Deploying EdgeDB to Azure
In this guide we show how to deploy EdgeDB using Azure’s Postgres Flexible Server as the backend.
Prerequisites
-
Valid Azure Subscription with billing enabled or credits (free trial).
-
Azure CLI (install).
Provision an EdgeDB instance
Login to your Microsoft Azure account.
$
az loginCreate a new resource group.
$
GROUP=my-group-name$
az group create --name $GROUP --location westusProvision a PostgreSQL server.
If you already have a database provisioned you can skip this step.
For convenience, assign a value to the PG_SERVER_NAME environment
variable; we’ll use this variable in multiple later commands.
$
PG_SERVER_NAME=postgres-for-edgedbUse the read command to securely assign a value to the PASSWORD
environment variable.
$
echo -n "> " && read -s PASSWORDThen create a Postgres Flexible server.
$
az postgres flexible-server create \
--resource-group $GROUP \
--name $PG_SERVER_NAME \
--location westus \
--admin-user edgedb \
--admin-password $PASSWORD \
--sku-name Standard_D2s_v3 \
--version 14 \
--yesIf you get an error saying "Specified server name is already used."
change the value of PG_SERVER_NAME and rerun the command.
Allow other Azure services access to the Postgres instance.
$
az postgres flexible-server firewall-rule create \
--resource-group $GROUP \
--name $PG_SERVER_NAME \
--rule-name allow-azure-internal \
--start-ip-address 0.0.0.0 \
--end-ip-address 0.0.0.0EdgeDB requires Postgres’ uuid-ossp extension which needs to be enabled.
$
az postgres flexible-server parameter set \
--resource-group $GROUP \
--server-name $PG_SERVER_NAME \
--name azure.extensions \
--value uuid-osspStart an EdgeDB container.
$
PG_HOST=$(
az postgres flexible-server list \
--resource-group $GROUP \
--query "[?name=='$PG_SERVER_NAME'].fullyQualifiedDomainName | [0]" \
--output tsv
)$
DSN="postgresql://edgedb:$PASSWORD@$PG_HOST/postgres?sslmode=require"$
az container create \
--resource-group $GROUP \
--name edgedb-container-group \
--image edgedb/edgedb \
--dns-name-label edgedb \
--ports 5656 \
--secure-environment-variables \
"EDGEDB_SERVER_PASSWORD=$PASSWORD" \
"EDGEDB_SERVER_BACKEND_DSN=$DSN" \
--environment-variables \
EDGEDB_SERVER_TLS_CERT_MODE=generate_self_signed \Persist the SSL certificate. We have configured EdgeDB to generate a self
signed SSL certificate when it starts. However, if the container is restarted a
new certificate would be generated. To preserve the certificate across failures
or reboots copy the certificate files and use their contents in the
EDGEDB_SERVER_TLS_KEY and EDGEDB_SERVER_TLS_CERT environment variables.
$
key="$( az container exec \
--resource-group $GROUP \
--name edgedb-container-group \
--exec-command "cat /tmp/edgedb/edbprivkey.pem" \
| tr -d "\r" )"$
cert="$( az container exec \
--resource-group $GROUP \
--name edgedb-container-group \
--exec-command "cat /tmp/edgedb/edbtlscert.pem" \
| tr -d "\r" )"$
az container delete \
--resource-group $GROUP \
--name edgedb-container-group \
--yes$
az container create \
--resource-group $GROUP \
--name edgedb-container-group \
--image edgedb/edgedb \
--dns-name-label edgedb \
--ports 5656 \
--secure-environment-variables \
"EDGEDB_SERVER_PASSWORD=$PASSWORD" \
"EDGEDB_SERVER_BACKEND_DSN=$DSN" \
"EDGEDB_SERVER_TLS_KEY=$key" \
--environment-variables \
"EDGEDB_SERVER_TLS_CERT=$cert"To access the EdgeDB instance you’ve just provisioned on Azure from your local machine link the instance.
$
printf $PASSWORD | edgedb instance link \
--password-from-stdin \
--non-interactive \
--trust-tls-cert \
--host $( \
az container list \
--resource-group $GROUP \
--query "[?name=='edgedb-container-group'].ipAddress.fqdn | [0]" \
--output tsv ) \
azureThe command groups edgedb instance and edgedb project are not
intended to manage production instances.
You can now connect to your instance.
$
edgedb -I azureHealth Checks
Using an HTTP client, you can perform health checks to monitor the status of your EdgeDB instance. Learn how to use them with our health checks guide.