PostgreSQL is required for the dashboard host service, test monitor service, and dynamic form fields service.

Common Requirements

Note For enhanced security, create separate database users for each SystemLink service. This least-privilege approach ensures that each service can only access its own database and own tables.

Before configuring any service to use a PostgreSQL server, ensure you have:

  • A provisioned PostgreSQL server. For best performance and security, we recommend dedicating the PostgreSQL instance to SystemLink rather than sharing it with other applications.
  • The host name of the PostgreSQL server.
  • The credentials for at least one database user.
  • PostgreSQL administrative privileges to create databases and users.
  • A TLS certificate for secure connections. (Recommended)

On initial launch and for some upgrade scenarios, each service creates the required schema and tables. After setup, you can revoke the user's CREATE privileges. The following table shows the minimum privileges required for normal operation:

Table 72. Operation Privileges
Location Privileges
Database CONNECT
Service schema CREATE, USAGE
Tables in schema SELECT, INSERT, UPDATE, DELETE
Note Schema data should be accessed through the SystemLink web application or the respective service API. The schema is considered an internal implementation and may change without notice.

Storing Data from the Dashboard Host Service on an External PostgreSQL Server

Create a database and user, making sure that the user has CREATE privileges on the database. The default database name is grafana.

If you are managing secrets with Helm, add your database credentials to systemlink-secrets.yaml:

dashboardhost:
  secrets:
    database:
      host: "<postgresql-hostname>:<port>"
      user: "systemlink"
      password: "<database-password>"

In systemlink-values.yaml, ensure that the default dashboardhost.grafana.extraSecretMounts and dashboardhost.grafana.extraConfigmapMounts configurations are enabled:

dashboardhost:
  grafana:
    extraSecretMounts:
      - name: *dashboardhostdbSecret
        secretName: *dashboardhostdbSecret
        defaultMode: 0440
        mountPath: "/etc/secrets/dashboardhost"
        readOnly: true
    extraConfigmapMounts:
      - name: *postgresCertificateConfigMap
        mountPath: "/etc/ssl/certs/dashboardhost/"
        subPath: *postgresCertificateFileName
        configMap: *postgresCertificateConfigMap
        readOnly: true

Storing Data from the Test Monitor Service on an External PostgreSQL Server

Create a database and user, making sure that the user has CREATE privileges on the database.

Future updates of the test monitor service chart may require modifications to the schema and table. To perform these modifications, the test monitor service chart must act as the user that owns the schema and tables. In addition to the user that handles day-to-day operations, you can specify a separate user with higher permissions to perform database migrations.

You can configure the PostgreSQL connection using either a connection string (recommended) or individual connection parameters.

Using a connection string (recommended):
  • Add your credentials to systemlink-secrets.yaml:
    testmonitorservice:
  secrets:
    database:
      connectionString: "Host=<postgresql-hostname>;Database=<database-name>;Username=<database-user>;Password=<database-password>;SslMode=Require"
      migrationConnectionString: "Host=<postgresql-hostname>;Database=<database-name>;Username=<migration-user>;Password=<migration-password>;SslMode=Require"
  • Then configure the connection in systemlink-values.yaml:
    testmonitorservice:
  database:
    connectionString:
      secretName: "testmonitorservicedb-connection"
      connectionStringKey: "connection-string"
      migrationConnectionStringKey: "migration-connection-string"
    tls:
      enabled: true
      existingConfigMap: *postgresCertificateConfigMap
      certificateSubPath: *postgresCertificateFileName

Using individual connection parameters:

  • Alternatively, you can specify connection parameters individually. Add your credentials to systemlink-secrets.yaml:
    testmonitorservice:
  secrets:
    database:
      connectionPassword: "<database-password>"
      migrationConnectionPassword: "<migration-password>"
  • Then configure the connection in systemlink-values.yaml. The default database name is nisystemlink and the default user is nisystemlink:
    testmonitorservice:
  database:
    connectionInfo:
      host: "<postgresql-hostname>"
      port: "5432"
      dbName: "nisystemlink"
      user: "nisystemlink"
      migrationUser: "<migration-user>"
      secretName: "testmonitorservicedb-connection"
      passwordKey: "password"
      migrationPasswordKey: "migration-password"
    tls:
      enabled: true
      existingConfigMap: *postgresCertificateConfigMap
      certificateSubPath: *postgresCertificateFileName

Storing Data from the Dynamic Form Fields Service on an External PostgreSQL Server

Create a database and user, making sure that the user has CREATE privileges on the database.

Future updates of the dynamic form fields service chart may require modifications to the schema and table. To perform these modifications, the dynamic form fields service chart must act as the user that owns the schema and tables. In addition to the user that handles day-to-day operations, you can specify a separate user with higher permissions to perform database migrations.

You can configure the PostgreSQL connection using either a connection string (recommended) or individual connection parameters.

Using a creation string (recommended):

  • Add your credentials to systemlink-secrets.yaml:
    dynamicformfields:
  secrets:
    database:
      connectionString: "Host=<postgresql-hostname>;Database=<database-name>;Username=<database-user>;Password=<database-password>;SslMode=Require"
      migrationConnectionString: "Host=<postgresql-hostname>;Database=<database-name>;Username=<migration-user>;Password=<migration-password>;SslMode=Require"
  • Then configure the connection in systemlink-values.yaml:
    dynamicformfields:
  database:
    connectionString:
      secretName: "dynamicformfields-db-connection"
      connectionStringKey: "connection-string"
      migrationConnectionStringKey: "migration-connection-string"
    tls:
      enabled: true
      existingConfigMap: *postgresCertificateConfigMap
      certificateSubPath: *postgresCertificateFileName

Alternatively, you can specify connection parameters individually:

  • Add your credentials to systemlink-secrets.yaml:
    dynamicformfields:
  secrets:
    database:
      connectionPassword: "<database-password>"
      migrationConnectionPassword: "<migration-password>"
  • Then configure the connection in systemlink-values.yaml. The default database name is nisystemlink and the default user is nisystemlink:
    dynamicformfields:
  database:
    connectionInfo:
      host: "<postgresql-hostname>"
      port: "5432"
      dbName: "nisystemlink"
      user: "nisystemlink"
      migrationUser: "<migration-user>"
      secretName: "dynamicformfields-db-connection"
      passwordKey: "password"
      migrationPasswordKey: "migration-password"
    tls:
      enabled: true
      existingConfigMap: *postgresCertificateConfigMap
      certificateSubPath: *postgresCertificateFileName"