Helm Chart Deployment¶
The TFOut Helm chart provides a flexible and production-ready way to deploy the operator with customizable configuration options.
Chart Information¶
- Chart Name:
tfout - Repository:
https://swibrow.github.io/tfout - Minimum Kubernetes Version: 1.19+
- Minimum Helm Version: 3.0+
Installation¶
Add Repository¶
Basic Installation¶
Custom Installation¶
Create a values.yaml file with your configuration:
# values.yaml
image:
repository: ghcr.io/swibrow/tfout
tag: "v0.1.0"
pullPolicy: IfNotPresent
controller:
replicas: 2
leaderElection: true
metricsBindAddress: ":8080"
healthProbeBindAddress: ":8081"
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
# AWS configuration
env:
- name: AWS_REGION
value: "us-west-2"
envFrom:
- secretRef:
name: aws-credentials
serviceAccount:
create: true
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/tfout-role
metrics:
enabled: true
port: 8080
rbac:
create: true
crds:
install: true
Install with custom values:
Configuration Options¶
Image Configuration¶
image:
repository: ghcr.io/swibrow/tfout # Container image repository
tag: "v0.1.0" # Image tag (defaults to chart appVersion)
pullPolicy: IfNotPresent # Image pull policy
Controller Configuration¶
controller:
replicas: 1 # Number of controller replicas
leaderElection: true # Enable leader election for HA
metricsBindAddress: ":8080" # Metrics server bind address
healthProbeBindAddress: ":8081" # Health probe bind address
secureMetrics: false # Enable secure metrics serving
enableHTTP2: false # Enable HTTP/2
development: false # Enable development mode logging
logLevel: "info" # Log level (info, debug, error)
Resource Management¶
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
# Horizontal Pod Autoscaling
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
Environment Variables¶
# Direct environment variables
env:
- name: AWS_REGION
value: "us-west-2"
- name: LOG_LEVEL
value: "debug"
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-credentials
key: access-key-id
# Environment from ConfigMaps/Secrets
envFrom:
- configMapRef:
name: tfout-config
- secretRef:
name: aws-credentials
Service Account and RBAC¶
serviceAccount:
create: true # Create service account
automount: true # Automount service account token
name: "" # Service account name (auto-generated if empty)
annotations: # Service account annotations
eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/tfout-role
rbac:
create: true # Create RBAC resources
Security Context¶
podSecurityContext:
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
Monitoring and Metrics¶
metrics:
enabled: true # Enable metrics endpoint
port: 8080 # Metrics port
path: /metrics # Metrics path
service:
type: ClusterIP # Service type
port: 8080 # Service port
targetPort: 8080 # Target port
Custom Resource Definitions¶
Pod Scheduling¶
nodeSelector: {}
tolerations: []
affinity: {}
priorityClassName: "" # Priority class for pods
terminationGracePeriodSeconds: 10 # Termination grace period
Volumes and Volume Mounts¶
volumes:
- name: custom-config
configMap:
name: tfout-config
volumeMounts:
- name: custom-config
mountPath: /etc/config
readOnly: true
Production Configuration Example¶
Here's a complete production-ready configuration:
# production-values.yaml
image:
repository: ghcr.io/swibrow/tfout
tag: "v0.1.0"
pullPolicy: IfNotPresent
controller:
replicas: 3
leaderElection: true
metricsBindAddress: ":8080"
healthProbeBindAddress: ":8081"
logLevel: "info"
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 5
targetCPUUtilizationPercentage: 70
serviceAccount:
create: true
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/tfout-production
env:
- name: AWS_REGION
value: "us-west-2"
metrics:
enabled: true
port: 8080
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- tfout
topologyKey: kubernetes.io/hostname
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
priorityClassName: "system-cluster-critical"
podSecurityContext:
runAsNonRoot: true
runAsUser: 65532
fsGroup: 65532
seccompProfile:
type: RuntimeDefault
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
Upgrade¶
Check for Updates¶
Upgrade¶
Rollback¶
# List releases
helm history tfout --namespace tfout
# Rollback to previous version
helm rollback tfout 1 --namespace tfout
Uninstallation¶
# Uninstall the release
helm uninstall tfout --namespace tfout
# Clean up namespace (if desired)
kubectl delete namespace tfout
# Remove CRDs (if crds.keep=false)
kubectl delete crd terraformoutputs.tfout.wibrow.net
Helm Chart Development¶
For chart development and customization:
# Clone the repository
git clone https://github.com/swibrow/tfout.git
cd tfout
# Render templates locally
helm template tfout ./charts/tfout --values test-values.yaml
# Validate chart
helm lint ./charts/tfout
# Package chart
helm package ./charts/tfout
Troubleshooting¶
Common Issues¶
-
CRD Installation Failures
-
Permission Issues
-
Image Pull Issues