Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cake.ai/llms.txt

Use this file to discover all available pages before exploring further.

Cake Agents ships a Helm chart that installs the control plane, RBAC, and optional integration secrets. The same chart is used for dev clusters and production.

Prerequisites

  • kubectl configured for the target cluster (for example cake-aws-dev-nonprod).
  • Valid AWS credentials if your cluster uses AWS SSO — run aws sso login.
  • helm installed locally.

Deploy to the dev cluster

The scripts/deploy-dev helper wraps helm upgrade --install with the correct values for the dev environment. 
./scripts/deploy-dev
Override the context or image tag with environment variables: 
KUBE_CONTEXT=my-context \
CAKE_AGENTS_IMAGE_TAG=sha-abc1234 \
./scripts/deploy-dev
The script will roll back a stuck pending Helm release (for example after a timed-out install) before retrying.

CI deploys

The workflow at .github/workflows/deploy-helm-dev.yml runs the same script. To enable it:
  1. Set the repository variable CAKE_AGENTS_EKS_CLUSTER_NAME.
  2. Set the repository secret CAKE_AGENTS_EKS_DEPLOY_ROLE_ARN.
  3. Dispatch the workflow manually, or call it from another workflow via workflow_call with an image_tag input.

What the chart installs

  • Deployment, Service, ServiceAccount for the web app.
  • RBAC — namespace get plus permissions to manage session workloads in the release namespace.
  • SESSION_NAMESPACE env var set to the release namespace so the app schedules session pods in the right place.
  • Gateway / VirtualService / AuthorizationPolicy for Istio ingress.
  • Integration secrets for Better Auth, Linear, LiteLLM, Slack, and SSO providers (created from values or external secrets).
If ensureNamespace() still fails at startup (for example due to RBAC drift), the app logs and continues instead of exiting before it listens.

Gotchas

  • In-cluster Postgres 18 — Mount the PVC at /var/lib/postgresql, not .../data. For disposable dev data, delete the release’s Postgres PVC once so a fresh data directory is created.
  • OpenCode per session — OpenCode runs inside each session’s data plane pod on port 4096. The control plane uses per-session kubectl port-forward out of cluster; in-cluster it talks to svc/session-<id> directly.