Databases And Persistence /
Access a database
As well as using a database within your project, you can access it locally for development, and expose it publicly to make it available online.
By default, a database will be given an internal address and only be accessible from services and jobs within the same project. You will still be able to access it locally using port forwarding through the Northflank CLI.
Deploy a database with TLS
You can choose to deploy with TLS on a database's network settings page. If enabled, the database will use TLS for all internal connections.
Some databases, such as MySQL, cannot enable or disable TLS after creation and will use the configuration they were created with.
Your deployments may require further configuration to connect to your database if TLS is enabled, the TLS status will be reflected in the connection detail secret TLS_ENABLED
as a boolean.
Expose a database publicly
Databases can be publicly exposed by selecting publicly accessible on their network settings page. The database must be deployed with TLS enabled to expose it publicly.
Exposing a database will make it available online via a network load-balancer and a TCP endpoint secured with TLS, and new public connection strings will be available in connection details.
Some databases, such as MySQL, cannot enable or disable TLS after creation and will use the configuration they were created with.
Access a database locally
You can forward a database for local access using the Northflank CLI.
Your database must be running in order to access it.
You can view and copy the command to connect to a specific database on its overview, in the local access section, or use the following commands:
To forward a specific database:
sudo northflank forward addon --projectId [project-name] --addonId [addon-name]
To forward all ports in a project:
sudo northflank forward all --projectId [project-name]
You can now connect to your database locally using the relevant connection strings or secrets from the connection details page.
note
Set IP policy rules
You can set IP policies from the security rules section on a database's network settings page.
An IP policy restricts external ingress traffic to specific addresses specified in the policy. For example, a policy of 192.168.1.48
will only allow traffic originating from the IP address 192.168.1.48
and a policy of 192.168.1.0/24
will only allow traffic originating from IP addresses matching the subnet mask. If you have not set any IP policies all external ingress traffic will be allowed to attempt to connect to the database, if it is publicly exposed.