# Self-Hosted Pipekit Helm Chart ## Installation 1. Create a local `myvalues.yaml` file that contains the default values. ```bash helm repo add pipekit https://helm.pipekit.io helm show values pipekit/pipekit > myvalues.yaml ``` 2. Set up the required dependencies. Information on these can be provided over your Slack support channel, or by email at . 3. Set a valid Pipekit license key in the `myvalues.yaml` file. 4. Ensure you have access to the privately-hosted images used by this chart through an appropriate imagePullSecret, or you have modified the `myvalues.yaml` file to use the your own copies of the images. 5. Modify `myvalues.yaml` to set the values for your specific installation. 6. Apply the Pipekit services to your Kubernetes cluster ```bash kubectl create ns pipekit helm upgrade -i -n pipekit \ -f myvalues.yaml \ pipekit pipekit/pipekit ``` ## Pipekit Helm Chart Values There are other optional, configurable options within the Helm Chart. These are listed below. | Key | Type | Default | Description | | --------------------------------------------- | ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | eventsHandler.hpa.enabled | bool | `false` | Enable or disable the Horizontal Pod Autoscaler for this service | | eventsHandler.hpa.maxReplicas | int | `10` | Set the maximum number of replicas for the Horizontal Pod Autoscaler | | eventsHandler.hpa.minReplicas | int | `1` | Set the minimum number of replicas for the Horizontal Pod Autoscaler | | eventsHandler.imageName | string | `"events-handler"` | Optionally override the default image name for this service | | eventsHandler.imageTag | string | `nil` | Optionally override the default image tag for this service | | eventsHandler.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/api/events-handler/metrics/_health","port":8080},"initialDelaySeconds":70,"periodSeconds":5}` | Configure the liveness probe for this service | | eventsHandler.pdb.enabled | bool | `true` | Enable or disable the Pod Disruption Budget for this service | | eventsHandler.pdb.minAvailable | string | `"50%"` | Set the minimum number of pods available during a disruption | | eventsHandler.pdb.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | Set unhealthyPodEvictionPolicy on the PDB. Options: `IfHealthyBudget` or `AlwaysAllow` | | eventsHandler.readinessProbe | object | `{"httpGet":{"path":"/api/events-handler/metrics/_health","port":8080},"periodSeconds":5}` | Configure the readiness probe for this service | | eventsHandler.resources.requests | object | `{"cpu":"20m","memory":"35Mi"}` | Set the resource requests for this service | | gatewayAPI.enabled | bool | `false` | Enable or disable the Gateway API resources for Pipekit. | | gatewayAPI.httpRoute | object | `{"annotations":{},"hostnames":[],"labels":{},"parentRefs":[],"rules":[{"backendRefs":[{"name":"id","port":8080}],"matches":[{"path":{"type":"PathPrefix","value":"/api/id"}}]},{"backendRefs":[{"name":"events-handler","port":8080}],"matches":[{"path":{"type":"PathPrefix","value":"/api/events-handler"}}]},{"backendRefs":[{"name":"messenger","port":8080}],"matches":[{"path":{"type":"PathPrefix","value":"/api/messenger"}}]},{"backendRefs":[{"name":"ui","port":80}],"matches":[{"path":{"type":"PathPrefix","value":"/"}}]},{"backendRefs":[{"name":"users","port":8080}],"matches":[{"path":{"type":"PathPrefix","value":"/api/users"}}]}]}` | Define the HTTP route for Pipekit services | | gatewayAPI.httpRoute.annotations | object | `{}` | Additional HTTPRoute annotations | | gatewayAPI.httpRoute.hostnames | list | `[]` | List of hostnames for the HTTPRoute | | gatewayAPI.httpRoute.labels | object | `{}` | Additional HTTPRoute labels | | gatewayAPI.httpRoute.parentRefs | list | `[]` | Gateway API parentRefs for the HTTPRoute # Must reference an existing Gateway | | gatewayAPI.httpRoute.rules | list | `[{"backendRefs":[{"name":"id","port":8080}],"matches":[{"path":{"type":"PathPrefix","value":"/api/id"}}]},{"backendRefs":[{"name":"events-handler","port":8080}],"matches":[{"path":{"type":"PathPrefix","value":"/api/events-handler"}}]},{"backendRefs":[{"name":"messenger","port":8080}],"matches":[{"path":{"type":"PathPrefix","value":"/api/messenger"}}]},{"backendRefs":[{"name":"ui","port":80}],"matches":[{"path":{"type":"PathPrefix","value":"/"}}]},{"backendRefs":[{"name":"users","port":8080}],"matches":[{"path":{"type":"PathPrefix","value":"/api/users"}}]}]` | HTTPRoute rules configuration | | gatewayAPI.ssoHttpRoute.enabled | bool | `false` | Enable or disable the public Gateway API resources for Pipekit. HTTP Route to publicly expose routes of the Users service for SCIM integration with SSO providers (Okta, Entra) Required if login.oktaSSO.enabled or login.entraSSO.enabled is true | | gatewayAPI.ssoHttpRoute.httpRoute | object | `{"annotations":{},"hostnames":[],"labels":{},"parentRefs":[],"rules":[{"backendRefs":[{"name":"users","port":8080}],"matches":[{"path":{"type":"RegularExpression","value":"^/api/users/v1/organizations/.