Skip to content

Kubernetes deployment artifacts: first-party Helm chart (or kustomize base) #344

Description

@hardbyte

Problem

The docs cover Docker images, rolling deploys, and managed-Postgres specifics (including the Cloud SQL / AlloyDB auth-proxy native-sidecar pattern as raw pod YAML), but there is no installable Kubernetes artifact. Every team currently hand-writes Deployments for workers and the UI, a migrations hook, and probes — and makes the same decisions (one DDL owner, runtime-only grants for workers, maintenance leadership is in-process so no separate ticker) that the docs already prescribe.

Proposal

A first-party Helm chart (or kustomize base — decide which) covering:

  • Worker Deployment — replicas, DATABASE_URL from secret, resource requests, graceful-shutdown terminationGracePeriodSeconds aligned with job deadlines, optional auth-proxy native sidecar (matching the documented Cloud SQL/AlloyDB pattern).
  • Migrations Job / hookawa migrate as the single DDL owner (pre-install/pre-upgrade hook), so workers run with runtime-only grants per docs/security.md.
  • UI Deployment + Serviceawa serve, --read-only toggle, sized small; ingress deliberately left to the operator (pairs with the admin-auth issue).
  • Probes — what liveness/readiness mean for a worker (DB reachability vs. runtime registration) needs a documented answer; if a health endpoint is missing for workers, that's a sub-task.
  • No external ticker — chart docs should state explicitly that maintenance/cron are leader-elected inside workers (ADR-007), since k8s users habitually reach for CronJobs.

Decisions needed: chart location (charts/ in-repo vs. separate repo), publish target (OCI registry / GH pages), chart-lint + kind-based smoke in CI, and whether the version tracks the app version.

Refs: ADR-007, ADR-028, docs/deployment.md, docs/deploying-on-managed-postgres.md, docs/security.md.

Metadata

Metadata

Assignees

No one assigned

    Labels

    docsDocumentation improvementsoperationalOperational tooling and configuration

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions