feat: official helm chart integration and documentation#546
Open
drifterza wants to merge 1 commit into
Open
Conversation
drifterza
force-pushed
the
feat/issue-55-helm-chart
branch
5 times, most recently
from
f2db6f4 to
9450b50
Compare
tale
requested changes
May 4, 2026
Owner
tale
left a comment
tale
left a comment
There was a problem hiding this comment.
I requested quite a few changes, I think ultimately there are several problems with this implementation and I would've appreciated an early discussion to align on what I want for the Helm charts for Headplane.
A few things:
- We should be distributing Helm charts as an OCI artifact not as a repository, they're less of a burden for DevOps people and easy to move up to locked environments, etc.
- Headscale should not be a requirement, someone should be able to run Headplane without integrated mode against an existing Headscale connection.
- I like the way the
initContainerfor the autogenerated credentials is going, this is the direction I wanted, but I'm not sure if running Headscale as aninitContaineritself makes sense. I get that there's no easy workaround, just something I wanted to flag.
There's work that needs to be done here, and I'm not in a rush to make this available as a Helm chart, but this is a good first step in the right direction.
Aside: Please don't edit the CODEOWNERS file, I'm more than capable of maintaining a set of Helm charts for the release, thank you.
drifterza
force-pushed
the
feat/issue-55-helm-chart
branch
5 times, most recently
from
76e93e7 to
a3773ba
Compare
- Helm chart with standard app.kubernetes.io labels and helpers - existingSecret pattern for cookie, OIDC, and API key secrets - ConfigMap-based config.yaml generation with headscale integration - RBAC, ServiceAccount, HPA, Ingress, and PVC support - Liveness/readiness probes against /admin/healthz - Security context with readOnlyRootFilesystem and /tmp emptyDir - CI workflow with helm lint and KinD integration testing - Configuration parameters table in README
drifterza
force-pushed
the
feat/issue-55-helm-chart
branch
from
804ca70 to
0016efc
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #55
Description
Standalone Headplane Helm chart distributed as an OCI artifact via GHCR. Headscale is not bundled; users point
headscale.urlat their existing upstream instance.Changes
kubernetes/headplane/with dynamic naming via_helpers.tpl(fullname, selectorLabels, standard Kubernetes labels)oci://ghcr.io/tale/headplanehelm testfor connection verificationexistingSecretsupport for cookie, OIDC, and API key secrets (GitOps compatible)serviceAccount.create,rbac.create)values.yamlannotated with grouped comments; all template values usedefaultfunctions