Adding database containers to the Application Template

Best practices for running your application's database in a container

This document should cover the basics for adding a database to your application.

A few caveats that come with running databases in containers:

  • Containers and pods in Kubernetes can be restarted, deleted, or moved at any time, so you should not rely on them for any critical services. For mySQL, the main pod cannot be running when a new one is deployed or restarted. We mitigate this risk by recommending you use a Stateful Set with stateful: true for mySQL. (Postres does not have this issue that we have noticed.)

  • Containers are ephemeral and can move around, so it is vital to use a persistent storage volume so that restarting a container does not erase the database.

  • Kubernetes may start a container before the database is completely initialized or ready, so you should use readiness probes to ensure deployments wait for the database to be ready to receive traffic.

  • Passwords can be randomized and the database connections should be kept internal only so that external people cannot access the data or store their own data in your tables, even if it is a test database.

Postgres

Example Postgres Application Template

services:
- name: db
  image: public.ecr.aws/lts/postgres:12-20.04_edge
  volumes:
  - type: persistent
    name: db_data
    mount_path: "/var/lib/postgresql/data"
  ports:
  - type: container_port
    port: '5432'
  readiness_probe:
    exec:
      command:
      - psql
      - "-h"
      - localhost
      - "-U"
      - postgres
      - "-c"
      - SELECT 1
    period_seconds: 2
    timeout_seconds: 2
    failure_threshold: 30
  storage:
    size: 10Gi
    type: aws-efs

Example Postgres Environment Template

mapping:
  DATABASE_URL: "postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
services:
  db:
  - key: POSTGRES_PASSWORD
    value: secretPassword
    secret: true
  - key: POSTGRES_USER
    value: postgres
  - key: POSTGRES_DB
    value: postgres
  - key: POSTGRES_HOST_AUTH_METHOD
    value: trust
  - key: PGDATA
    value: "/var/lib/postgresql/data/pgdata"

MySQL

Example MySQL Application Template

- name: db
  image: mysql:5.7
  stateful: true
  volumes:
  - type: persistent
    name: db-data
    mount_path: "/var/lib/mysql"
  ports:
  - type: container_port
    port: '5432'
  liveness_probe:
    exec:
      command: ["mysqladmin", "ping"]
    initial_delay_seconds: 30
    period_seconds: 10
    timeout_seconds: 5
    failure_threshold: 10
  readiness_probe:
    exec:
      # Check we can execute queries over TCP (skip-networking is off).
      command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"]
    initial_delay_seconds: 5
    period_seconds: 2
    timeout_seconds: 1
    failure_threshold: 30
  storage:
    size: 10Gi
    type: aws-efs

Example MySQL Environment Template

services:
  db:
  - name: MYSQL_ALLOW_EMPTY_PASSWORD
    value: "1"

Notes

Last updated