Skip to main content

PostgreSQL

Type: state.postgresql

Status: stable

Reference: https://docs.dapr.io/reference/components-reference/supported-state-stores/setup-postgresql/

Example

apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
  name: <name>
spec:
  type: state.postgresql
  version: v2
  metadata:
    # The connection string for the PostgreSQL database
    - name: connectionString
      value: "host=mycompany.com user=postgres password=example port=5432 connect_timeout=10 database=dapr_test"
    # Interval to clean up rows with an expired TTL. Setting this to values `<=0` disables the periodic cleanup. (Optional)
    #- name: cleanupInterval
    #  value: "1h"
    # Max idle time before unused connections are automatically closed in the connection pool. By default, there's no value and this is left to the database driver to choose. (Optional)
    #- name: connectionMaxIdleTime
    #  value: "5m"
    # Use this state store as the Workflows Store, it will enable the Workflows API. Defaults to `false`. (Optional)
    #- name: enableWorkflow
    #  value: "false"
    # Prefix added to keys in the state store. (Optional)
    #- name: keyPrefix
    #  value: "appid"
    # Maximum number of connections pooled by this component. Set to 0 or lower to use the default value, which is the greater of 4 or the number of CPUs. (Optional)
    #- name: maxConns
    #  value: "0"
    # Name of the table Dapr uses to store a few metadata properties. Can optionally have the schema name as prefix, such as `public.dapr_metadata` (Optional)
    #- name: metadataTableName
    #  value: "dapr_metadata"
    # By setting outboxDiscardWhenMissingState to true, Dapr discards the transaction if it cannot find the state in the database and does not retry. This setting can be useful if the state store data has been deleted for any reason before Dapr was able to deliver the message and you would like Dapr to drop the items from the pub/sub and stop retrying to fetch the state (Optional)
    #- name: outboxDiscardWhenMissingState
    #  value: "false"
    # For outbox. Sets the name of the pub/sub component to deliver the notifications when publishing state changes (Optional)
    #- name: outboxPublishPubsub
    #  value: ""
    # For outbox. Sets the topic that receives the state changes on the pub/sub configured with "outboxPublishPubsub". The message body will be a state transaction item for an insert or update operation (Optional)
    #- name: outboxPublishTopic
    #  value: ""
    # For outbox. Sets the pub/sub component used by Dapr to coordinate the state and pub/sub transactions. If not set, the pub/sub component configured with "outboxPublishPubsub" is used. This is useful if you want to separate the pub/sub component used to send the notification state changes from the one used to coordinate the transaction (Optional)
    #- name: outboxPubsub
    #  value: "outboxPublishPubsub"
    # Controls the default mode for executing queries. By default Dapr uses the extended protocol and automatically prepares and caches prepared statements. However, this may be incompatible with proxies such as PGBouncer. In this case it may be preferrable to use `exec` or `simple_protocol`. (Optional)
    #- name: queryExecMode
    #  value: "cache_describe"
    # Prefix for the tables where the data is stored. Can optionally have the schema name as prefix, such as `public.` (Optional)
    #- name: tablePrefix
    #  value: "my_ (name prefix) or public. (schema name)"
    # Timeout for all database operations. (Optional)
    #- name: timeout
    #  value: "20s"

Authentication profiles

Available authentication profiles:

  • Connection string

  • Azure AD: Client credentials

  • Azure AD: Client certificate

  • AWS: Access Key ID and Secret Access Key

Connection string

Authenticate using a Connection String

connectionString (string)

Required - The connection string for the PostgreSQL database

Example value: host=mycompany.com user=postgres password=example port=5432 connect_timeout=10 database=dapr_test

Azure AD: Client credentials

Authenticate using Azure AD with client credentials, also known as "service principals".

azureClientId

Required - Client ID (application ID)

Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b

azureClientSecret

Required - Client secret (application password)

Example value: Ecy3XG7zVZK3/vl/a2NSB+a1zXLa8RnMum/IgD0E

azureTenantId

Required - ID of the Azure AD tenant

Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a

connectionString (string)

Required - The connection string for the PostgreSQL database This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password.

Example value: host=mydb.postgres.database.azure.com user=myapplication port=5432 database=dapr_test password=masterpassword sslmode=require

useAzureAD (bool)

Required - Must be set to true to enable the component to retrieve access tokens from Azure AD. This authentication method only works with Azure Database for PostgreSQL databases.

Default value: true

Example value: true

azureEnvironment

Optional name for the Azure environment if using a different Azure cloud

Default value: AzurePublicCloud

Example value: AzurePublicCloud

Allowed values:

  • AzurePublicCloud

  • AzureChinaCloud

  • AzureUSGovernmentCloud

Azure AD: Client certificate

Authenticate using Azure AD with a client certificate. "azureCertificate" is required.

azureClientId

Required - Client ID (application ID)

Example value: c7dd251f-811f-4ba2-a905-acd4d3f8f08b

azureTenantId

Required - ID of the Azure AD tenant

Example value: cd4b2887-304c-47e1-b4d5-65447fdd542a

connectionString (string)

Required - The connection string for the PostgreSQL database This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the Azure AD identity; this is often the name of the corresponding principal (e.g. the name of the Azure AD application). This connection string should not contain any password.

Example value: host=mydb.postgres.database.azure.com user=myapplication port=5432 database=dapr_test password=masterpassword sslmode=require

useAzureAD (bool)

Required - Must be set to true to enable the component to retrieve access tokens from Azure AD. This authentication method only works with Azure Database for PostgreSQL databases.

Default value: true

Example value: true

azureCertificate

Certificate and private key (in either a PEM file containing both the certificate and key, or in PFX/PKCS#12 format)

Example value:

-----BEGIN PRIVATE KEY-----\n MIIEvgI... \n -----END PRIVATE KEY-----
\n -----BEGIN CERTIFICATE----- \n MIICoTC... \n -----END CERTIFICATE----- \n

azureCertificatePassword

Password for the certificate if encrypted.

Example value: password

azureEnvironment

Optional name for the Azure environment if using a different Azure cloud

Default value: AzurePublicCloud

Example value: AzurePublicCloud

Allowed values:

  • AzurePublicCloud

  • AzureChinaCloud

  • AzureUSGovernmentCloud

AWS: Access Key ID and Secret Access Key

Authenticate using an Access Key ID and Secret Access Key included in the metadata

awsRegion (string)

Required - The AWS Region where the AWS resource is deployed to.

Example value: us-east-1

connectionString (string)

Required - The connection string for the PostgreSQL database This must contain the user, which corresponds to the name of the user created inside PostgreSQL that maps to the AWS IAM policy. This connection string should not contain any password. Note that the database name field is denoted by dbname with AWS.

Example value: host=mydb.postgres.database.aws.com user=myapplication port=5432 dbname=dapr_test sslmode=require

useAWSIAM (bool)

Required - Must be set to true to enable the component to retrieve access tokens from AWS IAM. This authentication method only works with AWS Relational Database Service for PostgreSQL databases.

Example value: true

awsAccessKey (string)

AWS access key associated with an IAM account.

Example value: AKIAIOSFODNN7EXAMPLE

awsSecretKey (string)

The secret key associated with the access key.

Example value: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

sessionToken (string)

AWS session token to use. A session token is only required if you are using temporary security credentials.

Example value: TOKEN

Metadata

cleanupInterval (duration)

Interval to clean up rows with an expired TTL. Setting this to values <=0 disables the periodic cleanup.

Default value: 1h

Example value: 10m, -1

connectionMaxIdleTime (duration)

Max idle time before unused connections are automatically closed in the connection pool. By default, there's no value and this is left to the database driver to choose.

Example value: 5m

enableWorkflow (bool)

Use this state store as the Workflows Store, it will enable the Workflows API. Defaults to false.

Example value: false

keyPrefix (string)

Prefix added to keys in the state store.

Default value: appid

Example value: appid

Allowed values:

  • appid

  • name

  • none

Documentation: https://docs.dapr.io/developing-applications/building-blocks/state-management/howto-share-state/

maxConns (number)

Maximum number of connections pooled by this component. Set to 0 or lower to use the default value, which is the greater of 4 or the number of CPUs.

Default value: 0

Example value: 4

metadataTableName (string)

Name of the table Dapr uses to store a few metadata properties. Can optionally have the schema name as prefix, such as public.dapr_metadata

Default value: dapr_metadata

Example value: public.dapr_metadata

outboxDiscardWhenMissingState (bool)

By setting outboxDiscardWhenMissingState to true, Dapr discards the transaction if it cannot find the state in the database and does not retry. This setting can be useful if the state store data has been deleted for any reason before Dapr was able to deliver the message and you would like Dapr to drop the items from the pub/sub and stop retrying to fetch the state

Default value: false

outboxPublishPubsub (string)

For outbox. Sets the name of the pub/sub component to deliver the notifications when publishing state changes

outboxPublishTopic (string)

For outbox. Sets the topic that receives the state changes on the pub/sub configured with "outboxPublishPubsub". The message body will be a state transaction item for an insert or update operation

outboxPubsub (string)

For outbox. Sets the pub/sub component used by Dapr to coordinate the state and pub/sub transactions. If not set, the pub/sub component configured with "outboxPublishPubsub" is used. This is useful if you want to separate the pub/sub component used to send the notification state changes from the one used to coordinate the transaction

Default value: outboxPublishPubsub

queryExecMode

Controls the default mode for executing queries. By default Dapr uses the extended protocol and automatically prepares and caches prepared statements. However, this may be incompatible with proxies such as PGBouncer. In this case it may be preferrable to use exec or simple_protocol.

Example value: cache_describe

Allowed values:

  • cache_statement

  • cache_describe

  • describe_exec

  • exec

  • simple_protocol

tablePrefix (string)

Prefix for the tables where the data is stored. Can optionally have the schema name as prefix, such as public.

Example value: my_ (name prefix) or public. (schema name)

timeout (duration)

Timeout for all database operations.

Default value: 20s

Example value: 30s