Skip to content

feat: Add Helm chart for Kubernetes deployment#50

Open
yashGoyal40 wants to merge 16 commits intorepowise-dev:mainfrom
yashGoyal40:feat/helm-chart
Open

feat: Add Helm chart for Kubernetes deployment#50
yashGoyal40 wants to merge 16 commits intorepowise-dev:mainfrom
yashGoyal40:feat/helm-chart

Conversation

@yashGoyal40
Copy link
Copy Markdown

@yashGoyal40 yashGoyal40 commented Apr 6, 2026
edited
Loading

Summary

  • Adds a production-ready Helm chart (charts/repowise/) for deploying Repowise on Kubernetes
  • Includes configurable templates for Deployment, Service, PVC, Ingress, Secret, and ServiceAccount
  • Full values.yaml with support for LLM API keys, persistence, resource limits, ingress, and existing secrets
  • Chart README with quick start, configuration table, and usage examples

Closes #49

What's included

Template Purpose
deployment.yaml Single-pod deployment with Recreate strategy (SQLite constraint)
service.yaml ClusterIP service exposing backend (7337) and frontend (3000) ports
pvc.yaml Persistent storage for /data (SQLite DB + indexed repos)
secret.yaml API keys for Anthropic/OpenAI/Gemini (supports existingSecret)
ingress.yaml Optional ingress with TLS support
serviceaccount.yaml Optional dedicated ServiceAccount

Usage

helm install repowise ./charts/repowise \
  --set image.repository=your-registry/repowise \
  --set image.tag=0.1.0 \
  --set apiKeys.anthropic=sk-ant-...

Test plan

  • helm lint charts/repowise passes clean
  • helm template test charts/repowise renders all manifests correctly
  • Deploy to a test k8s cluster and verify pods come up healthy
  • Verify Web UI accessible via port-forward
  • Verify ingress routing when enabled

🤖 Generated with Claude Code

@yashGoyal40 @claude
feat: add Helm chart for Kubernetes deployment
2fcb8cb 
Adds a production-ready Helm chart under charts/repowise/ that enables
deploying Repowise to any Kubernetes cluster. Includes templates for
Deployment, Service, PVC, Ingress, Secret, and ServiceAccount with full
configurability via values.yaml.

Closes repowise-dev#49

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
yashGoyal40 and others added 15 commits April 6, 2026 18:14
@yashGoyal40 @claude
fix: route /api, /health, /metrics to backend in HTTPProxy
2410e74 
The HTTPProxy was sending all traffic to the frontend (port 3000).
Now /api/*, /health, and /metrics are routed directly to the backend
(port 7337), while everything else goes to the frontend. Also replaced
the Ingress template with Contour HTTPProxy with wildcard TLS support.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
fix: provider section health check calls /health instead of /api/health
af52058 
The backend exposes /health, not /api/health. The provider-section
component was calling the wrong endpoint causing "Server returned
non-healthy status" on every self-hosted deployment.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40
Revert "fix: provider section health check calls /health instead of /…
c4aec6c 
…api/health"

This reverts commit af52058.
@yashGoyal40 @claude
revert: use standard k8s Ingress instead of Contour HTTPProxy
a95eb3b 
Restores the standard networking.k8s.io/v1 Ingress template so the
chart works out of the box on any Kubernetes cluster, not just those
running Contour.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
feat: add repo init Job for auto-cloning and registering repositories
f9db5e5 
Adds a post-install/upgrade Kubernetes Job that clones repos declared
in values.yaml into /data/repos/, registers them with the Repowise API,
and triggers an initial sync. Supports private repos via GitHub PAT or
an existing git-credentials Secret.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
feat: initContainer clones repos, sidecar registers with API
5c4e2a4 
- initContainer (bitnami/git) clones repos into /data/repos/ before
  the main app starts
- Sidecar container (curlimages/curl) waits for API health, registers
  each repo via POST /api/repos, and triggers sync
- Supports private repos via GitHub PAT or existing git-credentials Secret
- Removed the post-install Job approach (PVC ReadWriteOnce conflict)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
feat: relax health probes, sequential repo sync, skip already-indexed
5b3f3bf 
- Increase liveness probe timeout to 15s and failureThreshold to 10
  to prevent pod kills during CPU-intensive indexing
- Sidecar registers repos one-by-one, waits for each sync to complete
  before starting the next (prevents SQLite database lock)
- Skip sync for repos that already have a head_commit (already indexed)
- Remove old repo-init-scripts ConfigMap (script is now inline)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
fix: disable liveness probe to prevent restarts during indexing
d84875d 
Indexing large repos is so CPU-intensive that the /health endpoint
becomes unresponsive, causing the liveness probe to kill the container
repeatedly. Disabled liveness probe by default — readiness probe is
kept (it only removes from service, doesn't restart).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
feat: add PostgreSQL support to Helm chart
d6e4c8f 
Adds optional PostgreSQL deployment (pgvector/pgvector:pg16) that
replaces SQLite, eliminating "database is locked" errors during heavy
indexing. Repowise app code already supports PostgreSQL natively.

