Here's an example of what the accessory for Postgres could look like. It would rely on you updating the .kamal/secrets to also pass the POSTGRES_PASSWORD for the initial setup. Also, you would want to take care because in this situation, you're exposing port 5432 to the world as well. This shouldn't be an issue if you have a firewall, but you still want to take precautions. You could do something like
127.0.0.1:5432:5432
to expose it only on the localhost, but could have issues if you ever outgrow a single server setup.
Running kamal setup will install docker for you automatically as it does detect if it doesn't exist. In the episode example of the DO Droplet, I didn't do any pre-setup or hardening. Kamal installed docker and everything it needed.
> Also, you would want to take care because in this situation, you're exposing port 5432 to the world as well. > [...] You could do something like 127.0.0.1:5432:5432
Yeah with Kamal 2 you can avoid exposing the port to the world by setting the postgres accessory `port` to `127.0.0.1:5432:5432` instead of `5432:5432`, and in the `database.yml` or env var config making sure the host is `servicename-accessoryname` instead of an IP, e.g. `app1-postgres`, so the Rails app can connect to the database via Kamal 2's internal docker local network.
This is explained in the the Kamal 2 presentation video at 14:26: https://youtu.be/QC4b2teG_hc?feature=shared&t=866. It is not yet well known as this tip was documented in deploy.yml only last week in the Rails main branch, but if you run `rails new --main` you will see those deploy.yml comments about the local network.
But as David said, that will only work for single server setups.
when I try the kamal setup it was complaining about credentials as I was expect they will load via .env, but failled after I use kamal secrets print, I realize that I ahve no values, so I had to run export KEY from my terminal as kamal will read from there.
In Kamal 2, the secrets were moved from .env to .kamal/secrets. Be careful as this file is included in your version control by default (not added to .gitignore).
David Kimura abs. :) they will not be added. For me is not clear now where to load my ENV. I could just use rails credentials, but happens with all people like me, that Are using .env?
Great video. Could you demo a deploy with postgresql on the same server?
to expose it only on the localhost, but could have issues if you ever outgrow a single server setup.
# config/deploy.yml accessories: postgres: image: postgres:17 port: 5432:5432 host: IP_OF_THE_SERVER env: clear: POSTGRES_USER: APPLICATION_NAME POSTGRES_DB: APPLICATION_NAME_production secret: - POSTGRES_PASSWORD directories: - data:/var/lib/postgresql/data> [...] You could do something like 127.0.0.1:5432:5432
Yeah with Kamal 2 you can avoid exposing the port to the world by setting the postgres accessory `port` to `127.0.0.1:5432:5432` instead of `5432:5432`, and in the `database.yml` or env var config making sure the host is `servicename-accessoryname` instead of an IP, e.g. `app1-postgres`, so the Rails app can connect to the database via Kamal 2's internal docker local network.
This is explained in the the Kamal 2 presentation video at 14:26: https://youtu.be/QC4b2teG_hc?feature=shared&t=866. It is not yet well known as this tip was documented in deploy.yml only last week in the Rails main branch, but if you run `rails new --main` you will see those deploy.yml comments about the local network.
But as David said, that will only work for single server setups.
after I use kamal secrets print, I realize that I ahve no values, so I had to run export KEY from my terminal as kamal will read from there.
any better ideas here?