Skip to main content

Configuration

Database Configuration

OCP uses a SQL-compatible database to store its internal state. By default, OCP runs with an in-memory SQLite3 database, which is ideal for development or testing. For production, you can configure it to use external databases such as PostgreSQL, MySQL, or Amazon RDS.

Supported Database Backends

OCP supports the following database drivers:

  • sqlite3 (in-memory or file-based)
  • postgres
  • mysql
  • aws_rds (PostgreSQL or MySQL)

Basic SQL Database Configuration

To configure OCP to use a standard SQL database, create a database.yaml file in your config.d directory and specify the driver and DSN (Data Source Name):

database:
  sql:
    driver: postgres
    dsn: postgres://user:password@db.example.com:5432/ocpdb?sslmode=disable

Replace:

  • driver with postgres, mysql, or sqlite3
  • dsn with your database connection string

Example: SQLite3 (file-based)

database:
  sql:
    driver: sqlite3
    dsn: /var/lib/ocp/ocp.db

Amazon RDS Configuration

OCP supports direct configuration for Amazon RDS with optional high-availability setups. It also currently supports the postgres, pgx, or mysql drivers for AWS RDS.

database:
  aws_rds:
    region: us-east-1
    endpoint: mydb.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com:5432
    driver: postgres
    database_user: ocpuser
    database_name: ocpdb
    credentials:
      name: rds-credentials
    root_certificates: /etc/ssl/certs/rds-combined-ca-bundle.pem

Key fields:

  • region: AWS region of the RDS instance
  • endpoint: Hostname and port for your RDS cluster or instance
  • driver: postgres, pgx or mysql
  • database_user: Database user for OCP
  • database_name: Database name for OCP
  • credentials: Reference to a secret containing the password or AWS credentials
  • root_certificates: Optional PEM-encoded root certificate bundle for TLS connections to RDS

High Availability with AWS RDS

To run OCP with a highly available RDS setup:

  1. Use Multi-AZ Deployment In the AWS Console or via Terraform/CloudFormation, enable Multi-AZ when creating your RDS instance or cluster. This provisions standby replicas in a different Availability Zone and enables automatic failover.
  2. Cluster Endpoints Use the RDS cluster endpoint rather than an instance-specific endpoint. This ensures that OCP always connects to the primary writer node, even after a failover. Example:
endpoint: mydb.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com:5432
  1. Read Replicas for Scaling If your OCP deployment requires read scaling, you can configure read replicas in RDS. This is generally not required for OCP itself, but can be useful for analytics or reporting workloads.
  2. TLS Encryption Download the latest Amazon RDS CA bundle from: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html Store it in your container or host, and reference it in root_certificates.
  3. Secrets Management Store the database password as well as AWS credentials in an OCP secret, such as:
secrets:
  rds-credentials:
    password: ${RDS_PASSWORD}

Additional References: