Skip to content

feat(helm): Kubernetes Helm chart with backup automation#2

Open
dnplkndll wants to merge 7 commits into
mainfrom
feat/helm-chart
Open

feat(helm): Kubernetes Helm chart with backup automation#2
dnplkndll wants to merge 7 commits into
mainfrom
feat/helm-chart

Conversation

@dnplkndll
Copy link
Copy Markdown

@dnplkndll dnplkndll commented Mar 12, 2026

Summary

  • Helm chart for deploying Huly to Kubernetes (all services: front, account, transactor, workspace, collaborator, rekoni, stats, fulltext, CockroachDB, Elastic, MongoDB, Redpanda, MinIO/S3)
  • Optional AI bot + MongoDB services (aibot.enabled)
  • Automated nightly backup CronJobs for CockroachDB (native cockroach sql dump), MongoDB (mongodump), and S3 files (rclone sync)
  • Configurable Docker registry (hulyRegistry) to support GAR or other private registries
  • S3 credential rotation support (primary/secondary key pairs)
  • Mint-token CLI tool for generating workspace-scoped JWTs

Backup Architecture

  • CockroachDB: Schema DDL via SHOW CREATE ALL TABLES + per-table CSV data export, gzipped, uploaded to S3 with configurable retention
  • Files: S3-to-S3 rclone sync (mirrors primary storage bucket to backup bucket)
  • MongoDB: mongodump --archive --gzip uploaded to S3 (only when aibot enabled)
  • All jobs use rclone for S3 uploads with 30-day default retention

Test plan

  • helm template renders all templates without errors
  • CockroachDB backup CronJob produces valid 60KB dump (schema + data)
  • Files backup syncs 869MB/1498 files to S3
  • MongoDB backup produces valid dump
  • Full namespace teardown and redeploy succeeds
  • Huly UI loads and functions at huly.hz.ledoweb.com

🤖 Generated with Claude Code

@ArtyomSavchenko
Add upgrade section in readme (hcengineering#281)
b52caea 
Signed-off-by: Artem Savchenko <armisav@gmail.com>
@ArtyomSavchenko
Update notifications readme (hcengineering#282)
8e8dce9 
Signed-off-by: Artem Savchenko <armisav@gmail.com>
dnplkndll and others added 2 commits March 21, 2026 00:14
@dnplkndll @claude
feat: add Helm chart for Kubernetes deployment
254f772 
Comprehensive Helm chart for deploying Huly to Kubernetes:
- All core services (front, account, transactor, collaborator, etc.)
- Infrastructure (CockroachDB, Redpanda, Elasticsearch, MinIO)
- Optional AI bot with MongoDB
- Automated backup CronJobs to S3-compatible storage
- Configurable image registry and version pinning
- Auto-generated secrets with persistence across upgrades
- NGINX ingress with TLS via cert-manager
- CI workflow for lint, template validation, and OCI publish

Chart lives at helm/ (outside kube/) to avoid conflict with the
existing kubectl-based CI that recursively applies kube/*.yaml.

Signed-off-by: Daniel Kendall <dkendall@ledoweb.com>

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Don Kendall <kendall@donkendall.com>
@dnplkndll @claude
feat(helm): add optional GitHub integration service
7515b13 
Deploy pod-github for bidirectional sync of issues, PRs, and comments
between Huly and GitHub. Gated behind githubIntegration.enabled (false
by default).

Adds:
- templates/github/deployment.yaml + service.yaml
- GITHUB_URL to configmap and front deployment
- GitHub App credentials to shared secret
- /_github ingress backend
- README documentation for GitHub integration and AI bot

Signed-off-by: Daniel Kendall <dkendall@ledoweb.com>

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Don Kendall <kendall@donkendall.com>
dnplkndll added 3 commits May 15, 2026 07:22
@dnplkndll
feat(kvs): support full image override via kvs.image
bb14174 
The existing template only allowed overriding the tag via kvs.version.
Add support for a full image override via kvs.image (registry/repo:tag),
falling back to the composed default. Useful for pinning to a digest
or pointing at a different registry without touching hulyRegistry.
@dnplkndll
feat(kvs): wire S3 credentials so hulylake v0.7.423 can talk to S3
f095390 
From v0.7.423 onward the hulykvs image runs hulylake/0.1.18, which
moved blob storage from CockroachDB to an S3-compatible backend
via the AWS SDK. The SDK refuses to start without an explicit
region, so the pod crash-looped with 'A region must be set when
sending requests to S3'.

When storage.type=s3 the kvs deployment now receives:
  - AWS_REGION  (from storage.s3.region)
  - AWS_ENDPOINT_URL_S3  (storage.s3.endpoint, e.g. Hetzner)
  - AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY  (from huly-secret;
    new S3_ACCESS_KEY/S3_SECRET_KEY entries added to the secret)
  - HULY_S3_BUCKET  (kvs.s3.bucket, default 'hulylake' — must exist)

Existing storage.type=minio deployments are unaffected.
@dnplkndll
fix(kvs): pin HULY_BIND_PORT to 8094 to match service port
4d06ffe 
hulylake v0.7.423 defaults to 8096, but the chart's Service +
readiness/liveness probes are pinned to 8094. Setting HULY_BIND_PORT
keeps the old port stable through the hulykvs → hulylake migration
so callers don't need to be reconfigured.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dnplkndll @ArtyomSavchenko