{"id":22729871,"url":"https://github.com/jhpyle/charts","last_synced_at":"2025-04-23T16:04:40.734Z","repository":{"id":48683421,"uuid":"218773711","full_name":"jhpyle/charts","owner":"jhpyle","description":"Helm chart library for docassemble","archived":false,"fork":false,"pushed_at":"2024-10-26T01:24:24.000Z","size":1171,"stargazers_count":5,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-23T16:04:36.483Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Smarty","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jhpyle.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-31T13:33:59.000Z","updated_at":"2025-03-09T12:20:58.000Z","dependencies_parsed_at":"2024-10-26T06:37:54.966Z","dependency_job_id":"c6da4dba-3910-4f3a-8da5-370bc6b9f127","html_url":"https://github.com/jhpyle/charts","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jhpyle%2Fcharts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jhpyle%2Fcharts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jhpyle%2Fcharts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jhpyle%2Fcharts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jhpyle","download_url":"https://codeload.github.com/jhpyle/charts/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250468273,"owners_count":21435452,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-10T18:12:12.992Z","updated_at":"2025-04-23T16:04:40.706Z","avatar_url":"https://github.com/jhpyle.png","language":"Smarty","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Charts\n\nThis is the [Helm] chart library for [github.com/jhpyle]. Currently\nthis library is hosting a single chart, which installs\n[**docassemble**] in a [Kubernetes] cluster.\n\n## Installing **docassemble** with helm\n\nThe [**docassemble**] chart is available as `jhpyle/docassemble` from\nthe [Helm] repository `http://charts.docassemble.org:8080`.\n\n### Prerequisites\n\n* You have a [Kubernetes] cluster running version 1.19.0 or later with\n at least three nodes (or four or more if you are running other\n applications like [MinIO], [PostgreSQL], or [Redis] inside the\n cluster) with 4GB of RAM each.\n* You have installed [Helm].\n* If you want to use HTTPS (which you should), you have a web server\n or load balancer that can provide SSL termination. The [Helm] chart\n only creates a server that operates over HTTP on port 80. [Let's\n Encrypt] is not supported the way that [**docassemble**] supports\n [Let's Encrypt] on a single [Docker] container. You will need to\n make a final decision about what hostname to use to access the\n server.\n\n### Installation steps\n\nIn this example, the site will be accessed at\n`https://docassemble.example.com`.\n\nThe first time you install **docassemble**, you need to add the chart\nrepository:\n\n```\nhelm repo add jhpyle http://charts.docassemble.org:8080\n```\n\nThen, to install, run:\n\n```\nhelm install mydocassemble jhpyle/docassemble \\\n --set daHostname=docassemble.example.com\n```\n\nYou can set the following values:\n\n* `daHostname`: default is `localhost`. Always set this when you run\n `helm install`, unless you are running locally with [minikube].\n Knowing the hostname in advance is necessary for the Live Help\n features to work; the hostname is used in the configuration of the\n [Ingress NGINX Controller].\n* `global.storageClass`. Set this to whatever automatically\n provisioning `StorageClass` you are using in your cluster, if any.\n* `timeZone`: default is `America/New_York`. This will be the time\n zone on the Linux machines running **docassemble**.\n* `replicas`: default is 2. This indicates the number of application\n servers to run. The backend server and each application server need\n to run on separate nodes, so if you have `n` nodes, you should set\n this to `n`-1. The default is appropriate if your cluster has three\n or four nodes.\n* `usingSslTermination`: default is `true`. If you are not going to\n access the site over HTTPS (which is not recommended except for\n temporary testing purposes), set this to `false`.