Skip to content

A collection of production-ready Helm charts following cloud-native best practices. Features include auto-scaling, health checks, configurable ingress, signed releases with Cosign, and testing.

License

Notifications You must be signed in to change notification settings

5ergiu/helm-charts

Helm Charts

Production-grade Helm charts for Kubernetes deployments following cloud-native best practices.

License Artifact Hub

πŸ“¦ Available Charts

Chart Description Version Docs
LaravelLaravel Laravel application deployment with web/worker deployments, queue management, cron jobs, and auto-scaling Version README
Next.jsNext.js High-performance Next.js application deployment with SSR/SSG support, image optimization, and CDN integration Version README

πŸš€ Quick Start

Prerequisites

  • Kubernetes 1.24+
  • Helm 3.8+

Installing Charts

From OCI Registry (Recommended)

# Install from GitHub Container Registry
helm install my-app oci://ghcr.io/5ergiu/helm-charts/my-chart \
  --version 0.1.0 \
  --namespace production \
  --create-namespace \
  --values values.yaml

From GitHub Release

# Download chart from releases
wget https://github.com/5ergiu/helm-charts/releases/download/my-chart-0.1.0/my-chart-0.1.0.tgz

# Install from local archive
helm install my-app my-chart-0.1.0.tgz \
  --namespace production \
  --create-namespace \
  --values values.yaml

From Local Clone

# Clone repository
git clone https://github.com/5ergiu/helm-charts.git
cd helm-charts

# Install chart
helm install my-app ./charts/my-chart \
  --namespace production \
  --create-namespace \
  --values values.yaml

πŸ’‘ Chart Features

All charts in this repository provide:

Security & Supply Chain

  • Non-root containers by default
  • Read-only root filesystems where possible
  • Dropped Linux capabilities for minimal attack surface
  • Security contexts properly configured
  • No hardcoded credentials - use secrets or external secret providers
  • Cryptographically signed charts with Cosign - see COSIGN.md
  • Signed commits encouraged for authenticity - see CONTRIBUTING.md

Production Ready

  • Comprehensive health checks (liveness, readiness, startup probes)
  • Resource requests and limits properly configured
  • Persistent storage configurations when needed
  • Rolling update strategies for zero-downtime deployments
  • Pod disruption budgets for high availability
  • Horizontal pod autoscaling support

πŸ“š Configuration

Each chart provides extensive configuration options through values.yaml. Key configuration areas include:

  • Authentication & Security: User credentials, existing secrets, security contexts
  • Storage: Persistent volumes, storage classes, backup configurations
  • Networking: Services, ingress, network policies
  • Scaling: Replica counts, autoscaling, resource limits
  • Monitoring: Metrics, service monitors, health checks

Refer to individual chart READMEs for detailed configuration options.

🐳 Building Example Images

The examples/ directory contains sample applications (Next.js, Laravel) with multi-stage Dockerfiles for demonstration purposes. These images are built separately and used by the Helm charts for testing.

Automatic Builds

Docker images are built automatically and pushed to GitHub Container Registry (GHCR) using the Build and Push Images workflow.

When to trigger builds:

  • When you modify Dockerfiles in the examples/ directory
  • When you want to update example application dependencies
  • When creating new example applications

Manual Workflow Trigger

Since Dockerfiles change rarely, image builds are manually triggered rather than running on every PR:

  1. Go to Actions β†’ Build and Push Images
  2. Click Run workflow
  3. Optionally specify which apps to build (comma-separated), or leave empty to build all:
    nextjs,laravel
    

Image Tagging Strategy

Images are tagged based on the build target:

  • Development builds (target: development): Tagged as appName:dev (always overwritten)
  • Production builds (target: production): Semantic versioning with appName:vX.Y.Z + appName:latest

Example tags:

# Development
ghcr.io/5ergiu/images/nextjs:dev
ghcr.io/5ergiu/images/laravel:dev

# Production
ghcr.io/5ergiu/images/nextjs:latest
ghcr.io/5ergiu/images/laravel:latest

Local Builds

You can also build images locally for testing:

# Build development target
cd examples/nextjs
docker build --target development -t nextjs:dev .

# Build production target
docker build --target production -t nextjs:latest .

🀝 Contributing

We welcome contributions! Please see CONTRIBUTING.md for details on:

  • Setting up your development environment
  • Code standards and best practices
  • Testing requirements and running tests
  • Pull request process
  • Commit signing

Questions or Need Help?

πŸ“ License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

If you find this project useful, please consider giving it a star on GitHub!

About

A collection of production-ready Helm charts following cloud-native best practices. Features include auto-scaling, health checks, configurable ingress, signed releases with Cosign, and testing.

Topics

Resources

License

Code of conduct

Contributing

Stars

Watchers

Forks

Packages

 
 
 

Contributors 2

  •  
  •