This guide walks through installing AuthTranslator on Kubernetes using the Helm chart found in charts/authtranslator/. Helm ≥ 3.9 is assumed. See charts/authtranslator/README.md for a full list of chart values.
Why Helm? Templating secrets, ConfigMaps, and Optional Redis in one place makes day‑2 ops (upgrades, rollbacks) far easier than raw manifests.
From the repository root:
helm upgrade --install authtranslator charts/authtranslator \
--namespace authtranslator --create-namespace \
--set image.tag="$(git rev-parse --short HEAD)"This:
- Creates a
Deploymentrunning one replica of AuthTranslator. - Mounts your
config.yaml,allowlist.yaml, anddenylist.yamlvia aConfigMap. - Exposes port 8080 via a
ClusterIPService calledauthtranslator.
| Key | Default | Description |
|---|---|---|
image.repository |
ghcr.io/winhowes/authtranslator |
Override to use a private registry. |
image.tag |
latest |
Image tag or digest. |
image.pullPolicy |
IfNotPresent |
Image pull policy. |
redisAddress |
"" |
Address passed to -redis-addr – either host:port or a redis:///rediss:// URL. |
redisCA |
"" |
CA file for -redis-ca; empty skips TLS verification. |
secretRefresh |
"" |
Value passed to -secret-refresh. |
watch |
true |
Run with -watch so projected ConfigMap updates trigger reloads. |
resources |
(object) | Pod resource requests/limits. |
imagePullSecrets |
[] |
Names of image pull secrets. |
serviceAccountName |
"" |
Pod service account name. |
config |
(string) | Raw YAML for config.yaml. |
allowlist |
(string) | Raw YAML for allowlist.yaml. |
denylist |
(string) | Raw YAML for denylist.yaml. |
Full schema lives in charts/authtranslator/values.yaml.
image:
tag: "1.2.3"
redisAddress: "redis://redis:6379/0"
config: |
integrations:
- name: slack
destination: https://slack.com
outgoing_auth:
- type: token
params:
secrets:
- env:SLACK_TOKEN
header: Authorization
prefix: "Bearer "
allowlist: |
- integration: slack
callers:
- id: demo
capabilities:
- name: post_as
denylist: |
- integration: slack
callers:
- id: "*"
rules:
- path: /api/chat.postMessage
methods:
POST:
body:
channel: forbidden-room
Install with:
helm install authtranslator charts/authtranslator -f values.yamlHelm makes rollbacks trivial:
helm upgrade authtranslator charts/authtranslator -f values.yaml --set image.tag=1.2.4
# If something breaks:
helm rollback authtranslator 1 # roll back to previous revisioncharts/authtranslator/
Chart.yaml # metadata
values.yaml # user-tunable defaults
templates/
_helpers.tpl
configmap.yaml
deployment.yaml
service.yaml
Feel free to add ingress, PodDisruptionBudget, or HPA templates as your cluster demands.
# Package and push
helm package charts/authtranslator
helm push authtranslator-*.tgz oci://ghcr.io/winhowes/charts
# Later, install via OCI reference
helm install authtranslator oci://ghcr.io/winhowes/charts/authtranslator --version 1.2.3Example Terraform configurations live in the terraform/ directory:
terraform/quickstart– minimal Docker provider example.terraform/aws– deploys to AWS ECS Fargate.terraform/gcp– deploys to Google Cloud Run.terraform/azure– deploys to Azure Container Instances.
Set the variables for your environment and run terraform apply inside the
chosen folder to create the service. The modules accept optional
redis_address and redis_ca variables which map to the container flags.