Deploy with Helm

Gramax Open Source Helm Chart

A Helm chart for deploying the Gramax documentation portal in Kubernetes.

The chart creates:

A Deployment with a docker.io/gramax/docportal container.
A Service for accessing the application.
A Secret for the admin password and auto-pull token, if external secrets are not used.
A PersistentVolumeClaim for the /app/data directory, if persistence is enabled.
An Ingress, if enabled in values.
A HorizontalPodAutoscaler, if autoscaling is enabled.

Before you start

The chart does not include a separate values.yaml. A configuration example is available in
By default, the application runs on port 80.
Application data is stored in /app/data.
For production, pass the admin password and auto-pull token via existing Kubernetes secrets rather than storing them as plain text in the values file.

Quick start

1. Add the Helm repository

helm repo add gramax https://s3.ics-it.ru/public/docreader/helm/
helm repo update

Verify that Helm can find the chart:

helm search repo gramax/gramax-open-source-server-in-k8s --versions

2. Download the chart

helm pull gramax/gramax-open-source-server-in-k8s --untar

After unpacking, Helm creates a directory named after the chart. Navigate into it:

cd gramax-open-source-server-in-k8s

The following commands assume you are in the downloaded chart directory.

3. Create a namespace

kubectl create namespace gramax

4. Create a secret with the admin password

Recommended approach:

kubectl -n gramax create secret generic gramax-auth \
  --from-literal=admin-password='StrongPasswordHere'

If you also need AUTO_PULL_TOKEN, either create a separate secret or add the key to the same one:

kubectl -n gramax create secret generic gramax-auth \
  --from-literal=admin-password='StrongPasswordHere' \
  --from-literal=auto-pull-token='YourAutoPullToken'

5. Prepare a values file

Minimal production profile example:

replicaCount: 1

image:
  repository: docker.io/gramax/docportal
  tag: latest
  pullPolicy: IfNotPresent

service:
  type: ClusterIP
  port: 80

admin:
  login: admin
  existingSecret: gramax-auth
  existingSecretKeys:
    password: admin-password

autoPull:
  existingSecret: gramax-auth
  existingSecretKeys:
    token: auto-pull-token
  interval: ""

ingress:
  enabled: true
  className: nginx
  annotations: {}
  hosts:
    - host: gramax.example.com
      paths:
        - path: /
          pathType: Prefix
  tls: []

persistence:
  enabled: true
  size: 10Gi
  storageClass: ""
  accessModes:
    - ReadWriteOnce

resources:
  requests:
    cpu: 100m
    memory: 256Mi
  limits:
    cpu: 500m
    memory: 512Mi

Save it as values.prod.yaml, for example.

6. Install or upgrade the release

helm upgrade --install gramax . \
  --namespace gramax \
  --create-namespace \
  -f values.prod.yaml

7. Check status

kubectl -n gramax get pods,svc,ingress,pvc
helm -n gramax status gramax

Main parameters

The table below lists the parameters you will most commonly need to configure.

Parameter	Default	Description
`replicaCount`	`1`	Number of `Deployment` replicas when HPA is disabled.
`image.repository`	`docker.io/gramax/docportal`	Application Docker image.
`image.tag`	`latest`	Image tag. Pin a specific version for production.
`image.pullPolicy`	`IfNotPresent`	Image pull policy.
`service.type`	`ClusterIP`	Kubernetes Service type: `ClusterIP`, `NodePort`, `LoadBalancer`.
`service.port`	`80`	Service and container port.
`admin.login`	`admin`	Admin login, passed as `ADMIN_LOGIN`.
`admin.password`	`password`	Admin password, if an external secret is not used.
`admin.existingSecret`	`""`	Name of an existing secret containing the admin password.
`admin.existingSecretKeys.password`	`admin-password`	Key inside the secret that holds the admin password.
`autoPull.token`	`""`	Token for `AUTO_PULL_TOKEN`, if an external secret is not used.
`autoPull.interval`	`""`	Value for `AUTO_PULL_INTERVAL`.
`autoPull.existingSecret`	`""`	Name of an existing secret containing the auto-pull token.
`autoPull.existingSecretKeys.token`	`auto-pull-token`	Key inside the secret containing the auto-pull token.
`ingress.enabled`	`false`	Enables Ingress creation.
`ingress.className`	`""`	Ingress controller class, e.g. `nginx`.
`ingress.hosts`	`gramax.local`	List of hostnames and paths the application will be available at.
`ingress.tls`	`[]`	TLS sections for Ingress.
`persistence.enabled`	`true`	Enables persistent storage for `/app/data`.
`persistence.size`	`1Gi`	PVC size.
`persistence.storageClass`	`""`	StorageClass for the PVC.
`persistence.existingClaim`	`""`	Use an existing PVC instead of creating a new one.
`persistence.hostPath`	`""`	Direct `hostPath` — suitable only for single-node clusters or local dev.
`resources`	`{}`	Container resource requests and limits.
`autoscaling.enabled`	`false`	Enables HorizontalPodAutoscaler.
`autoscaling.minReplicas`	`1`	Minimum replicas for HPA.
`autoscaling.maxReplicas`	`3`	Maximum replicas for HPA.
`autoscaling.targetCPUUtilizationPercentage`	`80`	Target CPU utilization for HPA.
`env`	`[]`	Additional environment variables.
`envFrom`	`[]`	Load environment variables from a ConfigMap or Secret.
`nodeSelector`	`{}`	Bind pods to nodes by labels.
`tolerations`	`[]`	Tolerations for running on tainted nodes.
`affinity`	`{}`	Affinity and anti-affinity rules.

Common scenarios

Minimal test installation

No Ingress, password in the values file:

admin:
  login: admin
  password: ChangeMe

ingress:
  enabled: false

Install:

helm upgrade --install gramax . -n gramax --create-namespace -f values.test.yaml

Installation with an existing PVC

If the PVC was created in advance:

persistence:
  enabled: true
  existingClaim: gramax-data

Installation without persistent storage

For temporary environments only:

persistence:
  enabled: false

In this mode, application data is lost when the pod is recreated.

Production recommendations

Use admin.existingSecret instead of admin.password.
Pin image.tag instead of using latest.
Set resources.requests and resources.limits.
Enable Ingress only after configuring DNS and, if needed, TLS.
Avoid persistence.hostPath unless you have a single-node cluster or a local dev setup.
If autoscaling.enabled: true, note that replicaCount is ignored in that mode.

Useful commands

Print the rendered manifests:

helm template gramax . -f values.prod.yaml

Lint the chart:

helm lint . -f values.prod.yaml

View release values:

helm -n gramax get values gramax