Self-Hosted Agent — Kubernetes (Helm)
Deploy the MonPG collector as a Deployment with a Helm chart.
If your platform is Kubernetes, run the collector as a pod. Secrets live in Kubernetes Secrets like everything else, you scale by replica count, and observability is whatever you already give your other workloads.
Helm install
helm repo add monpg https://charts.monpg.app
helm repo update
helm install monpg-collector monpg/collector --set agentToken="mpa_..." --set apiEndpoint="https://api.monpg.app" --set db.host="your-postgres.svc.cluster.local" --set db.port=5432 --set db.user="monpg_monitor" --set db.password="..." --set db.name="postgres" --set db.sslmode="require" --namespace monpg --create-namespace
Bring your own secret
If you manage credentials outside Helm — External Secrets Operator, SealedSecrets, anything that lands real secrets in the cluster from elsewhere — reference the secret instead:
helm install monpg-collector monpg/collector --set existingSecretName=monpg-collector-creds --set apiEndpoint="https://api.monpg.app"
The Secret must contain these keys: agent-token, db-host, db-port, db-user, db-password, db-name, db-sslmode. The chart wires them into the env. Mismatch in key names is the most common failure mode, so worth double-checking.
Resources
200m CPU request / 500m limit handles bursts at the start of each cycle. 256Mi memory request / 1Gi limit covers the transient buffers we allocate per cycle (snapshot serialization, mostly). 500MB ephemeral disk is enough for the retry buffer if the ingest endpoint goes unreachable for a while.
Network policy
Egress only — to your PostgreSQL on TCP 5432, and to api.monpg.app:443 for ingest. No ingress required, the collector pushes outbound and never accepts incoming connections.
Upgrading
helm repo update
helm upgrade monpg-collector monpg/collectorRolling update with maxSurge=1 and maxUnavailable=0 by default. There's a small overlap window where two replicas push to ingest, which is fine — the API dedupes by snapshot timestamp.