From d353685da2032724e948af7923863b538c038b3d Mon Sep 17 00:00:00 2001 From: brmdias Date: Wed, 7 Jan 2026 15:05:47 +0000 Subject: [PATCH 1/2] Add Helm Chart deployment guide for EKS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enhance the EKS deployment documentation with a comprehensive production deployment section using Helm charts. This addition provides: - Production-ready deployment approach with high availability - Integration with AWS services (RDS, S3, Route53, ACM) - Quick start guide with installation steps - Helm-specific uninstall instructions - Reference to detailed Helm chart documentation This complements the existing basic deployment guide by offering an enterprise-grade option for production environments. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- docs/learning/howto/how2-terra-rd-eks.md | 86 +++++++++++++++++++++++- 1 file changed, 85 insertions(+), 1 deletion(-) diff --git a/docs/learning/howto/how2-terra-rd-eks.md b/docs/learning/howto/how2-terra-rd-eks.md index 445a69ff3..6d78f0403 100644 --- a/docs/learning/howto/how2-terra-rd-eks.md +++ b/docs/learning/howto/how2-terra-rd-eks.md @@ -154,9 +154,85 @@ The deployment should look as follows in `k9`:
Rundeck is available via the service's external URL.
![](/assets/img/terra-eks5.png) + +## Production Deployment with Helm Chart + +For production environments, using a Helm chart provides a more robust and maintainable deployment approach compared to raw manifest files. The PagerDuty Runbook Automation Helm chart offers: + +- **High Availability:** Multiple replicas with session affinity and load balancing +- **Production-Ready Configuration:** Integration with RDS, S3, Route53, and ACM +- **Security:** Proper secrets management and ACL configuration +- **Scalability:** Resource limits, auto-scaling capabilities, and cluster configuration +- **Maintainability:** Version control, easy upgrades, and rollback capabilities + +### Quick Start with Helm + +#### Prerequisites +- **Helm 3.x** installed ([Installation Guide](https://helm.sh/docs/intro/install/)) +- AWS infrastructure: + - AWS Load Balancer Controller + - ExternalDNS + - RDS Database (MySQL/MariaDB) + - S3 Bucket for logs + - Route53 Hosted Zone + - ACM Certificate + +#### Installation Steps + +1. **Create namespace and database secret:** +```bash +kubectl create namespace rundeck +kubectl create secret generic database-password \ + --from-literal=password='YOUR_DATABASE_PASSWORD' \ + --namespace=rundeck +``` + +2. **Prepare configuration files:** + - `admin-role.aclpolicy` - Admin ACL permissions + - `realm.properties` - Local user accounts + +3. **Customize values.yaml** with your environment settings: + - Ingress host and ACM certificate ARN + - RDS database endpoint + - S3 bucket for logs + - LDAP/AD configuration (if applicable) + +4. **Install the Helm chart:** +```bash +# Clone the docker-zoo repository +git clone https://github.com/rundeck/docker-zoo.git +cd docker-zoo/kubernetes/helm + +# Install the chart +helm install rundeckpro ./rundeckpro \ + --namespace=rundeck \ + --set-file aclFile=./admin-role.aclpolicy \ + --set-file realm=./realm.properties \ + --values values.yaml +``` + +5. **Verify the deployment:** +```bash +kubectl get pods -n rundeck +kubectl get ingress -n rundeck +``` + +### Full Documentation + +For complete Helm chart documentation, including: +- Architecture overview +- Detailed prerequisites and AWS infrastructure setup +- All configuration options +- LDAP/AD integration +- Production vs. development configurations +- Troubleshooting guide +- Security best practices + +Visit the [Runbook Automation Helm Chart README](https://github.com/rundeck/docker-zoo/tree/master/kubernetes/helm/rundeckpro). + ### Uninstalling -#### To uninstall the Rundeck deployment use: +#### To uninstall the basic Rundeck deployment use: ``` kubectl delete deployment rundeck-deployment @@ -168,6 +244,14 @@ kubectl delete deployment rundeck-deployment kubectl delete service rundeck-svc ``` +#### To uninstall a Helm-based deployment: + +``` +helm uninstall rundeckpro --namespace=rundeck +``` + +**Note:** The Helm uninstall command removes all Kubernetes resources (deployments, services, ingress, secrets) but does NOT delete the RDS database, S3 bucket, or Route53 records. + ## Resources * AWS EKS [Introduction](https://aws.amazon.com/eks/)
* AWS CLI [Documentation](https://aws.amazon.com/cli/)
From d773dd432062cfb4ae32e12ef7aa0ead06b082f4 Mon Sep 17 00:00:00 2001 From: brmdias Date: Thu, 8 Jan 2026 14:19:52 +0000 Subject: [PATCH 2/2] Add warning about winrm-certpath requirements in Windows nodes configuration --- docs/learning/howto/configuring-windows-nodes.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/learning/howto/configuring-windows-nodes.md b/docs/learning/howto/configuring-windows-nodes.md index 5c7c65f5d..53b60fc32 100644 --- a/docs/learning/howto/configuring-windows-nodes.md +++ b/docs/learning/howto/configuring-windows-nodes.md @@ -91,6 +91,9 @@ The following properties can optionally be set in the WinRM Node Executor and Wi * **`WinRM Port`**: The WinRM port to use. The default is port 5985. This can be overridden on nodes with `winrm-port`.

* **`WinRM Username`**: Optional username. The username can be set at node level (using the attribute `username`) or at job level (using an input option called `username`).

* **`Certificate Path`**: The path for SSL verification. This can be overridden on nodes with `winrm-certpath`.

+ :::warning Important + `winrm-certpath` expects a **file system path** (e.g., `/opt/rundeck/certs/certificate.pem`), **NOT** a Rundeck Key Storage path (e.g., `keys/project/...`). The certificate path is passed directly to the pywinrm library without Key Storage resolution. The certificate file must be in PEM format and readable by the Rundeck user on the Enterprise Runner or Rundeck server. + ::: * **`Connect/Read Times Out`**: The maximum seconds to wait before an HTTP connect/read times out (default 30). This value should be slightly higher than operation timeout, as the server can block *at least* that long. This can be overridden on nodes with `winrm-readtimeout`.

* **`Proxy`**: Optionally specify a proxy address for communicating with Windows nodes. Example HTTP proxy strings are `http://server:port` and `http://user:pass@server:port`. An example SOCKS5 proxy string is `socks5://user:pass@server:port`.

* **`Operation Timeout`**: The maximum allowed time in seconds for any single wsman HTTP operation (default 20). Note that operation timeouts while receiving output will be silently retried indefinitely. This can be overridden on nodes with `winrm-operationtimeout`.