Deploy with Kubernetes (Helm)

Deploy InfraWatch to any Kubernetes cluster using the official Helm chart. Supports in-cluster or external PostgreSQL and Valkey.

Prerequisites

Kubernetes 1.24+ cluster
Helm 3
An AWS IAM role with the required permissions (see IAM Setup)
SMTP credentials for email delivery

Step 1 — Add the Helm repo

Terminal

helm repo add infrawatch https://infrawatch.mguptahub.com/helm
helm repo update

Step 2 — Configure values

Create a values.yaml file with your configuration:

values.yaml

# AWS credentials (server-side only)
aws:
  powerAccessKeyId: "AKIA..."
  powerSecretAccessKey: "..."
  region: us-east-1
  baseRoleArn: "arn:aws:iam::123456789012:role/PowerUserRole"

# Application
app:
  adminEmail: admin@company.com
  cookieSecure: true
  corsOrigins: https://infrawatch.example.com

# SMTP
smtp:
  host: smtp.company.com
  port: 587
  user: "..."
  password: "..."
  from: noreply@company.com

# Services (in-cluster)
services:
  postgresql:
    enabled: true
    auth:
      password: "strong-password"
  valkey:
    enabled: true
    password: "strong-password"

# Ingress
ingress:
  enabled: true
  className: nginx
  hosts:
    - host: infrawatch.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: infrawatch-tls
      hosts:
        - infrawatch.example.com

See the full values reference for all available options.

Step 3 — Install

Using the values file:

Terminal

helm install infrawatch infrawatch/infrawatch -f values.yaml

Or use --set flags directly:

Terminal

helm install infrawatch infrawatch/infrawatch \
  --set aws.powerAccessKeyId=AKIA... \
  --set aws.powerSecretAccessKey=... \
  --set aws.baseRoleArn=arn:aws:iam::123456789012:role/PowerUserRole \
  --set app.adminEmail=admin@company.com \
  --set smtp.host=smtp.company.com \
  --set smtp.from=noreply@company.com \
  --set services.postgresql.auth.password=secret \
  --set services.valkey.password=secret

Using an External Database

To use an existing PostgreSQL instance (e.g., Amazon RDS) instead of the in-cluster deployment:

values.yaml (external PostgreSQL)

services:
  postgresql:
    enabled: false

externalServices:
  postgresql:
    host: my-rds.example.com
    port: 5432
    database: awsdashboard
    username: awsdashboard
    password: "secret"

Existing Secrets

Instead of plain-text passwords, you can reference a pre-existing Kubernetes secret:
externalServices.postgresql.existingSecret: "my-pg-secret"
externalServices.postgresql.existingSecretKey: "password"

Using External Valkey / Redis

To use a managed Redis-compatible service instead of in-cluster Valkey:

values.yaml (external Valkey)

services:
  valkey:
    enabled: false

externalServices:
  valkey:
    url: "redis://:password@my-redis.example.com:6379"

Ingress Configuration

The Helm chart includes an optional Ingress resource that routes /api to the backend and everything else to the frontend.

values.yaml (ingress)

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: infrawatch.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: infrawatch-tls
      hosts:
        - infrawatch.example.com

Upgrading

Terminal

helm repo update
helm upgrade infrawatch infrawatch/infrawatch -f values.yaml

To roll back:

Terminal

helm rollback infrawatch