TazLab K8s: tazlab-db Detail
Level 3 (Detail) — PostgreSQL cluster configuration, databases, users, backup.
Concept
The cluster runs a single shared PostgreSQL instance managed by Crunchy PostgreSQL Operator (PGO). It serves all stateful workloads: Mnemosyne (vector memory), Grafana (dashboards), TazLab test/validation, and pgAdmin.
PostgresCluster
File: infrastructure/instances/tazlab-db/cluster.yaml
| Field | Value |
|---|---|
| Name | tazlab-db |
| Namespace | tazlab-db |
| PostgreSQL version | 16 |
| Instances | 1 (instance1) |
| Storage | 4Gi RWO, StorageClass tazlab-storage |
| pgBouncer | Enabled, 1 replica |
| Patroni | Dynamic configuration with custom pg_hba |
Databases and Users
| User | Databases | Purpose |
|---|---|---|
pgadmin | postgres | pgAdmin web UI connection |
mnemosyne | mnemosyne | Semantic memory (vector search) |
tazlab-admin | tazlab, tazlab-test | Main app + rebirth validation |
grafana | grafana | Grafana dashboards backend |
Initialization SQL
File: infrastructure/instances/tazlab-db/init-sql.yaml
Applied as ConfigMap tazlab-db-init-sql. On first cluster creation, it:
mnemosyne database
- Creates
vectoranduuid-osspextensions - Creates
memoriestable with UUID PK,VECTOR(3072)embedding column - Creates
archived_filestable for session archival tracking
tazlab database
- Creates a
memoriestable (different schema — serial PK, JSONB metadata/tags)
tazlab-test database
- Creates
rebirth_testtable - Inserts a row with timestamp for rebirth validation
grafana database
- Grants all privileges to
grafanauser
S3 Backup
File: infrastructure/configs/tazlab-db/s3-external-secret.yaml
PGBackrest configuration:
| Field | Value |
|---|---|
| Stanza | db |
| Repo | repo1 — S3 (tazlab-storage, eu-central-1) |
| Path | /pgbackrest/repo1 |
| Full schedule | Weekly (Sunday 01:00) |
| Differential | Daily (Monday–Saturday 01:00) |
| Restore | --delta mode |
Credentials are injected via ExternalSecret s3-backrest-creds which renders the PGBackrest config file format.
External Service
File: infrastructure/instances/tazlab-db/service.yaml
| Field | Value |
|---|---|
| Name | tazlab-db-external |
| Type | LoadBalancer |
| IP | 192.168.1.241 |
| Port | 5432 |
Exposes PostgreSQL externally through MetalLB. Selector targets the primary instance (role: master).
Users Secret Format
PGO generates a Secret for each user in the format <cluster-name>-pguser-<username> (e.g., tazlab-db-pguser-mnemosyne). Each Secret contains:
user,password,host,port,dbname,uri,jdbc-uri
Applications reference these secrets via secretKeyRef in their env vars.
DAG Position
operators-data (Level 0, installs PGO)
→ configs (Level 2, creates s3-backrest-creds ExternalSecret)
→ instances (Level 3, creates PostgresCluster + service)
→ apps-data (Level 3, mnemosyne-mcp depends on DB being ready)
Known Issues
- The
memoriestable is created withVECTOR(3072)butgemini-embedding-001produces 768-dim vectors (TD-002). This works because the init SQL runs only on first creation and the dimension mismatch is handled by the auto-detection fallback. - Only 1 replica — no HA for the database. Acceptable for lab, inadequate for production.
See Also
- Parent topics: Repository Mapping, Operators Inventory
- Sibling details: External Secrets Detail, Mnemosyne Deployment Detail
- Reference: ExternalSecret Example