Light
Dark
System
1.0latest

Deploying EdgeDB to Azure

In this guide we show how to deploy EdgeDB using Azure’s Postgres Flexible Server as the backend.

  • Valid Azure Subscription with billing enabled or credits (free trial).

  • Azure CLI (install).

Login to your Microsoft Azure account.

Copy
$ 
az login

Create a new resource group.

Copy
$ 
GROUP=my-group-name
Copy
$ 
az group create --name $GROUP --location westus

Provision a PostgreSQL server.

If you already have a database provisioned you can skip this step.

For convenience, assign a value to the PG_SERVER_NAME environment variable; we’ll use this variable in multiple later commands.

Copy
$ 
PG_SERVER_NAME=postgres-for-edgedb

Use the read command to securely assign a value to the PASSWORD environment variable.

Copy
$ 
echo -n "> " && read -s PASSWORD

Then create a Postgres Flexible server.

Copy
$ 
  
  
  
  
  
  
  
  
az postgres flexible-server create \
  --resource-group $GROUP \
  --name $PG_SERVER_NAME \
  --location westus \
  --admin-user edgedb \
  --admin-password $PASSWORD \
  --sku-name Standard_D2s_v3 \
  --version 12 \
  --yes

If you get an error saying "Specified server name is already used."" change the value of PG_SERVER_NAME and rerun the command.

Allow other Azure services access to the Postgres instance.

Copy
$ 
  
  
  
  
  
az postgres flexible-server firewall-rule create \
  --resource-group $GROUP \
  --name $PG_SERVER_NAME \
  --rule-name allow-azure-internal \
  --start-ip-address 0.0.0.0 \
  --end-ip-address 0.0.0.0

Start an EdgeDB container.

Copy
$ 
  
  
  
  
  
PG_HOST=$(
  az postgres flexible-server list \
    --resource-group $GROUP \
    --query "[?name=='$PG_SERVER_NAME'].fullyQualifiedDomainName | [0]" \
    --output tsv
)
Copy
$ 
DSN="postgresql://edgedb:$PASSWORD@$PG_HOST/postgres?sslmode=require"
Copy
$ 
  
  
  
  
  
  
  
  
  
  
az container create \
  --resource-group $GROUP \
  --name edgedb-container-group \
  --image edgedb/edgedb:1 \
  --dns-name-label edgedb \
  --ports 5656 \
  --secure-environment-variables \
    "EDGEDB_SERVER_PASSWORD=$PASSWORD" \
    "EDGEDB_SERVER_BACKEND_DSN=$DSN" \
  --environment-variables \
    EDGEDB_SERVER_TLS_CERT_MODE=generate_self_signed \

Persist the SSL certificate. We have configured EdgeDB to generate a self signed SSL certificate when it starts. However, if the container is restarted a new certificate would be generated. To preserve the certificate across failures or reboots copy the certificate files and use their contents in the EDGEDB_SERVER_TLS_KEY and EDGEDB_SERVER_TLS_CERT environment variables.

Copy
$ 
  
  
  
  
key="$( az container exec \
          --resource-group $GROUP \
          --name edgedb-container-group \
          --exec-command "cat /etc/ssl/edgedb/edbprivkey.pem" \
        | tr -d "\r" )"
Copy
$ 
  
  
  
  
cert="$( az container exec \
           --resource-group $GROUP \
           --name edgedb-container-group \
           --exec-command "cat /etc/ssl/edgedb/edbtlscert.pem" \
        | tr -d "\r" )"
Copy
$ 
  
  
  
az container delete \
  --resource-group $GROUP \
  --name edgedb-container-group \
  --yes
Copy
$ 
  
  
  
  
  
  
  
  
  
  
az container create \
  --resource-group $GROUP \
  --name edgedb-container-group \
  --image edgedb/edgedb:1 \
  --dns-name-label edgedb \
  --ports 5656 \
  --secure-environment-variables \
    "EDGEDB_SERVER_BACKEND_DSN=$DSN" \
    "EDGEDB_SERVER_TLS_KEY=$key" \
  --environment-variables \
    "EDGEDB_SERVER_TLS_CERT=$cert"

To access the EdgeDB instance you’ve just provisioned on Azure from your local machine link the instance.

Copy
$ 
  
  
  
  
  
  
  
  
  
printf $PASSWORD | edgedb instance link \
  --password-from-stdin \
  --non-interactive \
  --trust-tls-cert \
  --host $( \
    az container list \
      --resource-group $GROUP \
      --query "[?name=='edgedb-container-group'].ipAddress.fqdn | [0]" \
      --output tsv ) \
  azure

You can now connect to your instance.

Copy
$ 
edgedb -I azure
Light
Dark
System