Skip to content

GEWIS/webhost-helm-chart

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
templates
templates
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
.helmignore
.helmignore
 
 
Chart.yaml
Chart.yaml
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
values.yaml
values.yaml
 
 

Repository files navigation

static-webhost

Helm chart for hosting static sites at GEWIS. Each release pairs a Caddy web server with an in-browser code-server editor, sharing an RWX volume so files can be edited live.

What gets deployed

  • PersistentVolumeClaim — RWX, size from storage.size, cluster default storage class.
  • Deployment + Service — Caddy serving the volume at /srv (read-only).
  • Deployment + Service — code-server mounting the same volume read-write.
  • IngressRoute (Traefik) — every entry in domains routes to Caddy. The first domain additionally exposes /admin → code-server, gated by OIDC.
  • Middleware ×2 — traefik-oidc-auth and stripPrefix /admin.
  • Secret oidc-secret — empty shell annotated for reflection from shared-secrets/oidc-auth by the emberstack reflector.

Install via Flux

apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: gewis-webhost
  namespace: flux-system
spec:
  interval: 10m
  url: https://gewis.github.io/webhost-helm-chart
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: myapp
  namespace: flux-system
spec:
  interval: 10m
  releaseName: myapp
  targetNamespace: webhost-myapp
  install:
    createNamespace: true
  chart:
    spec:
      chart: static-webhost
      version: 0.1.0
      sourceRef:
        kind: HelmRepository
        name: gewis-webhost
        namespace: flux-system
  values:
    storage:
      size: 20Gi
    domains:
      - myapp.gewis.nl
    oidc:
      groups:
        - CBC - Application Hosting Team (ADM)

By convention, target namespaces are webhost-<release>; the chart no longer enforces this so targetNamespace is yours to set.

Standalone helm install

helm repo add gewis-webhost https://gewis.github.io/webhost-helm-chart
helm install myapp gewis-webhost/static-webhost \
  --create-namespace --namespace webhost-myapp \
  --set 'domains={myapp.gewis.nl}'

Key values

Key Description Default
storage.size Size of the shared RWX volume 10Gi
domains List of hosts routed to Caddy; first also serves /admin (code-server) [example.gewis.nl]
oidc.groups Group names allowed through the OIDC middleware [CBC - Application Hosting Team (ADM)]
oidc.provider.url OIDC issuer URL GEWISWG realm
oidc.secretReflectsFrom Source for the reflected OIDC secret shared-secrets/oidc-auth
codeServer.image / caddy.image Container images upstream latest / 2-alpine

See values.yaml for the full schema.

Releasing

The release-chart workflow publishes to gh-pages whenever a new chart version is pushed to main. To cut a release:

  1. Edit templates/values as needed.
  2. Bump version: in Chart.yaml (semver).
  3. Merge to main. CI packages the chart and updates the Helm repo index.

If the version on main is already in index.yaml, the workflow skips publishing — no clobbering of existing releases.

Local development

A Nix flake provides Helm:

nix develop
helm lint .
helm template demo . --set 'domains={demo.gewis.nl}'

About

No description, website, or topics provided.

Resources

Readme

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages