Malin/paste.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
paste.es/docs/helm.md
Malin bc9f96cbd4 feat: rebrand Hemmelig to paste.es for cloudhost.es 
- Set Spanish as default language with ephemeral/encrypted privacy focus
- Translate all user-facing strings and legal pages to Spanish
- Replace Norwegian flag with Spanish flag in footer
- Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship
- Rewrite PrivacyPage: zero data collection, ephemeral design emphasis
- Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references
- Update PWA manifest, HTML meta tags, package.json branding
- Rename webhook headers to X-Paste-Event / X-Paste-Signature
- Update API docs title and contact to paste.es / cloudhost.es

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-24 09:30:19 +01:00

5.0 KiB
Raw Permalink Blame History

Helm Deployment

Deploy Hemmelig on Kubernetes using Helm.

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.0+
  • PV provisioner support (for persistence)

Quick Start

# Add the chart from local directory
cd Hemmelig.app

# Install with default values
helm install hemmelig ./helm/hemmelig \
  --set config.betterAuthSecret="$(openssl rand -base64 32)" \
  --set config.betterAuthUrl="https://hemmelig.example.com"

Installation

From Local Chart

# Clone the repository
git clone https://github.com/HemmeligOrg/Hemmelig.app.git
cd Hemmelig.app

# Install the chart
helm install hemmelig ./helm/hemmelig -f my-values.yaml

Example values.yaml

# my-values.yaml
config:
    betterAuthSecret: 'your-secret-key-min-32-chars'
    betterAuthUrl: 'https://hemmelig.example.com'

ingress:
    enabled: true
    className: nginx
    annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
    hosts:
        - host: hemmelig.example.com
          paths:
              - path: /
                pathType: Prefix
    tls:
        - secretName: hemmelig-tls
          hosts:
              - hemmelig.example.com

persistence:
    data:
        enabled: true
        size: 1Gi
    uploads:
        enabled: true
        size: 10Gi

resources:
    limits:
        cpu: 500m
        memory: 512Mi
    requests:
        cpu: 100m
        memory: 128Mi

Configuration

Required Values

Parameter Description
config.betterAuthSecret Authentication secret (min 32 characters). Generate with openssl rand -base64 32
config.betterAuthUrl Public URL of your instance (required for OAuth and cookie handling)

Common Values

Parameter Description Default
replicaCount Number of replicas 1
image.repository Image repository hemmelig/hemmelig
image.tag Image tag v7
service.type Kubernetes service type ClusterIP
service.port Service port 3000
ingress.enabled Enable ingress false
persistence.data.enabled Enable persistence for database true
persistence.data.size Database PVC size 1Gi
persistence.uploads.enabled Enable persistence for uploads true
persistence.uploads.size Uploads PVC size 5Gi

Using Existing Secrets

Instead of setting config.betterAuthSecret directly, use an existing Kubernetes secret:

existingSecret: my-hemmelig-secret

Create the secret:

kubectl create secret generic my-hemmelig-secret \
  --from-literal=BETTER_AUTH_SECRET="$(openssl rand -base64 32)"

Additional Environment Variables

env:
    - name: HEMMELIG_ANALYTICS_ENABLED
      value: 'true'

OAuth Configuration

The Hemmelig Helm Chart supports comprehensive OAuth provider configuration. For detailed setup instructions and examples, see:

OAuth Configuration with Helm

This guide covers:

  • All supported OAuth providers (GitHub, Google, Microsoft, Discord, GitLab, Apple, Twitter/X)
  • Generic OAuth providers (Authentik, Authelia, Keycloak, etc.)
  • Default secret vs existing secret management
  • Required configuration for OAuth callbacks

Ingress Examples

Nginx Ingress

ingress:
    enabled: true
    className: nginx
    annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: '50m'
    hosts:
        - host: hemmelig.example.com
          paths:
              - path: /
                pathType: Prefix

Traefik Ingress

ingress:
    enabled: true
    className: traefik
    annotations:
        traefik.ingress.kubernetes.io/router.tls: 'true'
    hosts:
        - host: hemmelig.example.com
          paths:
              - path: /
                pathType: Prefix

Upgrading

helm upgrade hemmelig ./helm/hemmelig -f my-values.yaml

Uninstalling

helm uninstall hemmelig

Note: PersistentVolumeClaims are not deleted automatically. To remove all data:

kubectl delete pvc -l app.kubernetes.io/name=hemmelig

Troubleshooting

Check Pod Status

kubectl get pods -l app.kubernetes.io/name=hemmelig
kubectl logs -l app.kubernetes.io/name=hemmelig

Check PVC Status

kubectl get pvc -l app.kubernetes.io/name=hemmelig

Port Forward for Testing

kubectl port-forward svc/hemmelig 3000:3000
# Visit http://localhost:3000
Reference in New Issue View Git Blame Copy Permalink