Baker Street

Deploy to Kubernetes

Production deployment of Baker Street using Helm and Kustomize.

Deploy to Kubernetes

This guide covers deploying Baker Street to a production Kubernetes cluster. Baker Street uses Kustomize for manifest management and ships with sensible defaults that you can override.

Namespace Setup

Create a dedicated namespace with appropriate labels:

kubectl create namespace baker-street
kubectl label namespace baker-street app.kubernetes.io/part-of=baker-street

Configure Secrets

Baker Street uses three separate Kubernetes secrets, each scoped to the services that need them. This ensures the Gateway never sees API keys and Workers never see messaging tokens.

# k8s/secrets/brain-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: brain-secrets
  namespace: baker-street
type: Opaque
stringData:
  ANTHROPIC_API_KEY: "sk-ant-..."
  VOYAGEAI_API_KEY: "pa-..."
  JWT_SECRET: "your-jwt-secret"

# k8s/secrets/gateway-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: gateway-secrets
  namespace: baker-street
type: Opaque
stringData:
  TELEGRAM_BOT_TOKEN: "123456:ABC..."
  DISCORD_BOT_TOKEN: "MTk..."

# k8s/secrets/worker-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: worker-secrets
  namespace: baker-street
type: Opaque
stringData:
  ANTHROPIC_API_KEY: "sk-ant-..."

Apply the secrets:

kubectl apply -f k8s/secrets/

Deploy with Kustomize

Baker Street organizes manifests with Kustomize overlays for different environments:

# Development (single worker, minimal resources)
kubectl apply -k k8s/overlays/dev

# Production (multiple workers, resource limits, network policies)
kubectl apply -k k8s/overlays/prod

The base configuration includes deployments for the Brain, Worker, Gateway, UI, NATS, and Qdrant. The production overlay adds:

  • Resource requests and limits for all pods
  • Network policies enforcing default-deny ingress
  • Pod disruption budgets for high availability
  • Multiple worker replicas for parallel job processing
  • Anti-affinity rules to spread pods across nodes

Customize with Values

Key configuration lives in ConfigMaps. Override values for your environment:

# k8s/config/brain-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: brain-config
  namespace: baker-street
data:
  DEFAULT_MODEL: "claude-sonnet-4-20250514"
  MAX_TOOL_ITERATIONS: "10"
  NATS_URL: "nats://nats:4222"
  QDRANT_URL: "http://qdrant:6333"
  MEMORY_SIMILARITY_THRESHOLD: "0.92"

Personality Files

The agent's behavior is shaped by Markdown personality files mounted as ConfigMaps:

kubectl create configmap personality \
  --from-file=SOUL.md=operating_system/SOUL.md \
  --from-file=BRAIN.md=operating_system/BRAIN.md \
  --from-file=WORKER.md=operating_system/WORKER.md \
  -n baker-street

Edit these files to change the agent's identity, response style, and decision-making guidelines.

Verify Deployment

kubectl get pods -n baker-street
kubectl logs -n baker-street deployment/baker-brain --tail=50

All pods should reach Running status. The Brain logs will show successful connections to NATS and Qdrant.

Zero-Downtime Upgrades

Baker Street supports blue-green deployments with a NATS-based handoff protocol. The old Brain drains active requests, writes a handoff note (active conversations, enabled schedules), and the new Brain picks up seamlessly. See the upgrade script at scripts/upgrade.sh.