+/scim/Groups(/.*)?$"}}]},{"backendRefs":[{"name":"users","port":8080}],"matches":[{"path":{"type":"RegularExpression","value":"^/api/users/v1/organizations/.+/scim/Users(/.*)?$"}}]}]}` | Define the public HTTP route for Pipekit SSO services | | gatewayAPI.ssoHttpRoute.httpRoute.annotations | object | `{}` | Additional HTTPRoute annotations | | gatewayAPI.ssoHttpRoute.httpRoute.hostnames | list | `[]` | List of hostnames for the HTTPRoute | | gatewayAPI.ssoHttpRoute.httpRoute.labels | object | `{}` | Additional HTTPRoute labels | | gatewayAPI.ssoHttpRoute.httpRoute.parentRefs | list | `[]` | Gateway API parentRefs for the HTTPRoute # Must reference an existing Gateway | | gatewayAPI.ssoHttpRoute.httpRoute.rules | list | `[{"backendRefs":[{"name":"users","port":8080}],"matches":[{"path":{"type":"RegularExpression","value":"^/api/users/v1/organizations/.+/scim/Groups(/.*)?$"}}]},{"backendRefs":[{"name":"users","port":8080}],"matches":[{"path":{"type":"RegularExpression","value":"^/api/users/v1/organizations/.+/scim/Users(/.*)?$"}}]}]` | HTTPRoute rules configuration | | gitProviders.bitbucket.enabled | bool | `false` | Enable or disable the BitBucket Data Center integration | | gitProviders.bitbucket.webhookSecret | string | `"secret"` | bitbucket webhook secret | | gitProviders.github.appID | string | `nil` | Github application ID | | gitProviders.github.appName | string | `nil` | The name of your github app | | gitProviders.github.clientID | string | `nil` | Github OAuth client ID | | gitProviders.github.clientSecret | string | `nil` | Github OAuth client secret | | gitProviders.github.enabled | bool | `false` | Enable or disable the Github integration | | gitProviders.github.privateKey | string | `nil` | Github private key | | gitProviders.github.webhookSecret | string | `nil` | Github webhook secret (optional) | | gitProviders.gitlab.enabled | bool | `false` | Enable or disable the Gitlab integration | | gitProviders.gitlab.webhookSecret | string | `nil` | gitlab webhook secret | | global.adminPassword | string | A random password will be generated if not provided | Pipekit Admin password. This password is used internally by Pipekit services to authenticate with each other. | | global.breakGlassPassword | string | A random password will be generated if not provided | Pipekit Break Glass password. This password is used to access Pipekit in the event that SSO is unavailable. | | global.developmentMode | bool | `false` | Install non-production versions of postgres, redis and loki in-cluster. Useful for local development and evaluation Do not enable for production use | | global.developmentModeImages.lokiImage | string | `"grafana/loki:3.6.7"` | Image to use for the development mode Loki instance | | global.developmentModeImages.postgresImage | string | `"postgres:18.3"` | Image to use for the development mode Postgres instance | | global.developmentModeImages.redisImage | string | `"ghcr.io/valkey-io/valkey:9.0.3-alpine"` | Image to use for the development mode Redis instance | | global.imagePullPolicy | string | `Always` | Globally set an imagePullPolicy. | | global.imageRepo | string | `pipekitprivate` | Globally set the container image repository. You will need your docker hub pull secret to pull from there. Place it in `global.serviceAccount.imagePullSecrets` | | global.imageTag | string | The chart appVersion | Globally set the image tag. | | global.jwtSigningToken | string | A random token will be generated if not provided | Token used to create the JWT for users signing in to the Pipekit Services | | global.licenseKey | string | `nil` | License key for Pipekit. Either enter your license key here or create a kubernetes secret containing the key. Leave blank to use global.licenseKeySecretName | | global.licenseKeySecretName | string | `nil` | The name of the Kubernetes secret that contains the license key Leave blank to use global.licenseKey The named secret should be installed in the same namespace and should contain a key pair named `LICENSE_KEY` | | global.logLevel | string | `"INFO"` | Set the log level for all Pipekit services | | global.nodeSelector | object | `{}` | Set a nodeSelector to run Pipekit's services on specific nodes | | global.rotateAdminPassword | bool | `false` | Set to true to rotate the Pipekit Admin password | | global.rotateBreakGlassPassword | bool | `false` | Set to true to rotate the Pipekit Break Glass password | | global.rotateJwtSigningToken | bool | `false` | Set to true to rotate the JWT Signing Token. | | global.rotateSsoStoreSigningKey | bool | `false` | Set to true to rotate the SSO Store Signing Key | | global.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | global.serviceAccount.imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | | global.serviceAccount.labels | object | `{}` | Labels applied to created service account | | global.serviceAccount.name | string | `"pipekit"` | Service account which is used to run the Pipekit services | | global.ssoStoreSigningKey | string | A random token will be generated if not provided | Token used to sign the SSO Sessions | | global.telemetryProtocols | string | `"prometheus"` | Which telemetry protocols to use: comma delimited selection of otel, prometheus. otel is controlled by the standardized opentelemetry environment variables prometheus enables metrics on :9090/metrics set to 'none' to disable all telemetry | | id.hpa.enabled | bool | `false` | Enable or disable the Horizontal Pod Autoscaler for this service | | id.hpa.maxReplicas | int | `10` | Set the maximum number of replicas for the Horizontal Pod Autoscaler | | id.hpa.minReplicas | int | `1` | Set the minimum number of replicas for the Horizontal Pod Autoscaler | | id.imageName | string | `"id"` | Optionally override the default image name for this service | | id.imageTag | string | `nil` | Optionally override the default image tag for this service | | id.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/api/id/metrics/_health","port":8080},"initialDelaySeconds":70,"periodSeconds":5}` | Configure the liveness probe for this service | | id.pdb.enabled | bool | `true` | Enable or disable the Pod Disruption Budget for this service | | id.pdb.minAvailable | string | `"50%"` | Set the minimum number of pods available during a disruption | | id.pdb.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | Set unhealthyPodEvictionPolicy on the PDB. Options: `IfHealthyBudget` or `AlwaysAllow` | | id.readinessProbe | object | `{"httpGet":{"path":"/api/id/metrics/_health","port":8080},"periodSeconds":5}` | Configure the readiness probe for this service | | id.resources.requests | object | `{"cpu":"20m","memory":"35Mi"}` | Set the resource requests for this service | | ingress.annotations | object | `{"nginx.ingress.kubernetes.io/client-body-buffer-size":"5m","nginx.ingress.kubernetes.io/from-to-www-redirect":"true","nginx.ingress.kubernetes.io/proxy-body-size":"5m","nginx.ingress.kubernetes.io/proxy-buffer-size":"5m","nginx.ingress.kubernetes.io/proxy-buffers-number":"32","nginx.ingress.kubernetes.io/proxy-busy-buffers-size":"5m"}` | Additional ingress annotations. Some optional nginx examples provided below | | ingress.enabled | bool | `true` | Enable or disable the main Pipekit Ingress | | ingress.host | string | `"pipekit.example.com"` | The host name to use for Pipekit | | ingress.ingressClassName | string | `"nginx"` | Defines which ingress controller will implement the resource | | ingress.labels | object | `{}` | Additional ingress labels | | ingress.ssoIngress.annotations | object | `{"nginx.ingress.kubernetes.io/client-body-buffer-size":"5m","nginx.ingress.kubernetes.io/from-to-www-redirect":"true","nginx.ingress.kubernetes.io/proxy-body-size":"5m","nginx.ingress.kubernetes.io/proxy-buffer-size":"5m","nginx.ingress.kubernetes.io/proxy-buffers-number":"32","nginx.ingress.kubernetes.io/use-regex":"true"}` | Additional ingress annotations. Some optional nginx examples provided below | | ingress.ssoIngress.enabled | bool | `false` | Enable or disable the SSO Ingress | | ingress.ssoIngress.host | string | `"pipekit.example.com"` | Must use the same host name as the main ingress at ingress.host | | ingress.ssoIngress.ingressClassName | string | `"nginx-public"` | Defines which ingress controller will implement the resource | | ingress.ssoIngress.labels | object | `{}` | Additional ingress labels | | ingress.ssoIngress.tls | list | `[]` | Ingress TLS configuration | | ingress.tls | list | `[]` | Ingress TLS configuration | | login.entraSSO.enabled | bool | `true` | Enable or disable the Entra SSO login and settings options | | login.githubSSO.clientID | string | `nil` | Client ID | | login.githubSSO.clientSecret | string | `nil` | Client secret | | login.githubSSO.enabled | bool | `false` | Enable or disable the Github SSO login option | | login.gitlabSSO.applicationID | string | `nil` | Application ID | | login.gitlabSSO.applicationSecret | string | `nil` | Application secret | | login.gitlabSSO.enabled | bool | `false` | Enable or disable the Gitlab SSO login option | | login.googleSSO.clientID | string | `nil` | Client ID | | login.googleSSO.clientSecret | string | `nil` | Client secret | | login.googleSSO.enabled | bool | `false` | Enable or disable the Google SSO login option | | login.microsoftSSO.clientID | string | `nil` | Client ID | | login.microsoftSSO.clientSecret | string | `nil` | Client secret | | login.microsoftSSO.enabled | bool | `false` | Enable or disable the Microsoft SSO login option | | login.oktaSSO.enabled | bool | `true` | Enable or disable the Okta SSO login and settings options | | login.userPass.enabled | bool | `true` | Enable or disable the username/password login option | | loki.gatewayAddress | string | `nil` | Optional. The address of a Loki gateway to use for both reading and writing logs. Valid prefixes are http\:// and https\:// | | loki.gatewayPort | integer | `3100` | The port of the loki gateway address | | loki.readAddress | string | `"http://loki-query-frontend.loki.svc.cluster.local"` | Used by the users service to read logs from Loki. If empty, loki.gatewayAddress is used. Valid prefixes are http\:// and https\:// | | loki.readPort | integer | `3100` | The port of the loki read address | | loki.writeAddress | string | `"http://loki-distributor.loki.svc.cluster.local"` | Used by the messenger service to send logs to Loki. If empty, loki.gatewayAddress is used. Valid prefixes are http\:// and https\:// | | loki.writePort | integer | `3100` | The port of the loki write address | | messenger.fluentbit.imageName | string | `"fluent-bit"` | Set the default image name for the fluentbit container | | messenger.fluentbit.imageRepo | string | `"fluent"` | Set the image repo for the fluentbit container | | messenger.fluentbit.imageTag | string | `"4.2.3"` | Set the default image tag for the fluentbit container | | messenger.fluentbit.resources | object | `{"requests":{"cpu":"100m","memory":"1.5Gi"}}` | Set the resource requests/limits for the fluentbit container | | messenger.fluentbit.resources.requests | object | `{"cpu":"100m","memory":"1.5Gi"}` | Set the resource requests for the fluentbit container | | messenger.hpa.enabled | bool | `false` | Enable or disable the Horizontal Pod Autoscaler for this service | | messenger.hpa.maxReplicas | int | `10` | Set the maximum number of replicas for the Horizontal Pod Autoscaler | | messenger.hpa.minReplicas | int | `1` | Set the minimum number of replicas for the Horizontal Pod Autoscaler | | messenger.imageName | string | `"messenger"` | Optionally override the default image name for this service | | messenger.imageTag | string | `nil` | Optionally override the default image tag for this service | | messenger.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/api/messenger/metrics/_health","port":8080},"initialDelaySeconds":70,"periodSeconds":5}` | Configure the liveness probe for this service | | messenger.logRotate.resources.requests | object | `{"cpu":"50m","memory":"32Mi"}` | Set the resource requests for the logrotate container | | messenger.pdb.enabled | bool | `true` | Enable or disable the Pod Disruption Budget for this service | | messenger.pdb.minAvailable | string | `"50%"` | Set the minimum number of pods available during a disruption | | messenger.pdb.