Skip to content
VitaSync VitaSync VitaSync

Kubernetes / Helm

import { Aside, Steps } from ‘@astrojs/starlight/components’;

VitaSync ships a production-ready Helm chart at helm/vitasync/ with:

  • HPA (Horizontal Pod Autoscaler) for API and worker
  • PDB (Pod Disruption Budget) for zero-downtime rolling updates
  • Ingress support with TLS annotations
  • pre-install/pre-upgrade migration Job that runs Drizzle migrations before pods are updated
  • Flexible secret management (inline values or existingSecret)

Prerequisites

Section titled “Prerequisites”
  • Kubernetes 1.28+
  • Helm 3.12+
  • A PostgreSQL 16 database and Redis 7 (in-cluster or managed)

Install

Section titled “Install”

  1. Create the namespace

    Terminal window
    kubectl create namespace vitasync

  2. Create a secret (recommended)

    Terminal window
    kubectl create secret generic vitasync-secrets \
      --namespace vitasync \
      --from-literal=DATABASE_URL="postgresql://user:pass@host:5432/vitasync" \
      --from-literal=REDIS_URL="redis://host:6379" \
      --from-literal=JWT_SECRET="$(openssl rand -base64 32)" \
      --from-literal=ENCRYPTION_KEY="$(openssl rand -hex 32)"

  3. Install the chart

    Terminal window
    helm install vitasync ./helm/vitasync \
      --namespace vitasync \
      --set ingress.enabled=true \
      --set ingress.api.host=api.example.com \
      --set ingress.web.host=app.example.com \
      --set secrets.existingSecret=vitasync-secrets

  4. Verify the rollout

    Terminal window
    kubectl rollout status deployment/vitasync-api -n vitasync
    kubectl rollout status deployment/vitasync-worker -n vitasync
    kubectl rollout status deployment/vitasync-web -n vitasync

Upgrade

Section titled “Upgrade”
Terminal window
helm upgrade vitasync ./helm/vitasync \
  --namespace vitasync \
  --reuse-values

The migration Job runs automatically before pods are replaced.

Key Values

Section titled “Key Values”
ValueDefaultDescription
api.replicaCount2API pod replicas
worker.replicaCount1Worker pod replicas
api.autoscaling.enabledfalseEnable HPA for API
worker.autoscaling.enabledfalseEnable HPA for worker
api.podDisruptionBudget.enabledtruePDB for API
ingress.enabledfalseEnable ingress resources
ingress.api.host""Hostname for the API ingress
ingress.web.host""Hostname for the web dashboard
secrets.existingSecret""Name of an existing Kubernetes Secret

Production Recommendations

Section titled “Production Recommendations”
  • Use External Secrets Operator or Sealed Secrets for secret management.
  • Enable HPA: api.autoscaling.enabled=true, worker.autoscaling.enabled=true.
  • Use a managed PostgreSQL (AWS RDS, GCP Cloud SQL, Supabase) and Redis (ElastiCache, Upstash) for reliability.
  • Add cert-manager annotations to the ingress for automatic TLS via Let’s Encrypt.