Skip to content

docs: add Metabase add-on networking page #382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mintlify wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: add Metabase add-on networking page #382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 67 additions & 0 deletions addons/metabase.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
---
title: "Metabase"
sidebarTitle: "Metabase"
description: "Deploy Metabase on your Porter cluster and choose whether the dashboard is reachable from the public internet or only from peered networks"
---

[Metabase](https://www.metabase.com/) is an open source business intelligence tool. Install it as an add-on to query your Porter-managed datastores and share dashboards with your team.

## Prerequisites

Before installing the Metabase add-on, make sure you have:

- A running Porter cluster.
- A Postgres datastore (or other supported database) for Metabase's application data. You'll provide its host, port, database name, username, and password during setup.
- A custom domain you control if you plan to expose Metabase through the cluster's private load balancer.

## Install the add-on

1. From the Porter dashboard, open the **Add-ons** tab and click **New add-on**.
2. Select **Metabase** under the Analytics category.
3. Provide the cluster and connection details for the datastore that will back Metabase.
4. Configure how Metabase is reached on the network (see [Networking](#networking)).
5. Click **Deploy**.

Porter installs Metabase into the cluster and wires it up to the datastore you provided.

## Networking

The **External networking** control on the Metabase form decides how traffic reaches the dashboard. The available options depend on whether the cluster has a private load balancer provisioned.

### Clusters without a private load balancer

If the cluster only has the default public load balancer, you'll see a single toggle:

| Setting | Description |
|---------|-------------|
| **Expose to external traffic** | When on, Metabase is fronted by the cluster's public load balancer and is reachable from the public internet. When off, the dashboard stays cluster-internal and is only reachable via `kubectl port-forward` or another in-cluster client. |
| **Add a custom domain** | Optional. Attach your own domain instead of the Porter-provisioned `*.onporter.run` hostname. |

### Clusters with a private load balancer

If the cluster has a [private load balancer](/cloud-accounts/advanced-cluster-settings#private-load-balancer) provisioned, the toggle is replaced by a three-way choice:

| Option | When to use it |
|--------|----------------|
| **None** | Keep Metabase cluster-internal. No ingress is created. |
| **Public LB** | Front Metabase with the cluster's public load balancer. Reachable from the public internet. A custom domain is optional — Porter provisions a `*.onporter.run` hostname when one isn't supplied. |
| **Private LB** | Front Metabase with the cluster's internal load balancer. Reachable only from networks peered to your VPC (PrivateLink, VPC peering, transit gateway, Tailscale, etc.). |

<Info>
Selecting **Private LB** requires a custom domain — Porter does not provision a public `*.onporter.run` hostname for a privately-exposed add-on. The form will keep the custom-domain input visible and require a value.
</Info>

### Custom domain DNS

When you attach a custom domain, create a DNS record pointing it at the load balancer that fronts the ingress:

- **Public LB** — point the record at the cluster's public ingress IP or hostname.
- **Private LB** — point the record at the private load balancer's DNS name (shown in the form once **Private LB** is selected).

The cluster must also have a DNS provider configured so Porter can issue and renew the TLS certificate. See [advanced cluster settings](/cloud-accounts/advanced-cluster-settings#private-load-balancer) for the supported providers.

## Choosing between public and private

Use the **Private LB** option when you want Metabase to stay off the public internet — for example, when dashboards expose internal financial or customer data and access should be gated by your existing network controls (VPN, PrivateLink, transit gateway) instead of by Metabase's own auth.

Use **Public LB** when you want the dashboard to be reachable from anywhere and rely on Metabase's authentication, SSO, and IP allowlist features to control access.
2 changes: 1 addition & 1 deletion addons/overview.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ Add-ons extend your Porter cluster with additional infrastructure components lik

| Add-on | Description |
|--------|-------------|
| **Metabase** | An open source business intelligence tool |
| **Metabase** | An open source business intelligence tool ([learn more →](/addons/metabase)) |
| **Quivr** | Your second brain, empowered by generative AI |
| **n8n** | An open source workflow engine |

Expand Down
1 change: 1 addition & 0 deletions mint.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,7 @@
"pages": [
"addons/overview",
"addons/datastores",
"addons/metabase",
"addons/custom-helm-charts",
"addons/third-party-observability",
"addons/storage"
Expand Down