bluewave-labs · jhcpeixoto · May 27, 2026
@@ -0,0 +1,15 @@
+dependencies:
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts
+  version: 4.4.0
+- name: app-template
+  repository: https://bjw-s-labs.github.io/helm-charts
+  version: 4.4.0
+- name: mongodb
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 19.0.3
+- name: redis
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 24.1.2
+digest: sha256:a727ca956d590e2ccf9cf6b228e6bedf8fbc459129f728da0dda446c93c5605f
+generated: "2026-05-27T14:37:30.244511+01:00"
@@ -4,3 +4,22 @@ description: A Helm chart for Checkmate App
 type: application
 version: 0.1.0
 appVersion: "2.3"
+dependencies:
+  - name: app-template
+    alias: client
+    version: 4.4.0
+    repository: https://bjw-s-labs.github.io/helm-charts
+    condition: client.enabled
+  - name: app-template
+    alias: server
+    version: 4.4.0
+    repository: https://bjw-s-labs.github.io/helm-charts
+    condition: server.enabled
+  - name: mongodb
+    version: 19.0.3
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: mongodb.enabled
+  - name: redis
+    version: 24.1.2
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: redis.enabled
@@ -1,116 +1,169 @@
 # Kubernetes Installation Guide for Checkmate
 
-This guide walks you through deploying Checkmate on your Kubernetes cluster using Helm.
+This guide walks you through deploying Checkmate on Kubernetes using Helm.
 
 ## Prerequisites
 
 - A running Kubernetes cluster
 - Helm CLI installed and configured
 - `kubectl` configured to access your cluster
 
-## Steps
+## Chart layout
 
-### 1. Clone the repo and navigate to the Helm chart
+The Checkmate chart is an umbrella chart:
+
+- `client` and `server` use the `bjw-s-labs/app-template` chart.
+- `mongodb` uses the Bitnami MongoDB chart.
+- `redis` uses the Bitnami Redis chart and is disabled by default.
+- The parent chart renders shared preflight checks and the `checkmate-secrets` Secret.
+
+This keeps the chart customizable without copying Kubernetes primitives into local templates.
+
+## Install
 
 ```bash
 git clone https://github.com/bluewave-labs/checkmate.git
 cd checkmate/charts/helm/checkmate
+helm dependency update
+helm install checkmate . -f values.yaml
 ```
 
-### 2. Customize values.yaml
-Edit `values.yaml` to update:
-- `client.ingress.host` and `server.ingress.host` with your domain names
-- `server.protocol` (usually http or https)
-- **If upgrading**: Migrate persistence settings from flat structure to nested:
-  - Old: `persistence.mongodbSize` → New: `persistence.mongo.size`
-  - Old: `persistence.redisSize` → New: `persistence.redis.size`
-  - Add: `persistence.mongo.storageClass` and `persistence.redis.storageClass` (leave empty for default)
-- Secrets under the `secrets` section (`JWT_SECRET`, email credentials, API keys, etc.) — replace all change_me values
-- **For TLS/HTTPS**: Configure ingress TLS settings (see section below)
-
-### 3. Deploy the Helm chart
-```bash
-helm install checkmate ./charts/helm/checkmate
-```
-This will deploy the client, server, MongoDB, and Redis components.
+Before installing, replace every `change_me` value in `values.yaml`.
 
-### 4. Verify the deployment
-Check pods and services:
-```bash
-kubectl get pods
-kubectl get svc
-```
+At minimum, set:
 
-Once all pods are `Running` and `Ready`, you can access Checkmate via the configured ingress hosts.
+- `client.ingress.main.hosts[0].host`
+- `server.ingress.main.hosts[0].host`
+- `client.controllers.main.containers.main.env.UPTIME_APP_API_BASE_URL`
+- `client.controllers.main.containers.main.env.UPTIME_APP_CLIENT_HOST`
+- `server.controllers.main.containers.main.env.CLIENT_HOST`
+- `secrets.JWT_SECRET`
 
-## Enabling TLS/HTTPS with cert-manager
+## External MongoDB or Redis
 
-If you have [cert-manager](https://cert-manager.io/) installed in your cluster, you can enable automatic TLS certificate provisioning using Let's Encrypt or other certificate issuers.
+Disable bundled dependencies when you provide your own services:
+
+```yaml
+mongodb:
+  enabled: false
 
-### Prerequisites
-- cert-manager installed in your cluster
-- A ClusterIssuer or Issuer configured (e.g., `letsencrypt-prod`)
+redis:
+  enabled: false
 
