Skip to content

AH-dark/xboard-helm-chart

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github/workflows
.github/workflows
 
 
charts/xboard
charts/xboard
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

xboard Helm Chart

Artifact Hub Lint Charts Release Charts License

Helm chart for deploying the XBoard panel (web + horizon + ws-server) on Kubernetes.

Chart: 0.2.0 · App: latest · Kubernetes: ≥ 1.29 · Helm: ≥ 3.14

Overview

This chart deploys three components of XBoard:

Component Description Resources
web HTTP server (Laravel app) Deployment + Service + HTTPRoutes + HPA + PDB
horizon Queue worker (Laravel Horizon) Deployment + HPA + PDB
ws-server WebSocket server Deployment + Service + HTTPRoute + HPA + PDB

Out of scope (manage separately): PostgreSQL database (CNPG), Redis (Bitnami chart), TLS certificate (cert-manager), and ArgoCD Application resources.

Prerequisites

  • Kubernetes >= 1.29
  • Helm >= 3.14
  • Gateway API v1 CRDs installed in cluster
  • CNPG Cluster xboard-app-db deployed and ready (provides xboard-app-db-rw service)
  • Bitnami Redis release redis deployed (provides redis-master service)
  • Stakater Reloader operator (optional, required when reloader.enabled=true)

Installation

From Helm repository

helm repo add xboard https://ah-dark.github.io/xboard-helm-chart
helm repo update
helm install xboard xboard/xboard \
  --namespace xboard \
  --create-namespace

From source

git clone https://github.com/AH-dark/xboard-helm-chart.git
helm install xboard ./xboard-helm-chart/charts/xboard \
  --namespace xboard \
  --create-namespace

APP_KEY handling

The chart auto-generates APP_KEY when it is left empty and no config.existingSecret is set. On helm upgrade the existing in-cluster value is reused via helm lookup, so pods are not invalidated.

For reproducible output (e.g. GitOps with helm template, dry-runs, or fully deterministic installs), set the key explicitly:

helm install xboard xboard/xboard \
  --namespace xboard \
  --create-namespace \
  --set config.values.APP_KEY="base64:$(openssl rand -base64 32)"

Values Reference

Image

Key Default Description
image.repository ghcr.io/cedar2025/xboard Container image repository
image.tag "" (uses appVersion: latest) Image tag override
image.pullPolicy "" (auto: Always for latest/empty, else IfNotPresent) Pull policy override
image.pullSecrets [] Image pull secrets

Config (Application Environment)

Key Default Description
config.existingSecret "" Reference an existing Secret (bypasses config.values and APP_KEY generation)
config.values.APP_KEY "" Laravel encryption key. Empty = auto-generated at render time (reused via helm lookup on upgrade). Set explicitly for reproducible renders.
config.values.APP_URL https://panel.example.com Application URL
config.values.DB_HOST xboard-app-db-rw PostgreSQL hostname (CNPG read-write service)
config.values.REDIS_HOST redis-master Redis hostname
config.extraValues {} Additional env vars to merge into the Secret

Per-Component Scaling (web / horizon / ws)

Key Default Description
web.hpa.enabled true Enable HPA for web
web.hpa.minReplicas 2 Minimum replicas
web.hpa.maxReplicas 8 Maximum replicas
horizon.hpa.minReplicas 2 Horizon min replicas
horizon.hpa.maxReplicas 4 Horizon max replicas
ws.hpa.minReplicas 2 WS-server min replicas
ws.hpa.maxReplicas 4 WS-server max replicas
web.pdb.enabled true Enable PDB for web
web.pdb.minAvailable "25%" Minimum available pods

Ingress (Gateway API)

This chart only renders HTTPRoutes; the referenced Gateway must be provisioned out of band (for example via xboard/cert/gateway.yaml or a shared cluster-level gateway).

Key Default Description
ingress.hostname panel.example.com Single public hostname. Used as fallback when ingress.hostnames is empty.
ingress.hostnames [] List of public hostnames applied to every HTTPRoute. Overrides hostname when set.
ingress.hsts.enabled true Add HSTS response header
ingress.redirectHttpToHttps true Render HTTP to HTTPS redirect HTTPRoute
ingress.parentRefs.https [{name: xboard-gateway, sectionName: https}] HTTPS listener parentRef
ingress.parentRefs.http [{name: xboard-gateway, sectionName: http}] HTTP listener parentRef

Multiple hostnames

Set ingress.hostnames to expose the panel under multiple FQDNs (e.g. a primary domain and a vanity alias). Every HTTPRoute (web, redirect, ws) is rendered with the full list:

# values-override.yaml
ingress:
  hostnames:
    - panel.example.com
    - panel.alt.example.com

When hostnames is empty (the default), the chart falls back to the legacy single hostname field, preserving the behaviour of chart 0.1.x.

Secret Dual-Mode

Mode 1: Inline values (development / simple setups)

The chart renders a Secret from config.values. APP_KEY is auto-generated when empty; pass it explicitly only when you need a stable, externally-known value:

helm install xboard xboard/xboard \
  --namespace xboard \
  --set config.values.APP_KEY="base64:$(openssl rand -base64 32)" \
  --set config.values.DB_PASSWORD="my-db-password" \
  --set config.values.REDIS_PASSWORD="my-redis-password"

Mode 2: External Secret (production / GitOps)

Pre-create the Secret externally, then reference it:

# Create secret beforehand (e.g. via Sealed Secrets, External Secrets, etc.)
kubectl create secret generic my-xboard-config \
  --namespace xboard \
  --from-env-file=config.env

# Install chart pointing to existing secret
helm install xboard xboard/xboard \
  --namespace xboard \
  --set config.existingSecret=my-xboard-config

When config.existingSecret is set, config.values is completely ignored and no Secret is rendered by this chart.

Bring Your Own Gateway

This chart does not render a Gateway resource. It assumes an external Gateway named xboard-gateway already exists in the namespace (e.g. deployed from xboard/cert/gateway.yaml).

To point HTTPRoutes at a different Gateway (e.g. shared cluster-level gateway):

# values-override.yaml
ingress:
  parentRefs:
    https:
      - name: shared-gateway
        namespace: gateway-system
        sectionName: https
    http:
      - name: shared-gateway
        namespace: gateway-system
        sectionName: http

Upgrade & Uninstall

Upgrade

helm upgrade xboard xboard/xboard \
  --namespace xboard

The auto-generated APP_KEY is preserved across upgrades via helm lookup. To rotate it, pass --set config.values.APP_KEY="base64:$(openssl rand -base64 32)" (note: pods using the previous key will need to re-encrypt any APP_KEY-encrypted data).

Important: Selector labels are immutable. If you need to change selector labels, you must uninstall and reinstall (with downtime).

Uninstall

helm uninstall xboard --namespace xboard

Note: PVCs (if any) and Secrets created outside this chart are NOT deleted by helm uninstall.

License

This chart is distributed under the GNU Affero General Public License v3.0 or later (AGPL-3.0-or-later).

About

Helm chart for deploying the XBoard panel application on Kubernetes.

artifacthub.io/packages/helm/xboard/xboard

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

xboard-0.2.0 Latest
Jun 1, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages