IVOA Registry Helm Chart¶
The Registry (reg) Helm chart facilitates the deployment of the Registry application within a Kubernetes cluster. This chart is designed to streamline the installation and management of the Registry service, ensuring a seamless integration into your Kubernetes environment.
Prerequisites¶
Before deploying the Registry Helm chart, ensure that the following conditions are met:
- Kubernetes Cluster: A running Kubernetes cluster, version 1.29 or higher.
- Helm: Helm package manager, version 3, installed on your machine. Refer to the official Helm documentation for installation instructions.
Installation¶
To deploy the Registry application using the Helm chart, follow these steps:
-
Add the Registry Helm Repository:
-
Update Helm Repositories:
-
Install the Registry Chart:
Replacehelm --namespace cadc-core upgrade --install --values <your-registry-values.yaml> registry-release registry-repo/regregistry-releasewith your desired release name.
Configuration¶
The Registry Helm chart comes with a default configuration suitable for most deployments. However, you can customize the installation by providing your own values.yaml file. This allows you to override default settings such as resource allocations, environment variables, and other parameters.
To customize the installation:
- Create a
values.yamlFile: Define your custom configurations in this file. - Install the Chart with Custom Values:
This Helm Chart supports both Pod and Container level security contexts. You can enable or disable these features based on your cluster's security requirements. The Registry service need not run as root, so it is recommended to enable these security contexts for enhanced security.
Example values.yaml Configuration¶
podSecurityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
securityContext:
runAsUser: 10000
runAsGroup: 10000
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
global:
hostname: example.org
application:
serviceEntries:
- id: ivo://example.org/services/service-1
url: https://example.org/services/service-1/capabilities
- id: ivo://example.org/services/service-2
url: https://example.org/services/service-2/capabilities
authority: ivo://example.org/authority
# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
serviceAccount:
# Specifies whether a service account should be created
create: false
# Automatically mount a ServiceAccount's API credentials?
automount: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: "example-registry-service-account"
# Ingress is an quick way to get up and running, but httpRoute is preferred to make use of the Kubernetes Gateway API.
# If using Ingress, ensure that your cluster has an Ingress controller installed and configured to handle the specified className.
ingress:
enabled: true
className: traefik
hosts:
- host: example.org
paths:
- backend:
service:
name: reg
port:
number: 8080
path: /reg
pathType: Prefix
Uninstallation¶
To remove the Registry application from your cluster:
This command will delete all resources associated with the Registry release.
License¶
This project is licensed under the MIT License. For more information, refer to the LICENSE file in the repository.
Values Reference¶
reg¶
IVOA Registry Service Helm Chart
| Chart | AppVersion | Type |
|---|---|---|
| 1.0.0 | 1.2.1 | application |
Values¶
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
|
| application.authority | string | "" |
|
| application.logging | string | nil |
|
| application.serviceEntries | list | [] |
|
| application.vosi | string | nil |
|
| autoscaling.enabled | bool | false |
|
| autoscaling.maxReplicas | int | 100 |
|
| autoscaling.minReplicas | int | 1 |
|
| autoscaling.targetCPUUtilizationPercentage | int | 80 |
|
| fullnameOverride | string | "" |
|
| global.hostname | string | "" |
|
| httpRoute | object | {"annotations":{},"enabled":false,"hostnames":["chart-example.local"],"parentRefs":[{"name":"gateway","sectionName":"http"}],"rules":[{"matches":[{"path":{"type":"PathPrefix","value":"/headers"}}]}]} |
Expose the service via gateway-api HTTPRoute Requires Gateway API resources and suitable controller installed within the cluster (see: https://gateway-api.sigs.k8s.io/guides/) |
| image.pullPolicy | string | "IfNotPresent" |
|
| image.repository | string | "images.opencadc.org/core/reg" |
|
| image.tag | string | "1.2.1" |
|
| imagePullSecrets | list | [] |
|
| ingress.annotations | object | {} |
|
| ingress.className | string | "" |
|
| ingress.enabled | bool | false |
|
| ingress.hosts | list | [] |
|
| ingress.tls | list | [] |
|
| livenessProbe | string | nil |
|
| nameOverride | string | "" |
|
| nodeSelector | object | {} |
|
| podAnnotations | object | {} |
|
| podLabels | object | {} |
|
| podSecurityContext | object | {} |
|
| readinessProbe | string | nil |
|
| replicaCount | int | 1 |
|
| resources | object | {} |
|
| securityContext | object | {} |
|
| service.port | int | 8080 |
|
| service.type | string | "ClusterIP" |
|
| serviceAccount.annotations | object | {} |
|
| serviceAccount.automount | bool | true |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.name | string | "" |
|
| tolerations | list | [] |
|
| volumeMounts | list | [] |
|
| volumes | list | [] |