Helm Chart

Helm Chart fur das Kubernetes-Deployment von Janus Home.

Übersicht

graph TB
    subgraph Chart ["janus-home (v0.8.0)"]
        Deploy["Deployment<br/>2 Replicas"]
        Svc["Service<br/>ClusterIP:80"]
        Ing["Ingress<br/>nginx + TLS"]
        NS["Namespace<br/>janus"]
        Secret["Registry Secret"]
    end

    subgraph Template ["Templates"]
        T1["deployment.yaml"]
        T2["service.yaml"]
        T3["ingress.yaml"]
        T4["namespace.yaml"]
        T5["registry-secret.yaml"]
        T6["_helpers.tpl"]
    end

    subgraph Values ["values.yaml"]
        V1["Image: registry.ciss.de/..."]
        V2["Replicas: 2"]
        V3["Resources: 50m/32Mi"]
        V4["Security: non-root"]
    end

    Values --> Chart
    Template --> Chart

Chart-Struktur

charts/janus-home/
├── Chart.yaml                # Chart-Metadaten (v0.8.0)
├── values.yaml               # Default-Werte
└── templates/
    ├── _helpers.tpl           # Label- und Registry-Helper
    ├── deployment.yaml        # Deployment mit Security Context
    ├── service.yaml           # ClusterIP Service
    ├── ingress.yaml           # Ingress mit TLS
    ├── namespace.yaml         # janus Namespace
    └── registry-secret.yaml   # Docker Registry Credentials

Values

Image

Parameter	Wert	Beschreibung
`image.repository`	`registry.ciss.de/ciss/janus/home`	GitLab Registry
`image.tag`	`""` (Chart AppVersion)	Image-Tag
`image.pullPolicy`	`Always`	Pull-Strategie

Ressourcen

Typ	CPU	Memory
Requests	50m	32Mi
Limits	100m	64Mi

Sicherheit

Einstellung	Wert
`runAsNonRoot`	true
`runAsUser`	101
`runAsGroup`	101
`readOnlyRootFilesystem`	true
`allowPrivilegeEscalation`	false
`capabilities.drop`	ALL
`seccompProfile`	RuntimeDefault

Service

Parameter	Wert
`service.type`	ClusterIP
`service.port`	80
`service.targetPort`	8080

Ingress

Parameter	Wert
`ingress.enabled`	true
`ingress.className`	nginx
`ingress.tls.enabled`	true

Probes

Probe	Initial Delay	Periode
Liveness	5s	10s
Readiness	2s	5s

Templates

deployment.yaml

2 Replicas fur Verfügbarkeit
Security Context auf Pod- und Container-Ebene
Liveness- und Readiness-Probes
Image Pull Secrets fur GitLab Registry

ingress.yaml

Dynamische Host-Konstruktion:

Branch-basiert: <branch>.janus.ciss.digital
TLS uber cert-manager ClusterIssuer
nginx Ingress-Klasse

_helpers.tpl

Helper-Templates:

janus-home.labels: Standard Kubernetes-Labels
janus-home.registry-auth: Base64-Encoded Registry Credentials

Flux Integration

Das Chart wird uber Flux GitOps deployt:

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
spec:
  chart:
    spec:
      chart: ./charts/janus-home
      sourceRef:
        kind: GitRepository
        name: janus-home
  values:
    image:
      tag: master
    ingress:
      domain: janus.ciss.digital

Flux pullt Änderungen aus dem Git-Repository und reconciled das Helm-Release automatisch.