Try with Helm
This page describes how to deploy Casdoor on Kubernetes using Helm.
前提条件
- A running Kubernetes cluster (1.19+)
- Helm v3.8+
Installation
Step 1: Install the Casdoor chart
Install the Casdoor Helm chart:
helm install casdoor oci://registry-1.docker.io/casbin/casdoor-helm-charts --version <version>
To install with a custom values file:
helm install casdoor oci://registry-1.docker.io/casbin/casdoor-helm-charts \
--version <version> \
-f my-values.yaml
Step 2: Access Casdoor
After installation, use the service URL provided by your cluster to access Casdoor.
Customization
Override values.yaml to customize the deployment. Key parameters:
| パラメーター | 説明 | デフォルト値 |
|---|---|---|
replicaCount | Casdoorアプリケーションを実行するレプリカの数。 | 1 |
image.repository | Casdoor Dockerイメージのリポジトリ。 | casbin |
image.name | Casdoor Dockerイメージの名前。 | casdoor |
image.pullPolicy | Casdoor Dockerイメージのプルポリシー。 | IfNotPresent |
image.tag | Casdoor Dockerイメージのタグ。 | "" |
config | Casdoorアプリケーショ�ンの設定。 | See values.yaml |
database.driver | Database driver to use (mysql, postgres, cockroachdb, sqlite). | sqlite |
database.user | データベースのユーザー名。 | "" |
database.password | データベースのパスワード。 | "" |
database.host | データベースのホスト。 | "" |
database.port | データベースのポート。 | "" |
database.databaseName | Casdoorが使用するデータベースの名前。 | casdoor |
database.sslMode | データベース接続のSSLモード。 | disable |
service.type | Type of Kubernetes service (ClusterIP, NodePort, LoadBalancer). | ClusterIP |
service.port | Casdoorサービスのポート番号。 | 8000 |
ingress.enabled | CasdoorのIngressを有効にするかどうか。 | false |
ingress.annotations | Ingressリソースのアノテーション。 | {} |
ingress.hosts | Ingressリソースのホスト名。 | [] |
resources | Casdoorコンテナのリソースリクエストとリミット。 | {} |
autoscaling.enabled | CasdoorのHorizontal Pod Autoscalerを有効にするかどうか。 | false |
autoscaling.minReplicas | Minimum number of replicas for HPA. | 1 |
autoscaling.maxReplicas | Maximum number of replicas for HPA. | 100 |
autoscaling.targetCPUUtilizationPercentage | Target CPU utilization percentage for HPA. | 80 |
nodeSelector | ポッド割り当てのためのノードラベル。 | {} |
tolerations | ポッド割り当てのためのトレランスラベル。 | [] |
affinity | ポッド割り当てのためのアフィニティ設定。 | {} |
extraContainersEnabled | 追加のサイドカーコンテナを有効にするかどうか。 | false |
extraContainers | 追加のサイドカーコンテナ。 | "" |
extraVolumeMounts | Casdoorコンテナの追加のボリュームマウント。 | [] |
extraVolumes | Casdoorコンテナの追加のボリューム。 | [] |
envFromSecret | Environment variables from individual Secret keys. | [] |
envFromConfigmap | Environment variables from individual ConfigMap keys. | [] |
envFrom | Environment variables from entire Secrets or ConfigMaps. | [] |
Exposing Casdoor
Option 1: Ingress (classic)
Enable and configure Ingress:
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: casdoor.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: casdoor-tls
hosts:
- casdoor.example.com
Option 2: Gateway API (modern)
The Kubernetes Gateway API is the next-generation successor to Ingress, officially GA since Kubernetes 1.31. It is supported by Istio, Envoy Gateway, Cilium, Kong, NGINX Gateway Fabric, and others.
��ヒント
Prerequisites
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
You also need a compatible Gateway controller running in your cluster.
Attach to an existing Gateway
If you already have a Gateway resource in your cluster, point the HTTPRoute at it:
gatewayApi:
enabled: true
parentRefs:
- name: my-gateway
namespace: gateway-system
sectionName: https
hostnames:
- casdoor.example.com
Create a new Gateway (e.g. with Istio)
Let the chart create a Gateway and HTTPRoute together:
gatewayApi:
enabled: true
createGateway: true
hostnames:
- casdoor.example.com
gateway:
gatewayClassName: istio
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: Same
Create a Gateway with HTTP→HTTPS redirect
Enable TLS termination and automatic HTTP-to-HTTPS redirect:
gatewayApi:
enabled: true
createGateway: true
hostnames:
- casdoor.example.com
gateway:
gatewayClassName: istio
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: Same
- name: https
protocol: HTTPS
port: 443
tls:
certificateRefs:
- name: casdoor-tls
kind: Secret
allowedRoutes:
namespaces:
from: Same
httpsRedirect:
enabled: true
Gateway API parameters
| Parameter | Description | Default |
|---|---|---|
gatewayApi.enabled | Enable HTTPRoute creation | false |
gatewayApi.createGateway | Also create a Gateway resource | false |
gatewayApi.annotations | Annotations for the HTTPRoute | {} |
gatewayApi.labels | Extra labels for the HTTPRoute | {} |
gatewayApi.parentRefs | Parent Gateway references | [] |
gatewayApi.hostnames | Hostnames to match (Host header) | [] |
gatewayApi.rules | Routing rules (matches, filters, backendRefs) | PathPrefix / |
gatewayApi.gateway.name | Gateway name (defaults to chart fullname) | "" |
gatewayApi.gateway.gatewayClassName | GatewayClass name (required when createGateway=true) | "" |
gatewayApi.gateway.listeners | Gateway listeners | HTTP:80 |
gatewayApi.httpsRedirect.enabled | Enable HTTP→HTTPS redirect HTTPRoute | false |
gatewayApi.httpsRedirect.statusCode | Redirect response code | 301 |
gatewayApi.httpsRedirect.hostnames | Hostnames for redirect route | [] |
gatewayApi.httpsRedirect.parentRefs | Override parentRefs for redirect route | [] |
Managing the deployment
Upgrade:
helm upgrade casdoor oci://registry-1.docker.io/casbin/casdoor-helm-charts --version <version>
Uninstall:
helm uninstall casdoor
For more options, see the Helm and Kubernetes documentation.