-### Configuration
+secrets:
+  DB_CONNECTION_STRING: "mongodb://external-mongodb:27017/uptime_db"
+  REDIS_HOST: "external-redis"
+  REDIS_PORT: "6379"
+```
 
-Edit `values.yaml` to enable TLS (and update protocols to https):
+When bundled MongoDB is enabled, the default `DB_CONNECTION_STRING` uses the Helm release name:
 
 ```yaml
-client:
-  protocol: https
-  ingress:
-    enabled: true
-    host: checkmate.example.com
-    className: nginx
-    annotations:
-      cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    tls:
-      enabled: true
-      secretName: checkmate-client-tls
+secrets:
+  DB_CONNECTION_STRING: "mongodb://{{ .Release.Name }}-mongodb:27017/uptime_db"
+```
 
-server:
-  protocol: https
-  ingress:
-    enabled: true
-    host: checkmate.example.com
-    className: nginx
-    annotations:
-      cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    tls:
-      enabled: true
-      secretName: checkmate-server-tls
+When bundled Redis is enabled, use the Bitnami Redis service name:
+
+```yaml
+redis:
+  enabled: true
+
+secrets:
+  REDIS_HOST: "{{ .Release.Name }}-redis-master"
+  REDIS_PORT: "6379"
 ```
 
-### Alternative: Using --set flags
+## Persistence
 
-You can also enable TLS during installation using Helm's `--set` flags:
+MongoDB persistence is controlled through the Bitnami MongoDB chart values:
 
-```bash
-helm install checkmate ./charts/helm/checkmate \
-  --set client.protocol=https \
-  --set server.protocol=https \
-  --set client.ingress.annotations."cert-manager\.io/cluster-issuer"="letsencrypt-prod" \
-  --set client.ingress.tls.enabled=true \
-  --set client.ingress.tls.secretName=checkmate-client-tls \
-  --set server.ingress.annotations."cert-manager\.io/cluster-issuer"="letsencrypt-prod" \
-  --set server.ingress.tls.enabled=true \
-  --set server.ingress.tls.secretName=checkmate-server-tls
+```yaml
+mongodb:
+  persistence:
+    enabled: true
+    size: 5Gi
+    storageClass: ""
 ```
 
-### Verification
+Redis persistence is controlled through the Bitnami Redis chart values:
 
-After deployment, cert-manager will automatically create the TLS secrets. You can verify the certificate status:
+```yaml
+redis:
+  master:
+    persistence:
+      enabled: true
+      size: 1Gi
+      storageClass: ""
+```
 
-```bash
-# Check certificates
-kubectl get certificates
+Set `storageClass` to an empty string to use the cluster default.
 
-# Check certificate details
-kubectl describe certificate checkmate-client-tls
-kubectl describe certificate checkmate-server-tls
+## TLS/HTTPS
 
-# Verify the secrets were created
-kubectl get secrets | grep checkmate-tls
+Ingress settings now follow the app-template value shape. A cert-manager example:
+
+```yaml
+client:
+  global:
+    nameOverride: client
+  controllers:
+    main:
+      containers:
+        main:
+          env:
+            UPTIME_APP_API_BASE_URL: "https://api.checkmate.example.com/api/v1"
+            UPTIME_APP_CLIENT_HOST: "https://checkmate.example.com"
+  ingress:
+    main:
+      className: nginx
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      hosts:
+        - host: checkmate.example.com
+          paths:
+            - path: /
+              pathType: Prefix
+              service:
+                identifier: main
+                port: http
+      tls:
+        - secretName: checkmate-client-tls
+          hosts:
+            - checkmate.example.com
+
+server:
+  global:
+    nameOverride: server
+  controllers:
+    main:
+      containers:
+        main:
+          env:
+            CLIENT_HOST: "https://checkmate.example.com"
+  ingress:
+    main:
+      className: nginx
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      hosts:
+        - host: api.checkmate.example.com
+          paths:
+            - path: /api/v1
+              pathType: Prefix
+              service:
+                identifier: main
+                port: http
+      tls:
+        - secretName: checkmate-server-tls
+          hosts:
+            - api.checkmate.example.com
 ```
 
-The ingress will automatically use these secrets to enable HTTPS access to your Checkmate instance.
+After deployment, verify:
+
+```bash
+kubectl get pods
+kubectl get svc
+kubectl get ingress
+```