Kubernetes via Helm Chart
Learn how to use Helm chart to install Infisical on your Kubernetes cluster.
Prerequisites
- You have extensive understanding of Kubernetes
- Installed Helm package manager version v3.11.3 or greater
- You have kubectl installed and connected to your kubernetes cluster
Install Infisical Helm repository
Add Helm values
Create a values.yaml
file. This will be used to configure settings for the Infisical Helm chart.
To explore all configurable properties for your values file, visit this page.
Select Infisical version
By default, the Infisical version set in your helm chart will likely be outdated. Choose the latest Infisical docker image tag from here.
Do not use the latest docker image tag in production deployments as they can introduce unexpected changes
Configure environment variables
To deploy this Helm chart, a Kubernetes secret named infisical-secrets
must be present in the same namespace where the chart is being deployed.
For a minimal installation of Infisical, you need to configure ENCRYPTION_KEY
, AUTH_SECRET
, DB_CONNECTION_URI
, SITE_URL
, and REDIS_URL
. Learn more about configuration settings.
For test or proof-of-concept purposes, you may omit DB_CONNECTION_URI
and REDIS_URL
from infisical-secrets
. This is because the Helm chart will automatically provision and connect to the in-cluster instances of Postgres and Redis by default.
Database schema migration
Infisical relies on a relational database, which means that database schemas need to be migrated before the instance can become operational.
To automate this process, the chart includes a option named infisical.autoDatabaseSchemaMigration
.
When this option is enabled, a deployment/upgrade will only occur after a successful schema migration.
If you are using in-cluster Postgres, you may notice the migration job failing initially. This is expected as it is waiting for the database to be in ready state.
Routing traffic to Infisical
By default, this chart uses Nginx as its Ingress controller to direct traffic to Infisical services.
Install the Helm chart
Once you are done configuring your values.yaml
file, run the command below.
Access Infisical
After deployment, please wait for 2-5 minutes for all pods to reach a running state. Once a significant number of pods are operational, access the IP address revealed through Ingress by your load balancer.
You can find the IP address/hostname by executing the command kubectl get ingress
.
Upgrade your instance
To upgrade your instance of Infisical simply update the docker image tag in your Helm values and rerun the command below.
Always back up your database before each upgrade, especially in a production environment.