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | Set unhealthyPodEvictionPolicy on the PDB. Options: `IfHealthyBudget` or `AlwaysAllow` | | messenger.readinessProbe | object | `{"httpGet":{"path":"/api/messenger/metrics/_health","port":8080},"periodSeconds":5}` | Configure the readiness probe for this service | | messenger.resources.requests | object | `{"cpu":"200m","memory":"64Mi"}` | Set the resource requests for the messenger service container | | pipekitInit.imageName | string | `"pipekit-init"` | Optionally override the default image name for this service | | pipekitInit.imageTag | string | `nil` | Optionally override the default image tag for this service | | postgresql.host | string | `"example.com"` | Database host URL | | postgresql.maxConnectionLifetime | int | `5` | Max connection lifetime in minutes | | postgresql.maxIdleConnections | int | `15` | Max idle connections | | postgresql.maxOpenConnections | int | `25` | Max open connections | | postgresql.maxRetries | int | `10` | Number of database connection retries | | postgresql.password | string | `"pipekit"` | Database password | | postgresql.port | int | `5432` | Database port | | postgresql.sslMode | string | `"disable"` | Enable or disable SSL mode | | postgresql.username | string | `"pipekit"` | Database username | | redis.connectionPoolSize | string | `nil` | connection pool size | | redis.host | string | `"redis.redis.svc.cluster.local"` | Redis host URL | | redis.masterName | string | `nil` | masterName of redis, only used when sentinelMode is true | | redis.password | string | `nil` | Optional Redis connection password | | redis.port | int | `6379` | Redis port | | redis.sentinelAddrs | string | `nil` | addresses of the form ":" separated by a ',' character of all the sentinel addresses | | redis.sentinelMode | bool | `false` | sentinelMode talks to redis-sentinel to get the master address, used for high availability. | | redis.tls.caCert | string | `nil` | CA certificate content for TLS connection to Redis. Only used if existingTLSSecret is not set. | | redis.tls.clientCert | string | `nil` | Optional client certificate content for TLS connection to Redis. Only used if existingTLSSecret is not set. | | redis.tls.clientKey | string | `nil` | Optional client key content for TLS connection to Redis. Only used if existingTLSSecret is not set. | | redis.tls.existingTLSSecret | string | `nil` | Name of existing secret containing Redis TLS certificates. The secret must contain the keys ca.crt, tls.crt, and tls.key. # Leave empty to use the certificate values provided below. | | redis.tls.serverName | string | `nil` | Optional Redis TLS server name. Used if redis.host is a CNAME to the redis endpoint defined in the CA Cert. | | redis.tls.tlsEnabled | bool | `false` | enable tls for redis connection | | redis.username | string | `nil` | Optional Redis connection username | | ui.hpa.enabled | bool | `false` | Enable or disable the Horizontal Pod Autoscaler for this service | | ui.hpa.maxReplicas | int | `10` | Set the maximum number of replicas for the Horizontal Pod Autoscaler | | ui.hpa.minReplicas | int | `1` | Set the minimum number of replicas for the Horizontal Pod Autoscaler | | ui.imageName | string | `"ui"` | Optionally override the default image name for this service | | ui.imageTag | string | `nil` | Optionally override the default image tag for this service | | ui.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/metrics/_health","port":3000},"initialDelaySeconds":70,"periodSeconds":5}` | Configure the liveness probe for this service | | ui.pdb.enabled | bool | `true` | Enable or disable the Pod Disruption Budget for this service | | ui.pdb.minAvailable | string | `"50%"` | Set the minimum number of pods available during a disruption | | ui.pdb.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | Set unhealthyPodEvictionPolicy on the PDB. Options: `IfHealthyBudget` or `AlwaysAllow` | | ui.readinessProbe | object | `{"httpGet":{"path":"/metrics/_health","port":3000},"periodSeconds":5}` | Configure the readiness probe for this service | | ui.resources.requests | object | `{"cpu":3,"memory":"250Mi"}` | Set the resource requests for this service | | users.hpa.enabled | bool | `false` | Enable or disable the Horizontal Pod Autoscaler for this service | | users.hpa.maxReplicas | int | `10` | Set the maximum number of replicas for the Horizontal Pod Autoscaler | | users.hpa.minReplicas | int | `1` | Set the minimum number of replicas for the Horizontal Pod Autoscaler | | users.imageName | string | `"users"` | Optionally override the default image name for this service | | users.imageTag | string | `nil` | Optionally override the default image tag for this service | | users.