\n* `redirectHttp`: default is `true`. If `usingSslTermination` is\n `true`, and `redirectHttp` is `true`, then there will be a service\n at `\u003crelease-name\u003e-docassemble-redirect-service` on port 8081 that\n will redirect HTTP to HTTPS. If your service that provides SSL\n termination already redirects incoming HTTP to HTTPS, then you can\n set this to `false`. Otherwise, configure the SSL termination\n service to send incoming HTTP traffic to port 8081 on the external\n IP address of `\u003crelease-name\u003e-docassemble-redirect-service`.\n* `daImage`: a dictionary specifying the components of the image to\n use. The components of the dictionary are `registry`, `repository`,\n `tag`, and `pullPolicy`. The default values are `registry:\n docker.io`, `repository: jhpyle/docassemble`, `tag: latest`, and\n `pullPolicy: Always`.\n* `readOnlyFileSystem`: default is `false`. If set to `true`, then the\n file system on the **docassemble** pods will be mounted\n read-only. As a consequence, the Configuration, Playground, and\n Package Management systems are not available in the web application.\n All changes to the system's software or configuration must be made\n by modifying the image referred to by `daImage` or by editing Helm\n chart values such as `daConfiguration`.\n* `daConfiguration`: undefined by default. If `readOnlyFileSystem` is\n `True`, the `config.yml` file is a read-only file, the contents of\n which are determined by Helm. To add Configuration directives that\n are not pre-populated by Helm, you can define values under\n `daConfiguration`. The directives that are defined outside of\n `daConfiguration`, which you should not attempt to set inside of\n `daConfiguration`, are `supervisor`, `enable playground`, `allow log\n viewing`, `update on start`, `allow updates`, `allow configuration\n editing`, `root owned`, `db`, `secretkey`, `os locale`, `timezone`,\n `redis`, `rabbitmq`, `s3`, `azure`, `collect statistics`,\n `kubernetes`, `log server`, `use minio`, `behind https load\n balancer`, `external hostname`, `expose websockets`, `websockets\n ip`, `websockets port`, `root`, `allow non-idempotent questions`,\n `restrict input variables`, `web server`, `new markdown to docx`,\n `new template markdown behavior`, `sql ping`, `default icons`, and\n `enable unoconv`. If `inClusterGotenberg` is `true`, the `gotenberg\n url` is set automatically and `enable unoconv` is set to `false`.\n* `inClusterNGINX`: default is `true`. By default, the chart runs\n NGINX inside the cluster in order to provide sticky session support\n for websockets communication. The Live Help features use\n websockets. If you aren't using the Live Help features, you don't\n need websockets support. If you set `inClusterNGINX` to `false`,\n then the IP address of the application can be found under `\u003crelease\n name\u003e-docassemble-service`.\n* `inClusterNGINXClusterIssuer`: default is `null`. If you have an\n SSL certificate manager deployed in your cluster, set this to the\n cluster issuer name.\n* `inClusterMinio`: default is `true`. By default, the chart runs\n [MinIO] in order to provide object storage. If you would rather use\n [S3] or an [S3]-compatible object storage service, set\n `inClusterMinio` to `false` and set `s3.enable` to `true`. If you\n would rather use [Azure blob storage], set `inClusterMinio` to\n `false` and set `azure.enable` to `true`. If `inClusterMinio` is\n `false`, you need to use either `s3.enable: true` or `azure.enable:\n true`.\n* `s3.enable`: set this to `true` if you want to use [S3] or an\n [S3]-compatible object storage service, and you don't want to use an\n in-cluster [MinIO] service. You must set `inClusterMinio` to\n `false` for this to be effective.\n* `s3.bucket`: set this to the name of your [S3] bucket (only set this\n if `s3.enable` is true).\n* `s3.accessKey`: set this to access key for your [S3] bucket (only\n set this if `s3.enable` is true).\n* `s3.secretKey`: set this to secret access key for your [S3] bucket\n (only set this if `s3.enable` is true).\n* `s3.region`: set this to the region you want to use. This is\n required for [S3] but may not be required for [S3]-compatible\n services (only set this if `s3.enable` is true).\n* `s3.endpointURL`: if you are using an [S3]-compatible service other\n than [S3] itself, set this to the endpoint URL for the API of the\n [S3]-compatible service (only set this if `s3.enable` is true).\n* `azure.enable`: set this to `true` if you want to use [Azure blob\n storage] and you don't want to use an in-cluster [MinIO] service.