Kubernetes via Helm Chart
Learn how to use Helm chart to install Infisical on your Kubernetes cluster.
Prerequisites
- You have extensive understanding of Kubernetes
- Installed Helm package manager version v3.11.3 or greater
- You have kubectl installed and connected to your kubernetes cluster
Install Infisical Helm repository
helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/'
helm repo update
Add Helm values
Create a values.yaml file. This will be used to configure settings for the Infisical Helm chart.
To explore all configurable properties for your values file, visit this page.
Select Infisical version
By default, the Infisical version set in your helm chart will likely be outdated. Choose the latest Infisical docker image tag from here.
infisical:
image:
repository: infisical/infisical
tag: "v0.46.2-postgres" #<-- update
pullPolicy: IfNotPresent
Do you not use the latest docker image tag in production deployments as they can introduce unexpected changes
Configure environment variables
To deploy this Helm chart, a Kubernetes secret named infisical-secrets must be present in the same namespace where the chart is being deployed.
For a minimal installation of Infisical, you need to configure ENCRYPTION_KEY, AUTH_SECRET, DB_CONNECTION_URI, and REDIS_URL. Learn more about configuration settings.
For test or proof-of-concept purposes, you may omit DB_CONNECTION_URI and REDIS_URL from infisical-secrets. This is because the Helm chart will automatically provision and connect to the in-cluster instances of Postgres and Redis by default.
apiVersion: v1
kind: Secret
metadata:
name: infisical-secrets
type: Opaque
stringData:
AUTH_SECRET: <>
ENCRYPTION_KEY: <>
Database schema migration
Infisical relies a relational database, which means that database schemas need to be migrated before the instance can become operational.
To automate this process, the chart includes a option named infisical.autoDatabaseSchemaMigration.
When this option is enabled, a deployment/upgrade will only occur after a successful schema migration.
If you are using in-cluster Postgres, you may notice the migration job failing initially. This is expected as it is waiting for the database to be in ready state.
Routing traffic to Infisical
By default, this chart uses Nginx as its Ingress controller to direct traffic to Infisical services.
ingress:
nginx:
enabled: true
Install the Helm chart
Once you are done configuring your values.yaml file, run the command below.
helm upgrade --install infisical infisical-helm-charts/infisical-standalone --values /path/to/values.yaml
Access Infisical
After deployment, please wait for 2-5 minutes for all pods to reach a running state. Once a significant number of pods are operational, access the IP address revealed through Ingress by your load balancer.
You can find the IP address/hostname by executing the command kubectl get ingress.
Upgrade your instance
To upgrade your instance of Infisical simply update the docker image tag in your Halm values and rerun the command below.
helm upgrade --install infisical infisical-helm-charts/infisical-standalone --values /path/to/values.yaml
Always back up your database before each upgrade, especially in a production environment.
Was this page helpful?