{"id":44826043,"url":"https://github.com/russellgilmore/red-chart","last_synced_at":"2026-02-16T22:01:32.466Z","repository":{"id":325978998,"uuid":"1056660831","full_name":"RussellGilmore/red-chart","owner":"RussellGilmore","description":"My own personal Helm Chart that I use to help speed up the deployment of services in my k3s clusters.","archived":false,"fork":false,"pushed_at":"2025-11-24T16:12:10.000Z","size":28,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-03T12:59:13.747Z","etag":null,"topics":["helm","helm-charts","istio","k8s","tls","traefik"],"latest_commit_sha":null,"homepage":"","language":"Smarty","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RussellGilmore.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-14T14:54:52.000Z","updated_at":"2025-11-24T16:12:14.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/RussellGilmore/red-chart","commit_stats":null,"previous_names":["russellgilmore/red-chart"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RussellGilmore/red-chart","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RussellGilmore%2Fred-chart","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RussellGilmore%2Fred-chart/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RussellGilmore%2Fred-chart/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RussellGilmore%2Fred-chart/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RussellGilmore","download_url":"https://codeload.github.com/RussellGilmore/red-chart/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RussellGilmore%2Fred-chart/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29521101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T21:45:09.491Z","status":"ssl_error","status_checked_at":"2026-02-16T21:44:58.452Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["helm","helm-charts","istio","k8s","tls","traefik"],"created_at":"2026-02-16T22:00:47.683Z","updated_at":"2026-02-16T22:01:32.453Z","avatar_url":"https://github.com/RussellGilmore.png","language":"Smarty","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Red Charts\n\n\u003e Modern Helm charts for deploying web applications with Istio service mesh,\n\u003e cert-manager, and Traefik integration.\n\n[![Helm](https://img.shields.io/badge/Helm-v3.8%2B-blue)](https://helm.sh)\n[![Kubernetes](https://img.shields.io/badge/Kubernetes-v1.24%2B-blue)](https://kubernetes.io)\n[![License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)\n\n## Overview\n\nRed Charts provides a production-ready Helm chart pattern for deploying web\napplications on Kubernetes with a modern service mesh architecture. The chart\nhandles all the complexity of integrating Istio, cert-manager, and Traefik,\nallowing you to deploy secure, TLS-enabled applications with a single command.\n\n### Key Features\n\n-   🔒 **Automatic TLS**: Integration with cert-manager for Let's Encrypt\n    certificates\n-   🕸️ **Service Mesh Ready**: Native Istio support with Gateway and\n    VirtualService\n-   🚦 **Traefik Integration**: TCP routing for HTTPS traffic\n-   🛡️ **Security First**: Pod Security Standards compliant, runs as non-root\n-   📦 **Single Chart, Multiple Apps**: Deploy different applications using the\n    same pattern\n-   ⚡ **Production Ready**: Health probes, resource limits, and security\n    contexts included\n\n## Prerequisites\n\nBefore using Red Charts, ensure your cluster has:\n\n-   **Kubernetes 1.24+**\n-   **Helm 3.8+**\n-   **Istio 1.20+** (with ingress gateway)\n-   **cert-manager 1.12+**\n-   **Traefik 2.0+** (as ingress controller)\n-   **ClusterIssuer configured** (default: `letsencrypt-prod`)\n\n## Quick Start\n\n### Installation\n\n```bash\n# Clone the repository\ngit clone https://github.com/RussellGilmore/red-charts.git\ncd red-charts\n\n# Install with default values\nhelm install my-app charts/red-chart \\\n  --set domain.apex=yourdomain.com \\\n  --set domain.subdomain=app\n\n# Install with custom values file\nhelm install red-app charts/red-chart -f examples/red-app-values.yaml\n```\n\n### Example Deployments\n\n#### Deploy Red App\n\n```bash\nhelm install red-app charts/red-chart \\\n  --values examples/red-app-values.yaml \\\n  --set domain.apex=yourdomain.com\n```\n\n#### Deploy Red Cards\n\n```bash\nhelm install red-cards charts/red-chart \\\n  --values examples/red-cards-values.yaml \\\n  --set domain.apex=yourdomain.com\n```\n\n## Architecture\n\n```\n┌─────────────────────────────────────────────────────┐\n│                     Internet                         │\n└────────────────────┬────────────────────────────────┘\n                     │\n                     ▼\n            ┌─────────────────┐\n            │     Traefik     │  (TCP Route with SNI)\n            │  Ingress / LB   │\n            └────────┬────────┘\n                     │\n                     ▼\n            ┌─────────────────┐\n            │  Istio Gateway  │  (TLS Termination)\n            │  (istio-system) │\n            └────────┬────────┘\n                     │\n                     ▼\n            ┌─────────────────┐\n            │ VirtualService  │  (HTTP Routing)\n            └────────┬────────┘\n                     │\n                     ▼\n            ┌─────────────────┐\n            │ K8s Service     │\n            └────────┬────────┘\n                     │\n                     ▼\n            ┌─────────────────┐\n            │   Nginx Pod     │  (Application)\n            │  (ConfigMap)    │\n            └─────────────────┘\n```\n\n### Component Flow\n\n1. **Client Request** → Traefik (TCP Route with SNI matching)\n2. **Traefik** → Istio Gateway (TLS termination using cert-manager certificate)\n3. **Gateway** → VirtualService (HTTP routing rules)\n4. **VirtualService** → Kubernetes Service (load balancing)\n5. **Service** → Nginx Pods (serving content from