Kubernetes Helm Chart Structure
1. Chart scaffold
File: helm-chart/Chart.yaml
Defines a v2 application chart named influxion, versioned 0.1.0, with appVersion: "latest".
File: helm-chart/values.yaml
Holds all of the top-level values you pass via --set ... in your PowerShell script (image.*, vault.*, postgres.*, rabbitmq.*, service.port/type, worker.replicaCount, etc.).
2. Helpers
File: helm-chart/templates/_helpers.tpl
Defines two simple helpers—influxion.name and influxion.fullname—so that all resources share consistent naming (<name>-<release>).
3. Vault secret
File: helm-chart/templates/vault-secret.yaml
Creates an Opaque Secret from .Values.vault.* with exactly the four keys your app and worker need:
INFLUXION_VAULT_URL # from vault.url
INFLUXION_AZURE_CLIENT_ID # from vault.clientId
INFLUXION_AZURE_CLIENT_SECRET # from vault.clientSecret
INFLUXION_AZURE_TENANT_ID # from vault.tenantId
This matches your deploy script’s --set vault.url... vault.clientId... vault.clientSecret... vault.tenantId....
4. Postgres StatefulSet & Service
File: helm-chart/templates/statefulset-postgres.yaml
File: helm-chart/templates/service-postgres.yaml
Spins up a single-replica PostgreSQL StatefulSet (with a PVC sized from values.postgres.persistence.size) and a ClusterIP service on port 5432, using the same credentials as in docker-compose.yml.
5. RabbitMQ Deployment & Service
File: helm-chart/templates/deployment-rabbitmq.yaml
File: helm-chart/templates/service-rabbitmq.yaml
Matches docker-compose.yml’s rabbitmq:3-management container, exposing AMQP (5672) and management (15672) ports, and passing RABBITMQ_DEFAULT_USER / RABBITMQ_DEFAULT_PASS from values.rabbitmq.auth.
6. Influxion “app” Deployment & Service
File: helm-chart/templates/deployment-app.yaml
File: helm-chart/templates/service-app.yaml
Recreates the FastAPI service:
Uses
values.image.app.*,Exposes
values.service.port,Injects the same
INFLUXION_DATABASE_URL,INFLUXION_USE_CELERY,INFLUXION_CELERY_*settings,Mounts the Key-Vault secrets (
INFLUXION_VAULT_URL+ Azure client/secret/tenant) via the secret created above.
7. Ingress Configuration
File: helm-chart/templates/ingress-app.yaml
Optionally creates an Ingress to expose the FastAPI service externally on HTTP port 80 (default LoadBalancer IP), controlled by values.ingress.* settings:
ingress:
enabled: false # toggle Ingress deployment
className: nginx # ingress class
hosts:
- host: influxion.example.com
paths:
- path: /
pathType: Prefix
# TLS: secretName for cert-manager; hosts derive from ingress.hosts
tls:
- secretName: influxion-tls
The template applies these settings to generate the Ingress resource on Kubernetes.
8. Influxion “worker” Deployment
File: helm-chart/templates/deployment-worker.yaml
Matches your x-worker-def in Docker Compose:
Uses
values.image.worker.*,Always sets
INFLUXION_USE_CELERY=1,Points to the same database, broker, vault secret,
Replica count from
values.worker.replicaCount.
How it dovetails with deploy_to_aks.ps1
Your PowerShell command does:
helm upgrade --install influxion ./helm-chart ... `
--set image.app.repository=... `
--set image.app.tag=... `
--set image.worker.repository=... `
--set image.worker.tag=... `
--set vault.url="$VaultUrl" `
--set vault.clientId="$VaultClientId" `
--set vault.clientSecret="$VaultClientSecret" `
--set vault.tenantId="$VaultTenantId" `
--set ingress.enabled=true `
--set ingress.className="$IngressClass" `
--set ingress.hosts[0].host="$IngressHost"
Note
If you override only the host (via --set ingress.hosts[0].host), the chart will automatically
configure a single path / with pathType Prefix, so you don’t need to explicitly set
ingress.hosts[0].paths.
The chart’s values.yaml and templates consume exactly those four vault.* keys, plus the image settings, so everything will wire up smoothly on AKS.