284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
5.9 KiB
5.9 KiB
Scratchpad — Talos appliance GitOps Alga deployment
- Plan slug:
talos-appliance-gitops-alga-deployment - Created:
2026-03-10
What This Is
Working notes for the Talos appliance GitOps deployment path. This log captures design decisions, discovered repo constraints, and the commands/files needed to implement and validate the single-node appliance stack.
Decisions
- (2026-03-10) Use Flux-managed GitOps for the Talos appliance instead of direct first-boot
helm upgrade --installcommands. - (2026-03-10) Keep the runtime split across multiple Helm releases rather than forcing an umbrella-chart refactor now. Root
helm/owns core services; EE worker charts remain separate. - (2026-03-10) Treat "initial install" as "database not yet initialized" rather than "Helm release install" so restarts and release recreation stay safe.
- (2026-03-10) Simplify the operator entrypoint to one script:
historical removed bootstrap wrappernow handles themspnamespace, required bootstrap secrets, and profile apply. Missing values are prompted interactively when stdin is a TTY.
Discoveries / Constraints
- (2026-03-10) This branch does not yet contain the
ee/appliance/structure referenced by the Talos bootstrap skill, so the appliance scaffolding must be introduced here. - (2026-03-10) The root chart already owns server, Postgres, Redis, Hocuspocus, and setup hooks, but PgBouncer exists only as Docker assets under
pgbouncer/. - (2026-03-10)
setup/entrypoint.shalready performs the correct seed gate by checking for existing rows inusers, which is the right behavior to preserve for the appliance bootstrap job. - (2026-03-10)
helm/templates/postgres/secrets.yamlcurrently generates DB credentials as a pre-install hook without preserving an existing secret, which is risky for reinstall against persisted volumes. - (2026-03-10) The EE service charts (
workflow-worker,email-service,temporal-worker) already exist and can be wired into a Flux profile without major chart restructuring.
Commands / Runbooks
- (2026-03-10)
rg -n "talos|HelmRelease|cloud install|seed|bootstrap|setup" -S . - (2026-03-10)
python3 /Users/roberisaacs/.codex/skills/alga-plan/scripts/scaffold_plan.py "Talos appliance GitOps Alga deployment" --slug talos-appliance-gitops-alga-deployment - (2026-03-10)
helm template alga-core ./helm -n msp -f ee/appliance/flux/profiles/talos-single-node/values/alga-core.talos-single-node.yaml - (2026-03-10)
helm template pgbouncer ./ee/helm/pgbouncer -n msp -f ee/appliance/flux/profiles/talos-single-node/values/pgbouncer.talos-single-node.yaml - (2026-03-10)
helm template temporal ./ee/helm/temporal -n msp -f ee/appliance/flux/profiles/talos-single-node/values/temporal.talos-single-node.yaml - (2026-03-10)
helm template workflow-worker ./ee/helm/workflow-worker -n msp -f ee/appliance/flux/profiles/talos-single-node/values/workflow-worker.talos-single-node.yaml - (2026-03-10)
helm template email-service ./ee/helm/email-service -n msp -f ee/appliance/flux/profiles/talos-single-node/values/email-service.talos-single-node.yaml - (2026-03-10)
helm template temporal-worker ./ee/helm/temporal-worker -n msp -f ee/appliance/flux/profiles/talos-single-node/values/temporal-worker.talos-single-node.yaml - (2026-03-10)
kubectl kustomize ee/appliance/flux/profiles/talos-single-node
Validation Notes
- (2026-03-10)
helm template alga-core ./helm -n msp -f ee/appliance/flux/profiles/talos-single-node/values/alga-core.talos-single-node.yamlsucceeded. - (2026-03-10)
helm template pgbouncer ./ee/helm/pgbouncer -n msp -f ee/appliance/flux/profiles/talos-single-node/values/pgbouncer.talos-single-node.yamlsucceeded. - (2026-03-10)
helm template temporal ./ee/helm/temporal -n msp -f ee/appliance/flux/profiles/talos-single-node/values/temporal.talos-single-node.yamlsucceeded. - (2026-03-10)
helm template workflow-worker ./ee/helm/workflow-worker -n msp -f ee/appliance/flux/profiles/talos-single-node/values/workflow-worker.talos-single-node.yamlsucceeded. - (2026-03-10)
helm template email-service ./ee/helm/email-service -n msp -f ee/appliance/flux/profiles/talos-single-node/values/email-service.talos-single-node.yamlsucceeded. - (2026-03-10)
helm template temporal-worker ./ee/helm/temporal-worker -n msp -f ee/appliance/flux/profiles/talos-single-node/values/temporal-worker.talos-single-node.yamlsucceeded. - (2026-03-10)
kubectl kustomize ee/appliance/flux/profiles/talos-single-nodesucceeded. - (2026-03-10) Static contract checks confirmed:
helm/templates/postgres/secrets.yamlnow useslookupplushelm.sh/resource-policy: keephelm/templates/migration-hook.yamlandhelm/templates/seed-hook.yamlare disabled in favor ofhelm/templates/jobs.yamlhelm/templates/jobs.yamlpassesSETUP_RUN_MIGRATIONSandSETUP_RUN_SEEDSsetup/entrypoint.shreads admin credentials from env fallbacks and still performs a DB-state seed check
- (2026-03-10)
sh ee/appliance/scripts/deploy-app.sh --profile talos-single-nodefails clearly without kubeconfig as expected. - (2026-03-10)
sh historical removed bootstrap wrapper --profile talos-single-nodefails clearly without kubeconfig as expected. - (2026-03-10)
sh historical removed bootstrap wrapper --helpprints the simplified automation/interface contract. - (2026-03-10)
python3 /Users/roberisaacs/.codex/skills/alga-plan/scripts/validate_plan.py ee/docs/plans/2026-03-10-talos-appliance-gitops-alga-deploymentsucceeded.
Links / References
- Design doc:
docs/plans/2026-03-10-talos-appliance-gitops-alga-deployment-design.md - Setup logic:
setup/entrypoint.sh,server/setup/create_database.js - Root chart:
helm/ - EE charts:
ee/helm/workflow-worker,ee/helm/email-service,ee/helm/temporal-worker - Existing PgBouncer Docker assets:
pgbouncer/ - Appliance Flux profile:
ee/appliance/flux/profiles/talos-single-node/
Open Questions
- Default image registry strategy for the appliance profile remains unresolved.