Stage 05: Infrastructure Deployment
Stage 05 deploys the core infrastructure services (databases, caches, message brokers) into Kubernetes. It is split into two sub-stages for independent control plane and data plane infrastructure.
Source files: scripts/stages/05a-control-plane-infrastructure.sh, scripts/stages/05b-data-plane-infrastructure.sh
Sub-Stages
05a: Control Plane Infrastructure
Deploys into matih-control-plane and matih-system namespaces:
| Component | Chart | Purpose |
|---|---|---|
| PostgreSQL (CP) | Bitnami postgresql | Control plane database |
| Redis (CP) | Bitnami redis | Session cache, rate limiting |
| Kafka | Bitnami kafka | Event streaming |
05b: Data Plane Infrastructure
Deploys into matih-data-plane namespace:
| Component | Chart | Purpose |
|---|---|---|
| PostgreSQL (DP) | Bitnami postgresql | Data plane metadata store |
| Redis (DP) | Bitnami redis | Query caching, LLM cache |
| Kafka (DP) | Bitnami kafka | Agent event streaming |
| MinIO | MinIO operator | Object storage (dev only) |
Helm Deployment Pattern
All infrastructure uses helm upgrade --install for idempotency:
helm upgrade --install postgresql-control-plane bitnami/postgresql \
--namespace matih-control-plane \
--values infrastructure/helm/matih-control-plane/postgresql-values.yaml \
--values infrastructure/helm/matih-control-plane/postgresql-values-dev.yaml \
--wait --timeout 10mSecret Management
Database credentials are managed through Kubernetes secrets, never hardcoded:
# values-dev.yaml (correct pattern)
auth:
existingSecret: postgresql-credentials
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: passwordDependencies
- 05a requires:
00-terraform(cloud resources must exist) - 05b requires:
00-terraform - Both required by:
06-ingress-controller
Dependency Verification
# 05a: Check control plane PostgreSQL
kubectl get statefulset -n matih-control-plane postgresql-control-plane
# 05b: Check data plane PostgreSQL
kubectl get statefulset -n matih-data-plane postgresql-data-plane