Quick Start

Before installing the chart, make sure your infrastructure meets the following conditions.

Requirements

Compute

Minimum requirements:

Scenario

CPU (m)

RAM (Mi)

Without AI support services

780

1950

With AI support services

1030

2400

Limits:

Scenario

CPU (m)

RAM (Mi)

Without AI support services

1050

2505

With AI support services

1800

3405

Platform

Component

Requirement

Kubernetes

Version >= 1.19

Helm

Version >= 3.10

Ingress Controller

Installed and running (for example, ingress-nginx)

DNS

Access to DNS zone management at your provider for creating A records

Domain names

Domains prepared for services (for example: portal.example.com, ges.example.com, app.example.com)

TLS

TLS certificates (or wildcard certificate) for HTTPS

Add repository

helm repo add gramax https://s3.ics-it.ru/public/docreader/helm/
helm repo update

Then verify repository availability with helm search repo gramax.

Example values.yaml

curl -LO https://gram.ax/example.values.yaml

Configure Gramax Enterprise Server

Set main parameters:

  • CLIENT_NAME — client login for Gramax Enterprise Server. Used for authentication in Docker Registry and when substituting values into configuration variables. Issued at purchase. Required. Example: gramax

  • GES_URL — URL where GES will be available. Required. Example: https://enterprise.gramax.local

  • AUTH_SERVICE_URL — URL where the auth service will be available. Example: https://ges.gram.ax/auth

  • DIAGRAM_RENDERER_SERVICE_URL — URL where the Diagram-renderer service will be available. Example: https://ges.gram.ax/diagram-renderer

  • ALLOWED_GRAMAX_URLS — URLs of Gramax instances (documentation portal, browser version, and GES), comma-separated. No trailing comma. Required. Example: https://some-instance.gram.ax,https://another-instance.gram.ax

  • LICENSE_KEY — license key for Gramax Enterprise Server. Issued at purchase. Required. Example: 765d562b9092eec3…

  • GIT_SERVER_TOKEN — access token for the Git server for reading/cloning repositories. Required. Example: glpat-...

  • GES_ADMIN_EMAILS — workspace owner emails, comma-separated. Written to config only on first startup. Required. Example: admin1@gramax.local,admin2@gramax.local

  • GIT_SERVER_URL — GitLab server address for external storage. Required. Example: https://gitlab.example.com

  • ENTERPRISE_STORAGE_TYPE — configuration storage type: gitlab or local. Required. Example: gitlab

  • ENTERPRISE_CONFIG_PATH — for ENTERPRISE_STORAGE_TYPE=local: path to the GES settings folder on the virtual machine. Required. Default: /app/config

  • GIT_PROJECT_PATH — for ENTERPRISE_STORAGE_TYPE=gitlab: path to the settings repository in GitLab, as group/repository-name. Must be created before initialization. Required. Example: dr/gramax-yaml-manager

  • GIT_PROJECT_BRANCH — branch of the GIT_PROJECT_PATH repository, if it differs from master. Default: master. Example: main

  • ENTERPRISE_SERVICE_ENCRYPTION_KEY — key for secure data transfer between services. Required. Example: 5caf59ed...cddb8489

  • COOKIE_SECRET — key for encrypting user secrets in cookies. Recommended: a 32-byte key (openssl rand -hex 32). Example: 397b6f3bf51a73b9...

Also configure SSO connection, AI features, and logging.

Sensitive data (tokens, passwords, keys) is managed via Kubernetes Secret:

  • secrets.create - create Secret automatically by chart.

  • secrets.name - Secret name used by pods.

Helm chart system values

Configure service resources (CPU and memory) and Ingress access settings. Details are in this article.

Create secrets

Docker config

Secret of type kubernetes.io/dockerconfigjson is used for pulling private Docker images.

  1. Get registry credentials (token with pull permissions).

  2. Create secret in target namespace:

kubectl create secret docker-registry regcred \
  --namespace <your-namespace> \
  --docker-server=<REGISTRY_URL> \
  --docker-username=<USERNAME> \
  --docker-password=<PASSWORD_OR_TOKEN> \
  --docker-email=<EMAIL>

Secret with variables

Two scenarios:

  1. Chart creates Secret (secrets.create: true).

  2. Existing Secret is used (secrets.create: false, secrets.name: "<secret-name>").

Example:

kubectl create secret generic gramax-app-secrets \
  -n <namespace> \
  --from-literal=COOKIE_SECRET='<...>' \
  --from-literal=GIT_SERVER_TOKEN='<...>' \
  --from-literal=ENTERPRISE_SERVICE_ENCRYPTION_KEY='<...>'

Install chart

helm install gramax gramax/gramax-enterprise-server-in-k8s -n <...> --create-namespace -f values.yaml

Using existing Secret:

helm install gramax gramax/gramax-enterprise-server-in-k8s \
  -n <...> \
  --create-namespace \
  -f values.yaml \
  --set secrets.create=false \
  --set secrets.name=gramax-app-secrets