Skip to content

Update helm setup docs #2040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 23, 2025
Merged

Update helm setup docs #2040

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
286 changes: 264 additions & 22 deletions docs/ce/self-host/deploy-helm.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,37 +1,279 @@
---
title: 'Digger Helm Chart'
title: "Kubernetes via Helm"
description: "Learn how to use Helm chart to install Digger on your Kubernetes cluster."
---

## Installation steps
**Prerequisites**
- You have extensive understanding of [Kubernetes](https://kubernetes.io/)
- Installed [Helm package manager](https://helm.sh/) version v3.11.3 or greater
- You have [kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/) installed and connected to your kubernetes cluster
- A domain name for ingress configuration
- A GitHub organization where you'll install the GitHub App

<Steps>
<Step title="Install Digger Helm chart">
Install the `digger-backend` helm chart from GitHub Container Registry:

```bash
helm install digger-backend oci://ghcr.io/diggerhq/helm-charts/digger-backend \
--namespace digger \
--create-namespace \
--values values.yaml
```
</Step>

1. Install the `digger-backend` helm chart from https://diggerhq.github.io/helm-charts/, leaving empty all the data related to the GitHub App
2. Go to `your_digger_hostname/github/setup` to install and configure the GitHub App
3. Configure in the helm values or in the external secret all the data related to the new GitHub app and upgrade the helm installation to reload the Digger application with the new configuration
<Step title="Create Helm values">
Create a `values.yaml` file. This will be used to configure settings for the Digger Helm chart.
To explore all configurable properties, check the [values.yaml](https://github.com/diggerhq/digger/blob/develop/helm-charts/digger-backend/values.yaml) file in the repository.
</Step>

## Configuration Details
<Step title="Select Digger version">
By default, the Digger version set in your helm chart will likely be outdated.
Choose the latest Digger docker image tag from the [releases page](https://github.com/diggerhq/digger/releases).

```yaml values.yaml
digger:
image:
repository: registry.digger.dev/diggerhq/digger_backend
tag: "v0.6.106" # Select tag from GitHub releases
pullPolicy: IfNotPresent
```

<Warning>
Do not use the latest docker image tag in production deployments as they can introduce unexpected changes
</Warning>
</Step>

To configure the Digger backend deployment with the Helm chart, you'll need to set several values in the `values.yaml` file. Below are the key configurations to consider:
<Step title="Configure required secrets">
Configure the required secrets for Digger. Note that GitHub App credentials will be filled after the initial setup.

```yaml values.yaml
digger:
secret:
httpBasicAuthUsername: "admin"
httpBasicAuthPassword: "<strong-password>"
bearerAuthToken: "<strong-token>"
hostname: "digger.example.com"

# GitHub App credentials (filled after setup)
githubOrg: ""
githubAppID: "" # Note: uppercase ID
githubAppClientID: ""
githubAppClientSecret: ""
githubAppKeyFile: "" # base64 encoded private key
githubWebhookSecret: ""
```
Comment on lines +53 to +65
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: The secret key names in the documentation (camelCase) don't match the actual Helm chart expectations (UPPER_CASE with underscores). For example, the chart expects 'GITHUB_APP_ID' but the docs show 'githubAppID'.

</Step>

- `digger.image.repository`: The Docker image repository for the Digger backend (e.g., `registry.digger.dev/diggerhq/digger_backend`).
- `digger.image.tag`: The specific version tag of the Docker image to deploy (e.g., `"v0.4.2"`).
<Step title="Configure database">
Choose your database configuration based on your environment:

<Tabs>
<Tab title="External PostgreSQL (Production)">
For production environments, use an external PostgreSQL database:

```yaml values.yaml
digger:
postgres:
user: "digger"
database: "digger"
host: "postgresql.example.com"
password: "secure-password"
sslmode: "require" # or "disable"
```
</Tab>

<Tab title="Built-in PostgreSQL (Testing Only)">
For test or proof-of-concept purposes, you can use the built-in PostgreSQL:

```yaml values.yaml
postgres:
enabled: true
secret:
postgresPassword: "<test-password>"
Comment on lines +92 to +93
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: The nested 'secret' structure under 'postgres' doesn't match the actual chart structure which expects 'postgres.secret.password' not 'postgres.secret.postgresPassword'.

