Skip to content

feat: cipherstash-proxy helm chart #281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jul 22, 2025
Merged

feat: cipherstash-proxy helm chart #281

merged 11 commits into from
Jul 22, 2025

Conversation

calvinbrewer
Copy link
Contributor

@calvinbrewer calvinbrewer commented Jul 18, 2025
edited
Loading

Adds a helm chart for deploying Proxy to a K8s cluster:

  • Proxy deployment with resource requests/limits and preconfigured liveliness and readiness probes on TPC port 6432
  • Service definition for the Proxy ingress
  • Service definition for the P8s metrics collection with preconfigured labels to be ingested by OTEL/P8s
  • Horizontal Pod Autoscaler configured to keep the resource consumption around 80% average
  • Secret management / static definitions for database and CipherStash creds to support both on prod and dev

Acknowledgment

By submitting this pull request, I confirm that CipherStash can use, modify, copy, and redistribute this contribution, under the terms of CipherStash's choice.

@calvinbrewer calvinbrewer marked this pull request as ready for review July 21, 2025 15:42
tobyhede
tobyhede approved these changes Jul 21, 2025
View reviewed changes
Copy link
Contributor

@tobyhede tobyhede left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of comments, but LGTM

k8s/base/proxy-deployment.yaml
- name: metrics
containerPort: 9930
protocol: TCP
env:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it worth adding some of the logging options here?

Important ones would be:

CS_LOG__FORMAT
CS_LOG__LEVEL

If it works like docker-compose.yml the env options need to be explicitly declared or they are not passed through.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are some TLS config settings too that might be worth adding

@calvinbrewer
Copy link
Contributor Author

@tobyhede All your points are valid I've created follow up action items to address them

@calvinbrewer calvinbrewer merged commit 6e9e354 into main Jul 22, 2025
3 checks passed
@calvinbrewer calvinbrewer deleted the helm branch July 22, 2025 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobyhede tobyhede tobyhede approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@calvinbrewer @tobyhede