\n You must set `inClusterMinio` to `false` for this to be effective.\n* `azure.accountName`: set this to the account name associated with\n your [Azure blob storage] container.\n* `azure.accountKey`: set this to the account key associated with your\n [Azure blob storage] container.\n* `azure.container`: set this to the name of your [Azure blob storage]\n container.\n* `inClusterPostgres`: default is `true`. By default, the chart runs\n a [PostgreSQL] server inside the cluster. If you are using [RDS] or\n another external SQL server, set this to `false` and set `db.host`\n to the hostname of the SQL server.\n* `inClusterGotenberg`: default is `true`. By default, the chart runs\n a [Gotenberg] server inside the cluster for DOCX to PDF conversion\n instead of using [unoconv]. Set this to `false` if you do not want\n the [Gotenberg] server to be started.\n* `db.prefix`: if you are not using [PostgreSQL], set this to the\n [SQLAlchemy] URL prefix for the type of SQL database you are using.\n For [MySQL], use `mysql://`. Also set `inClusterPostgres: false`.\n* `db.host`: set this to the hostname of your external SQL server.\n This is only effective if you have set `inClusterPostgres` to\n `false`. If you leave `db.host` unset while setting\n `inClusterPostgres` to `false`, then the **docassemble** backend\n server will run [PostgreSQL].\n* `db.name`: default is `docassemble`. Set this to the name of the\n database on your SQL server that you want to use. This is used\n only if `inClusterPostgres` is `false`.\n* `db.user`: default is `docassemble`. Set this to the name of the\n user of the database on your SQL server that you want to use. This\n is used only if `inClusterPostgres` is `false`.\n* `db.port`: if your SQL server runs on a non-standard port, you can\n explicitly set the port with `db.port`. This is used only if\n `inClusterPostgres` is `false`.\n* `db.tablePrefix`: if your SQL database is shared among multiple\n implementations, you can use a table name prefix by setting\n `db.tablePrefix`.\n* `db.backup`: default is `false`. If you want the backend server to\n make a daily backup of your remote [PostgreSQL] server, set this to\n `true`.\n* `inClusterRedis`: default is `true`. By default, the chart runs a\n [Redis] server on the cluster. If you are using [Amazon ElastiCache\n for Redis], [Amazon MemoryDB for Redis], or another external [Redis]\n service, set `inClusterRedis` to `false` and set `redisURL`.\n* `redisURL`: if you set `inClusterRedis` to `false` because you are\n using [Amazon ElastiCache for Redis], [Amazon MemoryDB for Redis],\n or another external [Redis] service, set `redisURL` to a URL like\n `redis://myredisserver.local` where your [Redis] server is on the\n hostname `myredisserver.local`. This is only effective if you set\n `inClusterRedis` to `false`. If you leave `redisURL` unset while\n setting `inClusterRedis` to `false`, then the **docassemble**\n backend server will run [Redis].\n* `inClusterRabbitMQ`: default is `true`. By default, the chart runs\n a [RabbitMQ] server in the cluster. If you do not want to use this\n [RabbitMQ] server, set `inClusterRabbitMQ` to `false`.\n* `amqpURL`: if you are running an external [RabbitMQ] server, set\n this to the URL for your [RabbitMQ] server, such as\n `pyamqp://guest@rabbitmqserver.local//` if your [RabbitMQ] server is\n at the hostname `rabbitmqserver.local`. This is only effective if\n you set `inClusterRabbitMQ` to `false`. If you leave `amqpURL`\n unset while setting `inClusterRabbitMQ` to `false`, then the\n **docassemble** backend server will run [RabbitMQ].\n* `adminEmail`, `adminPassword`, and `adminApiKey`: by default, when a\n **docassemble** system is first started, the user with\n administrative privileges is called `admin@admin.com` and has the\n password `password`, which must be changed after the first login.\n If you want to initialize the administrative user with another\n e-mail address and password, you can set `adminEmail` to the e-mail\n address for the account and set `adminPassword` to the\n password. Optionally, you can also include `adminApiKey`. If you set\n an `adminApiKey`, then during initial startup, an API key owned by\n the administrative user will be created, with no constraints on its\n use.\n* `exposeWebSockets`: default is `true`. If `false`, then websockets\n connections will be accepted through port 80 on the application\n servers. If `true`, then websockets connects will be accepted\n through port 5000.\n* `useAlb`: default is `false`. If you are deploying on Amazon Web\n Services and `inClusterNGINX` is `true`, then you can set `useAlb`\n to `true` and an Application Load Balancer will be created that will\n forward traffic to the [Ingress NGINX Controller]. If using the\n Application Load Balancer, you also need to set:\n * `certificateArn` - set this to the ARN of the SSL certificate\n you are using for your site.\n * `clusterName` - set this to the name of your cluster.\n * `awsAccessKey` - set this to the access key with privileges to\n set up the application load balancer\n * `awsSecretKey` - set this to the secret key that corresponds\n with the `awsAccessKey`.\n* `ingress-nginx.controller.service.type`: default is `LoadBalancer`.\n By default, the [Ingress NGINX Controller] will have an external IP\n address. If you are putting a load balancer or proxy in front of\n the [Ingress NGINX Controller], and you don't want the NGINX Ingress\n Controller to have an external IP address, you can set\n `ingress-nginx.controller.service.type` to `NodePort`.\n* `daAllowUpdates`: default is `true`. If you do not want your\n **docassemble** system to install software updates, set this to\n `false`.\n* `maxBodySize`: default is `16m`. The [Ingress NGINX Controller]\n will reject POST requests with a body size larger than this amount.\n* `multiNodeDeployment`: default is `true`. Set this to `false` if\n you are deploying to a single node cluster. The effect of\n `multiNodeDeployment` being `true` is that `podAntiAffinity` is set\n up so that the **docassemble** backend server and each web server\n must be on separate nodes. (This has been found to be necessary for\n applications to work correctly, but your results may vary.) Note\n that if you deploy **docassemble** on a single node cluster, you\n are eliminating a lot of the benefit to deploying on Kubernetes, so\n only set `multiNodeDeployment` to `true` if you know what you are\n doing. The backend server and each application server require at\n least 4GB of RAM, so if you do deploy on a single node, make sure\n your node has plenty of resources.\n* `webAppServiceType`: default is `LoadBalancer`. This will be the\n Service `type` for the web application. If your infrastructure does\n not support this Service `type`, you can set this to `NodePort`. If\n you set `inClusterNGINX` is `true`, you may wish to set\n `webAppServiceType` to `ClusterIP` because NGINX will take care of\n load balancing and will be able to find your service internally.\n* `useSqlPing`: default is `false`. If your connection to the SQL\n database will continually be terminated, set this to `true`. There\n is a cost in overhead, but it will prevent errors.\n* `pythonVersion`: default is `3.10`. The value of this depends on the\n version of the **docassemble** Docker image you are using. For\n version 1.4.x, use `3.10`. For version 1.2.x or 1.3.x, use `3.8`.\n* `texliveVersion`: default is `2021`. The value of this depends on the\n version of the **docassemble** Docker image you are using. For\n version 1.4.x, use `2021`. For version 1.2.x or 1.3.x, use `2020`.\n* `syslogNgVersion`: default is `3.35`. The value of this depends on the\n version of the **docassemble** Docker image you are using. For\n version 1.4.x, use `3.35`. For version 1.2.x or 1.3.x, use `3.28`.\n\nThe following values can be changed from their defaults in order to\nincrease security.\n\n* `secretKey`: this is used as part of the encryption system in the\n docassemble application. It is also used for encrypting passwords\n for user accounts. Only change this when you are initializing a\n system, because if you change it later, your passwords will not work\n and interview answers will be inaccessible. Do not lose this key\n because if you ever need to recreate your system from persistent\n data storage, you will need this.\n* `minio.auth.rootUser`: the [MinIO] system uses a username and\n password. This is the username.\n* `minio.auth.rootPassword`: the [MinIO] system uses a username and\n password. This is the password.