Saltar a contenido

Iris MyHTG

MyHTG is a comprehensive web application platform that provides multi-language frontend support with advanced NGINX configuration capabilities.

TL;DR

helm repo add htg https://charts.htg.es
helm install infra-iris-myhtg htg/infra-iris-myhtg

Introduction

This chart bootstraps an MyHTG deployment on a Kubernetes cluster using the Helm package manager.

Bitnami charts can be used with Kubeapps for deployment and management of Helm Charts in clusters.

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.2.0+

Installing the Chart

To install the chart with the release name infra-iris-myhtg:

helm install infra-iris-myhtg oci://registry-1.docker.io/htg/infra-iris-myhtg

The command deploys Iris frontends on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Uninstalling the Chart

To uninstall/delete the infra-iris-myhtg deployment:

helm delete infra-iris-myhtg

The command removes all the Kubernetes components associated with the chart and deletes the release.

Parameters

Global parameters

Name Description Value
replicaCount Number of container replicas 1
nameOverride String to partially override common.names.fullname ""
fullnameOverride String to fully override common.names.fullname ""

Image parameters

Name Description Value
image.repository Iris frontends image repository ""
image.tag Iris frontends image tag (immutable tags are recommended) ""
image.pullPolicy Iris frontends image pull policy IfNotPresent

Application configuration parameters

Name Description Value
configuration.app Application configuration for app.config.json {}
configuration.nginx.securityHeaders.contentSecurityPolicy.enabled Enable Content-Security-Policy header false
configuration.nginx.securityHeaders.contentSecurityPolicy.value Content-Security-Policy header value "default-src 'self';"
configuration.nginx.securityHeaders.strictTransportSecurity.enabled Enable Strict-Transport-Security header false
configuration.nginx.securityHeaders.strictTransportSecurity.value Strict-Transport-Security header value "max-age=31536000; includeSubDomains"

Deployment parameters

Name Description Value
strategy Pods replacement strategy type {}

Service Account parameters

Name Description Value
serviceAccount.create Specifies whether a ServiceAccount should be created true
serviceAccount.name The name of the ServiceAccount to use ""
serviceAccount.annotations Additional Service Account annotations {}
serviceAccount.automount Automount service account token true

Pod parameters

Name Description Value
podLabels Extra labels for pods {}
podAnnotations Annotations for pods {}
podSecurityContext Security context for pods {}
securityContext Security context for application container {}

Health checks

Name Description Value
readinessProbe.enabled Enable readiness probe "true"
readinessProbe.path Path for readiness probe /healthz
readinessProbe.port Port for readiness probe http
livenessProbe.enabled Enable liveness probe "true"
livenessProbe.path Path for liveness probe /healthz
livenessProbe.port Port for liveness probe http
customLivenessProbe Custom liveness probe configuration {}
customReadinessProbe Custom readiness probe configuration {}

Resource parameters

Name Description Value
resources Set container requests and limits for CPU or memory {}

Scheduling parameters

Name Description Value
affinity Affinity for pod assignment {}
nodeSelector Node labels for pod assignment {}
tolerations Tolerations for pod assignment []

Volume parameters

Name Description Value
extraVolumeMounts Optionally specify extra list of additional volumeMounts []
extraVolumes Optionally specify extra list of additional volumes []

Service parameters

Name Description Value
service.type Kubernetes service type ClusterIP
service.port Service HTTP port 80

Ingress parameters

Name Description Value
ingress.enabled Enable ingress record generation false
ingress.className IngressClass that will be used ""
ingress.annotations Additional annotations for the Ingress resource {}
ingress.hosts An array with hosts and paths [{"host": "chart-example.local", "paths": [{"path": "/", "pathType": "ImplementationSpecific"}]}]
ingress.tls TLS configuration for additional hostnames []

Autoscaling parameters

Name Description Value
autoscaling.enabled Enable Horizontal Pod Autoscaler "false"
autoscaling.minReplicas Minimum number of replicas "1"
autoscaling.maxReplicas Maximum number of replicas "10"
autoscaling.targets.cpu Target CPU utilization percentage "50"

Configuration and installation details

Multi-language Support

This chart is specifically designed to serve multi-language frontends with the following language support:

  • Spanish (es): Default language, served at root path / and /es/
  • Basque (eu): Available at /eu/
  • English (en): Available at /en/

The NGINX configuration automatically handles language routing and serves the appropriate content based on the URL path.

Security Headers

The chart includes configurable security headers through NGINX:

configuration:
  nginx:
    securityHeaders:
      contentSecurityPolicy:
        enabled: true
        value: "default-src 'self'; script-src 'self' 'unsafe-inline';"
      strictTransportSecurity:
        enabled: true
        value: "max-age=31536000; includeSubDomains"

Health Checks

The application includes a built-in health check endpoint at /healthz that returns:

{"status":"UP"}

This endpoint is used for both liveness and readiness probes.

Examples

Basic Installation

helm install iris-frontend htg/infra-iris-myhtg \
  --set image.repository=my-registry/iris-frontend \
  --set image.tag=v1.0.0

Installation with Ingress

# values.yaml
image:
  repository: my-registry/iris-frontend
  tag: v1.0.0

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: htg-express.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: iris-tls
      hosts:
        - htg-express.com

helm install iris-frontend htg/infra-iris-myhtg -f values.yaml

Installation with Autoscaling

# values.yaml
image:
  repository: my-registry/iris-frontend
  tag: v1.0.0

autoscaling:
  enabled: true
  minReplicas: 2
  maxReplicas: 10
  targets:
    cpu: 70

resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 250m
    memory: 256Mi

Installation with Security Headers

# values.yaml
image:
  repository: my-registry/iris-frontend
  tag: v1.0.0

configuration:
  nginx:
    securityHeaders:
      contentSecurityPolicy:
        enabled: true
        value: "default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.htg-express.com; style-src 'self' 'unsafe-inline';"
      strictTransportSecurity:
        enabled: true
        value: "max-age=31536000; includeSubDomains; preload"