Update helm setup docs

ZIJ · ZIJ · commit bf7552c1501c · 2025-07-23T16:42:05.000+01:00
diff --git a/docs/ce/self-host/deploy-helm.mdx b/docs/ce/self-host/deploy-helm.mdx
@@ -1,37 +1,279 @@
 ---
-title: 'Digger Helm Chart'
+title: "Kubernetes via Helm"
+description: "Learn how to use Helm chart to install Digger on your Kubernetes cluster."
 ---
 
-## Installation steps
+**Prerequisites**
+- You have extensive understanding of [Kubernetes](https://kubernetes.io/)
+- Installed [Helm package manager](https://helm.sh/) version v3.11.3 or greater
+- You have [kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/) installed and connected to your kubernetes cluster
+- A domain name for ingress configuration
+- A GitHub organization where you'll install the GitHub App
 
+<Steps>
+  <Step title="Install Digger Helm chart">
+    Install the `digger-backend` helm chart from GitHub Container Registry:
+    
+    ```bash
+    helm install digger-backend oci://ghcr.io/diggerhq/helm-charts/digger-backend \
+      --namespace digger \
+      --create-namespace \
+      --values values.yaml
+    ```
+  </Step>
 
-1. Install the `digger-backend` helm chart from https://diggerhq.github.io/helm-charts/, leaving empty all the data related to the GitHub App
-2. Go to `your_digger_hostname/github/setup` to install and configure the GitHub App
-3. Configure in the helm values or in the external secret all the data related to the new GitHub app and upgrade the helm installation to reload the Digger application with the new configuration
+  <Step title="Create Helm values">
+    Create a `values.yaml` file. This will be used to configure settings for the Digger Helm chart.
+    To explore all configurable properties, check the [values.yaml](https://github.com/diggerhq/digger/blob/develop/helm-charts/digger-backend/values.yaml) file in the repository.
+  </Step>
 
-## Configuration Details
+  <Step title="Select Digger version">
+    By default, the Digger version set in your helm chart will likely be outdated.
+    Choose the latest Digger docker image tag from the [releases page](https://github.com/diggerhq/digger/releases).
+    
+    ```yaml values.yaml
+    digger:
+      image:
+        repository: registry.digger.dev/diggerhq/digger_backend
+        tag: "v0.6.106" # Select tag from GitHub releases
+        pullPolicy: IfNotPresent
+    ```
+    
+    <Warning>
+      Do not use the latest docker image tag in production deployments as they can introduce unexpected changes
+    </Warning>
+  </Step>
 
-To configure the Digger backend deployment with the Helm chart, you'll need to set several values in the `values.yaml` file. Below are the key configurations to consider:
+  <Step title="Configure required secrets">
+    Configure the required secrets for Digger. Note that GitHub App credentials will be filled after the initial setup.
+    
+    ```yaml values.yaml
+    digger:
+      secret:
+        httpBasicAuthUsername: "admin"
+        httpBasicAuthPassword: "<strong-password>"
+        bearerAuthToken: "<strong-token>"
+        hostname: "digger.example.com"
+        
+        # GitHub App credentials (filled after setup)
+        githubOrg: ""
+        githubAppID: ""  # Note: uppercase ID
+        githubAppClientID: ""
+        githubAppClientSecret: ""
+        githubAppKeyFile: ""  # base64 encoded private key
+        githubWebhookSecret: ""
+    ```
+  </Step>
 
-- `digger.image.repository`: The Docker image repository for the Digger backend (e.g., `registry.digger.dev/diggerhq/digger_backend`).
-- `digger.image.tag`: The specific version tag of the Docker image to deploy (e.g., `"v0.4.2"`).
+  <Step title="Configure database">
+    Choose your database configuration based on your environment:
+    
+    <Tabs>
+      <Tab title="External PostgreSQL (Production)">
+        For production environments, use an external PostgreSQL database:
+        
+        ```yaml values.yaml
+        digger:
+          postgres:
+            user: "digger"
+            database: "digger"
+            host: "postgresql.example.com"
+            password: "secure-password"
+            sslmode: "require"  # or "disable"
+        ```
+      </Tab>
+      
+      <Tab title="Built-in PostgreSQL (Testing Only)">
+        For test or proof-of-concept purposes, you can use the built-in PostgreSQL:
+        
+        ```yaml values.yaml
+        postgres:
+          enabled: true
+          secret:
+            postgresPassword: "<test-password>"
+        ```
+        
+        <Warning>
+          Built-in PostgreSQL is only recommended for testing purposes
+        </Warning>
+      </Tab>
+    </Tabs>
+  </Step>
 
