TazLab K8s: tazlab-db Detail

Level 3 (Detail) — PostgreSQL cluster configuration, databases, users, backup.

Concept

The cluster runs a single shared PostgreSQL instance managed by Crunchy PostgreSQL Operator (PGO). It serves all stateful workloads: Mnemosyne (vector memory), Grafana (dashboards), TazLab test/validation, and pgAdmin.

PostgresCluster

File: infrastructure/instances/tazlab-db/cluster.yaml

FieldValue
Nametazlab-db
Namespacetazlab-db
PostgreSQL version16
Instances1 (instance1)
Storage4Gi RWO, StorageClass tazlab-storage
pgBouncerEnabled, 1 replica
PatroniDynamic configuration with custom pg_hba

Databases and Users

UserDatabasesPurpose
pgadminpostgrespgAdmin web UI connection
mnemosynemnemosyneSemantic memory (vector search)
tazlab-admintazlab, tazlab-testMain app + rebirth validation
grafanagrafanaGrafana dashboards backend

Initialization SQL

File: infrastructure/instances/tazlab-db/init-sql.yaml

Applied as ConfigMap tazlab-db-init-sql. On first cluster creation, it:

mnemosyne database

  • Creates vector and uuid-ossp extensions
  • Creates memories table with UUID PK, VECTOR(3072) embedding column
  • Creates archived_files table for session archival tracking

tazlab database

  • Creates a memories table (different schema — serial PK, JSONB metadata/tags)

tazlab-test database

  • Creates rebirth_test table
  • Inserts a row with timestamp for rebirth validation

grafana database

  • Grants all privileges to grafana user

S3 Backup

File: infrastructure/configs/tazlab-db/s3-external-secret.yaml

PGBackrest configuration:

FieldValue
Stanzadb
Reporepo1 — S3 (tazlab-storage, eu-central-1)
Path/pgbackrest/repo1
Full scheduleWeekly (Sunday 01:00)
DifferentialDaily (Monday–Saturday 01:00)
Restore--delta mode

Credentials are injected via ExternalSecret s3-backrest-creds which renders the PGBackrest config file format.

External Service

File: infrastructure/instances/tazlab-db/service.yaml

FieldValue
Nametazlab-db-external
TypeLoadBalancer
IP192.168.1.241
Port5432

Exposes PostgreSQL externally through MetalLB. Selector targets the primary instance (role: master).

Users Secret Format

PGO generates a Secret for each user in the format <cluster-name>-pguser-<username> (e.g., tazlab-db-pguser-mnemosyne). Each Secret contains:

  • user, password, host, port, dbname, uri, jdbc-uri

Applications reference these secrets via secretKeyRef in their env vars.

DAG Position

operators-data (Level 0, installs PGO)
→ configs (Level 2, creates s3-backrest-creds ExternalSecret)
→ instances (Level 3, creates PostgresCluster + service)
→ apps-data (Level 3, mnemosyne-mcp depends on DB being ready)

Known Issues

  • The memories table is created with VECTOR(3072) but gemini-embedding-001 produces 768-dim vectors (TD-002). This works because the init SQL runs only on first creation and the dimension mismatch is handled by the auto-detection fallback.
  • Only 1 replica — no HA for the database. Acceptable for lab, inadequate for production.

See Also