500m
CPU, the non-scalable one has 300m
, the images server has 1000m
. 2 Cores is recommended for the basic setup.256MiB
of memory, the non-scalable one has 64MiB
, the images server have a limit of 1GiB
of memory. 1 GB of memory is recommended for the basic setup.pg_partman
installed, the version must be >= 4.0.public
schema.pg_partman>=4.0
, at least 5GB storagekubectl
with a version matching the Kubernetes server version. For example, if the server is 1.21, then you should be using the latest version of kubectl
1.21.x.myapp.com
.It is strongly recommended that you set up an external production-ready PostgreSQL instance, instead of relying on a in-cluster PostgreSQL deployment like bitnami/postgresql.
It is strongly recommended that you set up an external production-ready Redis instance, instead of relying on a in-cluster Redis deployment like bitnami/redis.
This step is optional if you do not enable profile image.
externalTrafficPolicy
to Local
. The caveat of this approach is that if the request is routed to a node without any NGINX ingress controller running on, the request is dropped. The simplest way to ensure one NGINX ingress controller running on a node is to use DaemonSet.authgear
: Install the helm chart in this namespaceauthgear-apps
: Authgear-generated resources are in this namespace.helm create authgear-deploy
. Remove the generated boilerplate .yaml
in the templates/
directory.This step is optional if you do not enable Elasticsearch.
authgear.secrets.yaml
shared by all apps.authgear.yaml
. Save the output to resources/authgear/authgear.yaml
.authgear.secrets.yaml
. Save the output to resources/authgear/authgear.secrets.yaml
. You must remove the "db"
, "redis"
and "elasticsearch"
items from it. These items are included in the Secret you created in the previous step.authgear.mainServer.image
and authgear.portalServer.image
to a newer value.helm upgrade
. We try hard to make sure the modification to the database is backward-compatible, which means older version of Authgear can run with a higher version of database schema.authgear.appNamespace
authgear-apps
.authgear.databaseURL
authgear.databaseSchema
authgear.redisURL
authgear.logLevel
authgear.sentryDSN
authgear.ingress.enabled
authgear.ingress.class
nginx
authgear.certManager.enabled
true
authgear.certManager.issuer.dns01.name
authgear.certManager.issuer.dns01.kind
Issuer
authgear.certManager.issuer.dns01.group
cert-manager.io
authgear.certManager.issuer.http01.name
authgear.certManager.issuer.http01.kind
Issuer
authgear.certManager.issuer.http01.group
cert-manager.io
authgear.baseHost
authgearapps.com
authgear.tls.wildcard.secretName
*.baseHost
authgear.tls.portal.secretName
portal.baseHost
authgear.tls.portalAuthgear.secretName
accounts.portal.baseHost
authgear.smtp.host
authgear.ingress.enabled
to false
. You can then study the source code of this Helm chart, and create the Ingresses to suit your needs.