Reintroduce bundled database to the chart#365
Reintroduce bundled database to the chart#365nikolasmatt wants to merge 16 commits intoagentregistry-dev:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR reintroduces a bundled PostgreSQL instance into the agentregistry Helm chart (enabled by default) and reshapes chart values under database.postgres.*, updating Kind tooling, docs, and Helm unit tests accordingly.
Changes:
- Adds bundled PostgreSQL templates (+ separate DB Secret) and updates the main Deployment to wire DB config and a wait initContainer.
- Restructures Helm values to
database.postgres.*and updates helpers/validation/tests to match. - Updates Kind/Makefile workflows and documentation to reflect the bundled DB approach.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/kind/setup-kind.sh | Adjusts mktemp usage for Kind config temp file creation. |
| scripts/kind/README.md | Updates local Kind workflow/docs to reflect chart-bundled DB. |
| examples/postgres-pgvector.yaml | Removes standalone Postgres/pgvector manifest (now chart-bundled). |
| charts/agentregistry/values.yaml | Introduces database.postgres.* structure and bundled Postgres defaults. |
| charts/agentregistry/templates/postgresql.yaml | Adds PVC/Deployment/Service for bundled PostgreSQL. |
| charts/agentregistry/templates/postgresql-secret.yaml | Adds separate Secret for bundled DB password. |
| charts/agentregistry/templates/deployment.yaml | Wires DB env vars, adds initContainer, and adds checksum for DB Secret. |
| charts/agentregistry/templates/secrets.yaml | Simplifies JWT Secret creation logic (JWT-only). |
| charts/agentregistry/templates/_helpers.tpl | Removes old secret/db/resource helpers; adds bundled Postgres helpers and updates validation logic. |
| charts/agentregistry/templates/NOTES.txt | Adds bundled DB warning/note messaging in install notes. |
| charts/agentregistry/tests/postgresql_test.yaml | Adds Helm unit tests for bundled Postgres resources. |
| charts/agentregistry/tests/deployment_test.yaml | Updates deployment tests for new env var wiring and secrets. |
| charts/agentregistry/tests/secrets_test.yaml | Updates secret tests for JWT-only secret behavior. |
| charts/agentregistry/tests/validation_test.yaml | Updates validation tests for new DB/JWT value structure. |
| charts/agentregistry/README.md.gotmpl | Updates chart documentation for bundled DB + new values layout. |
| charts/agentregistry/Chart-template.yaml | Adds bundled Postgres image to Artifact Hub images list. |
| README.md | Updates install instructions to chart-bundled DB and new values layout. |
| Makefile | Removes standalone Postgres install target; updates Kind install flags/overrides. |
| DEVELOPMENT.md | Updates local dev docs to reflect new Kind + chart-bundled DB workflow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| data: | ||
| POSTGRES_PASSWORD: {{ "agentregistry" | b64enc | quote }} |
There was a problem hiding this comment.
The bundled PostgreSQL password is hardcoded to a known value (agentregistry). Even for dev/eval, this makes accidental exposure more likely and prevents users from rotating the credential. Consider generating a random password by default (and/or allowing a user-provided password / existing Secret override) while still keeping a simple path for local Kind development overrides.
There was a problem hiding this comment.
this is intentional for now
|
|
||
| // WithVector enables vector migrations (adds semantic_embedding columns) on the test database. | ||
| // Use for tests that exercise pgvector/embeddings functionality. | ||
| func WithVector() testDBOption { |
There was a problem hiding this comment.
nit: Typically the functions pattern would uses a function type vs. a struct:
type testDBOption func(*testDBConfig)
type testDBConfig struct {
vectorEnabled bool
}
func WithVector() testDBOption {
return func(cfg *testDBConfig) {
cfg.vectorEnabled = true
}
}
...
var cfg testDBConfig
for _, o := range opts { o(&cfg) }
charts/agentregistry/values.yaml
Outdated
| # -- Enable vector schema migrations and embeddings/semantic search (sets AGENT_REGISTRY_DATABASE_VECTOR_ENABLED and AGENT_REGISTRY_EMBEDDINGS_ENABLED). Requires a pgvector-capable PostgreSQL instance. | ||
| vectorEnabled: false |
There was a problem hiding this comment.
This field living under the postgres section is a bit confusing to me. It's effectively configuring fields that live on the server (vs. configuring the postgres instance) and tells it to run vector migrations on startup + enable semantic search functionality. WYDT?