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/api/users/metrics/_health","port":8080},"initialDelaySeconds":70,"periodSeconds":5}` | Configure the liveness probe for this service | | users.pdb.enabled | bool | `true` | Enable or disable the Pod Disruption Budget for this service | | users.pdb.minAvailable | string | `"50%"` | Set the minimum number of pods available during a disruption | | users.pdb.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | Set unhealthyPodEvictionPolicy on the PDB. Options: `IfHealthyBudget` or `AlwaysAllow` | | users.readinessProbe | object | `{"httpGet":{"path":"/api/users/metrics/_health","port":8080},"periodSeconds":5}` | Configure the readiness probe for this service | | users.resources.requests | object | `{"cpu":"200m","memory":"64Mi"}` | Set the resource requests for this service | ## Redis TLS Configuration To enable TLS for Redis connections, set `redis.tls.tlsEnabled` to `true` and provide TLS certificates using one of the following methods: ### Option 1: Use an existing secret 1. Create a Kubernetes secret containing your Redis certificates: ```bash kubectl create secret generic redis-tls --from-file=ca.crt=/path/to/ca.crt --from-file=tls.crt=/path/to/tls.crt --from-file=tls.key=/path/to/tls.key ``` 2. Reference the secret in your values file: ```yaml redis: tls: tlsEnabled: true existingTLSSecret: redis-tls ``` ### Option 2: Provide certificate content directly You can provide the certificate content directly in your values file: ```yaml redis: tls: tlsEnabled: true caCert: | -----BEGIN CERTIFICATE----- MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT ... -----END CERTIFICATE----- cert: | -----BEGIN CERTIFICATE----- MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT ... -----END CERTIFICATE----- key: | -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA7EJtpBPcZP6kX/r+IkYWjJlmcXPme9oEBkXLhY1rSlwjEHQZ ... -----END RSA PRIVATE KEY----- ``` ## Upgrading Pipekit ### Checking the latest version Pipekit is automatically published to [Artifact Hub](https://artifacthub.io/packages/helm/pipekit-helm/pipekit). You can use this service to configure automatic notifications of new versions, either via an RSS feed or a webhook. Alternatively, you can search the Helm repo for the latest version of Pipekit using the following command: ```bash # Add the repo if you don't already have it. helm repo add pipekit https://helm.pipekit.io helm repo update helm search repo pipekit/pipekit --versions ``` For further information on the `helm search repo` command, please refer to the [official Helm documentation](https://helm.sh/docs/helm/helm_search_repo/). ### Changes to the default values.yaml Prior to upgrading, you should ensure that you understand any changes to the default values.yaml and the impact those changes may have on your installation. This page is always updated with the latest available Helm chart values for Pipekit. If you wish to upgrade to an older version of the Pipekit Helm chart, you can extract the default values for that version using the following command: ```bash helm show values pipekit/pipekit --version [version] ``` The Pipekit values file is commented so you can see what each value does. You can extract your existing values from your current installation using the following command: ```bash helm get values pipekit -n pipekit ``` For further information the helm commands used above, please refer to the [official Helm documentation](https://helm.sh/docs/helm/). ### Upgrading Pipekit To upgrade Pipekit, you can use the following command: ```bash helm upgrade -i -n pipekit \ -f myvalues.yaml \ pipekit pipekit/pipekit ``` For more information on using Helm to perform upgrades, please check [the official Helm documentation](https://helm.sh/docs/helm/helm_upgrade/). ### Automating the upgrades using Gitops If you use a Gitops tool such as Argo CD, you can commit your changes to your git repository and the tool will handle the Helm upgrade for you. If you wish to automate the upgrade process, we recommend a third party tool called [Renovate Bot](https://docs.renovatebot.com/) that can be configured to automatically raise pull requests for you when a new version of Pipekit is released. ### Upgrade Support If you have an issue upgrading Pipekit that isn't addressed here, please contact us over Slack, or by email at .