Backups of PostgreSQL

The Che server uses a PostgreSQL database for persisting data about the state of Che. The database contains information about user accounts, workspaces, preferences, and other details.

External PostgreSQL setup

By default, the Che Operator creates and manages deployment of the internal PostgreSQL database. However, the Che Operator does not support full lifecycle capabilities such as backups and recovery.

A business-critical setup must use an external PostgreSQL database that is configured:

  • for High Availability (HA) and Point In Time Recovery (PITR)

  • on-premises or using a cloud service such as Amazon Relational Database Service (Amazon RDS)

For example, Amazon RDS enables deployment of production databases in a Multi-Availability Zone configuration for a resilient disaster recovery strategy with daily and on-demand snapshots.

An example configuration is as follows:

Parameter Value

Instance class

db.t2.small

vCPU

1

RAM

2 GB

Multi-az

true, 2 replicas

Engine version

9.6.11

TLS

enabled

Automated backups

enabled (30 days)

You can make workspace metadata and user information persistent by configuring the external PostgreSQL database and configuring Che to use the configured external PostgreSQL database:

Configuring the external PostgreSQL

To make workspace metadata and user information persistent, configure an external PostgreSQL database as follows:

Procedure
  1. Define the values of the following placeholders:

    <database-user>

    Che server database user name

    <database-password>

    Che server database password

    <database>

    Che server database name

  2. Use the following SQL script to create a user and database for the Che server to make workspace metadata persistent:

    CREATE USER <database-user> WITH PASSWORD '<database-password>'
    CREATE DATABASE <database>
    GRANT ALL PRIVILEGES ON DATABASE <database> TO <database-user>
    ALTER USER <database-user> WITH SUPERUSER
  3. Define the value of the following placeholder:

    <identity-database-password>

    Keycloak database password

  4. Use the following SQL script to create a database for the Keycloak back end to make user information persistent:

    CREATE USER keycloak WITH PASSWORD '<identity-database-password>'
    CREATE DATABASE keycloak
    GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak

Configuring Che to work with the external PostgreSQL

To make workspace metadata and user information persistent, you must configure Che to work with the configured external PostgreSQL database.

Prerequisites
Procedure
  1. Create a namespace for Che:

    $ kubectl create namespace eclipse-che
  2. Create a Secret to store Che server database credentials:

    $ kubectl create secret generic <server-database-credentials> \ (1)
    --from-literal=user=<database-user> \ (2)
    --from-literal=password=<database-password> \ (3)
    -n eclipse-che
    1 Secret name to store Che server database credentials
    2 Che server database username
    3 Che server database password
  3. Create a Secret to store Keycloak database credentials:

    $ kubectl create secret generic <identity-database-credentials> \ (1)
    --from-literal=password=<identity-database-password> \ (2)
    -n eclipse-che
    1 Secret name to store Keycloak database credentials
    2 Keycloak database password
  4. Deploy Eclipse Che by executing the chectl command and applying a patch. For example:

    $ chectl server:deploy --che-operator-cr-patch-yaml=patch.yaml ...
  5. Ensure that patch.yaml contains the following lines to make the Operator skip the deployment of a database and pass connection details of an existing database to a Che server:

    spec:
      database:
        externalDb: true
        chePostgresHostName: <hostname> (1)
        chePostgresPort: <port> (2)
        chePostgresSecret: <server-database-credentials> (3)
        chePostgresDb: <database> (4)
    spec:
      auth:
        identityProviderPostgresSecret: <identity-database-credentials> (5)
    1 External database hostname
    2 External database port
    3 Secret name with Che server database credentials
    4 Che server database name
    5 Secret name with Keycloak database credentials