Helm Chart
Sairo provides an official Helm chart for Kubernetes deployments. The chart bundles all necessary resources and exposes a comprehensive set of values for customization.
Chart info
Section titled “Chart info”| Field | Value |
|---|---|
| Registry | oci://registry-1.docker.io/stephenjr002/sairo-helm |
The chart version (1.0.0) is independent of the app version. Each chart release bundles the matching Docker image tag via appVersion. When you install without --version, you get the latest published chart.
Install
Section titled “Install”helm install sairo oci://registry-1.docker.io/stephenjr002/sairo-helm \ --namespace sairo \ --create-namespace \ --set s3.endpoint=https://your-s3-endpoint.com \ --set s3.accessKey=your-access-key \ --set s3.secretKey=your-secret-key \ --set auth.adminPass=choose-a-strong-password \ --set auth.jwtSecret=$(openssl rand -hex 32)To pin a specific version:
helm install sairo oci://registry-1.docker.io/stephenjr002/sairo-helm \ --version 1.0.0 \ --namespace sairo \ --create-namespace \ ...Key values
Section titled “Key values”The table below lists the most important values. For the full schema, see charts/sairo/values.yaml.
| Value | Default | Description |
|---|---|---|
replicaCount | 1 | Number of pod replicas |
image.repository | stephenjr002/sairo | Container image registry and path |
image.tag | latest | Image tag (pinned to exact version in released charts) |
image.pullPolicy | IfNotPresent | Image pull policy |
service.type | ClusterIP | Kubernetes service type |
service.port | 80 | Service port |
resources.requests.cpu | 200m | CPU request |
resources.requests.memory | 512Mi | Memory request |
resources.limits.cpu | 1 | CPU limit |
resources.limits.memory | 1Gi | Memory limit |
persistence.enabled | true | Enable persistent storage for /data |
persistence.size | 5Gi | PVC size for SQLite databases |
persistence.storageClass | "" | Storage class (empty uses cluster default) |
ingress.enabled | false | Enable ingress resource |
ingress.className | "" | Ingress class name |
ingress.host | sairo.example.com | Ingress hostname |
s3.pathStyle | false | Enable path-style S3 addressing (for MinIO, Ceph) |
ingress.tls | [] | Ingress TLS configuration |
LDAP configuration
Section titled “LDAP configuration”Enable LDAP authentication by setting values under the ldap key:
ldap: enabled: true server: "ldap://ldap.example.com" baseDn: "dc=example,dc=com" userFilter: "(sAMAccountName={username})" # use "(uid={username})" for OpenLDAP bindDn: "cn=readonly,dc=example,dc=com" bindPassword: "readonly-password" adminGroup: "cn=admins,ou=groups,dc=example,dc=com" defaultRole: "viewer"OAuth configuration
Section titled “OAuth configuration”Enable OAuth authentication with Google or GitHub:
oauth: google: clientId: "your-google-client-id" clientSecret: "your-google-client-secret" github: clientId: "your-github-client-id" clientSecret: "your-github-client-secret" defaultRole: "viewer" allowedDomains: "example.com,company.com"Branding
Section titled “Branding”Customize the UI appearance:
branding: appName: "My Storage Browser" primaryColor: "#1a73e8" appLogo: "https://example.com/logo.svg" loginMessage: "Sign in with your corporate account"Network policy
Section titled “Network policy”The chart can deploy a NetworkPolicy to restrict traffic to the Sairo pods:
networkPolicy: enabled: trueWhen enabled, inbound traffic is limited to the service port (8000) and outbound traffic is restricted to DNS (53), HTTPS (443), HTTP (80), and MinIO (9000).
Values override example
Section titled “Values override example”Create a values-production.yaml file with your overrides:
replicaCount: 1
image: repository: stephenjr002/sairo tag: "latest"
s3: endpoint: "https://s3.us-east-1.amazonaws.com" accessKey: "AKIA..." secretKey: "your-secret-key" region: "us-east-1"
auth: adminPass: "strong-random-password" jwtSecret: "long-random-hex-string" sessionHours: 12 secureCookie: true
persistence: enabled: true size: 10Gi storageClass: "gp3"
ingress: enabled: true className: "nginx" host: sairo.example.com tls: - secretName: sairo-tls hosts: - sairo.example.com
resources: requests: cpu: 500m memory: 512Mi limits: cpu: 2 memory: 2Gi
branding: appName: "Acme Storage" primaryColor: "#0f62fe"
networkPolicy: enabled: trueInstall with the override file:
helm install sairo oci://registry-1.docker.io/stephenjr002/sairo-helm \ --namespace sairo \ --create-namespace \ -f values-production.yamlUpgrading
Section titled “Upgrading”helm upgrade sairo oci://registry-1.docker.io/stephenjr002/sairo-helm \ --namespace sairo \ -f values-production.yamlUninstalling
Section titled “Uninstalling”helm uninstall sairo --namespace sairoRaw manifests
Section titled “Raw manifests”If you prefer plain Kubernetes YAML without Helm, pull the chart and use helm template to render the manifests:
helm template sairo oci://registry-1.docker.io/stephenjr002/sairo-helm \ -f values-production.yaml > sairo-manifests.yamlkubectl apply -f sairo-manifests.yaml