Kubernetes Helm Chart Structure =============================== 1. Chart scaffold ----------------- **File:** ``helm-chart/Chart.yaml`` Defines a v2 application chart named ``influxion``, versioned 0.1.0, with ``appVersion: "latest"``. **File:** ``helm-chart/values.yaml`` Holds all of the top-level values you pass via ``--set ...`` in your PowerShell script (``image.*``, ``vault.*``, ``postgres.*``, ``rabbitmq.*``, ``service.port/type``, ``worker.replicaCount``, etc.). ------------------------------------------------------------------------------- 2. Helpers ---------- **File:** ``helm-chart/templates/_helpers.tpl`` Defines two simple helpers—``influxion.name`` and ``influxion.fullname``—so that all resources share consistent naming (``-``). ------------------------------------------------------------------------------- 3. Vault secret --------------- **File:** ``helm-chart/templates/vault-secret.yaml`` Creates an Opaque Secret from ``.Values.vault.*`` with exactly the four keys your app and worker need: :: INFLUXION_VAULT_URL # from vault.url INFLUXION_AZURE_CLIENT_ID # from vault.clientId INFLUXION_AZURE_CLIENT_SECRET # from vault.clientSecret INFLUXION_AZURE_TENANT_ID # from vault.tenantId This matches your deploy script’s ``--set vault.url... vault.clientId... vault.clientSecret... vault.tenantId...``. ------------------------------------------------------------------------------- 4. Postgres StatefulSet & Service --------------------------------- **File:** ``helm-chart/templates/statefulset-postgres.yaml`` **File:** ``helm-chart/templates/service-postgres.yaml`` Spins up a single-replica PostgreSQL StatefulSet (with a PVC sized from ``values.postgres.persistence.size``) and a ClusterIP service on port 5432, using the same credentials as in ``docker-compose.yml``. ------------------------------------------------------------------------------- 5. RabbitMQ Deployment & Service -------------------------------- **File:** ``helm-chart/templates/deployment-rabbitmq.yaml`` **File:** ``helm-chart/templates/service-rabbitmq.yaml`` Matches ``docker-compose.yml``’s ``rabbitmq:3-management`` container, exposing AMQP (5672) and management (15672) ports, and passing ``RABBITMQ_DEFAULT_USER`` / ``RABBITMQ_DEFAULT_PASS`` from ``values.rabbitmq.auth``. ------------------------------------------------------------------------------- 6. Influxion “app” Deployment & Service --------------------------------------- **File:** ``helm-chart/templates/deployment-app.yaml`` **File:** ``helm-chart/templates/service-app.yaml`` Recreates the FastAPI service: * Uses ``values.image.app.*``, * Exposes ``values.service.port``, * Injects the same ``INFLUXION_DATABASE_URL``, ``INFLUXION_USE_CELERY``, ``INFLUXION_CELERY_*`` settings, * Mounts the Key-Vault secrets (``INFLUXION_VAULT_URL`` + Azure client/secret/tenant) via the secret created above. ------------------------------------------------------------------------------- 7. Ingress Configuration ------------------------ **File:** ``helm-chart/templates/ingress-app.yaml`` Optionally creates an Ingress to expose the FastAPI service externally on HTTP port 80 (default LoadBalancer IP), controlled by ``values.ingress.*`` settings: :: ingress: enabled: false # toggle Ingress deployment className: nginx # ingress class hosts: - host: influxion.example.com paths: - path: / pathType: Prefix # TLS: secretName for cert-manager; hosts derive from ingress.hosts tls: - secretName: influxion-tls The template applies these settings to generate the Ingress resource on Kubernetes. ------------------------------------------------------------------------------- 8. Influxion “worker” Deployment -------------------------------- **File:** ``helm-chart/templates/deployment-worker.yaml`` Matches your x-worker-def in Docker Compose: * Uses ``values.image.worker.*``, * Always sets ``INFLUXION_USE_CELERY=1``, * Points to the same database, broker, vault secret, * Replica count from ``values.worker.replicaCount``. ------------------------------------------------------------------------------- How it dovetails with deploy_to_aks.ps1 --------------------------------------- Your PowerShell command does: :: helm upgrade --install influxion ./helm-chart ... ` --set image.app.repository=... ` --set image.app.tag=... ` --set image.worker.repository=... ` --set image.worker.tag=... ` --set vault.url="$VaultUrl" ` --set vault.clientId="$VaultClientId" ` --set vault.clientSecret="$VaultClientSecret" ` --set vault.tenantId="$VaultTenantId" ` --set ingress.enabled=true ` --set ingress.className="$IngressClass" ` --set ingress.hosts[0].host="$IngressHost" .. note:: If you override only the host (via ``--set ingress.hosts[0].host``), the chart will automatically configure a single path ``/`` with pathType ``Prefix``, so you don't need to explicitly set ``ingress.hosts[0].paths``. The chart’s ``values.yaml`` and templates consume exactly those four ``vault.*`` keys, plus the image settings, so everything will wire up smoothly on AKS.