Provisioning a Database
This guide provides the step-by-step process for provisioning a new, secure, and fully managed PostgreSQL database using Infrastream.
The platform is designed to handle all the underlying complexity of database setup, including networking, firewall rules, encryption, and automated backups. You will define the database in one manifest and then grant your application permission to access it in another.
Prerequisites
- You must have an existing
Applicationmanifest to grant access to. - You need to know the identity of your project:
organization,organizational-unit,environment, andproject.
Step 1: Create a New Manifest File for the Database
First, create a new YAML file for your database inside your infrastream-manifests Git repository.
Note on File Location: Unlike legacy systems, the Infrastream Engine does not require manifests to be placed in a specific directory structure. You have the flexibility to organize your repository in the way that best suits your team. The Engine automatically discovers all manifest files and resolves their project identity using the values defined in the metadata block.
A common convention is to group databases within a database subdirectory:
../project/{project-name}/database/{db-name}.yaml
Step 2: Define Your Database manifest
Open your new file and add the following content. This manifest declares your intent to create a new database instance.
apiVersion: lowops.manifests.v1
kind: Database
metadata:
name: accounts-db
# The identity of your project is defined here:
project: login-svc
environment: development
organizational-unit: retail-banking
organization: fincorp
spec:
cpuCount: 4
clusterSize: 1
backupConfig:
enabled: true
Note: The
computedblock for aDatabasemanifest is read-only and should not be defined in your manifest. It will be populated by the platform with output values like the database's internal hostname.
Step 3: Grant Your Application Access to the Database
By default, no application can access your new database. You must explicitly grant access by editing your application's manifest.
Locate your Application manifest file (e.g., ../application/auth-api.yaml). Inside its spec block, add an accessControl section to reference the database.
# In your Application manifest (e.g., auth-api.yaml)
# ... apiVersion, kind, metadata ...
spec:
# ... other application settings like source, target ...
accessControl:
databases:
- name: accounts-db
readOnly: false
secretSource:
envVar: DATABASE_CONNECTION_STRING
This configuration instructs Infrastream to:
- Create a unique user and password for the
auth-apiapplication. - Grant that user read/write privileges on the
accounts-dbdatabase. - Store these credentials securely.
- Inject the full connection string into the application's runtime environment as an environment variable named
DATABASE_CONNECTION_STRING.
Step 4: Commit, Review, and Merge
Commit the changes to both your new database manifest and your updated application manifest in a single pull request.
After your PR is reviewed and approved, merge it. The platform will automatically provision the new database, configure its security, create the user credentials, and restart your application with the new credentials securely injected.