Postgres Store
BindPlane OP stores organizations, accounts, agent metadata, configurations and more in Postgres when configured to use Postgres as the primary datastore.
Using Postgres is a prerequisite for operating BindPlane in High Availability.
This guide will cover the deployment of BindPlane OP and Postgres 16 on Linux (Debian 12) and Kubernetes.
Prerequisites
You must have a BindPlane license key before following this guide. If you do not have a license, you can request one on the Download page.
If deploying BindPlane to Kubernetes, you must have Helm installed.
Linux
1. Architecture
This guide will reference two virtual machines, one for the BindPlane control-plane (bindplane
)
and one for the Postgres installation (bindplane-postgres
). It is best practice to deploy Postgres
to a dedicated machine, allowing multiple BindPlane instances to make use of it if you decide to
use High Availability.
The network in this example contains the required DNS entries to support reaching the machines by their short hostname
bindplane
and bindplane-postgres
. If you do not have DNS in your environment, use IP addresses
instead of hostnames when configuring BindPlane to connect to Postgres.
2. Postgres Installation and Configuration
Start by installing Postgres. This guide is using Debian 12, but you can use your preferred distribution, just know that the commands to install and manage Postgres may differ.
Configure the Postgres apt repository.
Install Postgres 16 from the Postgres repository.
Enable and start the Postgres service.
Configure Postgres to listen on all interfaces.
Edit the Postgres configuration file and find listen_addresses
.
Uncomment listen_addresses
and set the value to 0.0.0.0
. It should look like this:
note
If your system has iptables
or firewalld
enabled, make sure to allow port 5432/tcp
.
Next we need to update the Authentication configuration.
Configure Postgres to allow remote connections.
Find the lines that looks like this:
Update the configuration by replacing 127.0.0.1/32
and ::1/128
. It should look like this:
User setup and Database creation
Connect to the Postgres installation by switching to the postgres
user and running the psql
client command.
Execute the setup queries found in the User and Database section in the Postgres Going to Production documentation.
Restart the service.
With Postgres installed and configured, you can move onto installing and configuring BindPlane.
3. BindPlane Installation and Configuration
Install BindPlane by following the instructions on the Download page.
Once the package is installed, select y
to initialize the configuration.
- Select your license type and input your license
- Server Host:
0.0.0.0
- Server Port:
3001
- Remote URL:
http://bindplane:3001
, the remote URL should match your hostname or IP address. - Authentication Method:
Single User
- Username:
admin
- Password: Your secure password
- Storage Type:
postgres
- Postgres Host:
bindplane-postgres
, this value should match your Postgres server's hostname or IP address. - Postgres Port:
5432
- Postgres Database Name:
bindplane
- Postgres SSL Mode:
disable
, see Postgres TLS for TLS configuration, as a follow up to this guide. - Maximum Number of Database Connections:
100
- Postgres Username:
bindplane
- Postgres Password: Your password
- Event Bus Type: Local
- Automatically restart:
y
Watch the BindPlane log file for any issues:
BindPlane will log the following lines which indicate Postgres is configured and working.
If the Using postgres store
log is not immediately followed by an error log, Postgres is configured
correctly.
4. Verification
Log into the BindPlane OP web interface at http://bindplane:3001. Replace bindplane
with your hostname
or IP address.
If you can create a configuration successfully, Postgres is working as intended.
Kubernetes
1. Architecture
This guide will use minikube
to deploy Postgres and BindPlane using high availability.
In production, it is recommended to deploy Postgres to a virtual machine, a SaaS provider
(CloudSQL, RDS, etc) or to use a Postgres operator such as
zalando/postgres-operator.
Start by configuring minikube
or your Kubernetes provider of choice.
2. Postgres Installation and Configuration
warning
The Postgres YAML manifest provided in this guide is not production ready. It does not use secure authentication. It does not provide volume persistence, meaning data will be lost when the Postgres pod is updated or replaced.
Begin by deploying the Postgres deployment to Kubernetes. You can inspect the YAML manifest here.
If not using the provided Postgres example deployment, make sure to follow the User and Database section in the Postgres Going to Production documentation when provisioning your database host.
Once the pod is deployed, the postgres
namespace will look like this:
The service postgres
will route traffic to the pod postgres-0
. Postgres is accessible using the
username postgres
and password password
.
3. BindPlane Installation and Configuration
Setup your Helm client to support deploying the BindPlane OP Helm Chart
Create the BindPlane license secret, where $BINDPLANE_LICENSE
is your BindPlane license key.
Create a Helm values.yaml
file.
This configuration will deploy BindPlane with two replicas, configured to connect to Postgres using
the clusterIP service at postgres.postgres.svc.cluster.local
. In this configuration, BindPlane
is not exposed by ingress, but can be reached using port forwarding.
Deploy BindPlane High Availability.
Once the chart is deployed, the following pods will be present:
- bindplane-ha
- Web interface
- API
- Agent connections
- bindplane-ha-jobs
- Manages the database initialization and migrations
- Periodic jobs, such as cleaning up disconnected Kubernetes agents.
- bindplane-ha-nats
- For supporting BindPlane High Availability Event Bus.
- bindplane-ha-prometheus
- Acts as the storage for agent throughput measurement data
- Contains the required configuration or supporting BindPlane
- bindplane-ha-transform-agent
- For Live Preview processing
4. Verification
Access BindPlane over port forwarding.
Once the tunnel is running, you can reach BindPlane at http://localhost:3001. If you can successfully create a configuration, Postgres is configured and working correctly.
Commonly Asked Questions
Migration from legacy Bbolt Store
If you are using bolt store and would like to switch to Postgres, reference the following documentation:
- Linux: Bolt Store to Postgres
- Kubernetes: Postgres Migration
Does BindPlane work with SaaS hosted Postgres?
Yes, BindPlane supports the popular cloud providers such as Google Cloud CloudSQL, AWS RDS, and Azure Database. As long as the cloud provider is exposing a Postgres server, BindPlane can use it.
BindPlane does not officially support Postgres like systems, such as AlloyDB or CockroachDB.
Does BindPlane support Transport Layer Security (TLS)?
Yes, BindPlane supports TLS and mutual TLS when connecting to Postgres. After following this guide, reference the Postgres TLS guide.