feat: add Helm chart for Kubernetes deployment#3
Merged
Conversation
Adds a Helm chart under helm/ for deploying gRPC Studio to Kubernetes. Supports insecure, TLS, and mTLS connections; bearer token and OAuth2 auth; standard Ingress, nginx-ingress, and Istio ingress patterns. - helm/: chart templates, application config templates, examples - .github/ct.yaml: chart-testing config pointed at helm/ - .github/workflows/helm-ci.yaml: lint + template render + kind install - .github/workflows/helm-release.yaml: release-please + GHCR OCI push, with workflow_dispatch for manual publishes and HELM_RELEASE_TOKEN fallback for orgs where GITHUB_TOKEN cannot push packages - .dockerignore: exclude helm/ from Docker build context - README.md: add Helm Chart section
…ease Adds manual publish trigger with a version input, and uses HELM_RELEASE_TOKEN (falling back to GITHUB_TOKEN) for both release-please and GHCR login to handle org package-write restrictions.
- Rename connection: -> client: to match backend config schema
- Fix auth.plugins rendering null -> {} when no plugins configured
- Fix env var CONFIG_PATH -> GRPC_STUDIO_CONFIG
- Rename insecure mode -> plaintext everywhere (actual enum value)
- Remove schema fields that don't exist: auth.defaultPlugin, logging,
cache.schema/protoset, health.interval, proxy, ui, security, features
- Remove stale frontend template fields: schema, generateCommand endpoints,
proxy section, ui/security/features blocks
- Fix frontend endpoints.schema -> endpoints.descriptorSet
…vsubst The frontend image writes nginx.conf from nginx.conf.template at startup using envsubst with BACKEND_URL. Mounting a ConfigMap over /etc/nginx/nginx.conf as read-only blocked that write and crashed the container. Remove configmap-frontend-nginx.yaml, nginx.conf.tpl, and the nginx-config volume/volumeMount from the frontend deployment. BACKEND_URL env var is already set correctly from the backend service name.
aryatavakoli
force-pushed
the
feat/helm-chart
branch
from
bea0825 to
27c93ea
Compare
Replace the placeholder httpbin image in TESTING.md with the actual PetStore gRPC server, which exercises the proto3 feature set the chart is meant to drive against. Also fix the port-forward service name typo.
The chart emitted several config keys the backend/frontend never read, and defaulted CORS to a value that crashes the backend: - Frontend auth used a non-existent 'oidc' provider; the app only supports 'entra-id'. Emit the entraId block and add cloud/redirectUri/scopes. - Wire ui.api.websocketTimeout and align endpoints (descriptorSet, health) with what the frontend parser actually reads. - Wire backend reflection cache (cache.reflection.ttlMs/maxEntries); the old app.cache.* block was in seconds and never emitted. - Backend logging is env-driven: map backend.logging.level/format to LOG_LEVEL/LOG_FORMAT instead of a dead app.logging config block. - Default backend.server.cors.origins to [] instead of ['*']. A wildcard origin with credentials is rejected at startup (CrashLoopBackOff). - Drop dead ui.* blocks (proxy/theme/forms/display/security/features) and unused app.logging/app.cache keys. - Add checksum/config pod annotation so config-only upgrades roll the pods. Docs: hand-maintained README values table covering only wired values (dropped the helm-docs automation); sharpened the CORS troubleshooting row.
yamllint (via ct lint) requires min-spaces-from-content: 2; the aligned logging comments used a single space and failed CI.
pranavpsawant
approved these changes
Jun 5, 2026
pranavpsawant
left a comment
pranavpsawant
left a comment
Contributor
There was a problem hiding this comment.
I tested the local helm install, and seems to work as expected.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
helm/for deploying gRPC Studio to Kuberneteshelm-ci.yaml) with lint, template render, and kind install test — path-filtered tohelm/**helm-release.yaml) with release-please automation and manualworkflow_dispatchtriggerNew files
helm/.github/ct.yamlhelm/.github/workflows/helm-ci.yaml.github/workflows/helm-release.yamlTest plan
helm lint ./helmpasses locallyhelm template grpc-studio ./helm -f helm/examples/basic/values.yamlrenders cleanly