Malin/paste.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a22fd9b7f8740977278cf3b0429b83d219d0e70b
paste.es/docs/helm.md

206 lines
5.0 KiB
Markdown
Raw Normal View History

feat: rebrand Hemmelig to paste.es for cloudhost.es - Set Spanish as default language with ephemeral/encrypted privacy focus - Translate all user-facing strings and legal pages to Spanish - Replace Norwegian flag with Spanish flag in footer - Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship - Rewrite PrivacyPage: zero data collection, ephemeral design emphasis - Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references - Update PWA manifest, HTML meta tags, package.json branding - Rename webhook headers to X-Paste-Event / X-Paste-Signature - Update API docs title and contact to paste.es / cloudhost.es Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-24 09:30:19 +01:00
# Helm Deployment
Deploy Hemmelig on Kubernetes using Helm.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.0+
- PV provisioner support (for persistence)
## Quick Start
```bash
# Add the chart from local directory
cd Hemmelig.app
# Install with default values
helm install hemmelig ./helm/hemmelig \
--set config.betterAuthSecret="$(openssl rand -base64 32)" \
--set config.betterAuthUrl="https://hemmelig.example.com"
```
## Installation
### From Local Chart
```bash
# Clone the repository
git clone https://github.com/HemmeligOrg/Hemmelig.app.git
cd Hemmelig.app
# Install the chart
helm install hemmelig ./helm/hemmelig -f my-values.yaml
```
### Example values.yaml
```yaml
# my-values.yaml
config:
betterAuthSecret: 'your-secret-key-min-32-chars'
betterAuthUrl: 'https://hemmelig.example.com'
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: hemmelig.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: hemmelig-tls
hosts:
- hemmelig.example.com
persistence:
data:
enabled: true
size: 1Gi
uploads:
enabled: true
size: 10Gi
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
```
## Configuration
### Required Values
| Parameter | Description |
| ------------------------- | ---------------------------------------------------------------------------------- |
| `config.betterAuthSecret` | Authentication secret (min 32 characters). Generate with `openssl rand -base64 32` |
| `config.betterAuthUrl` | Public URL of your instance (required for OAuth and cookie handling) |
### Common Values
| Parameter | Description | Default |
| ----------------------------- | ------------------------------- | ------------------- |
| `replicaCount` | Number of replicas | `1` |
| `image.repository` | Image repository | `hemmelig/hemmelig` |
| `image.tag` | Image tag | `v7` |
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.port` | Service port | `3000` |
| `ingress.enabled` | Enable ingress | `false` |
| `persistence.data.enabled` | Enable persistence for database | `true` |
| `persistence.data.size` | Database PVC size | `1Gi` |
| `persistence.uploads.enabled` | Enable persistence for uploads | `true` |
| `persistence.uploads.size` | Uploads PVC size | `5Gi` |
### Using Existing Secrets
Instead of setting `config.betterAuthSecret` directly, use an existing Kubernetes secret:
```yaml
existingSecret: my-hemmelig-secret
```
Create the secret:
```bash
kubectl create secret generic my-hemmelig-secret \
--from-literal=BETTER_AUTH_SECRET="$(openssl rand -base64 32)"
```
### Additional Environment Variables
```yaml
env:
- name: HEMMELIG_ANALYTICS_ENABLED
value: 'true'
```
## OAuth Configuration
The Hemmelig Helm Chart supports comprehensive OAuth provider configuration. For detailed setup instructions and examples, see:
**[OAuth Configuration with Helm](helm-oauth.md)**
This guide covers:
- All supported OAuth providers (GitHub, Google, Microsoft, Discord, GitLab, Apple, Twitter/X)
- Generic OAuth providers (Authentik, Authelia, Keycloak, etc.)
- Default secret vs existing secret management
- Required configuration for OAuth callbacks
## Ingress Examples
### Nginx Ingress
```yaml
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: '50m'
hosts:
- host: hemmelig.example.com
paths:
- path: /
pathType: Prefix
```
### Traefik Ingress
```yaml
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.tls: 'true'
hosts:
- host: hemmelig.example.com
paths:
- path: /
pathType: Prefix
```
## Upgrading
```bash
helm upgrade hemmelig ./helm/hemmelig -f my-values.yaml
```
## Uninstalling
```bash
helm uninstall hemmelig
```
**Note:** PersistentVolumeClaims are not deleted automatically. To remove all data:
```bash
kubectl delete pvc -l app.kubernetes.io/name=hemmelig
```
## Troubleshooting
### Check Pod Status
```bash
kubectl get pods -l app.kubernetes.io/name=hemmelig
kubectl logs -l app.kubernetes.io/name=hemmelig
```
### Check PVC Status
```bash
kubectl get pvc -l app.kubernetes.io/name=hemmelig
```
### Port Forward for Testing
```bash
kubectl port-forward svc/hemmelig 3000:3000
# Visit http://localhost:3000
```
Reference in New Issue Copy Permalink