Create Secrets
To run the Helm chart correctly, create a pair of secrets of different types.
Docker config
A secret of type kubernetes.io/dockerconfigjson is used to pull private Docker images.
Get registry credentials (a token with
pullrights).Create the secret in target namespace:
kubectl create secret docker-registry regcred \ --namespace <your-namespace> \ --docker-server=<REGISTRY_URL> \ --docker-username=<USERNAME> \ --docker-password=<PASSWORD_OR_TOKEN> \ --docker-email=<EMAIL>
You can set the secret name via imagePullSecret in values.yaml.
Behavior is controlled by:
Variable | Value | Description |
| Default: | If |
| Default: | Secret name used by services for sensitive variables. If |
TLS certificates
Secrets of type kubernetes.io/tls are required for Ingress with TLS. For each host from values.yaml (ingress.host.GES_URL, ingress.host.PORTAL_URL, ingress.host.APP_URL), create a separate TLS secret.
Prepare certificates (
tls.key,tls.crt).Create secrets in target namespace (one per host):
kubectl create secret tls <GES_SECRET> \ --namespace <your-namespace> \ --cert=path/to/tls.crt \ --key=path/to/tls.keykubectl create secret tls <PORTAL_SECRET> \ --namespace <your-namespace> \ --cert=path/to/tls.crt \ --key=path/to/tls.keykubectl create secret tls <APP_SECRET> \ --namespace <your-namespace> \ --cert=path/to/tls.crt \ --key=path/to/tls.keyWhere:
<GES_SECRET>— secret name, must matchingress.tls.GES_SECRETinvalues.yaml.<PORTAL_SECRET>— secret name foringress.tls.PORTAL_SECRET.<APP_SECRET>— secret name foringress.tls.APP_SECRET.
Ensure the hosts in the certificates match the values in
values.yaml:ingress: enabled: true tls: enabled: true GES_SECRET: ges-tls PORTAL_SECRET: portal-tls APP_SECRET: app-tls host: GES_URL: ges.example.com PORTAL_URL: portal.example.com APP_URL: app.example.com
Check
kubectl get secrets -n <your-namespace>
TLS secrets must be kubernetes.io/tls, docker secret must be kubernetes.io/dockerconfigjson.