```

<Warning>
Built-in PostgreSQL is only recommended for testing purposes
</Warning>
</Tab>
</Tabs>
</Step>

- `digger.service.type`: The type of Kubernetes service to create, such as `ClusterIP`, `NodePort`, or `LoadBalancer`.
- `digger.service.port`: The port number that the service will expose (e.g., `3000`).
<Step title="Configure ingress">
Configure ingress to route traffic to Digger (required for GitHub App setup):

```yaml values.yaml
digger:
ingress:
enabled: true
host: "digger.example.com" # Your domain
annotations:
# Add annotations based on your ingress controller
# Example for nginx:
# kubernetes.io/ingress.class: "nginx"
# cert-manager.io/cluster-issuer: "letsencrypt-prod"
```
</Step>

- `digger.ingress.enabled`: Set to `true` to create an Ingress for the service.
- `digger.annotations`: Add the needed annotations based on your ingress controller configuration.
- `digger.ingress.host`: The hostname to use for the Ingress resource (e.g., `digger-backend.test`).
- `digger.ingress.path`: The path for the Ingress resource (e.g., `/`).
- `digger.ingress.tls.secretName`: The name of the TLS secret to use for Ingress encryption (e.g., `digger-backend-tls`).
<Step title="Initial deployment">
Deploy Digger with the initial configuration:

```bash
helm install digger-backend oci://ghcr.io/diggerhq/helm-charts/digger-backend \
--namespace digger \
--create-namespace \
--values values.yaml
```

Wait for all pods to reach a running state:

```bash
kubectl get pods -n digger
```
</Step>

- `digger.secret.*`: Various secrets needed for the application, such as `HTTP_BASIC_AUTH_PASSWORD` and `BEARER_AUTH_TOKEN`. You can provide them directly or reference an existing Kubernetes secret by setting `useExistingSecret` to `true` and specifying `existingSecretName`.
<Step title="GitHub App setup">
Navigate to your Digger hostname to create and configure the GitHub App:

1. Go to `https://your-digger-hostname/github/setup`
2. Follow the web interface to create your GitHub App
3. Install the app in your GitHub organization
4. Collect the generated credentials:
- GitHub App ID
- Client ID
- Client Secret
- Private Key (base64 encoded)
- Webhook Secret
</Step>

- `digger.postgres.*`: If you're using an external Postgres database, configure the `user`, `database`, and `host` accordingly. Ensure you provide the `password` either directly or through an existing secret in the `secret.*` section.
<Step title="Update configuration with GitHub App credentials">
Add the GitHub App credentials to your `values.yaml` file:

```yaml values.yaml
digger:
secret:
# ... existing configuration ...
githubOrg: "your-github-org"
githubAppID: "123456"
githubAppClientID: "Iv1.abc123def456"
githubAppClientSecret: "github_app_client_secret"
githubAppKeyFile: "LS0tLS1CRUdJTi..." # base64 encoded private key
githubWebhookSecret: "webhook_secret"
```

Then upgrade the Helm release:

```bash
helm upgrade digger-backend oci://ghcr.io/diggerhq/helm-charts/digger-backend \
--namespace digger \
--values values.yaml
```
</Step>

Remember to replace placeholders and default values with your specific, sensitive information before deploying the chart. For example, it's essential to generate a strong `bearerAuthToken` and `postgresPassword` rather than using the defaults for security reasons.
<Step title="Access Digger">
After deployment, wait for 2-5 minutes for all pods to reach a running state.
You can find the IP address/hostname by executing:

```bash
kubectl get ingress -n digger
```

Access Digger at your configured hostname and verify the GitHub App is properly connected.
</Step>

You can also deploy a PostgreSQL database ONLY FOR TEST PURPOSES configuring the `postgres.*` section:
<Step title="Upgrade your instance">
To upgrade your instance of Digger, update the docker image tag in your Helm values and rerun:

```bash
helm upgrade digger-backend oci://ghcr.io/diggerhq/helm-charts/digger-backend \
--namespace digger \
--values values.yaml
```

<Tip>
Always back up your database before each upgrade, especially in a production environment.
</Tip>
</Step>
</Steps>

- `postgres.enabled`: Set to `true` if you want to deploy a postgres database
- `postgres.secret.*`: As for the digger secret, you can pass the `postgres` user password directly or through an existing secret
## Advanced Configuration

<Accordion title="Using existing secrets">
If you prefer to manage secrets separately, you can reference an existing Kubernetes secret:

```yaml values.yaml
digger:
secret:
useExistingSecret: true
existingSecretName: "digger-secrets"
```
</Accordion>

<Accordion title="Resource configuration">
Configure resource limits and requests:

```yaml values.yaml
digger:
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
```
</Accordion>

<Accordion title="Full values.yaml example">
```yaml values.yaml
digger:
image:
repository: registry.digger.dev/diggerhq/digger_backend
tag: "v0.6.106"
pullPolicy: IfNotPresent

service:
type: ClusterIP
port: 3000

ingress:
enabled: true
host: "digger.example.com"
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"

secret:
httpBasicAuthUsername: "admin"
httpBasicAuthPassword: "secure-password-123"
bearerAuthToken: "secure-bearer-token-456"
hostname: "digger.example.com"

githubOrg: "your-github-org"
githubAppID: "123456"
githubAppClientID: "Iv1.abc123def456"
githubAppClientSecret: "github_app_client_secret"
githubAppKeyFile: "LS0tLS1CRUdJTi..."
githubWebhookSecret: "webhook_secret"

postgres:
user: "digger"
database: "digger"
host: "postgresql.example.com"
password: "postgres-password"
sslmode: "require"

resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi

# For testing only - use external database in production
postgres:
enabled: false
```
</Accordion>
Loading