feat : add helm chart

[Chesblaw]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @Chesblaw, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the deployability of the Helios L7 reverse proxy and load balancer by introducing a dedicated Helm chart. This chart streamlines the process of deploying Helios onto a Kubernetes cluster, providing a complete set of Kubernetes manifests and a comprehensive values.yaml for customizing various operational and application-specific parameters, from load balancing strategies to resource scaling.

Highlights

• Helm Chart Introduction: A new Helm chart has been added to facilitate the deployment and management of the Helios L7 reverse proxy and load balancer on Kubernetes.
• Comprehensive Kubernetes Resources: The chart includes templates for essential Kubernetes components such as Deployment, Service, Ingress, Horizontal Pod Autoscaler (HPA), and ConfigMap.
• Configurable Helios Features: The values.yaml file provides extensive configuration options for Helios's core functionalities, including load balancing strategies, health checks, rate limiting, circuit breakers, admin API, and metrics.
• README Update: A minor modification was made to the README.md file, appending a GitHub repository URL to the 'Performance Benchmarks' section.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces a Helm chart for the Helios application. The changes include adding Chart.yaml, _helpers.tpl, configmap.yaml, deployment.yaml, hpa.yaml, ingress.yaml, service.yaml, and values.yaml files to the helm/helios directory. A minor modification was also made to the README.md file. I have identified a potential issue in the README.md file that needs to be addressed.

[gemini-code-assist]

The URL https://github.com/Chesblaw/Helios.git is appended directly to the heading "Performance Benchmarks". This looks unintentional and should be removed or placed correctly.

It's likely that this was copy/pasted from somewhere and inadvertently included in the heading.

Suggested change

	## Performance Benchmarkshttps://github.com/Chesblaw/Helios.git
	## Performance Benchmarks

[sonarqubecloud]

Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[0xReLogic]

Summary

• Adds Helm chart under helm/helios/** (Chart.yaml, templates, values.yaml).
• README also changed but appears out-of-sync with current main. Please keep this PR focused on the chart.

What needs improvement

1. ConfigMap is incomplete

• Only server.port and tls.enabled are rendered. Other sections from values (backends, load_balancer, health_checks, rate_limit, circuit_breaker, adminAPI, metrics, plugins) are missing. This will result in Helios running with an incomplete config.

2. Service targetPort mismatch

• Template references .Values.service.targetPort but it does not exist in values.yaml. Prefer named container ports and reference them from the Service.

3. Probes should hit the main HTTP port

• Liveness/readiness currently point to metrics.port. If metrics are disabled, probes break. Probe the main HTTP service (http).

4. Ensure the binary actually reads the mounted config

• ConfigMap is mounted at /etc/helios/helios.yaml, but the container doesn’t set a working directory or explicit args to point to it. Either set workingDir: /etc/helios or pass an explicit flag if the binary supports it.

5. Security hardening

• Add a container securityContext (runAsNonRoot, readOnlyRootFilesystem, no privilege escalation, drop all capabilities).

6. Ingress className should be conditional

• Don’t render an empty ingressClassName when the value is empty.

7. Secrets for admin token

• adminAPI.auth_token should come from a Secret, not values/ConfigMap directly.

8. Rollout on config change

• Add a checksum annotation of the ConfigMap to the Pod template to trigger rolling updates when config changes.

9. Image tag/policy

• Avoid latest for production. Align image.tag with appVersion, or set pull policy accordingly.

10. Resources & HPA

• Provide default resources.requests/limits. HPA on CPU requires requests to be set for accurate scaling.

