# User Management System - Helm Chart Kubernetes Helm Chart for deploying the User Management System. ## Prerequisites - Kubernetes 1.19+ - Helm 3.2.0+ - ingress-nginx controller (for Ingress) - cert-manager (for TLS, optional) ## Installation ```bash # Add the repository helm repo add user-management https://charts.example.com helm repo update # Install the chart helm install user-management user-management/user-management \ --set config.jwtSecret="your-secret-key" \ --set config.adminEmail="admin@example.com" ``` ## Using with Custom Values ```bash # Create a values file cat > values.yaml << EOF replicaCount: 2 config: jwtSecret: "your-production-secret-key" adminEmail: "admin@example.com" logLevel: "warn" ingress: enabled: true hosts: - host: ums.example.com paths: - path: / tls: - secretName: ums-tls hosts: - ums.example.com resources: limits: cpu: 1000m memory: 1Gi EOF # Install with custom values helm install user-management user-management/user-management -f values.yaml ``` ## Configuration | Parameter | Description | Default | |-----------|-------------|---------| | `replicaCount` | Number of replicas | `1` | | `image.repository` | Docker image repository | `user-management` | | `image.tag` | Docker image tag | `latest` | | `service.type` | Service type | `ClusterIP` | | `service.port` | Service port | `8080` | | `ingress.enabled` | Enable Ingress | `true` | | `ingress.className` | Ingress class | `nginx` | | `config.jwtSecret` | JWT signing secret (required) | `""` | | `config.adminEmail` | Admin email | `admin@example.com` | | `config.logLevel` | Log level | `info` | | `resources.limits.cpu` | CPU limit | `500m` | | `resources.limits.memory` | Memory limit | `512Mi` | | `persistence.enabled` | Enable PVC | `true` | | `persistence.size` | PVC size | `5Gi` | | `autoscaling.enabled` | Enable HPA | `false` | | `autoscaling.minReplicas` | Min replicas | `1` | | `autoscaling.maxReplicas` | Max replicas | `3` | ## Production Best Practices ### 1. Use TLS ```bash helm install user-management user-management/user-management \ --set config.jwtSecret="$(openssl rand -base64 32)" \ --set ingress.enabled=true \ --set ingress.tls[0].secretName=ums-tls \ --set ingress.tls[0].hosts[0]=ums.example.com ``` ### 2. Set Resource Limits ```bash helm install user-management user-management/user-management \ --set resources.limits.cpu="1000m" \ --set resources.limits.memory="1Gi" \ --set resources.requests.cpu="250m" \ --set resources.requests.memory="512Mi" ``` ### 3. Enable Autoscaling ```bash helm install user-management user-management/user-management \ --set autoscaling.enabled=true \ --set autoscaling.minReplicas=2 \ --set autoscaling.maxReplicas=10 \ --set autoscaling.targetCPUUtilizationPercentage=70 ``` ### 4. Use a Strong JWT Secret ```bash # Generate a secure random secret JWT_SECRET=$(openssl rand -base64 32 | tr -d '\n') helm install user-management user-management/user-management \ --set config.jwtSecret="$JWT_SECRET" ``` ## Upgrading ```bash # Upgrade to a new version helm upgrade user-management user-management/user-management # Upgrade with new values helm upgrade user-management user-management/user-management \ --set config.logLevel="debug" ``` ## Uninstall ```bash helm uninstall user-management # Note: PVC data persists by default. To delete all data: kubectl delete pvc -l app.kubernetes.io/name=user-management ``` ## Troubleshooting ### Pod not starting ```bash # Check pod status kubectl get pods -l app.kubernetes.io/name=user-management # View pod logs kubectl logs -l app.kubernetes.io/name=user-management # Describe pod for events kubectl describe pod -l app.kubernetes.io/name=user-management ``` ### Ingress not working ```bash # Check ingress controller kubectl get pods -n ingress-nginx # Check ingress resource kubectl get ingress -l app.kubernetes.io/name=user-management # Check certificate kubectl get certificate -l app.kubernetes.io/name=user-management ``` ## License Internal use only.