Database
The Istari Digital platform requires a PostgreSQL database to store user data, application data, and other information. Istari’s recommendation for Azure is to use Azure Database for PostgreSQL – Flexible Server. The customer can also use a PostgreSQL HA Helm chart for development and testing purposes.
The Istari Digital platform supports PostgreSQL 16 and later versions. It is recommended to use the latest stable version of PostgreSQL for optimal performance and security.
PostgreSQL Database Resources and Install Process
Azure Database for PostgreSQL – Flexible Server
Step 1: Create the Azure Database for PostgreSQL – Flexible Server
- In the Azure Portal, search for Azure Database for PostgreSQL servers (Flexible Server)
- Click Create.
- Basics:
- Subscription: Your subscription.
- Resource group: Your AKS resource group.
- Server name:
<databasename> - Region: Same region as resource group/AKS.
- PostgreSQL version: 16
- Workload type Production (or development depending on use)
- Compute + Storage:
- Click on Configure Server
- Cluster options: Server
- Compute tier: Memory Optimized
- Compute processor: Intel or AMD
- Compute size: Standard_E8ds or equivalent size that provides at least 8 vCPU and 64 GiB Memory
- Storage size: Minimum 32 GiB or more as needed.
- High availablity: Zone Redundant
- Standby availability zone: Pick from any available
- Backup:
- Backup retention: 7 days
- Geo-redundant backup: Disabled
- Click Save
- High availability
- High availability: Zone Redundant
- Availability zone: Any
- Authentication
- Authentication method: PostgresSQL authentication only
- Set the Administrator login to your desired username.
- Set the Master password to your desired password.
warning
The PostgreSQL password ends up becoming part of a URI connection string and thus the characters used must be limited to the following due to URI escaping rules:
A–Z a–z 0–9 - _ . ! ~ * ' ( ) ; / ? : @ & = + $ , #
- Networking:
- Network connectivity: Private access (VNet Integration)
- Virtual network: vnet
- Subnet: Select your Database subnet
- Private DNS integration
- from the dropdown menu select:
<databasename>.private.postgres.database.azure.com
- from the dropdown menu select:
- Security
- Data encryption key: Service-managed key
- Review + create
- Verify your settings
- Click Create
Create Istari Platform Databases and Users
Databases
CREATE DATABASE registry_service;
CREATE DATABASE spicedb;
CREATE DATABASE zitadel;
Users
CREATE USER registry_service WITH PASSWORD 'registry_service_user_password';
GRANT ALL PRIVILEGES ON DATABASE registry_service TO registry_service;
CREATE USER spicedb WITH PASSWORD 'spicedb_user_password';
GRANT ALL PRIVILEGES ON DATABASE spicedb TO spicedb;
CREATE USER zitadel WITH PASSWORD 'zitadel_user_password';
GRANT ALL PRIVILEGES ON DATABASE zitadel TO zitadel;
Replace the example passwords with strong, secure ones!
Database Schema Privileges
After creating users and databases, grant schema-level permissions on the public schema of each respective database:
Connect to each database as an admin user and run:
-- File service / registry_service
\c registry_service
GRANT ALL ON SCHEMA public TO registry_service;
-- SpiceDB
\c spicedb
GRANT ALL ON SCHEMA public TO spicedb;
-- Zitadel
\c zitadel
GRANT ALL ON SCHEMA public TO zitadel;
These users will have ALL privileges on their respective public schemas, ensuring they can fully administer objects inside the schema.
Database Ownership
ALTER DATABASE registry_service OWNER TO registry_service;
ALTER DATABASE spicedb OWNER TO spicedb;
ALTER DATABASE zitadel OWNER TO zitadel;
Tip
You can update usernames and database names to match your organization's standards.