Concrete suggestions

• ConfigMap (render a complete helios.yaml):

data:
  helios.yaml: |
    server:
      port: {{ .Values.service.port }}
      tls:
        enabled: {{ .Values.tls.enabled }}
        {{- if .Values.tls.enabled }}
        certFile: {{ .Values.certFile | quote }}
        keyFile: {{ .Values.keyFile | quote }}
        {{- end }}

    backends:
    {{- toYaml .Values.backends | nindent 6 }}

    load_balancer:
      strategy: {{ .Values.load_balancer.strategy | quote }}

    health_checks:
    {{- toYaml .Values.health_checks | nindent 6 }}

    rate_limit:
    {{- toYaml .Values.rate_limit | nindent 6 }}

    circuit_breaker:
    {{- toYaml .Values.circuit_breaker | nindent 6 }}

    admin_api:
      enabled: {{ .Values.adminAPI.enabled }}
      port: {{ .Values.adminAPI.port }}
      auth_token: {{ .Values.adminAPI.auth_token | quote }}

    metrics:
      enabled: {{ .Values.metrics.enabled }}
      port: {{ .Values.metrics.port }}
      path: {{ .Values.metrics.path | quote }}

    plugins:
    {{- toYaml .Values.plugins | nindent 6 }}

• Service (use named ports and remove nonexistent targetPort):

ports:
  - name: http
    port: {{ .Values.service.port }}
    targetPort: http
  {{- if .Values.metrics.enabled }}
  - name: metrics
    port: {{ .Values.metrics.port }}
    targetPort: metrics
  {{- end }}
  {{- if .Values.adminAPI.enabled }}
  - name: admin
    port: {{ .Values.adminAPI.port }}
    targetPort: admin
  {{- end }}

• Deployment (workingDir, probes to http, guard resources, securityContext, config checksum):

metadata:
  annotations:
    checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
...
containers:
  - name: helios
    image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
    imagePullPolicy: {{ .Values.image.pullPolicy }}
    command: ["/helios"]
    workingDir: /etc/helios
    ports:
      - name: http
        containerPort: {{ .Values.service.port }}
      {{- if .Values.metrics.enabled }}
      - name: metrics
        containerPort: {{ .Values.metrics.port }}
      {{- end }}
      {{- if .Values.adminAPI.enabled }}
      - name: admin
        containerPort: {{ .Values.adminAPI.port }}
      {{- end }}
    livenessProbe:
      httpGet: { path: /health, port: http }
    readinessProbe:
      httpGet: { path: /health, port: http }
    {{- if .Values.resources }}
    resources:
      {{- toYaml .Values.resources | nindent 6 }}
    {{- end }}
    securityContext:
      runAsNonRoot: true
      readOnlyRootFilesystem: true
      allowPrivilegeEscalation: false
      capabilities: { drop: ["ALL"] }

• Ingress (conditional className):

{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}

• values.yaml (defaults & consistency):

image:
  repository: "helios/helios"
  tag: "{{ .Chart.AppVersion }}"
  pullPolicy: IfNotPresent

resources:
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 500m
    memory: 512Mi

Process & docs

• Please sync/rebase with the latest main and drop unrelated README changes to keep this PR focused on the chart. We can add a Helm section in README or a separate doc after the chart is solid.
• Link the PR to the issue by adding Closes #31 in the description.
• Suggested checks:

helm lint helm/helios
helm template my-helios helm/helios --values helm/helios/values.yaml

[0xReLogic]

Quick follow-up on images (Issue #27 is still open)

• There isn't an official image published yet (see Issue Create Dockerfile and Docker Compose example #27: Create Dockerfile and Docker Compose example #27). To avoid blocking this chart:

  1. Keep image.repository and image.tag fully configurable (no hard binding to helios/helios:latest).

  2. Add a short doc section (or docs/helm.md) for using a locally built image:

     # Build and push (example)
     docker build -t <YOUR_REPO>/helios:<TAG> .
     docker push <YOUR_REPO>/helios:<TAG>
     
     # Install with overrides
     helm install my-helios helm/helios \
       --set image.repository=<YOUR_REPO>/helios \
       --set image.tag=<TAG>

  3. Once Create Dockerfile and Docker Compose example #27 lands, update chart defaults to the official image and align image.tag with Chart.appVersion.

Also noticed:

• values.enabled exists but templates don't gate on it. Either remove it or use it to conditionally render resources.

The rest of the requested changes remain the same (ConfigMap completeness, named ports + probes to http, securityContext, checksum on config, ingress className conditional, Secret for admin token, resources/HPA).

[Chesblaw]

Sure!

[0xReLogic]

@Chesblaw ping me if need help thank you 👍