Helm charts to deploy Trento components in a Kubernetes cluster.
Helm must be installed to use the charts. Please refer to Helm’s documentation to get started.
After that, refer to each individual chart documentation to find more information:
-
trento-server: Chart to deploy a fully functional Trento server, including the Web and Wanda components, plus other auxiliary services.
cert-manager is a Kubernetes add-on that
automates the management and issuance of TLS certificates. It can be
optionally enabled in this Helm chart to provide SSL support for secure
communication. While it simplifies certificate management and renewal,
it introduces additional cluster-wide resources. For detailed setup
instructions and considerations, refer to the
docs/cert-manager/ cookbook.
mTLS authentication with RabbitMQ can be enabled through the
global.rabbitmq.auth.tls configuration section. This feature
enhances security by ensuring mutual authentication between RabbitMQ and
its clients. When mTLS is enabled, the following secrets are expected to
exist in the Kubernetes namespace:
-
rabbitmq-tls-server-
ca.crt: Root CA certificate for the RabbitMQ server -
tls.crt: Server certificate for RabbitMQ -
tls.key: Private key for the RabbitMQ server certificate
-
-
rabbitmq-tls-client-web-
ca.crt: Root CA certificate for web component -
client.crt: Client certificate for web component -
client.key: Private key for web client certificate
-
-
rabbitmq-tls-client-wanda-
ca.crt: Root CA certificate for wanda component -
client.crt: Client certificate for wanda component -
client.key: Private key for wanda client certificate
-
Please only report bugs via GitHub issues; for any other inquiry or topic use GitHub discussion.