Encryption Proxy Helm Chart
Security: To verify the container’s authenticity and inspect its SBOM, see the Attestation & Verification Guide.
Installing the Helm Chart
Section titled “Installing the Helm Chart”The Subnoto Encryption Proxy is available as a Helm chart published to an OCI registry. This makes it easy to deploy to any Kubernetes cluster.
Installation
Section titled “Installation”Install the chart directly from the OCI registry:
helm install api-proxy oci://registry-1.docker.io/subnoto/api-proxy --version 0.1.1Available Versions
Section titled “Available Versions”View available versions on Docker Hub or use the Docker Hub API:
curl -s https://registry.hub.docker.com/v2/repositories/subnoto/api-proxy/tags/ | jq -r '.results[].name'Configuration
Section titled “Configuration”Configuration Parameters
Section titled “Configuration Parameters”| Parameter | Description | Default |
|---|---|---|
replicaCount |
Number of replicas | 1 |
image.repository |
Container image repository | subnoto/api-proxy |
image.tag |
Container image tag | Chart version |
image.pullPolicy |
Image pull policy | IfNotPresent |
env.API_BASE_URL |
Backend API URL | https://enclave.subnoto.com |
env.PORT |
Container port | 8080 |
env.DISABLE_ATTESTATION |
Disable attestation checks | false |
env.ATTESTATION_PUBLIC_KEYS |
Base64-encoded attestation keys | "" |
service.type |
Kubernetes service type | ClusterIP |
service.port |
Service port | 8080 |
ingress.enabled |
Enable ingress | false |
resources.requests.memory |
Memory request | 512Mi |
resources.requests.cpu |
CPU request | 100m |
resources.limits.memory |
Memory limit | 1Gi |
resources.limits.cpu |
CPU limit | 500m |
Ingress Configuration
Section titled “Ingress Configuration”To expose the Encryption Proxy externally:
ingress: enabled: true className: nginx annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" hosts: - host: api-proxy.example.com paths: - path: / pathType: Prefix tls: enabled: true secretName: api-proxy-tls