-- `digger.service.type`: The type of Kubernetes service to create, such as `ClusterIP`, `NodePort`, or `LoadBalancer`.
-- `digger.service.port`: The port number that the service will expose (e.g., `3000`).
+  <Step title="Configure ingress">
+    Configure ingress to route traffic to Digger (required for GitHub App setup):
+    
+    ```yaml values.yaml
+    digger:
+      ingress:
+        enabled: true
+        host: "digger.example.com"  # Your domain
+        annotations:
+          # Add annotations based on your ingress controller
+          # Example for nginx:
+          # kubernetes.io/ingress.class: "nginx"
+          # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    ```
+  </Step>
 
-- `digger.ingress.enabled`: Set to `true` to create an Ingress for the service.
-- `digger.annotations`: Add the needed annotations based on your ingress controller configuration.
-- `digger.ingress.host`: The hostname to use for the Ingress resource (e.g., `digger-backend.test`).
-- `digger.ingress.path`: The path for the Ingress resource (e.g., `/`).
-- `digger.ingress.tls.secretName`: The name of the TLS secret to use for Ingress encryption (e.g., `digger-backend-tls`).
+  <Step title="Initial deployment">
+    Deploy Digger with the initial configuration:
+    
+    ```bash
+    helm install digger-backend oci://ghcr.io/diggerhq/helm-charts/digger-backend \
+      --namespace digger \
+      --create-namespace \
+      --values values.yaml
+    ```
+    
+    Wait for all pods to reach a running state:
+    
+    ```bash
+    kubectl get pods -n digger
+    ```
+  </Step>
 
-- `digger.secret.*`: Various secrets needed for the application, such as `HTTP_BASIC_AUTH_PASSWORD` and `BEARER_AUTH_TOKEN`. You can provide them directly or reference an existing Kubernetes secret by setting `useExistingSecret` to `true` and specifying `existingSecretName`.
+  <Step title="GitHub App setup">
+    Navigate to your Digger hostname to create and configure the GitHub App:
+    
+    1. Go to `https://your-digger-hostname/github/setup`
+    2. Follow the web interface to create your GitHub App
+    3. Install the app in your GitHub organization
+    4. Collect the generated credentials:
+       - GitHub App ID
+       - Client ID  
+       - Client Secret
+       - Private Key (base64 encoded)
+       - Webhook Secret
+  </Step>
 
-- `digger.postgres.*`: If you're using an external Postgres database, configure the `user`, `database`, and `host` accordingly. Ensure you provide the `password` either directly or through an existing secret in the `secret.*` section.
+  <Step title="Update configuration with GitHub App credentials">
+    Add the GitHub App credentials to your `values.yaml` file:
+    
+    ```yaml values.yaml
+    digger:
+      secret:
+        # ... existing configuration ...
+        githubOrg: "your-github-org"
+        githubAppID: "123456"
+        githubAppClientID: "Iv1.abc123def456"
+        githubAppClientSecret: "github_app_client_secret"
+        githubAppKeyFile: "LS0tLS1CRUdJTi..."  # base64 encoded private key
+        githubWebhookSecret: "webhook_secret"
+    ```
+    
+    Then upgrade the Helm release:
+    
+    ```bash
+    helm upgrade digger-backend oci://ghcr.io/diggerhq/helm-charts/digger-backend \
+      --namespace digger \
+      --values values.yaml
+    ```
+  </Step>
 
-Remember to replace placeholders and default values with your specific, sensitive information before deploying the chart. For example, it's essential to generate a strong `bearerAuthToken` and `postgresPassword` rather than using the defaults for security reasons.
+  <Step title="Access Digger">
+    After deployment, wait for 2-5 minutes for all pods to reach a running state. 
+    You can find the IP address/hostname by executing:
+    
+    ```bash
+    kubectl get ingress -n digger
+    ```
+    
+    Access Digger at your configured hostname and verify the GitHub App is properly connected.
+  </Step>
 
-You can also deploy a PostgreSQL database ONLY FOR TEST PURPOSES configuring the `postgres.*` section:
+  <Step title="Upgrade your instance">
+    To upgrade your instance of Digger, update the docker image tag in your Helm values and rerun:
+    
+    ```bash
+    helm upgrade digger-backend oci://ghcr.io/diggerhq/helm-charts/digger-backend \
+      --namespace digger \
+      --values values.yaml
+    ```
+    
+    <Tip>
+      Always back up your database before each upgrade, especially in a production environment.
+    </Tip>
+  </Step>
+</Steps>
 
-- `postgres.enabled`: Set to `true` if you want to deploy a postgres database
-- `postgres.secret.*`: As for the digger secret, you can pass the `postgres` user password directly or through an existing secret
+## Advanced Configuration
+
+<Accordion title="Using existing secrets">
+  If you prefer to manage secrets separately, you can reference an existing Kubernetes secret:
+  
+  ```yaml values.yaml
+  digger:
+    secret:
+      useExistingSecret: true
+      existingSecretName: "digger-secrets"
+  ```
+</Accordion>
+
+<Accordion title="Resource configuration">
+  Configure resource limits and requests:
+  
+  ```yaml values.yaml
+  digger:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  ```
+</Accordion>
+
+<Accordion title="Full values.yaml example">
+  ```yaml values.yaml
+  digger:
+    image:
+      repository: registry.digger.dev/diggerhq/digger_backend
+      tag: "v0.6.106"
+      pullPolicy: IfNotPresent
+    
+    service:
+      type: ClusterIP
+      port: 3000
+    
+    ingress:
+      enabled: true
+      host: "digger.example.com"
+      annotations:
+        kubernetes.io/ingress.class: "nginx"
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    
+    secret:
+      httpBasicAuthUsername: "admin"
+      httpBasicAuthPassword: "secure-password-123"
+      bearerAuthToken: "secure-bearer-token-456"
+      hostname: "digger.example.com"
+      
+      githubOrg: "your-github-org"
+      githubAppID: "123456"
+      githubAppClientID: "Iv1.abc123def456"
+      githubAppClientSecret: "github_app_client_secret"
+      githubAppKeyFile: "LS0tLS1CRUdJTi..."
+      githubWebhookSecret: "webhook_secret"
+    
+    postgres:
+      user: "digger"
+      database: "digger"
+      host: "postgresql.example.com"
+      password: "postgres-password"
+      sslmode: "require"
+    
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  
+  # For testing only - use external database in production
+  postgres:
+    enabled: false
+  ```
+</Accordion>