There was a problem hiding this comment.
I think we can also remove the AGENT_* envvar references here. Leaks implementation details.
There was a problem hiding this comment.
This field living under the postgres section is a bit confusing to me. It's effectively configuring fields that live on the server (vs. configuring the postgres instance) and tells it to run vector migrations on startup + enable semantic search functionality. WYDT?
the url field doesn't configure the database either, it configures the registry. The discussion we had offline was to think about this as informational on what the DB is capable and then turn the features that depend on the capability on or off accordingly instead of controlling individual features.
I think we can also remove the AGENT_* envvar references here. Leaks implementation details.
👍
| # -- Bundled PostgreSQL image pull policy | ||
| pullPolicy: IfNotPresent | ||
| # -- DB name, user, and password are hardcoded ("agentregistry") for the bundled instance. | ||
| # -- PersistentVolumeClaim size for the bundled PostgreSQL data directory |
There was a problem hiding this comment.
Do we need to expose the ability toggle the class name too? Right now it uses the default class in the cluster, which is probably sufficient for now.
There was a problem hiding this comment.
I would push that to a future improvement. We need to figure out how configurable this bundled DB needs to be. For now less is better.
scripts/kind/README.md
Outdated
| ## Database Details | ||
|
|
||
| The local PostgreSQL instance is configured as follows: | ||
| PostgreSQL/pgvector is bundled in the Helm chart and deployed automatically. The default configuration is: |
There was a problem hiding this comment.
PostgreSQL/pgvector is bundled in the Helm chart and deployed automatically
Accurate in the context of this scripts' README, but a bit misleading for the default values.yaml?
README.md
Outdated
| --set config.jwtPrivateKey=$(openssl rand -hex 32) | ||
| ``` | ||
|
|
||
| > **Semantic search** requires a vector-enabled PostgreSQL instance. Add `--set database.postgres.vectorEnabled=true` when your database has vector support. The bundled database does not include vector support — semantic search will not be available when using it. |
There was a problem hiding this comment.
This is buried within the Kubernetes section, but this commentary is also applicable to the registry hosted in docker flow as well.
There was a problem hiding this comment.
Should we align the chart & internal/daemon/docker-compose.yml defaults here then?
| existingSecret: "" | ||
| # -- External database SSL mode (require, verify-ca, verify-full, disable). Defaults to require for encrypted connections. | ||
| sslMode: "require" | ||
| postgres: |
There was a problem hiding this comment.
I'd still advocate for a mode-based pattern here:
database:
mode: bundled
external: { ... }
bundled: { ... }Fine for now; this was already discussed offline.
Resolves #358
Description
Reintroduces a bundled PostgreSQL instance to the Helm chart and restructures the
databasevalues key to align with kagent PR #1527.What changed:
postgres:18is deployed alongside Agent Registry whendatabase.postgres.bundled.enabled=true(the default). Intended for development and evaluation only; a warning is shown in NOTES.txt.databasevalues — replaced the olddatabase.bundled.*/database.external.*split with a flatdatabase.postgres.*structure:database.postgres.url/database.postgres.urlFile— external connection string (urlFile takes precedence)database.postgres.bundled.*— bundled instance config (image, storage, resources)database.postgres.vectorEnabled— enablesAGENT_REGISTRY_EMBEDDINGS_ENABLEDandAGENT_REGISTRY_DATABASE_VECTOR_ENABLEDon the app podpostgres:18(official, plain). Users who want semantic search can opt in viadatabase.postgres.vectorEnabled=truewith their own pgvector-capable PostgreSQL instance.DatabaseVectorEnabled=true.AGENT_REGISTRY_DATABASE_URL_FILEenv var /database.postgres.urlFilevalue reads the database URL from a file at startup.{release}-postgresqlSecret, decoupled from the JWT key Secret.wait-for-postgresinit container is skipped whenurlorurlFileis set, even ifbundled.enabled=true.agentregistry.secretName,agentregistry.passwordSecretName, andagentregistry.databaseUrl; logic inlined into templates. Removedglobal.existingSecret.README.md,DEVELOPMENT.md, chartREADME.md.gotmpl, andNOTES.txtupdated for accuracy.postgresql_test.yamlsuite;deployment_test.yaml,secrets_test.yaml, andvalidation_test.yamlupdated for the new values structure.Change Type
/kind feature
/kind install
Changelog