User request
Move DBs currently deployed as raw Kubernetes resources to be managed by ArgoCD using a new Helm chart.
Decisions (dev environment)
- Org/repo: create agynio/postgres-helm and publish chart to ghcr.io/agynio/charts/postgres-helm
- Secrets handling: simplest option for dev — chart will create a Secret from values; passwords supplied via Terraform variables passed to Helm values
- ArgoCD values: use inline values in the ArgoCD Application (no multi-source); managed via Terraform in this repo
- Deploy two Applications, one per DB: platform-db and litellm-db
Specification (from research)
New repo and chart
- Repo: agynio/postgres-helm
- Chart: charts/postgres-helm (type: application)
- Reuse base library chart helpers from service-base (dependency from oci://ghcr.io/agynio/charts)
- Implement Postgres-specific templates: StatefulSet, Service, optional Secret (when not using existingSecret), PVC via volumeClaimTemplates
- Surface values to match current behavior: image (postgres:16.6-alpine), postgres.database, postgres.username, postgres.password or auth.existingSecret, postgres.pgdata, service.port, probes (pg_isready with DB/user), persistence (size, accessModes, storageClassName, mountPath, volumeClaimTemplate name), terminationGracePeriodSeconds, resource/tolerations/affinity, labels/annotations
- Provide values.schema.json enforcing that either auth.existingSecret or postgres.password is provided
CI to GHCR
- Workflow triggered on tag push v*..
- Steps: helm setup, ghcr login (GITHUB_TOKEN), helm dependency build, helm lint, helm package with version/appVersion, helm push to oci://ghcr.io/agynio/charts
- Permissions: contents: read, packages: write
Current DBs to replicate
- platform-db: Service (5432) + StatefulSet (replicas:1) with PVC; env: POSTGRES_DB=agents, POSTGRES_USER=agents, POSTGRES_PASSWORD from Terraform var, PGDATA=/var/lib/postgresql/data/pgdata; probes: pg_isready with -U agents -d agents; PVC name: data; accessModes: RWO; storage size from var
- litellm-db: same pattern; DB/USER=litellm; password from Terraform var
ArgoCD integration in bootstrap_v2
- Replace Terraform-managed kubernetes_service_v1 and kubernetes_stateful_set_v1 for both DBs with argocd_application resources pointing to the OCI chart (targetRevision: chart version)
- Use inline Helm values in Application spec (embedded values YAML), populated from Terraform variables for passwords and PVC sizes
- Keep names consistent to preserve PVCs: fullnameOverride: platform-db / litellm-db; volumeClaimTemplate name: data; mountPath: /var/lib/postgresql/data; PGDATA path unchanged
- Sync options: automated prune/selfHeal as per repo conventions
Example inline values (per DB)
fullnameOverride: platform-db
image:
repository: postgres
tag: 16.6-alpine
postgres:
database: agents
username: agents
pgdata: /var/lib/postgresql/data/pgdata
password: ${var.platform_db_password}
probes:
readiness:
execCommand: ["pg_isready", "-U", "agents", "-d", "agents"]
initialDelaySeconds: 5
periodSeconds: 10
liveness:
execCommand: ["pg_isready", "-U", "agents", "-d", "agents"]
initialDelaySeconds: 30
periodSeconds: 20
persistence:
size: ${var.platform_db_pvc_size}
accessModes: ["ReadWriteOnce"]
volumeClaimTemplateName: data
mountPath: /var/lib/postgresql/dataMigration plan
- Introduce ArgoCD Applications for both DBs using the new chart and inline values
- Verify ArgoCD sync/health
- Remove Terraform-managed DB resources and apply
- Ensure StatefulSet names, selectors, and PVC template names match to avoid PVC recreation
Acceptance criteria
- New repo agynio/postgres-helm contains a working chart and CI; chart released to GHCR
- bootstrap_v2 uses ArgoCD Applications (two) to deploy DBs via the new chart
- Raw K8s DB resources removed from Terraform
- Names/PVCs preserved; DB pods healthy; CI green on both repos
Tasks
User request
Move DBs currently deployed as raw Kubernetes resources to be managed by ArgoCD using a new Helm chart.
Decisions (dev environment)
Specification (from research)
New repo and chart
CI to GHCR
Current DBs to replicate
ArgoCD integration in bootstrap_v2
Example inline values (per DB)
Migration plan
Acceptance criteria
Tasks