Skip to content

Add gateway Helm chart to bootstrap_v2; deploy locally and validate API #24

Closed
#30
Closed
Add gateway Helm chart to bootstrap_v2; deploy locally and validate API#24
#30
Labels
enhancementNew feature or request
@rowan-stein

Description

@rowan-stein
rowan-stein
opened on Mar 4, 2026

User request

Add the new service (agynio/gateway) Helm chart to our bootstrap configuration (agynio/bootstrap_v2). After adding it, apply everything locally and manually test that the service works by creating entities through the API (not just a smoke test).

Research specification (from Emerson Gray)

Chart source & availability

  • Registry (OCI): oci://ghcr.io/agynio/charts
  • Chart name: gateway
  • Install ref: oci://ghcr.io/agynio/charts/gateway
  • Versioning: Releases on git tags vX.Y.Z → chart version X.Y.Z. Image: ghcr.io/agynio/gateway with tags main, sha-<shortSHA>, and semver tags on release.
  • Required values:
    • gateway.platformBaseUrl (required)
    • Auth via gateway.authToken.value or gateway.authToken.existingSecret + existingSecretKey (default key platform-auth-token)
    • Other knobs: gateway.timeoutMs, gateway.retries, gateway.requestHeadersJson, gateway.openapiValidateResponse

bootstrap_v2 integration model

  • bootstrap_v2 uses Terraform to provision k3d cluster, then installs Istio + Argo CD (system), and deploys apps as Argo CD Applications (platform).
  • To add gateway:
    • Add an OCI Helm repository for GHCR to Argo CD (if not already present)
    • Add an argocd_application for the gateway chart in stacks/platform/main.tf
    • Provide required values via Helm values block, including Ingress exposure via Istio
    • Manage the gateway platform auth token as a Kubernetes Secret via Terraform

Proposed changes

  1. Variables in stacks/platform/variables.tf:

    • gateway_chart_version (string; default e.g., "0.1.0" or latest)
    • gateway_platform_base_url (string; default "https://api.agyn.dev:8080")
    • gateway_auth_token (sensitive string; dev token)
    • gateway_hostname (string; default "gateway.agyn.dev")

  2. Secret in stacks/platform/main.tf:

    • Terraform-managed kubernetes_secret_v1 in namespace var.platform_namespace
    • name: gateway-auth, key token with var.gateway_auth_token

  3. Argo CD repo + application in stacks/platform/main.tf:

    • argocd_repository:
      • repo = "ghcr.io", type = "helm", enable_oci = true
    • argocd_application gateway:
      • spec.source.repo_url = "ghcr.io"
      • chart = "agynio/charts/gateway"
      • target_revision = var.gateway_chart_version
      • helm.values:
        • gateway.platformBaseUrl = var.gateway_platform_base_url
        • gateway.authToken.existingSecret = "gateway-auth"
        • gateway.authToken.existingSecretKey = "token"
        • ingress.enabled = true
        • ingress.ingressClassName = "istio"
        • ingress.hosts[0].host = var.gateway_hostname
        • ingress.hosts[0].paths[0].path = "/"

  4. Examples in stacks/platform/terraform.tfvars.example with placeholder token, and a short local validation section in README.

Local apply workflow

  • Prereqs: terraform, k3d, kubectl. Add to /etc/hosts: 127.0.0.1 agyn.dev api.agyn.dev argocd.agyn.dev litellm.agyn.dev vault.agyn.dev gateway.agyn.dev
  • Create cluster: 
    cd stacks/k8s && cp terraform.tfvars.example terraform.tfvars
terraform init && terraform apply
export KUBECONFIG=$PWD/.kube/agyn-local-kubeconfig.yaml
  • Install system: 
    cd ../system && terraform init && terraform apply
  • Deploy platform (with gateway): 
    cd ../platform && cp terraform.tfvars.example terraform.tfvars
# set gateway_* vars, including a dev token
terraform init && terraform apply

Validation plan (real API calls)

  • Base URL: https://gateway.agyn.dev:8080/team/v1 (self-signed; use -k)
  • Create Agent: 
    BASE_URL='https://gateway.agyn.dev:8080/team/v1'
curl -k -sS -X POST "$BASE_URL/agents" \
  -H 'Content-Type: application/json' \
  -d '{
    "title": "Demo Agent",
    "description": "Created via gateway local test",
    "config": {
      "model": "gpt-5",
      "systemPrompt": "You are a helpful AI assistant.",
      "debounceMs": 0,
      "whenBusy": "wait",
      "processBuffer": "allTogether",
      "sendFinalResponseToThread": true,
      "summarizationKeepTokens": 0,
      "summarizationMaxTokens": 512,
      "restrictOutput": false,
      "restrictionMessage": "Do not produce a final answer directly. Before finishing, call a tool. If no tool is needed, call the '\''finish'\'' tool.",
      "restrictionMaxInjections": 0
    }
  }'
  • Expected: HTTP 201 with JSON body including an id.
  • Fetch list and by id: 
    curl -k -sS "$BASE_URL/agents?page=1&perPage=20"
# If jq available
AGENT_ID="$(curl -k -sS "$BASE_URL/agents?page=1&perPage=20" | jq -r '.items[0].id')"
curl -k -sS "$BASE_URL/agents/$AGENT_ID"
  • Additional endpoints (per OpenAPI): /tools, /mcp-servers, /workspace-configurations, /memory-buckets, /attachments.

Troubleshooting

  • Check Argo apps: kubectl -n argocd get applications
  • Check pods/services/ingress: kubectl -n platform get pods,svc,ingress
  • Logs: kubectl -n platform logs deploy/gateway --tail=200
  • Routing check: curl -kI --resolve gateway.agyn.dev:8080:127.0.0.1 https://gateway.agyn.dev:8080/

Acceptance criteria

  • Gateway Argo CD application is added and syncs successfully
  • Service becomes reachable at https://gateway.agyn.dev:8080/team/v1
  • Manual API tests successfully create and retrieve entities (at minimum: an Agent); results documented in the PR

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions