Add helm chart guide

docs/learning/howto/configuring-windows-nodes.md

@@ -91,6 +91,9 @@ The following properties can optionally be set in the WinRM Node Executor and Wi
 * **`WinRM Port`**: The WinRM port to use. The default is port 5985.  This can be overridden on nodes with `winrm-port`. <br><br>
 * **`WinRM Username`**: Optional username. The username can be set at node level (using the attribute `username`) or at job level (using an input option called `username`). <br><br>
 * **`Certificate Path`**: The path for SSL verification. This can be overridden on nodes with `winrm-certpath`. <br><br>
+  :::warning Important
+  `winrm-certpath` expects a **file system path** (e.g., `/opt/rundeck/certs/certificate.pem`), **NOT** a Rundeck Key Storage path (e.g., `keys/project/...`). The certificate path is passed directly to the pywinrm library without Key Storage resolution. The certificate file must be in PEM format and readable by the Rundeck user on the Enterprise Runner or Rundeck server.
+  :::
 * **`Connect/Read Times Out`**: The maximum seconds to wait before an HTTP connect/read times out (default 30). This value should be slightly higher than operation timeout, as the server can block *at least* that long. This can be overridden on nodes with `winrm-readtimeout`. <br><br>
 * **`Proxy`**: Optionally specify a proxy address for communicating with Windows nodes. Example HTTP proxy strings are `http://server:port` and `http://user:pass@server:port`. An example SOCKS5 proxy string is `socks5://user:pass@server:port`.<br><br>
 * **`Operation Timeout`**: The maximum allowed time in seconds for any single wsman HTTP operation (default 20). Note that operation timeouts while receiving output will be silently retried indefinitely. This can be overridden on nodes with `winrm-operationtimeout`.<br><br>

docs/learning/howto/how2-terra-rd-eks.md

@@ -154,9 +154,85 @@ The deployment should look as follows in `k9`:<br>
 Rundeck is available via the service's external URL.<br>
 
 ![](/assets/img/terra-eks5.png)
+
+## Production Deployment with Helm Chart
+
+For production environments, using a Helm chart provides a more robust and maintainable deployment approach compared to raw manifest files. The PagerDuty Runbook Automation Helm chart offers:
+
+- **High Availability:** Multiple replicas with session affinity and load balancing
+- **Production-Ready Configuration:** Integration with RDS, S3, Route53, and ACM
+- **Security:** Proper secrets management and ACL configuration
+- **Scalability:** Resource limits, auto-scaling capabilities, and cluster configuration
+- **Maintainability:** Version control, easy upgrades, and rollback capabilities
+
+### Quick Start with Helm
+
+#### Prerequisites
+- **Helm 3.x** installed ([Installation Guide](https://helm.sh/docs/intro/install/))
+- AWS infrastructure:
+  - AWS Load Balancer Controller
+  - ExternalDNS
+  - RDS Database (MySQL/MariaDB)
+  - S3 Bucket for logs
+  - Route53 Hosted Zone
+  - ACM Certificate
+
+#### Installation Steps
+
+1. **Create namespace and database secret:**
+```bash
+kubectl create namespace rundeck
+kubectl create secret generic database-password \
+  --from-literal=password='YOUR_DATABASE_PASSWORD' \
+  --namespace=rundeck
+```
+
+2. **Prepare configuration files:**
+   - `admin-role.aclpolicy` - Admin ACL permissions
+   - `realm.properties` - Local user accounts
+
+3. **Customize values.yaml** with your environment settings:
+   - Ingress host and ACM certificate ARN
+   - RDS database endpoint
+   - S3 bucket for logs
+   - LDAP/AD configuration (if applicable)
+
+4. **Install the Helm chart:**
+```bash
+# Clone the docker-zoo repository
+git clone https://github.com/rundeck/docker-zoo.git
+cd docker-zoo/kubernetes/helm
+
+# Install the chart
+helm install rundeckpro ./rundeckpro \
+  --namespace=rundeck \
+  --set-file aclFile=./admin-role.aclpolicy \
+  --set-file realm=./realm.properties \
+  --values values.yaml
+```
+
+5. **Verify the deployment:**
+```bash
+kubectl get pods -n rundeck
+kubectl get ingress -n rundeck
+```
+
+### Full Documentation
+
+For complete Helm chart documentation, including:
+- Architecture overview
+- Detailed prerequisites and AWS infrastructure setup
+- All configuration options
+- LDAP/AD integration
+- Production vs. development configurations
+- Troubleshooting guide
+- Security best practices
+
+Visit the [Runbook Automation Helm Chart README](https://github.com/rundeck/docker-zoo/tree/master/kubernetes/helm/rundeckpro).
+
 ### Uninstalling
 
-#### To uninstall the Rundeck deployment use:
+#### To uninstall the basic Rundeck deployment use:
 
 ```
 kubectl delete deployment rundeck-deployment
@@ -168,6 +244,14 @@ kubectl delete deployment rundeck-deployment
 kubectl delete service rundeck-svc
 ```
 
+#### To uninstall a Helm-based deployment:
+
+```
+helm uninstall rundeckpro --namespace=rundeck
+```
+
+**Note:** The Helm uninstall command removes all Kubernetes resources (deployments, services, ingress, secrets) but does NOT delete the RDS database, S3 bucket, or Route53 records.
+
 ## Resources
 * AWS EKS [Introduction](https://aws.amazon.com/eks/)<br>
 * AWS CLI [Documentation](https://aws.amazon.com/cli/)<br>