External database setup

The PostgreSQL database is used by the Che server for persisting data about the state of Che. It contains information about user accounts, workspaces, preferences, and other details.

By default, the Che Operator creates and manages the database deployment.

However, the Che Operator does not support full life-cycle capabilities, such as backups and recovery.

For a business-critical setup, configure an external database with the following recommended disaster-recovery options:

  • High Availability (HA)

  • Point In Time Recovery (PITR)

Configure an external PostgreSQL instance on-premises or use a cloud service, such as Amazon Relational Database Service (Amazon RDS). With Amazon RDS, it is possible to deploy production databases in a Multi-Availability Zone configuration for a resilient disaster recovery strategy with daily and on-demand snapshots.

The recommended configuration of the example database is:

Parameter Value

Instance class

db.t2.small

vCPU

1

RAM

2 GB

Multi-az

true, 2 replicas

Engine version

9.6.11

TLS

enabled

Automated backups

enabled (30 days)

Configuring external PostgreSQL

Procedure
  1. Use the following SQL script to create user and database for the Che server to persist workspaces metadata etc:

    CREATE USER <database-user> WITH PASSWORD '<database-password>' (1) (2)
    CREATE DATABASE <database>                                      (3)
    GRANT ALL PRIVILEGES ON DATABASE <database> TO <database-user>
    ALTER USER <database-user> WITH SUPERUSER
    1 Che server database username
    2 Che server database password
    3 Che server database name
  2. Use the following SQL script to create database for Keycloak back end to persist user information:

    CREATE USER keycloak WITH PASSWORD '<identity-database-password>' (1)
    CREATE DATABASE keycloak
    GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak
    1 Keycloak database password

Configuring Che to work with an external PostgreSQL

Prerequisites
  • The kubectl tool is available.

Procedure
  1. Pre-create a namespace for Che:

    $ kubectl create namespace eclipse-che
  2. Create a secret to store Che server database credentials:

    $ kubectl create secret generic <server-database-credentials> \ (1)
    --from-literal=user=<database-user> \                            (2)
    --from-literal=password=<database-password> \                    (3)
    -n eclipse-che
    1 Secret name to store Che server database credentials
    2 Che server database username
    3 Che server database password
  3. Create a secret to store Keycloak database credentials:

    $ kubectl create secret generic <identity-database-credentials> \ (1)
    --from-literal=password=<identity-database-password> \             (2)
    -n eclipse-che
    1 Secret name to store Keycloak database credentials
    2 Keycloak database password
  4. Deploy Eclipse Che by executing the chectl command with applying a patch. For example:

    $ chectl server:deploy --che-operator-cr-patch-yaml=patch.yaml ...

patch.yaml should contain the following to make the Operator skip deploying a database and pass connection details of an existing database to a Che server:

spec:
  database:
    externalDb: true
    chePostgresHostName: <hostname>                     (1)
    chePostgresPort: <port>                             (2)
    chePostgresSecret: <server-database-credentials>    (3)
    chePostgresDb: <database>                           (4)
spec:
  auth:
    identityProviderPostgresSecret: <identity-database-credentials> (5)
1 External database hostname
2 External database port
3 Secret name with Che server database credentials
4 Che server database name
5 Secret name with Keycloak database credentials
Additional resources