Skip to main content

Storage Overview

The storage slice spans three ownership layers in lumie-infra:

  • storage/** owns shared storage operators and utilities such as the CloudNativePG operator, shared Redis releases, infra-db, and PgWeb.
  • bootstrap/minio/** owns MinIO because object storage must exist before later GitOps applications can use it.
  • applications/lumie/** owns the product database clusters and their CNPG-native poolers, even though they depend on the shared storage operator.

Boundaries

SurfacePrimary source pathsNamespace or scopeNotes
CNPG operatorlumie-infra/storage/cnpg/**, lumie-infra/charts/cnpg/**cnpg, cluster-scoped CRDsReconciles Cluster, Pooler, and ScheduledBackup resources.
Product PostgreSQLlumie-infra/applications/lumie/cnpg-values.yaml, lumie-infra/applications/lumie/**/pooler.yamllumie-db, lumie-devProduct databases are not defined under storage/**.
Shared infra databaselumie-infra/storage/infra-db/**infra-dbHosts Grafana, Keycloak, Umami, Coder, Gitea, OpenClaw, and Teleport-related state.
Redislumie-infra/storage/redis/**lumie-cache, lumie-devProd uses replication plus Sentinel; dev uses standalone.
MinIOlumie-infra/bootstrap/minio/**, lumie-infra/provision/ansible/roles/storage-setup/**minioBootstrap-owned because Vault, Zot, and backups depend on it.
PgWeblumie-infra/storage/pgweb/**lumie-dbRead/write admin UI for the product database.
Velerono active repo path under lumie-infralegacy namespace onlyThe repo currently does not manage a live Velero deployment.

Operational flow

  1. ArgoCD applies lumie-infra/storage/application.yaml, which fans out into the storage/kustomization.yaml app-of-apps set.
  2. The CNPG operator from lumie-infra/storage/cnpg/argocd.yaml reconciles database Cluster and Pooler CRs owned elsewhere in the repo.
  3. MinIO comes from lumie-infra/bootstrap/minio/argocd.yaml and provides object storage for product uploads, Vault storage, CNPG dump jobs, and Thanos-related secrets.
  4. Redis provides cache and coordination endpoints for backend and worker services.
  5. Backup paths split by store:
    • CNPG clusters archive WAL and base backups to Cloudflare R2 for lumie-db and infra-db.
    • MinIO snapshots the lumie, lumie-dev, and vault buckets to R2 on a CronJob schedule.

Current drift to keep in mind

  • lumie-infra/storage/kustomization.yaml says the legacy Helm-based PgBouncer chart is retired, and the live poolers are CNPG Pooler resources under applications/lumie/**.
  • The repository still keeps lumie-infra/storage/pgbouncer/argocd-prod.yaml as a legacy artifact, but it is not part of the storage app-of-apps set.
  • A read-only kubectl get ns on June 14, 2026 showed a velero namespace in Terminating state, but the repo has no velero/ manifests or ArgoCD application.

Common failure patterns

  • Local-path or local-PV storage ties database and MinIO data to specific nodes; node loss is an availability event, not just a pod reschedule.
  • Vault-backed secret refresh failures break bootstrap credentials, database DSNs, and object-store access even when the workload manifests stay Synced.
  • Pooler endpoint drift is easy to miss: product runtime traffic should use lumie-pooler or lumie-dev-pooler, not direct superuser-style connections to primary services.
  • Backup coverage differs by surface. CNPG covers PostgreSQL; MinIO snapshots cover buckets; Velero is not the active backup mechanism described by this repo today.

Verification

kubectl get applications.argoproj.io -n argocd | rg 'storage|cnpg|minio|infra-db|redis|pgweb'
kubectl get clusters.postgresql.cnpg.io -A
kubectl get poolers.postgresql.cnpg.io -A
kubectl get pods -n minio
kubectl get pods -n lumie-cache