diff --git a/docs/logto-oss/deployment-and-configuration.mdx b/docs/logto-oss/deployment-and-configuration.mdx index 2e80bda4e38..aa47591acec 100644 --- a/docs/logto-oss/deployment-and-configuration.mdx +++ b/docs/logto-oss/deployment-and-configuration.mdx @@ -93,6 +93,47 @@ You are all set. Open the browser and visit `https://admin.your-domain.com`, you For production, you may use Docker to containerize Logto. You can find the Dockerfile in the root directory of the project. If you want to run multiple instances of Logto, for instance, deploy Logto in a Kubernetes cluster, There are some additional steps you need to take. +### Database setup \{#database-setup} + +It is recommended to create a PostgreSQL db and user with create, update permissions. For example, + +```sql + create database logto; + create user logto_admin with password CREATEROLE; + GRANT CONNECT ON DATABASE logto to logto_admin; + GRANT ALL PRIVILEGES ON DATABASE logto to logto_admin; + \c logto; + GRANT ALL ON SCHEMA public TO logto_admin; +``` + +You could then use a one-off batch job to then create the required [schemas](https://github.com/logto-io/logto/tree/master/packages/schemas), + +```yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: dbSetup +spec: + template: + spec: + containers: + - name: dbSetup + image: svhd/logto:latest + imagePullPolicy: Always + env: + - name: DB_URL + value: postgresql://logto_admin:password@localhost:5432/logto + command: + - /bin/sh + args: + - '-c' + - 'npx @logto/cli db seed --db-url $DB_URL' + restartPolicy: Never +``` + +Remember to specify the exact docker version instead of relying on `latest`. +You could use another postgres account with limited permissions for the actual application launch but setup and alteration require more privileges. + ### Shared connectors folder \{#shared-connectors-folder} By default, Logto will create a `connectors` folder in the root directory of the `core` folder. We recommend sharing the folder between multiple instances of Logto, you need to mount the `packages/core/connectors` folder to the container and run `npm run cli connector add -- --official` to deploy the connectors.