\n* `supervisor.username`: the **docassemble** web application pods and\n the backend pod use [supervisord] to launch and restart component\n services. The pods need to be able to communicate with each other\n over port 9001 in order to trigger software installations and\n restarts. For security, interprocess communication uses a username\n and password. `supervisor.username` specifies the username.\n* `supervisor.password`: the password associated with\n `supervisor.username`.\n* `rabbitmq.auth.password`: in order to launch a background task,\n **docassemble** code needs to communicate with the pod running the\n [RabbitMQ] task queue. `rabbitmq.auth.password` specifies the\n password that [RabbitMQ] will accept.\n* `rabbitmq.auth.erlangCookie`: [RabbitMQ] nodes use a cookie to\n authenticate with each other. `rabbitmq.auth.erlangCookie` specifies\n the cookie.\n* `redis.auth.password`: the pods that run **docassemble** code need\n to be able to access the [Redis] service. For security, access to\n [Redis] requires a password. `redis.auth.password` specifies that\n password.\n* `postgresql.auth.username`: when a [PostgreSQL] server is deployed\n inside of the cluster, the pods that run **docassemble** code need\n to be able to access the [PostgreSQL] database. For security, access\n to the [PostgreSQL] requires a username\n password. `postgresql.auth.username` specifies the username.\n* `postgresql.auth.password`: this is the password associated with\n `postgresql.auth.username`.\n\nFor more information about configuration options, see the\n[`values.yaml`] file in `jhpyle/charts` and the `values.yaml` files\ninside of the [dependencies].\n\nIf you want to install a new version, first update your repository\ncache by running:\n\n```\nhelm repo update\n```\n\n### Structure\n\nThe [Helm] chart installs the following backend services (unless\ndisabled using configuration values):\n\n* [MinIO] for object storage (S3-compatible).\n* [Ingress NGINX Controller] to provide sticky sessions for websockets\n traffic. It also acts as an Ingress for regular web traffic.\n* [PostgreSQL] for the backend SQL storage system.\n* [Redis] for the backend in-memory storage system.\n* [RabbitMQ] for supporting the [Celery]-based background task system.\n* [Gotenberg] for DOCX to PDF conversion.\n* An [API] for monitoring the cluster.\n\nThe chart also installs a single backend **docassemble** server, which\nhas a `CONTAINERROLE` of `log:cron:mail`, and a number of application\nservers (the number of which is given by the `replicas` value), which\nhave a `CONTAINERROLE` of `web:celery`.\n\nIf successful, the installation of the [**docassemble**] Helm chart\nwill create [Kubernetes] resources similar to the following:\n\n```\njsmith@mycomputer:~$ kubectl get all\nNAME READY STATUS RESTARTS AGE\npod/mydocassemble-daredis-master-0 1/1 Running 0 23m\npod/mydocassemble-docassemble-796ff45967-mkd5b 1/1 Running 0 23m\npod/mydocassemble-docassemble-796ff45967-njsnt 1/1 Running 0 23m\npod/mydocassemble-docassemble-backend-c6488ddc5-2rqtv 1/1 Running 0 23m\npod/mydocassemble-docassemble-monitor-6b4c87b6fd-rn49f 1/1 Running 0 23m\npod/mydocassemble-ingress-nginx-controller-6994cc5c9f-s4gj2 1/1 Running 0 23m\npod/mydocassemble-minio-6475c45468-btjx7 1/1 Running 0 23m\npod/mydocassemble-postgresql-0 1/1 Running 0 23m\npod/mydocassemble-rabbitmq-0 1/1 Running 0 23m\n\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nservice/kubernetes ClusterIP 10.100.0.1 \u003cnone\u003e 443/TCP 173m\nservice/mydocassemble-daredis-headless ClusterIP None \u003cnone\u003e 6379/TCP 23m\nservice/mydocassemble-daredis-master ClusterIP 10.100.98.130 \u003cnone\u003e 6379/TCP 23m\nservice/mydocassemble-docassemble-backend-service ClusterIP 10.100.141.100 \u003cnone\u003e 8082/TCP,514/TCP,25/TCP 23m\nservice/mydocassemble-docassemble-monitor-service ClusterIP 10.100.213.74 \u003cnone\u003e 80/TCP 23m\nservice/mydocassemble-docassemble-service ClusterIP 10.100.36.4 \u003cnone\u003e 80/TCP,5000/TCP 23m\nservice/mydocassemble-ingress-nginx-controller LoadBalancer 10.100.240.57 a98f23f3405f34ca68b31383d076a485-1827083835.us-west-2.elb.amazonaws.com 80:31917/TCP 23m\nservice/mydocassemble-ingress-nginx-controller-admission ClusterIP 10.100.246.167 \u003cnone\u003e 