Skip to main content

Silo Structure

This document describes how a tenant silo is structured inside the Aventian GKE cluster.
Each silo is provisioned under postgres namespace using a custom Helm chart.
This ensures isolation, scalability, and observability for each tenant.

Silo Components (Namespace: postgres)

1. PostgreSQL StatefulSet

  • Deployed as a StatefulSet for persistent storage and high availability.
  • Each instance has a PersistentVolumeClaim (PVC) attached for data durability.
  • Exposed via a Kubernetes Service for internal access.
  • Credentials are injected from centralized Secrets.

2. Postgres Exporter

  • Deployed as a Kubernetes Deployment inside the namespace.
  • Scrapes metrics and exposes them to Prometheus.
  • Exposed through a dedicated Service for monitoring collection.

3. Database Migration Jobs

  • Kubernetes Jobs are created for:
    • Initial Schema Setup (when silo is first provisioned).
    • Future Migrations (during upgrades or schema changes).
  • Job execution:
    • Fetches DB migration scripts from a central ConfigMap.
    • Executes SQL scripts sequentially.
    • Terminates after completion (ensuring idempotency).
  • Managed by Helm hooks (post-install, post-upgrade).

4. Helm Chart Management

  • A custom Helm chart bundles all tenant resources:
    • StatefulSet (Postgres)
    • Services (DB, Exporter)
    • Migration Jobs
  • Ensures consistency across all tenant silos.

Tenant Silo Structure

Centralized Resources (Shared Across Silos)

Some resources are not tenant-specific and are deployed once in shared namespaces:

ResourcePurpose
Prometheus & GrafanaMonitors tenant workloads and Postgres health.
Grafana Dashboard (URL)Preconfigured dashboard for DB metrics visualization.
Secrets (Admin Credentials)Securely stores global admin passwords, mounted into silo workloads.
ConfigMap (Schema Storage)Central store for migration SQL scripts used by tenant jobs.

Workflow: Silo Initialization

  1. Namespace Creation
    A new namespace postgres is created for the tenant.

  2. Postgres Deployment

    • Helm installs a StatefulSet with PVCs.
    • A service (Headless) is created for DB access.

  3. Monitoring Setup

    • Postgres Exporter Deployment is installed.
    • Service exposes exporter endpoint for Prometheus scrape.

  4. Database Migration Jobs

    • Helm runs initialization jobs (post-install).
    • Migration scripts are mounted from central ConfigMap.
    • On upgrades, post-upgrade jobs run new scripts.

  5. Grafana Dashboard

    • Metrics collected in Prometheus are visualized on the central Grafana dashboard.

Notes

  • Namespace Isolation: Tenant created in postgres namespace.
  • Durability: Data is preserved with PVCs even if Pods restart.
  • Observability: Metrics available at a central Grafana dashboard.
  • Migration Safety: All schema updates are managed through Kubernetes Jobs, ensuring repeatability.
  • Helm Consistency: Every tenant silo follows the same structure for reliability.