Iris Frontends
Iris is a comprehensive web application platform that provides multi-language frontend support with advanced NGINX configuration capabilities.
TL;DR
helm repo add htg https://charts.htg.es
helm install my-iris-frontend htg/infra-iris-frontends
Introduction
This chart bootstraps an Iris frontends deployment on a Kubernetes cluster using the Helm package manager.
Bitnami charts can be used with Kubeapps for deployment and management of Helm Charts in clusters.
Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
Installing the Chart
To install the chart with the release name my-iris-frontend:
helm install my-iris-frontend oci://registry-1.docker.io/htg/infra-iris-frontends
The command deploys Iris frontends on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
Uninstalling the Chart
To uninstall/delete the my-iris-frontend deployment:
helm delete my-iris-frontend
The command removes all the Kubernetes components associated with the chart and deletes the release.
Parameters
Global parameters
| Name | Description | Value |
|---|---|---|
replicaCount |
Number of container replicas | 1 |
nameOverride |
String to partially override common.names.fullname | "" |
fullnameOverride |
String to fully override common.names.fullname | "" |
Image parameters
| Name | Description | Value |
|---|---|---|
image.repository |
Iris frontends image repository | "" |
image.tag |
Iris frontends image tag (immutable tags are recommended) | "" |
image.pullPolicy |
Iris frontends image pull policy | IfNotPresent |
Application configuration parameters
| Name | Description | Value |
|---|---|---|
configuration.app |
Application configuration for app.config.json | {} |
configuration.nginx.securityHeaders.contentSecurityPolicy.enabled |
Enable Content-Security-Policy header | false |
configuration.nginx.securityHeaders.contentSecurityPolicy.value |
Content-Security-Policy header value | "default-src 'self';" |
configuration.nginx.securityHeaders.strictTransportSecurity.enabled |
Enable Strict-Transport-Security header | false |
configuration.nginx.securityHeaders.strictTransportSecurity.value |
Strict-Transport-Security header value | "max-age=31536000; includeSubDomains" |
Deployment parameters
| Name | Description | Value |
|---|---|---|
strategy |
Pods replacement strategy type | {} |
Service Account parameters
| Name | Description | Value |
|---|---|---|
serviceAccount.create |
Specifies whether a ServiceAccount should be created | true |
serviceAccount.name |
The name of the ServiceAccount to use | "" |
serviceAccount.annotations |
Additional Service Account annotations | {} |
serviceAccount.automount |
Automount service account token | true |
Pod parameters
| Name | Description | Value |
|---|---|---|
podLabels |
Extra labels for pods | {} |
podAnnotations |
Annotations for pods | {} |
podSecurityContext |
Security context for pods | {} |
securityContext |
Security context for application container | {} |
Health checks
| Name | Description | Value |
|---|---|---|
readinessProbe.enabled |
Enable readiness probe | "true" |
readinessProbe.path |
Path for readiness probe | /healthz |
readinessProbe.port |
Port for readiness probe | http |
livenessProbe.enabled |
Enable liveness probe | "true" |
livenessProbe.path |
Path for liveness probe | /healthz |
livenessProbe.port |
Port for liveness probe | http |
customLivenessProbe |
Custom liveness probe configuration | {} |
customReadinessProbe |
Custom readiness probe configuration | {} |
Resource parameters
| Name | Description | Value |
|---|---|---|
resources |
Set container requests and limits for CPU or memory | {} |
Scheduling parameters
| Name | Description | Value |
|---|---|---|
affinity |
Affinity for pod assignment | {} |
nodeSelector |
Node labels for pod assignment | {} |
tolerations |
Tolerations for pod assignment | [] |
Volume parameters
| Name | Description | Value |
|---|---|---|
extraVolumeMounts |
Optionally specify extra list of additional volumeMounts | [] |
extraVolumes |
Optionally specify extra list of additional volumes | [] |
Service parameters
| Name | Description | Value |
|---|---|---|
service.type |
Kubernetes service type | ClusterIP |
service.port |
Service HTTP port | 80 |
Ingress parameters
| Name | Description | Value |
|---|---|---|
ingress.enabled |
Enable ingress record generation | false |
ingress.className |
IngressClass that will be used | "" |
ingress.annotations |
Additional annotations for the Ingress resource | {} |
ingress.hosts |
An array with hosts and paths | [{"host": "chart-example.local", "paths": [{"path": "/", "pathType": "ImplementationSpecific"}]}] |
ingress.tls |
TLS configuration for additional hostnames | [] |
Autoscaling parameters
| Name | Description | Value |
|---|---|---|
autoscaling.enabled |
Enable Horizontal Pod Autoscaler | "false" |
autoscaling.minReplicas |
Minimum number of replicas | "1" |
autoscaling.maxReplicas |
Maximum number of replicas | "10" |
autoscaling.targets.cpu |
Target CPU utilization percentage | "50" |
Configuration and installation details
Multi-language Support
This chart is specifically designed to serve multi-language frontends with the following language support:
- Spanish (es): Default language, served at root path
/and/es/ - Basque (eu): Available at
/eu/ - English (en): Available at
/en/
The NGINX configuration automatically handles language routing and serves the appropriate content based on the URL path.
Security Headers
The chart includes configurable security headers through NGINX:
configuration:
nginx:
securityHeaders:
contentSecurityPolicy:
enabled: true
value: "default-src 'self'; script-src 'self' 'unsafe-inline';"
strictTransportSecurity:
enabled: true
value: "max-age=31536000; includeSubDomains"
Health Checks
The application includes a built-in health check endpoint at /healthz that returns:
{"status":"UP"}
This endpoint is used for both liveness and readiness probes.
Examples
Basic Installation
helm install iris-frontend htg/infra-iris-frontends \
--set image.repository=my-registry/iris-frontend \
--set image.tag=v1.0.0
Installation with Ingress
# values.yaml
image:
repository: my-registry/iris-frontend
tag: v1.0.0
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: htg-express.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: iris-tls
hosts:
- htg-express.com
helm install iris-frontend htg/infra-iris-frontends -f values.yaml
Installation with Autoscaling
# values.yaml
image:
repository: my-registry/iris-frontend
tag: v1.0.0
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targets:
cpu: 70
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
Installation with Security Headers
# values.yaml
image:
repository: my-registry/iris-frontend
tag: v1.0.0
configuration:
nginx:
securityHeaders:
contentSecurityPolicy:
enabled: true
value: "default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.htg-express.com; style-src 'self' 'unsafe-inline';"
strictTransportSecurity:
enabled: true
value: "max-age=31536000; includeSubDomains; preload"