Step 1: Create the Secret
Option A: Base64-encoded Values
First, encode your database credentials:echo -n "<db-host>" | base64
echo -n "<db-name>" | base64
echo -n "<db-user>" | base64
echo -n "<db-password>" | base64
apiVersion: v1
kind: Secret
metadata:
name: pg-credentials
namespace: sambastack
type: Opaque
data:
DB_HOST: <Base64 encoded DB_HOST>
DB_DATABASE: <Base64 encoded DB_DATABASE>
DB_USER: <Base64 encoded DB_USER>
DB_PASSWD: <Base64 encoded DB_PASSWD>
kubectl apply -f pg-credentials.yaml
Option B: Using kubectl with Literal Values
Instead of manually encoding, you can create the secret with literal values:kubectl create secret generic pg-credentials \
--from-literal=DB_HOST=<host> \
--from-literal=DB_DATABASE=<database> \
--from-literal=DB_USER=<user> \
--from-literal=DB_PASSWD=<password> \
--namespace sambastack
Step 2: Update sambastack.yaml
Configure your sambastack.yaml to use the external database:auth-and-billing:
pgSecretName: pg-credentials
cloudnative-pg:
enabled: false
auth-and-billing.pgSecretName: References the Kubernetes secret containing database credentialscloudnative-pg.enabled: false: Disables the in-cluster PostgreSQL deployment
Step 3: Apply the Configuration
Update your Helm deployment:helm upgrade sambastack \
-f sambastack.yaml \
--namespace sambastack \
oci://<REGISTRY_URL>/sambastack/sambastack
SambaNova provides the full registry URL and version number during handover. Contact your SambaNova representative for access credentials.
Ensure your external PostgreSQL database is accessible from the Kubernetes cluster and that network policies allow the connection.
1. Provision External Database
Set up an external PostgreSQL instance and collect these credentials:
DB_HOSTDB_DATABASEDB_USERDB_PASSWD
2. Create Kubernetes Secret for PostgreSQL Credentials
Create a secret named pg-credentials with your database credentials:cat <<EOPGSECRET | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: pg-credentials
namespace: default
type: Opaque
data:
DB_HOST: <Base64 encoded DB_HOST>
DB_DATABASE: <Base64 encoded DB_DATABASE>
DB_USER: <Base64 encoded DB_USER>
DB_PASSWD: <Base64 encoded DB_PASSWD>
EOPGSECRET
Ensure all credential values are base64 encoded.
3. Update sambastack.yaml
Modify sambastack.yaml (data → sambastack.yaml) to reference your external PostgreSQL secret and disable the in-cluster database:data:
sambastack.yaml: |
# Auth and Billing Configuration
auth-and-billing:
pgSecretName: pg-credentials # Kubernetes secret with PostgreSQL credentials
# Database Configuration
cloudnative-pg:
enabled: false # Disable in-cluster PostgreSQL
4. Apply Updated Configuration
Apply the changes:kubectl apply -f sambastack.yaml
