Skip to main content

Overview

The backend uses two PostgreSQL databases: dashboard_auth for authentication/session data and cobi_core for core application data. Set both connection strings in the backend Secret: 
DATABASE_URL=postgres://<user>:<password>@<host>:5432/dashboard_auth?schema=public
CORE_DATABASE_URL=postgres://<user>:<password>@<host>:5432/cobi_core?schema=public
Choose one of the two setup options below.

Option A — In-cluster PostgreSQL (Bitnami subchart)

The chart bundles the Bitnami PostgreSQL subchart. Enable it and the chart creates a StatefulSet with a PersistentVolumeClaim.

Helm values

postgresql:
  enabled: true
  image:
    tag: "16"
  auth:
    username: postgres
    password: "<strong-password>"
    database: dashboard_auth
  primary:
    initdb:
      scripts:
        create-core-db.sql: |
          CREATE DATABASE cobi_core;
    resources:
      requests:
        cpu: 250m
        memory: 512Mi
      limits:
        cpu: "1"
        memory: 2Gi
    persistence:
      enabled: true
      storageClass: ""    # use cluster default; set to "local-path" for on-prem
      size: 10Gi

Internal service address

Once deployed, PostgreSQL is reachable within the namespace at: 
<release-name>-postgresql:5432

Backend connection string

--from-literal=DATABASE_URL="postgres://postgres:<password>@cobi-dashboard-postgresql:5432/dashboard_auth?schema=public" \
--from-literal=CORE_DATABASE_URL="postgres://postgres:<password>@cobi-dashboard-postgresql:5432/cobi_core?schema=public"

On-premises StorageClass

postgresql:
  primary:
    persistence:
      storageClass: "local-path"
      size: 20Gi

Option B — External / standalone PostgreSQL

Use this option when you have an existing PostgreSQL instance (on-prem server, managed service, etc.).

Disable the subchart

postgresql:
  enabled: false

Create the database

CREATE DATABASE dashboard_auth;
CREATE DATABASE cobi_core;
GRANT ALL PRIVILEGES ON DATABASE dashboard_auth TO <username>;
GRANT ALL PRIVILEGES ON DATABASE cobi_core TO <username>;

Set the backend connection string

kubectl create secret generic cobi-backend-secrets \
  --namespace cobi \
  --from-literal=DATABASE_URL="postgres://<user>:<password>@<pg-host>:<port>/dashboard_auth?schema=public" \
  --from-literal=CORE_DATABASE_URL="postgres://<user>:<password>@<pg-host>:<port>/cobi_core?schema=public" \
  # ... other variables

Connection string formats

ScenarioExample
On-prem server (no TLS)postgres://cobi:[email protected]:5432/dashboard_auth?schema=public
On-prem server (TLS)postgres://cobi:[email protected]:5432/dashboard_auth?schema=public&sslmode=require
External managed servicepostgres://cobi:[email protected]:5432/dashboard_auth?schema=public&sslmode=require

SSL mode options

sslmodeWhen to use
disableInternal cluster traffic with no TLS requirement
requireEnforce TLS, skip certificate verification
verify-fullFull CA verification — compliance or internet-facing connections

Connecting to an external database from inside the cluster

ExternalName Service (DNS alias): 
apiVersion: v1
kind: Service
metadata:
  name: postgres-external
  namespace: cobi
spec:
  type: ExternalName
  externalName: db.internal.example.com
Use postgres-external:5432 as the host in the connection string. Endpoints object (IP-based): 
apiVersion: v1
kind: Service
metadata:
  name: postgres-external
  namespace: cobi
spec:
  ports:
    - port: 5432
---
apiVersion: v1
kind: Endpoints
metadata:
  name: postgres-external
  namespace: cobi
subsets:
  - addresses:
      - ip: 192.168.1.50
    ports:
      - port: 5432

Verify the Connection

kubectl logs -n cobi deploy/cobi-dashboard-backend | grep -i "database\|migration\|postgres"
A successful startup shows migration completion logs and no ECONNREFUSED errors.