Use an external PostgreSQL database for Supply Chain Security Tools - Store

This topic tells you how to configure Tanzu Application Platform (commonly known as TAP) to use an external database for Supply Chain Security Tools (SCST) - Store.

For production deployments, VMware recommends that you use an external PostgreSQL database rather than the one packaged with Tanzu Application Platform. You can manage an external database by using the best practices and processes that your organization has established.

Before you begin

Set up your external PostgreSQL database. After the database instance starts, retrieve the following information:

  • Database Instance Endpoint
  • Main User name
  • Main Password
  • Database Name

Set up certificate and configuration

  1. Create a security group to allow inbound connections from the cluster to the PostgreSQL database.

  2. Retrieve the corresponding CA Certificate that signed the PostgreSQL TLS Certificate.

  3. In the metadata-store-values.yaml fill the following settings:

    db_host: "<DB Instance Endpoint>"
db_user: "<Master Username>"
db_password: "<Master Password>"
db_name: "<Database Name>"
db_port: "5432"
db_sslmode: "verify-full"
db_max_open_conns: 10
db_max_idle_conns: 100
db_conn_max_lifetime: 60
db_ca_certificate: |
   <Corresponding CA Certification>
   ...
   ...
   ...
deploy_internal_db: "false"
Note

If deploy_internal_db is set to false, an instance of PostgreSQL is not deployed in the cluster.

Validation

Verification was done using Bitnami PostgreSQL. You can get more information from the Bitnami documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon