feat(deploy): add Helm chart for Kubernetes deployments#323
Open
melihsunbul wants to merge 1 commit into
Open
Conversation
Adds a self-contained Helm chart at deploy/kubernetes/quackback mirroring
docker-compose.prod.yml's bundled Postgres + Dragonfly + MinIO stack for
cluster deployments, plus a few things Kubernetes needs that the compose
file doesn't:
- A pre-install/pre-upgrade migration hook Job, following the pattern
apps/web/Dockerfile already documents ("K8s deployments should set
SKIP_MIGRATIONS=true and run migrations from a pre-upgrade Helm hook Job
instead"). The app sets SKIP_MIGRATIONS=true automatically once this is
enabled (the default).
- An optional CronJob driving the SLA-tick endpoint, for operators who
aren't running pg_cron — the alternative deploy/self-hosted/README.md
already recommends ("Kubernetes CronJob").
- Stable auto-generated passwords for the bundled Postgres/MinIO across
helm upgrade (read back via lookup instead of re-rolled every render).
- Generic defaults (ghcr.io image, no hardcoded StorageClass/registry),
imagePullSecrets, pod/container securityContext matching the image's
non-root user, optional HPA/PodDisruptionBudget, and an extraEnv/
extraEnvFrom escape hatch for the integrations this chart doesn't wire
up individually.
Links the chart from deploy/README.md and the root README's Self-Hosted
section.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a Helm chart at
deploy/kubernetes/quackbackfor deploying Quackback on Kubernetes, alongside the existing Docker/Docker Compose self-hosting path. Closes #322.Changes
templates/migration-job.yaml): runsbun /app/migrate.mjsas apre-install,pre-upgradeHelm hook, implementing the patternapps/web/Dockerfilealready documents but has no chart for. The app Deployment setsSKIP_MIGRATIONS=trueautomatically whenevermigrations.enabled(defaulttrue).docker-compose.prod.yml— each with anenabledflag and anexternal*Urlescape hatch for managed services.lookup) instead of re-rolled on every render, so they don't desync from what's already on the PVC.templates/sla-tick-cronjob.yaml, opt-in): hitsPOST /api/v1/internal/sla-tick, matching the Kubernetes CronJob alternativedeploy/self-hosted/README.mdalready recommends for operators not runningpg_cron.ghcr.io/quackbackio/quackbackimage, no hardcoded StorageClass (empty string = cluster default),imagePullSecrets, pod/containersecurityContextmatching the Dockerfile's non-rootquackbackuser (uid/gid 1001).ingress.className: nginx(the default) — other controllers (Traefik, Caddy — both already documented as supported reverse proxies) get justingress.annotationsverbatim.app.autoscaling) and PodDisruptionBudget (app.podDisruptionBudget), both off by default.app.extraEnv/app.extraEnvFrom: escape hatch for the many optional integration env vars (Slack, Linear, Discord, etc.) and AI model overrides this chart doesn't wire up individually — see.env.prod.examplefor the full list.deploy/kubernetes/quackback/README.md(quick start, config reference, migrations, ingress, scheduled jobs, upgrade/uninstall), plus links fromdeploy/README.mdand the rootREADME.md.Testing
helm lint— passes with no warnings.helm template— verified rendering for both the bundled-datastore (default) and fully-external-datastore paths, plusapp.autoscaling.enabled,app.podDisruptionBudget.enabled,slaTickCronJob.enabled, and non-nginxingress.className. ConfirmedSKIP_MIGRATIONSand the migration Job both disappear together undermigrations.enabled=false, and that bundled-only env vars (DB_PASSWORD,S3_SECRET_ACCESS_KEY) don't leak into the external-datastore path.Out of scope (follow-ups)
values.schema.jsonforhelm install --validate-time type checking.pg_cronor a DB-capable job image.Note on sequencing
This is independent of the ticketing/CRM/RBAC stack in #283 (touches only
deploy/, no overlap), and I don't want it competing for review bandwidth with that stack — happy for this to wait until #283's PRs have landed.