PostgreSQL

For production environments, we recommend using an external database for the NeMo microservices.

By default, the NeMo Microservices Helm Chart and its component charts include the Bitnami PostgreSQL chart as a dependency. In the chart, the postgresql key references the Bitnami PostgreSQL dependency. Setting postgresql.enabled=false disables the Bitnami PostgreSQL chart in any individual component chart that uses it, and you can set up an external PostgreSQL database for the NeMo microservices.

The following NeMo microservices use the PostgreSQL database:

• NeMo Data Store

• NeMo Entity Store

• NeMo Evaluator

• NeMo Customizer

Prerequisites

Storage

• Access to an external PostgreSQL database.

Kubernetes

• Secrets:

  • Database credentials

Configure NeMo Microservices with External PostgreSQL

To configure the NeMo microservices with an external PostgreSQL database:

1. Create the Database. Set up the database either in Kubernetes or in a location accessible to jobs within the cluster.

2. Record Credentials. Keep track of the host, port, user, password, and database name.

3. Update Helm Configuration. Pass the recorded information into your Helm values.yaml file.

   1. Set the postgresql.enabled value to false. By default, the NeMo Helm charts’ postgresql key refers to the Bitnami PostgreSQL chart. postgresql.enabled=false disables that helm chart in the NeMo Helm charts that use it.

   2. Create a values file that includes the following information for externalDatabase:

      • host: The host name or IP address of the database.

      • port: The port number of the database.

      • user: The non-root username for authentication.

      • password: The password for the non-root username.

      • database: The database in PostgreSQL.

      • existingSecret: The name of an existing secret resource containing the database credentials. For example, Database credentials.

      • existingSecretPasswordKey: The name of an existing secret key containing the database credentials.

   postgresql:
     # Tells the Helm chart to leverage the information in externalDatabase instead.
     enabled: false
   
   externalDatabase:
     host: <db host name or IP address>
     port: <port number, e.g. 5432>
     user: <user for authentication>
     database: <existing database in postgres>
     sslMode: <ssl mode for database connection>
     # SSL/TLS encryption mode for connecting to the database.
     # disable: Disable TLS.
     # require: Enable TLS without any verifications.
     # verify-ca: Enable TLS with verification of the database server
     #            certificate against its root certificate.
     password: <password for user>
     existingSecret: "" # see note about database secret management below
     existingSecretPasswordKey: "" # see note about database secret management below
   

Note About Database Secret Management

• The password parameter is mutually exclusive with the existingSecret and existingSecretPasswordKey parameters. If you set password, NeMo Data Store automatically creates a secret using the supplied password. Alternatively, you can reference an existing secret containing the password by using the existingSecret and existingSecretPasswordKey parameters.

• If you set existingSecret: "", a new Kubernetes secret is automatically created with the value specified in the externalDatabase dictionary object.

• If you prefer to manage your own Kubernetes secret, specify the name of your Kubernetes secret in existingSecret and set existingSecretPasswordKey to match the data key in your existing secret.