Skip to content

Middleware

The stateful services Tomoda depends on, plus the operator UIs that point at them. Everything in this section lives in the data namespace of the single GKE cluster and is reconciled by Argo CD from k8s/envs/<env>/middleware/.

Per-environment isolation is by name and credentials, not by cluster — postgres-dev and postgres-prod are two CNPG Clusters in the same data namespace, with separate PVCs, secrets, and Service DSNs. Apps in tomoda and prod namespaces reach them through their respective *.data.svc.cluster.local hostnames.

  • Postgres (CNPG)

    CloudNativePG-operator-managed Postgres with PostGIS bundled. Per-env Cluster CR, in-cluster storage, Barman → GCS backups via Workload Identity.

  • Redis

    Bitnami Helm chart, standalone, 5 Gi persistence. No auth in-cluster — relies on NetworkPolicy and namespace isolation.

  • pgAdmin

    Operator web UI for Postgres. Exposed through Traefik + oauth2-proxy behind Google login.

  • Redis Insight

    Operator web UI for Redis. Same Traefik + oauth2-proxy pattern as pgAdmin.