Deploying Helm Charts
OpenPrime includes a curated library of production-ready Helm charts for common Kubernetes applications.
Available Charts​
Ingress Controllers​
| Chart | Description | Default |
|---|---|---|
| nginx-ingress | NGINX Ingress Controller | ✅ |
| traefik | Traefik Proxy | - |
| istio | Istio Service Mesh | - |
Monitoring & Observability​
| Chart | Description | Default |
|---|---|---|
| prometheus-stack | Prometheus + Grafana + Alertmanager | ✅ |
| loki | Log aggregation | - |
| tempo | Distributed tracing | - |
| datadog | Datadog agent | - |
Security​
| Chart | Description | Default |
|---|---|---|
| cert-manager | TLS certificate automation | ✅ |
| external-secrets | External secrets management | - |
| vault | HashiCorp Vault | - |
Databases​
| Chart | Description | Default |
|---|---|---|
| postgresql | PostgreSQL database | - |
| redis | Redis cache | - |
| mongodb | MongoDB database | - |
Enabling Charts​
Basic Enable​
helmCharts:
nginx-ingress:
enabled: true
cert-manager:
enabled: true
prometheus-stack:
enabled: true
With Custom Values​
helmCharts:
nginx-ingress:
enabled: true
customValues: true
values: |
controller:
replicaCount: 3
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
Chart Configuration​
nginx-ingress​
nginx-ingress:
enabled: true
values: |
controller:
replicaCount: 2
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
service:
type: LoadBalancer
metrics:
enabled: true
cert-manager​
cert-manager:
enabled: true
values: |
installCRDs: true
prometheus:
enabled: true
# ClusterIssuer for Let's Encrypt
# Applied after installation
Post-install ClusterIssuer:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
prometheus-stack​
prometheus-stack:
enabled: true
values: |
grafana:
adminPassword: "change-me"
persistence:
enabled: true
size: 10Gi
prometheus:
prometheusSpec:
retention: 15d
storageSpec:
volumeClaimTemplate:
spec:
resources:
requests:
storage: 50Gi
alertmanager:
alertmanagerSpec:
storage:
volumeClaimTemplate:
spec:
resources:
requests:
storage: 10Gi
external-secrets​
external-secrets:
enabled: true
values: |
installCRDs: true
# Configure for AWS Secrets Manager
# or HashiCorp Vault
Generated Output​
When you save an environment with Helm charts, OpenPrime generates:
Values Files​
helm/
└── my-environment/
├── nginx-ingress-values.yaml
├── cert-manager-values.yaml
└── prometheus-stack-values.yaml
ArgoCD Applications (if enabled)​
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nginx-ingress
namespace: argocd
spec:
project: my-environment
source:
repoURL: https://kubernetes.github.io/ingress-nginx
chart: ingress-nginx
targetRevision: 4.8.3
helm:
valueFiles:
- values.yaml
destination:
server: https://kubernetes.default.svc
namespace: ingress-nginx
syncPolicy:
automated:
prune: true
selfHeal: true
Deployment Order​
OpenPrime handles chart dependencies:
1. cert-manager (CRDs needed first)
2. external-secrets
3. nginx-ingress
4. prometheus-stack
5. Application charts
Adding Custom Charts​
In the UI​
- Select Add Custom Chart
- Enter:
- Chart name
- Repository URL
- Chart version
- Values (YAML)
In Configuration​
helmCharts:
my-custom-chart:
enabled: true
repository: https://charts.example.com
chart: my-app
version: "1.2.3"
namespace: my-app
values: |
replicaCount: 3
Best Practices​
- Pin versions - Always specify chart versions
- Test in staging - Validate values before production
- Use GitOps - Let ArgoCD manage deployments
- Monitor resources - Set appropriate resource limits
- Secure secrets - Use external-secrets for sensitive data