Skip to main content

Deployment

info

To get started with the Antimatter database proxy, you will need the following: -A valid Antimatter domain and API key. -A write-context (e.g., default). -A read-context (e.g., default). -Connection details for the database you wish to use with the Antimatter encryption proxy.*

We also recommend creating a subordinate peer domain using the peer-domain API endpoint at this stage. This will be useful for later cryptographic operations.

* Alternatively, if you're working in a development environment, we offer a Docker container here, which includes an example dataset for you to experiment with.

Configuration File

To simplify configuration across various deployment platforms, the Antimatter database proxy supports setup via a configuration file. Before deploying the proxy, you'll need to generate this file with your specific configuration details.

cat > /tmp/antimatter/intercept.yaml <<EOF
encryption-parameters:
  domain-id: <Antimatter domain ID>
  api-key: <Antimatter domain ID's API key>
  write-context: <valid write-context name>
  read-context: <valid read-context name>
  api-url: "https://api.antimatter.io"
proxy:
  credentials:
    address: "proxy"
    port: "5432"
    username: "root"
    password: "password"
upstream:
  credentials:
    address: <upstream database's address>
    port: <upstream database's port>
    username: <upstream database's username>
    password: <upstream database's password>
  databases:
    - <database to proxy name 1>
    - <database to proxy name 2>
    - <database to proxy name 3>
    - ...
EOF

Kubernetes manifest

Kubernetes is a platform for automating the deployment, scaling, and management of containerized applications. Below is a basic Kubernetes manifest for deploying a pod that runs the Antimatter database proxy intercept and engine. This manifest uses the default path values outlined in the Configuration File section above and can be applied directly to your cluster.

info

Please note that images maintained by Antimatter are subject to update.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: db-proxy-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: db-proxy-app
  template:
    metadata:
      labels:
        app: db-proxy-app
    spec:
      containers:
      - name: db-proxy-intercept
        image: antimatterio/db-proxy-intercept:latest
        env:
        - name: ANTIMATTER_INTERCEPT_CONFIG
          value: "/tmp/antimatter/intercept.yaml"
        - name: PRODUCTION_MODE
          value: "true"
        ports:
        - containerPort: 54322
        volumeMounts:
        - name: antimatter-config
          mountPath: /tmp/antimatter
      - name: db-proxy-engine
        image: antimatterio/db-proxy-engine:latest
        env:
        - name: POSTGRES_USER
          value: root
        - name: POSTGRES_PASSWORD
          value: password
        - name: POSTGRES_DB
          value: postgres
        ports:
        - containerPort: 5432
        volumeMounts:
        - name: db-proxy-engine-data
          mountPath: /var/lib/postgresql/data
      volumes:
      - name: antimatter-config
        hostPath:
          path: /tmp/antimatter
      - name: db-proxy-engine-data
        persistentVolumeClaim:
          claimName: db-proxy-engine-data-pvc

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: db-proxy-engine-data-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi

---

apiVersion: v1
kind: Service
metadata:
  name: db-proxy-service
spec:
  type: NodePort
  ports:
  - name: db-proxy-intercept-port
    port: 5432
    targetPort: 54322
    nodePort: 32432
  - name: db-proxy-engine-port
    port: 54322
    targetPort: 5432
    nodePort: 30433
  selector:
    app: db-proxy-app

Docker compose

Below is a minimal Docker Compose file to start the Antimatter database proxy using Docker containers. It utilizes the default path values specified in the Configuration File section above and can be applied directly.

info

Please note that images maintained by Antimatter are subject to update.

version: '3.8'

services:
  intercept:
    image: antimatterio/db-proxy-intercept:latest
    container_name: db-proxy-intercept
    profiles: ["full", "no-infra"]
    environment:
      ANTIMATTER_INTERCEPT_CONFIG: "/tmp/antimatter/intercept.yaml"
      PRODUCTION_MODE: true
    depends_on:
      proxy:
        condition: service_healthy
    ports:
      - "5432:54322"
    volumes:
      - /tmp/antimatter:/tmp/antimatter
    extra_hosts:
      - "host.docker.internal:host-gateway"

  engine:
    image: antimatterio/db-proxy-engine:latest
    container_name: db-proxy-engine
    profiles: ["full", "no-infra"]
    ports:
      - "8433:5432"
    environment:
      POSTGRES_USER: root
      POSTGRES_PASSWORD: password
      POSTGRES_DB: postgres
    volumes:
      - proxy_data:/var/lib/postgresql/data
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U root -h 127.0.0.1 -p 5432" ]
      interval: 3s
      timeout: 1s
      retries: 10

volumes:
  proxy_data: