled down pods will be scaled back to their replica numbers as defined by your values.yaml.