Database
A single DjangoDeployment will create one Azure Database for PostgreSQL Flexible Server.
This is a managed database as a service that can offer high availability and scalability at a relatively low cost.
For pricing and product details, refer to the Azure pricing documentation.
One DjangoDeployment will create one PostgreSQL Flexible Server, which can then be used by multiple Django applications with each their own database.
For more information about deploying multiple Django applications in one deployment, refer to the Multiple applications docs.
By default we also enable the Auto-grow feature, which means that the database will automatically grow the storage to prevent it from running out of space and becoming read-only. The initial storage size is 32GB which is the minimum. We also use the lowest performance tier, in the future we will make this configurable.
Deployment parameters
At the level of the DjangoDeployment resource, you can configure the following parameters:
pgsql_sku
The SKU of the PostgreSQL Flexible Server. This can for instance be:
pgsql_sku=azure.dbforpostgresql.SkuArgs(
name="Standard_B1ms",
tier=azure.dbforpostgresql.SkuTier.BURSTABLE,
)
For more inforamtion about the possible values, refer to: - Azure pricing documentation: https://azure.microsoft.com/pricing/details/postgresql/flexible-server/ - Pulumi Registry: https://www.pulumi.com/registry/packages/azure-native/api-docs/dbforpostgresql/server/#sku
At the time of writing, the cheapest SKU is Standard_B1ms in the Burstable tier.
pgsql_ip_prefix
The IP prefix for the PostgreSQL Flexible Server. This is used to create a new subnet in your VNET which will be only usable by the PostgreSQL Flexible Server. We recommend using a /24 subnet, which allows for 256 IP addresses. If you are limited by the number of IP addresses in your VNET, you can use a smaller subnet.
pgadmin_access_ip
The IP addresses that are allowed to access the pgAdmin interface. If you want to allow all IP addresses, you can set this to ["0.0.0.0/0"] or just leave it empty.
pgAdmin is of course protected by a username and password, but it's still a good idea to restrict access if possible.
Webapp specific
On the webapp, you only need to specify the db_name parameter, which will ensure a database is created for you.
django.add_django_website(
name="prod",
db_name="prod",
# -- left out the other parameters for brevity --
)
Connecting to the database
We chose to use Entra ID authentication for the PostgreSQL Flexible Server, no passwords are used.
For more informatiion about this, you can refer to the official Azure documentation.
The only thing you need to do is create a principal for your web app through pgAdmin.
You need to run these query on this postgres database:
SELECT * FROM pgaadauth_create_principal_with_oid('web_managed_identity', 'c8b25b85-d060-4cfc-bad4-b8581cfdf946', 'service', false, false);
{your_app}_site_db_user or can be retrieved from the Azure Portal.
Be sure to grant this role the correct permissions too, e.g. allow it to connect to your database etc.
pgAdmin
As mentioned before, you can whitelist specific IP addresses to access pgAdmin or allow public access.
By default, we will create a pgAdmin user with the following credentials: * Login: dbadmin@dbadmin.net * Password: dbadmin
Best practice is to log in right away, create a user for yourself and delete this default user.
Administrator login
If you want to access the database through pgsql or through pgAdmin, you can use an administrator account.
You specify the administrator login in the DjangoDeployment resource:
django.add_database_administrator(
object_id="b306adf5-fc61-4a32-8156-ce032dc1571f",
user_name="you@yourapplication.com",
)
The object_id can be retrieved from the Azure Portal, user_name is your e-mail address most likely.
When this is configured, you can obtain a temporary access token to log in to the database using the Azure CLI:
You can then authenticate to the database using your user_name and the token.