Database Setup

The NeMo Platform uses a SQL-based database to store entities such as workspaces, jobs, and other records.

By default, the NeMo Platform Helm chart deploys an embedded PostgreSQL instance (a StatefulSet using the official Postgres image) with simplified authentication to enable quick installation. This should not be used for production use, and an external PostgreSQL instance is recommended.

External PostgreSQL Database

To use an external PostgreSQL database in the Helm chart:

1. Set postgresql.enabled: false and configure externalDatabase.

2. Choose one of the following approaches to create a Kubernetes secret with your credentials:

Option 1: Use a full connection URI

Use a secret that holds the full database connection URI and reference it with uriSecret. This is the best option when you need to configure TLS/SSL or want a single secret for the connection string.

1. Create a secret containing the connection URI (optionally with SSL parameters):

   kubectl create secret generic my-db-uri-secret --from-literal=uri='postgresql://nemo:my-password@db-host:5432/nemoplatform'
   

   For SSL, include sslmode in the URI:

   kubectl create secret generic my-db-uri-secret --from-literal=uri='postgresql://nemo:my-password@db-host:5432/nemoplatform?sslmode=require'
   

2. Configure the chart to use that secret:

   postgresql:
     enabled: false
   externalDatabase:
     uriSecret:
       name: my-db-uri-secret
       key: uri
   

   When uriSecret is set, the platform uses the URI from the secret and ignores host, port, user, database, and existingSecret.

Option 2: Configure individual connection details

Use individual host, port, user, and database values and a secret that contains only the password. The platform builds the connection from these values.

1. Create a secret containing the password (the key must be password, or set existingSecretPasswordKey to the key name in your secret):

   kubectl create secret generic my-db-password-secret --from-literal=password='my-password'
   

   Or define the secret in YAML:

   apiVersion: v1
   kind: Secret
   metadata:
     name: my-db-password-secret
   type: Opaque
   stringData:
     password: my-password
   

2. Configure the chart with connection details and the secret name:

   postgresql:
     enabled: false
   externalDatabase:
     host: db-host.example.com
     port: 5432
     user: nemo
     database: nemoplatform
     existingSecret: my-db-password-secret
     existingSecretPasswordKey: "password"   # key in the secret that holds the password