443/TCP 23m\nservice/mydocassemble-minio ClusterIP 10.100.208.187 \u003cnone\u003e 9000/TCP,9001/TCP 23m\nservice/mydocassemble-postgresql ClusterIP 10.100.243.187 \u003cnone\u003e 5432/TCP 23m\nservice/mydocassemble-postgresql-hl ClusterIP None \u003cnone\u003e 5432/TCP 23m\nservice/mydocassemble-rabbitmq ClusterIP 10.100.147.207 \u003cnone\u003e 5672/TCP,4369/TCP,25672/TCP,15672/TCP 23m\nservice/mydocassemble-rabbitmq-headless ClusterIP None \u003cnone\u003e 4369/TCP,5672/TCP,25672/TCP,15672/TCP 23m\n\nNAME READY UP-TO-DATE AVAILABLE AGE\ndeployment.apps/mydocassemble-docassemble 2/2 2 2 23m\ndeployment.apps/mydocassemble-docassemble-backend 1/1 1 1 23m\ndeployment.apps/mydocassemble-docassemble-monitor 1/1 1 1 23m\ndeployment.apps/mydocassemble-ingress-nginx-controller 1/1 1 1 23m\ndeployment.apps/mydocassemble-minio 1/1 1 1 23m\n\nNAME DESIRED CURRENT READY AGE\nreplicaset.apps/mydocassemble-docassemble-796ff45967 2 2 2 23m\nreplicaset.apps/mydocassemble-docassemble-backend-c6488ddc5 1 1 1 23m\nreplicaset.apps/mydocassemble-docassemble-monitor-6b4c87b6fd 1 1 1 23m\nreplicaset.apps/mydocassemble-ingress-nginx-controller-6994cc5c9f 1 1 1 23m\nreplicaset.apps/mydocassemble-minio-6475c45468 1 1 1 23m\n\nNAME READY AGE\nstatefulset.apps/mydocassemble-daredis-master 1/1 23m\nstatefulset.apps/mydocassemble-postgresql 1/1 23m\nstatefulset.apps/mydocassemble-rabbitmq 1/1 23m\n```\n\nThe IP address of the **docassemble** application is the external IP\naddress of the `\u003crelease-name\u003e-ingress-nginx-controller` service,\nwhich in this example is\n`a98f23f3405f34ca68b31383d076a485-1827083835.us-west-2.elb.amazonaws.com`.\nThis particular example output comes from [EKS]; other implementations\nof [Kubernetes] will give different output.\n\nThe IP address of the [monitoring API] is the cluster IP address of\nthe `\u003crelease-name\u003e-docassemble-monitor-service`, which in this\nexample is `10.100.213.74`. This is not exposed to an external IP\naddress and should not be, because the API does not use\nauthentication.\n\n### Cleaning up\n\nTo delete the system, run:\n\n```\nhelm delete mydocassemble\n```\n\nNote that this does not delete all of the resources created by `helm\ninstall`. The Persistent Volume Claims and Persistent Volumes will\ncontinue to exist (they contain application data). In addition, a\nConfig Map resource and a Secret resource created by `ingress-nginx`\nwill still exist. If you wish to delete everything, run:\n\n```\nhelm delete mydocassemble\nkubectl get pvc | awk '{print $1}' | grep -v NAME | xargs kubectl delete pvc\nkubectl get pv | awk '{print $1}' | grep -v NAME | xargs kubectl delete pv\nkubectl delete configmap ingress-controller-leader\nkubectl delete secret mydocassemble-ingress-nginx-admission\n```\n\n# Should you use [Kubernetes]?\n\nRunning **docassemble** in the cloud with [Kubernetes] is several\ntimes more expensive (and complicated) than [running a single server]\nin the cloud with [Docker]. However, [Kubernetes] is a scalable and\nmodern approach to software installation, and [Helm] helps to manage a\nlot of the complexity of [Kubernetes] deployment.\n\nBefore putting anything into production with [Kubernetes], make sure\nyou understand how data is being stored. Kubernetes \"Persistent\nVolumes\" are a way to store application data that survive software\nupgrades, but it is not easy to gain access to the information on the\nvolumes.\n\nIf you deploy on [Kubernetes], it is recommended that you externalize\ndata storage. For example, if deploying on [Amazon Web Services], you\ncan externalize SQL using [RDS] for the SQL server, externalize\n[Redis] using [Amazon ElastiCache for Redis] or [Amazon MemoryDB for\nRedis], and externalize object storage using [S3]. In your\n`values.yaml` file, you would then set `inClusterMinio`,\n`inClusterPostgres`, and `inClusterRedis` to `false`.\n\nManaged services will give you greater control over your application\ndata than if your application data are stored on persistent volumes on\nyour Kubernetes nodes. There is no guarantee that a persistent volume\ncreated with one version of an application, like [Redis],\n[PostgreSQL], or [MinIO], will continue to work if the pods running\nthose applications are stopped and restarted running under a new\nversion.