Try with Helm
This page describes how to deploy Casdoor on Kubernetes using Helm.
Prérequis
- A running Kubernetes cluster (1.19+)
- Helm v3.8+
Installation
Step 1: Install the Casdoor chart
Install the Casdoor Helm chart:
helm install casdoor oci://registry-1.docker.io/casbin/casdoor-helm-charts --version <version>
To install with a custom values file:
helm install casdoor oci://registry-1.docker.io/casbin/casdoor-helm-charts \
--version <version> \
-f my-values.yaml
Step 2: Access Casdoor
After installation, use the service URL provided by your cluster to access Casdoor.
Customization
Override values.yaml to customize the deployment. Key parameters:
| Paramètre | Description | Valeur par défaut |
|---|---|---|
replicaCount | Nombre de réplicas de l'application Casdoor à exécuter. | 1 |
image.repository | Répertoire pour l'image Docker de Casdoor. | casbin |
image.name | Nom de l'image Docker de Casdoor. | casdoor |
image.pullPolicy | Politique de téléchargement pour l'image Docker de Casdoor. | IfNotPresent |
image.tag | Étiquette pour l'image Docker de Casdoor. | "" |
config | Paramètres de configuration pour l'application Casdoor. | See values.yaml |
database.driver | Database driver to use (mysql, postgres, cockroachdb, sqlite). | sqlite |
database.user | Nom d'utilisateur de la base de données. | "" |
database.password | Mot de passe de la base de données. | "" |
database.host | Hôte de la base de données. | "" |
database.port | Port de la base de données. | "" |
database.databaseName | Nom de la base de données utilisée par Casdoor. | casdoor |
database.sslMode | Mode SSL pour la connexion à la base de données. | disable |
service.type | Type of Kubernetes service (ClusterIP, NodePort, LoadBalancer). | ClusterIP |
service.port | Numéro de port pour le service Casdoor. | 8000 |
ingress.enabled | Que ce soit pour activer Ingress pour Casdoor. | false |
ingress.annotations | Annotations pour la ressource Ingress. | {} |
ingress.hosts | Noms d'hôte pour la ressource Ingress. | [] |
resources | Demandes de ressources et limites pour le conteneur Casdoor. | {} |
autoscaling.enabled | Que ce soit pour activer l'Horizontal Pod Autoscaler pour Casdoor. | false |
autoscaling.minReplicas | Minimum number of replicas for HPA. | 1 |
autoscaling.maxReplicas | Maximum number of replicas for HPA. | 100 |
autoscaling.targetCPUUtilizationPercentage | Target CPU utilization percentage for HPA. | 80 |
nodeSelector | Étiquettes de nœuds pour l'assignation de pods. | {} |
tolerations | Étiquettes de tolérance pour l'assignation de pods. | [] |
affinity | Paramètres d'affinité pour l'assignation de pods. | {} |
extraContainersEnabled | Que ce soit pour activer des conteneurs sidecar supplémentaires. | false |
extraContainers | Conteneurs sidecar supplémentaires. | "" |
extraVolumeMounts | Montages de volumes supplémentaires pour le conteneur Casdoor. | [] |
extraVolumes | Volumes supplémentaires pour le conteneur Casdoor. | [] |
envFromSecret | Environment variables from individual Secret keys. | [] |
envFromConfigmap | Environment variables from individual ConfigMap keys. | [] |
envFrom | Environment variables from entire Secrets or ConfigMaps. | [] |
Exposing Casdoor
Option 1: Ingress (classic)
Enable and configure Ingress:
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: casdoor.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: casdoor-tls
hosts:
- casdoor.example.com
Option 2: Gateway API (modern)
The Kubernetes Gateway API is the next-generation successor to Ingress, officially GA since Kubernetes 1.31. It is supported by Istio, Envoy Gateway, Cilium, Kong, NGINX Gateway Fabric, and others.
conseil
Prerequisites
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
You also need a compatible Gateway controller running in your cluster.
Attach to an existing Gateway
If you already have a Gateway resource in your cluster, point the HTTPRoute at it:
gatewayApi:
enabled: true
parentRefs:
- name: my-gateway
namespace: gateway-system
sectionName: https
hostnames:
- casdoor.example.com
Create a new Gateway (e.g. with Istio)
Let the chart create a Gateway and HTTPRoute together:
gatewayApi:
enabled: true
createGateway: true
hostnames:
- casdoor.example.com
gateway:
gatewayClassName: istio
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: Same
Create a Gateway with HTTP→HTTPS redirect
Enable TLS termination and automatic HTTP-to-HTTPS redirect:
gatewayApi:
enabled: true
createGateway: true
hostnames:
- casdoor.example.com
gateway:
gatewayClassName: istio
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: Same
- name: https
protocol: HTTPS
port: 443
tls:
certificateRefs:
- name: casdoor-tls
kind: Secret
allowedRoutes:
namespaces:
from: Same
httpsRedirect:
enabled: true
Gateway API parameters
| Parameter | Description | Default |
|---|---|---|
gatewayApi.enabled | Enable HTTPRoute creation | false |
gatewayApi.createGateway | Also create a Gateway resource | false |
gatewayApi.annotations | Annotations for the HTTPRoute | {} |
gatewayApi.labels | Extra labels for the HTTPRoute | {} |
gatewayApi.parentRefs | Parent Gateway references | [] |
gatewayApi.hostnames | Hostnames to match (Host header) | [] |
gatewayApi.rules | Routing rules (matches, filters, backendRefs) | PathPrefix / |
gatewayApi.gateway.name | Gateway name (defaults to chart fullname) | "" |
gatewayApi.gateway.gatewayClassName | GatewayClass name (required when createGateway=true) | "" |
gatewayApi.gateway.listeners | Gateway listeners | HTTP:80 |
gatewayApi.httpsRedirect.enabled | Enable HTTP→HTTPS redirect HTTPRoute | false |
gatewayApi.httpsRedirect.statusCode | Redirect response code | 301 |
gatewayApi.httpsRedirect.hostnames | Hostnames for redirect route | [] |
gatewayApi.httpsRedirect.parentRefs | Override parentRefs for redirect route | [] |
Managing the deployment
Upgrade:
helm upgrade casdoor oci://registry-1.docker.io/casbin/casdoor-helm-charts --version <version>
Uninstall:
helm uninstall casdoor
For more options, see the Helm and Kubernetes documentation.