Connecting Applications to Lakebase: Databricks Apps and External Apps
Who this is for:
Architecture / Concept Overview: Connecting Applications to Lakebase: Databricks Apps and External Apps
Applications connect to Lakebase through two primary paths: Databricks Apps use internal networking with automatic credential injection, while external apps connect over the public or private endpoint with explicit credential management.
%%{init: {"theme":"base","themeVariables":{"background":"#0B0E14","primaryTextColor":"#E0E6ED","lineColor":"#5D6470","darkMode":true,"primaryColor":"#2E4A4A","secondaryColor":"#374151","secondaryTextColor":"#E0E6ED","tertiaryColor":"#111827","tertiaryTextColor":"#E0E6ED","edgeLabelBackground":"#1f2937"}}}%%
flowchart LR
classDef source fill:#3F4B59,stroke:#9CA3AF,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef ingestion fill:#5A4B36,stroke:#C9A86B,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef processing fill:#535072,stroke:#8E82B4,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef storage fill:#2E4A4A,stroke:#5FAFA8,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef serving fill:#3D5550,stroke:#6BB7AA,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef governance fill:#5A3F52,stroke:#C28BB0,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
A[Databricks App] -->|Internal Network| C[Lakebase Engine]
B[External App] -->|TLS / Private Link| C
C -->|Read/Write| D[Lakebase Storage]
C -->|Sync| E[Delta Lake / Unity Catalog]
A -->|Auto Credentials| F[Databricks IAM]
B -->|PAT / OAuth| F
A:::serving
B:::source
C:::processing
D:::storage
E:::storage
F:::governance
*Databricks Apps connect via internal networking with automatic credentials, while external apps use TLS endpoints with explicit tokens.*
%%{init: {"theme":"base","themeVariables":{"background":"#0B0E14","primaryTextColor":"#E0E6ED","lineColor":"#5D6470","darkMode":true,"primaryColor":"#2E4A4A","secondaryColor":"#374151","secondaryTextColor":"#E0E6ED","tertiaryColor":"#111827","tertiaryTextColor":"#E0E6ED","edgeLabelBackground":"#1f2937"}}}%%
graph TD
classDef source fill:#3F4B59,stroke:#9CA3AF,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef ingestion fill:#5A4B36,stroke:#C9A86B,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef processing fill:#535072,stroke:#8E82B4,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef storage fill:#2E4A4A,stroke:#5FAFA8,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef serving fill:#3D5550,stroke:#6BB7AA,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
classDef governance fill:#5A3F52,stroke:#C28BB0,stroke-width:2px,rx:8,ry:8,color:#E0E6ED
A[Application Types] --> B[Databricks Apps]
A --> C[External Apps]
B --> D[Streamlit / Gradio / Flask]
B --> E[Managed hosting & auth]
C --> F[Any framework / language]
C --> G[Self-managed infrastructure]
D --> H[Lakebase via Internal Endpoint]
F --> I[Lakebase via Public/Private Endpoint]
A:::processing
B:::serving
C:::source
D:::serving
E:::governance
F:::source
G:::source
H:::storage
I:::storage
*Databricks Apps provide managed hosting with built-in auth, while external apps offer flexibility with self-managed infrastructure.*
Key Terms
Prerequisites and Setup
- A Lakebase project with a database ready for application connections
- For Databricks Apps: a Databricks workspace with Apps enabled
- For external apps: network connectivity to the Lakebase endpoint (public or Private Link)
- A service principal with appropriate Lakebase permissions for production use
Step-by-Step Implementation
Configuration Reference
| Parameter | Databricks Apps | External Apps |
|---|---|---|
| Host | Auto-injected via LAKEBASE_HOST | From connection info panel |
| Port | Auto-injected | 5432 |
| Authentication | Auto-injected service identity | Service principal credentials |
| SSL | Enforced automatically | sslmode=require |
| Networking | Internal (private) | Public endpoint or Private Link |
| Connection pool | App-managed | App-managed (recommend pool) |
| Credential rotation | Managed by platform | Manual or via vault integration |