PostgreSQL Provisioning

Laralord provisions PostgreSQL, a powerful open-source relational database, as a core component for persistent data storage in Kubernetes clusters. Widely used in Laravel projects for managing application data, PostgreSQL offers robust features, security, and scalability. This page details the PostgreSQL deployment, its NodePort access, the pgAdmin dashboard for management, and integration with Laralord’s multi-tenant SaaS platform. For more information, refer to the official PostgreSQL documentation.

PostgreSQL Overview

PostgreSQL is a highly reliable, open-source relational database known for its advanced features, extensibility, and compliance with SQL standards. It is a preferred choice for Laravel projects due to its seamless integration with Laravel’s Eloquent ORM and support for complex queries, JSONB, and full-text search. Laralord deploys PostgreSQL with secure NodePort access and an HTTP-based pgAdmin dashboard, enabling efficient data management for multi-tenant SaaS applications.

PostgreSQL Deployment Details

Laralord deploys PostgreSQL in a user-defined namespace using a Helm chart from Bitnami’s container registry. The deployment is configured for security, scalability, and manageability, with NodePort access for database connections and a pgAdmin dashboard for administration. Key aspects include:

• Namespace: Deployed in a user-defined namespace (e.g., databases), isolating PostgreSQL from other services for security and organization.
• Helm Configuration: Uses a specific Helm chart version with settings for admin and user credentials, a dedicated database, and mTLS encryption for secure connections.
• Secret Management: Stores connection details (host, port, admin password, user password, database name) in a Kubernetes secret, with randomly generated passwords for enhanced security.
• mTLS Security: Enables TLS with certificates from a specified secret, requiring client certificate verification for external connections.
• Authentication: Configures SCRAM-SHA-256 for internal and localhost connections, with mTLS for external access and a fallback to reject unauthorized connections.
• Audit Logging: Enables logging of hostnames, connections, and disconnections for monitoring and compliance.
• NodePort Access: Exposes PostgreSQL via a NodePort service on port 5432, using a dynamically assigned node port for external connectivity within the cluster.
• pgAdmin Dashboard: Provides an HTTP-based pgAdmin interface, accessible via a custom domain (e.g., pgadmin4.your-domain), routed through APISIX Gateway for secure management.
• Volume Permissions: Ensures correct permissions for persistent storage, supporting reliable data persistence.

Key Features

The PostgreSQL deployment by Laralord provides the following features:

• Relational Database: Supports complex queries, transactions, and data integrity for Laravel applications.
• Secure Connectivity: Uses SCRAM-SHA-256 and mTLS for authenticated, encrypted database access.
• NodePort Access: Enables direct client connections via a dynamically assigned NodePort on port 5432.
• pgAdmin Dashboard: Offers a user-friendly HTTP interface for database administration, securely accessed via APISIX.
• Audit Logging: Tracks connections and disconnections, enhancing monitoring and compliance.
• Laravel Compatibility: Integrates seamlessly with Laravel’s Eloquent ORM for efficient data management.

Why PostgreSQL?

PostgreSQL is chosen by Laralord for its reliability, feature set, and compatibility with Laravel ecosystems. Key advantages include:

• Laravel Integration: Native support for Laravel’s Eloquent ORM, with features like JSONB, full-text search, and geospatial queries enhancing application capabilities.
• Security: Robust authentication (SCRAM-SHA-256, mTLS) and audit logging ensure data protection in multi-tenant environments.
• Scalability: Handles large-scale datasets and high-concurrency workloads, ideal for SaaS applications.
• Extensibility: Supports custom functions, extensions (e.g., PostGIS), and advanced indexing for flexibility.
• Kubernetes-Native: Seamlessly integrates with Kubernetes via Helm, with NodePort and pgAdmin for accessibility.

Integration with Laralord

PostgreSQL is a cornerstone of Laralord’s multi-tenant SaaS platform, providing reliable data storage for tenant applications. Key integrations include:

• Tenant Databases: Each tenant uses a dedicated database with unique credentials, ensuring data isolation within the PostgreSQL cluster.
• Laravel Applications: Powers Laravel applications via the PostgreSQL driver, configured with tenant-specific connection details.
• APISIX Gateway: Routes pgAdmin traffic to a custom domain, enforcing mTLS and SSO for secure dashboard access.
• Vault Integration: Stores tenant-specific database credentials in Vault HashiCorp, securely distributing them to applications.
• Argo CD Deployments: Supports Argo CD-managed applications by providing persistent storage for tenant data.
• Valkey Synergy: Complements Valkey for caching and queuing, with PostgreSQL handling persistent storage.

Secure Access with NodePort and pgAdmin

Laralord secures access to PostgreSQL through a NodePort service and an HTTP-based pgAdmin dashboard, ensuring robust authentication and encryption. Key features of the secure access mechanism include:

• NodePort Connectivity: Clients connect to PostgreSQL via a NodePort service on port 5432, using a dynamically assigned node port for external access within the cluster.
• SCRAM-SHA-256 Authentication: Internal and localhost connections use SCRAM-SHA-256, with randomly generated passwords stored in a Kubernetes secret.
• mTLS Encryption: External connections require mTLS with client certificate verification, using certificates from a specified secret.
• pgAdmin Dashboard: Provides a secure HTTP interface for database management, accessible via APISIX Gateway on a custom domain (e.g., pgadmin4.your-domain) with SSO and mTLS.
• APISIX Gateway Proxy: Routes pgAdmin traffic, enforcing SSO, mTLS, and HTTP-to-HTTPS redirection for secure access.