Skip to content

Helm Chart

Lamassu's Helm chart is a powerful tool that allows you to deploy Lamassu in a Kubernetes cluster. The Helm chart is a collection of files that describe a set of Kubernetes resources. It is a way to package, configure, and deploy applications on Kubernetes.

The fastlane script custmizes the deployment by bootstraping a basic configuration. However, you can further customize the deployment by editing the lamassu.yaml file considering the following configuration options:

  • global - These global values affect multiple components of the chart.

    • imagePullPolicy (string: "Always") - The image pull policy for all the components.

  • debugMode (boolean: true) - Enable debug mode for Lamassu components.

  • tls - Configuration for the downstream TLS.

    • type (string: "certManager") - TLS provider to be used. Possible values are certManager or external.
    • certManagerOptions - Configuration for the Let's Encrypt TLS.
      • clusterIssuer (string: "") - The cluster issuer to be used.
      • issuer (string: "") - The issuer to be used.
      • duration (string: "2160h") - The duration of the self-signed certificate.
    • externalOptions - Configuration for the external certificate.
      • secretName (string: "") - The name of the secret containing the external certificate.

  • ingress - Configuration for the Ingress.

    • enabled (boolean: true) - Enable the Ingress.
    • hostname (string: "dev.lamassu.io") - The hostname to be used. Required if Ingress is enabled.
    • annotations (string: "") - The annotations to be used set to the ingress resource.

  • service - Configuration for the services.

    • type (string: "ClusterIP") - The service type to be used.
    • nodePorts - Configuration for the NodePorts.
      • apiGatewayTls (number: 0) - The NodePort for the API Gateway TLS.
      • apiGateway (number: 0) - The NodePort for the API Gateway.

  • postgres - Configuration for the Postgres database.

    • hostname (string: "") - The hostname of the Postgres database.
    • port (number: 5432) - The port of the Postgres database.
    • username (string: "") - The username of the Postgres database.
    • password (string: "") - The password of the Postgres database.

  • amqp - Configuration for the AMQP.

    • hostname (string: "") - The hostname of the AMQP.
    • port (number: 5672) - The port of the AMQP.
    • username (string: "") - The username of the AMQP.
    • password (string: "") - The password of the AMQP.
    • tls (boolean: false) - Enable TLS for the AMQP.

  • auth - Configuration for the authentication.

    • oidc - Configuration for the OIDC.
      • frontend - Configuration for the frontend.
        • clientId (string: "frontend") - Client ID used by the frontend.
        • authority (string: "https://${window.location.host}/auth/realms/lamassu") - Authority for the frontend.
        • awsCognito - Configuration for the AWS Cognito.
          • enabled (boolean: false) - Enable AWS Cognito.
          • hostedUiDomain (string: "") - The hosted UI domain for AWS Cognito.
      • apiGateway - Configuration for the API Gateway.
        • jwksUrl (string: "https://auth:8443/auth/realms/lamassu/protocol/openid-connect/certs") - The JWKS URL for the API Gateway.
    • authorization - Configuration for the authorization.
      • rolesClaim (string: "realm_access.roles") - The roles claim for the authorization.
      • roles - Configuration for the roles.
        • admin (string: "pki-admin") - The admin role.
        • operator (string: "operator") - The operator role.

  • services - Configuration for the services.

    • keycloak - Configuration for the Keycloak.
      • enabled (boolean: true) - Enable Keycloak.
      • image (string: "ghcr.io/lamassuiot/keycloak:2.1.0") - The image for Keycloak.
      • adminCreds - Configuration for the admin credentials.
        • username (string: "admin") - The username for the admin.
        • password (string: "admin") - The password for the admin.
    • ui - Configuration for the UI.
      • image (string: "ghcr.io/lamassuiot/lamassu-ui:2.5.2") - The image for the UI.
    • va - Configuration for the VA.
      • image (string: "ghcr.io/lamassuiot/lamassu-va:2.5.1") - The image for the VA.
    • ca - Configuration for the CA.
      • domain (string: "dev.lamassu.io") - The domain for the CA.
      • image (string: "ghcr.io/lamassuiot/lamassu-ca:2.5.1") - The image for the CA.
      • monitoring - Configuration for the monitoring.
        • frequency (string: "* * * * *") - Frequency for the monitoring.
      • engines - Configuration for the engines.
        • defaultEngineID (string: "golang-1") - Default engine ID.
        • golang (array: []) - Configuration for Filesystem-based engine.
    • deviceManager - Configuration for the Device Manager.
      • image (string: "ghcr.io/lamassuiot/lamassu-devmanager:2.5.1") - The image for the Device Manager.
      • minimumReenrollmentDays (number: 100) - The minimum reenrollment days.
    • dmsManager - Configuration for the DMS Manager.
      • image (string: "ghcr.io/lamassuiot/lamassu-dmsmanager:2.5.1") - The image for the DMS Manager.
    • openPolicyAgent - Configuration for the Open Policy Agent.
      • image (string: "openpolicyagent/opa:0.37.1-envoy") - The image for the Open Policy Agent.
      • remLogger - Configuration for the REM Logger.
        • image (string: "ghcr.io/lamassuiot/opa-rem-logger:2.1.0") - The image for the REM Logger.
    • alerts - Configuration for the Alerts.
      • image (string: "ghcr.io/lamassuiot/lamassu-alerts:2.5.1") - The image for the Alerts.
      • smtp_server - Configuration for the SMTP server.
        • from (string: "") - The from address.
        • insecure (boolean: false) - Enable insecure.
        • enable_ssl (boolean: true) - Enable SSL.
        • username (string: "") - The username.
        • password (string: "") - The password.
        • host (string: "") - The host.
        • port (number: 25) - The port.
    • awsConnector - Configuration for the AWS Connector.
      • enabled (boolean: false) - Enable the AWS Connector.
      • image (string: "ghcr.io/lamassuiot/lamassu-aws-connector:2.5.1") - The image for the AWS Connector.
      • connectorID (string: "aws.XXXXXXXXX") - The connector ID.
      • credentials - Configuration for the credentials.