Occasionally we need persistent, relational data, when we need longer-term storage than caching, e.g. for collecting orders, storing metrics or other shared data.
Our OpenShift cluster is peered with our "Data VPC", AKA "Virtual Private Cloud". We have Terraform playbooks that manage the use of Amazon RDS to create managed relational databases in the cloud.
If you need a new RDS instance, accessible to either sandbox or main clusters, submit a pull request to our Data VPC Terraform repositories, respectively:
To gain access to Amazon IAM, you can submit a pull request to the Data VPC IAM Terraform repository:
- Any databases storing personal information must go through a security review
- Avoid "database integration" by ensuring that you aren't sharing one database between multiple apps. Instead, front it with a shared microservice that provides a contract for communicating with the database.
- TODO... more!
To access your database to manually load some data you can run a container in OpenShift containing the CLI interface for the database you have provisioned. For example, to run a container containing
psql to access your PostgreSQL instance using the OpenShift web console you can:
- visit the project you wish to deploy into
- click the "Add to Project" dropdown in the top-right corner
- select the "Deploy Image" option
- select the "Image Name" radio button
- supply a Postgres image name from the Red Hat Image Catalog
- click the magnifying glass button to load the image details
- supply a value for the "name" field
- enter a value for the
- you're only making use of the CLI; this password won't be used to control access to the database, it's just necessary that it be set to avoid errors spinning up PostgreSQL
- Click "Deploy"
Podsand find the pod you just deployed
- Click through to see the detail page for the pod
- Select the "Terminal" tab to launch a terminal inside the running pod
- Once the shell spawns, run
psqlto begin your session
Please note: you'll need to create an IAM user to have access to the AWS project where your DB instance was initialized. This is useful for monitoring your database instances via e.g. RDS metrics. This IAM account is not used for access to the database itself. The username/password used for database access is defined in the main or sandbox terraform files. The password you supply in those files is temporary; please contact Delivery to have them replaced with the actual password you will use.
Please see below for more information: