eclipse-che · tolusha · Jul 30, 2020 · Jul 28, 2020 · Jul 29, 2020
diff --git a/src/main/pages/che-7/administration-guide/con_external-database-setup.adoc b/src/main/pages/che-7/administration-guide/con_external-database-setup.adoc
@@ -29,8 +29,6 @@ For a business-critical setup, configure an external database with the following
 * High Availability (HA)
 * Point In Time Recovery (PITR)
 
-When using an external PostgreSQL database, it is also necessary to use an external {identity-provider}.
-
 Configure an external PostgreSQL instance on-premises or use a cloud service, such as Amazon Relational Database Service (Amazon RDS). With Amazon RDS, it is possible to deploy production databases in a Multi-Availability Zone configuration for a resilient disaster recovery strategy with daily and on-demand snapshots.
 
 The recommended configuration of the example database is:
@@ -47,7 +45,9 @@ The recommended configuration of the example database is:
 |Automated backups | enabled (30 days)
 |===
 
-To make the Operator skip deploying a database and pass connection details of an existing database to a {prod-short} server using `chePostgresHostName`, `chePostgresPort`, `chePostgresUser`, `chePostgresPassword`, `chePostgresDb` parameters, specify the `externalDb: true` property in the {prod-short} Custom Resource.
+include::proc_configuring-external-PostgreSQL.adoc[leveloffset=+1]
+
+include::proc_configuring-che-to-work-with-external-PostgreSQL.adoc[leveloffset=+1]
 
 .Additional resources
 

diff --git a/...administration-guide/proc_configuring-che-to-work-with-external-PostgreSQL.adoc b/...administration-guide/proc_configuring-che-to-work-with-external-PostgreSQL.adoc
@@ -0,0 +1,65 @@
+// deploying-the-registries
+
+[id="configuring-che-to-work-with-external-PostgreSQL_{context}"]
+= Configuring {prod-short} to work with an external PostgreSQL
+
+.Prerequisites
+
+* The `{orch-cli}` tool is available.
+
+.Procedure
+
+. Pre-create a {orch-namespace} for {prod-short}:
++
+[subs="+quotes,attributes"]
+----
+$ {orch-cli} create namespace {prod-namespace}
+----
+
+. Create a secret to store {prod-short} server database credentials:
++
+[subs="+quotes,attributes"]
+----
+$ {orch-cli} create secret generic <server-database-credentials> \ <1>
+--from-literal=user=<database-user> \                            <2>
+--from-literal=password=<database-password> \                    <3>
+-n {prod-namespace}
+----
+<1> Secret name to store {prod-short} server database credentials
+<2> {prod-short} server database username
+<3> {prod-short} server database password
+
+. Create a secret to store {identity-provider} database credentials:
++
+[subs="+quotes,attributes"]
+----
+$ {orch-cli} create secret generic <identity-database-credentials> \ <1>
+--from-literal=user=<identity-database-user> \                     <2>
+--from-literal=password=<identity-database-password> \             <3>
+-n {prod-namespace}
+----
+<1> Secret name to store {identity-provider} database credentials
+<2> {identity-provider} database username
+<3> {identity-provider} database password
+
+. To make the Operator skip deploying a database and pass connection details of an existing database to a {prod-short} server set the following values in the Custom Resource:
++
+[subs="+quotes,+attributes"]
+----
+spec:
+  database:
+    externalDb: true
+    chePostgresHostName: <hostname>                     <1>
+    chePostgresPort: <port>                             <2>
+    chePostgresSecret: <server-database-credentials>    <3>
+    chePostgresDb: <database>                           <4>
+spec:
+  auth:
+    identityProviderPostgresSecret: <identity-database-credentials> <5>
+----
+<1> External database hostname
+<2> External database port
+<3> Secret name with {prod-short} server database credentials
+<4> {prod-short} server database username
+<5> Secret name with {identity-provider} database credentials
+
diff --git a/...main/pages/che-7/administration-guide/proc_configuring-external-PostgreSQL.adoc b/...main/pages/che-7/administration-guide/proc_configuring-external-PostgreSQL.adoc
@@ -0,0 +1,31 @@
+// deploying-the-registries
+
+[id="configuring-external-PostgreSQL_{context}"]
+= Configuring external PostgreSQL
+
+.Procedure
+
+. Use the following SQL script to create user and database for the {prod-short} server to persist workspaces metadata etc:
++
+[subs="+quotes,+attributes"]
+----
+CREATE USER <database-user> WITH PASSWORD '<database-password>' <1> <2>
+CREATE DATABASE <database>                                      <3>
+GRANT ALL PRIVILEGES ON DATABASE <database> TO <database-user>
+ALTER USER <database-user> WITH SUPERUSER
+----
+<1> {prod-short} server database username
+<2> {prod-short} server database password
+<3> {prod-short} server database name
+
+. Use the following SQL script to create database for {identity-provider} back end to persist user information:
++
+[subs="+quotes,+attributes"]
+----
+CREATE USER <identity-database-user> WITH PASSWORD '<identity-database-password>' <1> <2>
+CREATE DATABASE <identity-database>                                               <3>
+GRANT ALL PRIVILEGES ON DATABASE <identity-database> TO <identity-database-user>
+----
+<1> {identity-provider} database username
+<2> {identity-provider} database password
+<3> {identity-provider} database name