ConfigMap)\n\n## Configuration\n\n### Core Parameters\n\n| Parameter          | Description                    | Default                       |\n| ------------------ | ------------------------------ | ----------------------------- |\n| `app.name`         | Application name               | `red-app`                     |\n| `app.version`      | Application version            | `1.0.0`                       |\n| `namespace.name`   | Kubernetes namespace           | `red-app`                     |\n| `namespace.create` | Create namespace if not exists | `true`                        |\n| `domain.apex`      | Apex domain name               | `rag-space.com`               |\n| `domain.subdomain` | Application subdomain          | `red-app`                     |\n| `image.repository` | Container image                | `nginxinc/nginx-unprivileged` |\n| `image.tag`        | Image tag                      | `alpine3.21`                  |\n| `replicaCount`     | Number of replicas             | `1`                           |\n\n### Gateway \u0026 Certificates\n\n| Parameter              | Description          | Default            |\n| ---------------------- | -------------------- | ------------------ |\n| `gateway.name`         | Istio Gateway name   | `red-app-gateway`  |\n| `gateway.namespace`    | Gateway namespace    | `istio-system`     |\n| `certificate.enabled`  | Enable cert-manager  | `true`             |\n| `certificate.issuer`   | ClusterIssuer name   | `letsencrypt-prod` |\n| `certificate.duration` | Certificate validity | `2160h` (90 days)  |\n| `tcpRoute.enabled`     | Enable Traefik route | `true`             |\n\n### Resources \u0026 Security\n\n| Parameter                            | Description          | Default |\n| ------------------------------------ | -------------------- | ------- |\n| `resources.requests.memory`          | Memory request       | `64Mi`  |\n| `resources.requests.cpu`             | CPU request          | `100m`  |\n| `resources.limits.memory`            | Memory limit         | `128Mi` |\n| `resources.limits.cpu`               | CPU limit            | `200m`  |\n| `containerSecurityContext.runAsUser` | Container UID        | `101`   |\n| `podSecurityContext.fsGroup`         | Volume ownership GID | `101`   |\n\n### Custom HTML Content\n\nCustomize your application content through `values.yaml`:\n\n```yaml\ncontent:\n    html: |\n        \u003c!DOCTYPE html\u003e\n        \u003chtml\u003e\n        \u003chead\u003e\n          \u003ctitle\u003eMy Custom App\u003c/title\u003e\n        \u003c/head\u003e\n        \u003cbody\u003e\n          \u003ch1\u003eWelcome to {{ .Values.app.name }}!\u003c/h1\u003e\n          \u003cp\u003eCustom content here...\u003c/p\u003e\n        \u003c/body\u003e\n        \u003c/html\u003e\n```\n\n## Advanced Usage\n\n### Production Configuration\n\nCreate a production values file:\n\n```yaml\n# values-production.yaml\nreplicaCount: 3\n\nresources:\n    requests:\n        memory: 128Mi\n        cpu: 200m\n    limits:\n        memory: 256Mi\n        cpu: 500m\n\naffinity:\n    podAntiAffinity:\n        preferredDuringSchedulingIgnoredDuringExecution:\n            - weight: 100\n              podAffinityTerm:\n                  labelSelector:\n                      matchExpressions:\n                          - key: app.kubernetes.io/name\n                            operator: In\n                            values:\n                                - red-chart\n                  topologyKey: kubernetes.io/hostname\n```\n\nDeploy with:\n\n```bash\nhelm install my-app charts/red-chart \\\n  -f values-production.yaml \\\n  --set domain.apex=production.com \\\n  --set domain.subdomain=app\n```\n\n### Multi-Environment Deployments\n\n```bash\n# Development\nhelm install red-app-dev charts/red-chart \\\n  -f values-dev.yaml \\\n  --namespace dev\n\n# Staging\nhelm install red-app-staging charts/red-chart \\\n  -f values-staging.yaml \\\n  --namespace staging\n\n# Production\nhelm install red-app-prod charts/red-chart \\\n  -f values-production.yaml \\\n  --namespace production\n```\n\n## Troubleshooting\n\n### Certificate Not Issued\n\n```bash\n# Check certificate status\nkubectl get certificate -n istio-system\nkubectl describe certificate \u003crelease-name\u003e-cert -n istio-system\n\n# Check cert-manager logs\nkubectl logs -n cert-manager deployment/cert-manager\n\n# Verify ClusterIssuer\nkubectl get clusterissuer letsencrypt-prod\nkubectl describe clusterissuer letsencrypt-prod\n```\n\n### Gateway Not Working\n\n```bash\n# Check Istio gateway\nkubectl get gateway -n istio-system\nkubectl describe gateway \u003cgateway-name\u003e -n istio-system\n\n# Verify Istio ingress gateway\nkubectl get svc -n istio-system istio-ingressgateway\nkubectl get pods -n istio-system -l istio=ingressgateway\n\n# Check VirtualService\nkubectl get virtualservice -n \u003cnamespace\u003e\nkubectl describe virtualservice \u003cvs-name\u003e -n \u003cnamespace\u003e\n```\n\n### Traefik Routing Issues\n\n```bash\n# Check IngressRouteTCP\nkubectl get ingressroutetcp -n istio-system\nkubectl describe ingressroutetcp \u003croute-name\u003e -n istio-system\n\n# Verify Traefik logs\nkubectl logs -n traefik deployment/traefik\n```\n\n### Application Not Starting\n\n```bash\n# Check pod status\nkubectl get pods -n \u003cnamespace\u003e\nkubectl describe pod \u003cpod-name\u003e -n \u003cnamespace\u003e\n\n# View pod logs\nkubectl logs -n \u003cnamespace\u003e \u003cpod-name\u003e\n\n# Check events\nkubectl get events -n \u003cnamespace\u003e --sort-by='.lastTimestamp'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frussellgilmore%2Fred-chart","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frussellgilmore%2Fred-chart","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frussellgilmore%2Fred-chart/lists"}