- StatefulSet with PVC for PostgreSQL data
- Conditional REPOWISE_DB_URL (asyncpg when PG enabled, aiosqlite otherwise)
- wait-for-postgres initContainer ensures DB is ready before app starts
- pgvector image includes vector extension for semantic search
- Fully backward compatible: postgresql.enabled=false keeps SQLite

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
feat: make PostgreSQL the default database backend
23a6900 
PostgreSQL eliminates SQLite's "database is locked" errors during
heavy indexing and enables concurrent API access. Uses pgvector image
for vector search support. SQLite still available via postgresql.enabled=false.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
refactor: remove sequential sync wait (PostgreSQL handles concurrency)
aab5f6f 
With PostgreSQL as default, there's no SQLite lock issue. Repos now
trigger sync in parallel without waiting for each to complete.
Still skips already-indexed repos (head_commit check).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
fix: set git safe.directory so app can read git history
3c555c6 
initContainer clones repos as root but app runs as uid 1000. Git
refuses to read repos with different ownership. Fix: write a
.gitconfig with safe.directory=* into /data and set HOME for the
app container. This enables hotspots, ownership, and architecture
graph features.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40 @claude
fix: sidecar sleeps after registering repos instead of restarting
eae207a 
The register-repos sidecar now sleeps forever after completing its
work. This prevents k8s from restarting it in a loop (containers
that exit get restarted by default in a pod).

Also bumps PostgreSQL to max_connections=4000, shared_buffers=2GB,
8Gi memory limit for heavy indexing workloads.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@yashGoyal40
Increase database connection pool settings
9b17b6a
@yashGoyal40
Update database.py
4414cb5
@RaghavChamadiya
Copy link
Copy Markdown
Collaborator

RaghavChamadiya commented Apr 11, 2026

Thanks for the Helm chart, the structure is well organized! There are some issues to sort out though:

  1. PostgreSQL enabled by default (blocking): postgresql.enabled: true is the default, but repowise uses SQLite. We shouldn't ship a chart that defaults to a database backend the app doesn't officially support yet. Either set enabled: false or remove postgresql.yaml for now.

  2. database.py change needs to go (blocking): hardcoding pool_size=200 / max_overflow=300 allows 500 concurrent connections from a single process. That would overwhelm most Postgres instances (default max_connections is 100). This change is also unrelated to the Helm chart itself. Please revert it.

  3. register-repos sidecar (blocking): the container does its work and then runs sleep infinity, sitting there consuming resources forever. This should be a Kubernetes Job or init container, not a sidecar.

  4. No Dockerfile: the chart references an image that doesn't exist yet. Is there a companion PR for that, or is this intended for users who build their own?

  5. Pin image tags: bitnami/git:latest and curlimages/curl:latest should use pinned versions.

  6. Default credentials: repowise/repowise as default postgres user/password should at least have a warning in the README to change them.

The chart scaffolding itself is solid. Happy to re-review once these are addressed.

@RaghavChamadiya RaghavChamadiya mentioned this pull request Apr 11, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaghavChamadiya RaghavChamadiya Awaiting requested review from RaghavChamadiya RaghavChamadiya is a code owner

@swati510 swati510 Awaiting requested review from swati510 swati510 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Add Helm chart for Kubernetes deployment

2 participants

@yashGoyal40 @RaghavChamadiya