Helm Charts¶
MazeVault Helm Chart Configuration Reference
Document Version: 1.0.0
Last Updated: 2026-02-10
License Tier: Enterprise+
1. Overview¶
MazeVault is distributed as a Helm chart for Kubernetes deployment. The chart deploys all MazeVault components with configurable parameters.
helm repo add mazevault https://charts.mazevault.com
helm repo update
helm install mazevault mazevault/mazevault -n mazevault -f values.yaml
2. Values Reference¶
Global Settings¶
global:
# MazeVault container image settings
image:
registry: "mazevaultacr.azurecr.io" # Container registry
pullPolicy: IfNotPresent
pullSecrets: [] # Image pull secrets
# Domain and TLS
domain: "vault.example.com"
tls:
enabled: true
secretName: "mazevault-tls" # K8s TLS secret name
# License
license:
secretName: "mazevault-license" # K8s secret with license key
key: "key" # Key within the secret
Backend (API Server)¶
backend:
replicas: 1 # Must be 1 (license enforcement)
image:
repository: "mazevault-backend"
tag: "1.8.0"
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "2000m"
memory: "4Gi"
# Environment configuration
env:
APP_ENV: "production"
LOG_LEVEL: "info"
LOG_FORMAT: "json"
# Database connection
database:
secretName: "mazevault-db-credentials"
# Redis connection
redis:
secretName: "mazevault-redis-credentials"
# Health probes
livenessProbe:
httpGet:
path: /api/v1/health
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /api/v1/health
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
Frontend (Web Interface)¶
frontend:
replicas: 2
image:
repository: "mazevault-frontend"
tag: "1.8.0"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
targetCPUUtilizationPercentage: 70
OCSP Responder¶
ocsp:
enabled: true
replicas: 1
image:
repository: "mazevault-ocsp"
tag: "1.8.0"
resources:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "1000m"
memory: "1Gi"
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 70
Ingress¶
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
hosts:
- host: vault.example.com
paths:
- path: /api
pathType: Prefix
service: backend
- path: /ocsp
pathType: Prefix
service: ocsp
- path: /
pathType: Prefix
service: frontend
tls:
- secretName: mazevault-tls
hosts:
- vault.example.com
Monitoring¶
monitoring:
serviceMonitor:
enabled: true # Requires Prometheus Operator
interval: 30s
labels:
release: prometheus
prometheusRules:
enabled: true
rules:
- alert: MazeVaultBackendDown
expr: up{job="mazevault-backend"} == 0
for: 5m
labels:
severity: critical
- alert: MazeVaultHighErrorRate
expr: rate(http_requests_total{status=~"5.."}[5m]) > 0.1
for: 10m
labels:
severity: warning
3. Environment-Specific Examples¶
Production¶
# values-production.yaml
global:
domain: "vault.company.com"
tls:
enabled: true
backend:
replicas: 1
resources:
requests:
cpu: "1000m"
memory: "2Gi"
limits:
cpu: "4000m"
memory: "8Gi"
env:
LOG_LEVEL: "warn"
frontend:
replicas: 3
autoscaling:
enabled: true
minReplicas: 3
monitoring:
serviceMonitor:
enabled: true
Staging¶
# values-staging.yaml
global:
domain: "vault-staging.company.com"
backend:
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "2000m"
memory: "4Gi"
frontend:
replicas: 1
autoscaling:
enabled: false
4. Upgrade Procedure¶
# Update Helm repository
helm repo update
# Review changes
helm diff upgrade mazevault mazevault/mazevault \
-n mazevault -f values-production.yaml
# Perform upgrade
helm upgrade mazevault mazevault/mazevault \
-n mazevault -f values-production.yaml \
--wait --timeout 10m
# Verify
kubectl get pods -n mazevault
kubectl exec -n mazevault deploy/mazevault-backend -- \
wget -qO- http://localhost:8080/api/v1/health
Related¶
- Azure AKS Deployment — AKS cluster setup
- System Requirements — Resource sizing
- Monitoring — Monitoring configuration