\n\n# Recommendations for getting started with Kubernetes\n\nHow to deploy [Kubernetes] is beyond the scope of this README, so this\nsection only provides very basic information.\n\n## Microsoft Azure\n\nIf you use [Microsoft Azure], you can deploy [Kubernetes] by\ninstalling the `az` and `kubectl` command line utilities. In [Azure\nPortal], you can go to \"Kubernetes services\" and add a new Kubernetes\nservice. Then from your local machine, you can do:\n\n```\naz aks get-credentials --resource-group \u003cname of resource group\u003e --name docassemble \u003cname of kubernetes service\u003e\n```\n\nThis will write credentials to `~/.kube/config` so that you can\ninteract with your cluster using `kubectl`. You can install [Helm] and\nrun the `helm` command to install the **docassemble** chart.\n\n## Amazon Web Services\n\nIf you use [Amazon Web Services], the easiest way to get started with\n[Kubernetes] is to install the `aws` command and link it to your\nAmazon account. Then install the `eksctl` and `kubectl` command line\nutilities.\n\nThe easiest way to start a cluster is with a command like `eksctl\ncreate cluster --nodes 3 --node-type t3.medium --version 1.22`. You\ncan then install [Helm] and install the **docassemble** chart with\n`helm install` as described above.\n\n## minikube\n\nThe Helm chart works on [minikube]. To run a server locally (without\nHTTPS) you can create a file `values.yaml` containing something like:\n\n```\nusingSslTermination: false\nadminEmail: you@yourserver.com\nadminPassword: xxxsecretxxx\n```\n\nThen start [minikube] and install the [Helm] chart:\n\n```\nminikube start --nodes 3\nhelm install -f values.yaml mydocassemble jhpyle/docassemble\n```\n\nTo access the web interface, you will probably need to use\n[`kubectl port-forward`].\n\n## Known issues\n\nDepending on the Kubernetes version and the platform, you may have an\nissue where ingress-nginx gets stuck running the\n`ingress-nginx-admission-patch` job. Helm may fail with:\n\n```\nError: INSTALLATION FAILED: failed post-install: timed out waiting for the condition\n```\n\nThe way around this is to add the following to a `values.yaml` file:\n\n```\ningress-nginx:\n controller:\n admissionWebhooks:\n enabled: false\n```\n\nThen install with:\n\n```\nhelm install -f values.yaml mydocassemble jhpyle/docassemble\n```\n\n[Helm]: https://helm.sh/\n[Kubernetes]: https://kubernetes.io/\n[github.com/jhpyle]: https://github.com/jhpyle\n[**docassemble**]: https://docassemble.org\n[MinIO]: https://min.io/\n[Ingress NGINX Controller]: https://kubernetes.github.io/ingress-nginx/\n[PostgreSQL]: https://www.postgresql.org/\n[Redis]: http://redis.io/\n[RabbitMQ]: https://www.rabbitmq.com/\n[Celery]: http://www.celeryproject.org/\n[Microsoft Azure]: https://azure.microsoft.com/\n[Azure Kubernetes Service]: https://azure.microsoft.com/en-us/services/kubernetes-service\n[Azure Portal]: https://portal.azure.com/\n[Amazon Web Services]: https://aws.amazon.com\n[Docker]: https://www.docker.com/\n[running a single server]: https://docassemble.org/docs/docker.html\n[S3]: https://aws.amazon.com/s3/\n[Azure blob storage]: https://azure.microsoft.com/en-us/services/storage/blobs/\n[RDS]: https://aws.amazon.com/rds/\n[SQLAlchemy]: http://www.sqlalchemy.org/\n[Let's Encrypt]: https://letsencrypt.org/\n[API]: https://github.com/jhpyle/docassemble-mon\n[monitoring API]: https://github.com/jhpyle/docassemble-monitor\n[MySQL]: https://en.wikipedia.org/wiki/MySQL\n[EKS]: https://aws.amazon.com/eks/\n[Amazon MemoryDB for Redis]: https://aws.amazon.com/memorydb/\n[Amazon ElastiCache for Redis]: https://aws.amazon.com/elasticache/redis/\n[minikube]: https://minikube.sigs.k8s.io/docs/\n[`kubectl port-forward`]: https://phoenixnap.com/kb/kubectl-port-forward\n[`values.yaml`]: https://github.com/jhpyle/charts/blob/master/docassemble/values.yaml\n[dependencies]: https://github.com/jhpyle/charts/tree/master/docassemble/charts\n[supervisord]: http://supervisord.org/\n[Gotenberg]: https://gotenberg.dev/\n[unoconv]: https://github.com/unoconv/unoconv\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjhpyle%2Fcharts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjhpyle%2Fcharts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjhpyle%2Fcharts/lists"}