amir20 · abnerrizzi · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025
diff --git a/docs/guide/getting-started.md b/docs/guide/getting-started.md
@@ -79,19 +79,37 @@ See [swarm mode](/guide/swarm-mode) for more information.
 
 ## K8s <Badge type="tip" text="New" />
 
-Dozzle supports running in Kubernetes. It only needs to be deployed on one node within the cluster.
+Dozzle supports running in Kubernetes. It only needs to be deployed on one node within the cluster. The recommended way to install Dozzle on Kubernetes is by using the provided Helm chart.
+
+### Using Helm
+
+To deploy using Helm, navigate to the `helm` directory inside the repository and use the following command. This will install Dozzle with the release name `dozzle` in a new `dozzle` namespace.
+
+```bash
+cd helm/
+helm upgrade --install dozzle . --create-namespace --namespace dozzle -f values.yaml
+```
+
+You can customize the installation by modifying the `values.yaml` file or by creating your own values file (e.g., `my-values.yaml`) and passing it with `-f my-values.yaml`. For example, to enable the ingress, you would set `ingress.enabled` to `true`.
+
+> [!NOTE]
+> The Helm chart automatically configures `DOZZLE_MODE` for you.
+> - If you provide `config.DOZZLE_REMOTE_AGENT` in your values, `DOZZLE_MODE` is set to `server`.
+> - Otherwise, it defaults to `k8s` for in-cluster log viewing.
+
+### Using raw Kubernetes manifests
+
+If you prefer not to use Helm, you can apply the raw Kubernetes manifests directly. Note that this basic configuration does not create a Service to expose Dozzle.
 
 <details>
 <summary>Kubernetes Configuration</summary>
 
 ```yaml [k8s-dozzle.yml]
-# rbac.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: pod-viewer
 ---
-# clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -104,7 +122,6 @@ rules:
     resources: ["pods"]
     verbs: ["get", "list"]
 ---
-# clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -118,7 +135,6 @@ roleRef:
   name: pod-viewer-role
   apiGroup: rbac.authorization.k8s.io
 ---
-# deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -151,5 +167,4 @@ Apply the configuration using the following command:
 ```sh
 kubectl apply -f k8s-dozzle.yml
 ```
-
 See [Kubernetes mode](/guide/k8s) for more information.
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: dozzle
+description: A Helm chart for Dozzle, a lightweight real-time log viewer for containers.
+type: application
+version: 0.1.0
+appVersion: "latest"
+icon: https://dozzle.dev/images/logo.svg
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "dozzle.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "dozzle.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dozzle.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "dozzle.labels" -}}
+helm.sh/chart: {{ include "dozzle.chart" . }}
+{{ include "dozzle.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "dozzle.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "dozzle.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "dozzle.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "dozzle.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/helm/templates/clusterrole.yaml b/helm/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.rbac.create .Values.rbac.clusterScoped }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "dozzle.fullname" . }}
+  labels:
+    {{- include "dozzle.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "pods/log", "nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+{{- end }}
diff --git a/helm/templates/clusterrolebinding.yaml b/helm/templates/clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.rbac.create .Values.rbac.clusterScoped }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "dozzle.fullname" . }}
+  labels:
+    {{- include "dozzle.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "dozzle.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "dozzle.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -0,0 +1,73 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "dozzle.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dozzle.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "dozzle.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "dozzle.selectorLabels" . | nindent 8 }}
+      annotations:
+        checksum/config: {{ .Values | toJson | sha256sum }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "dozzle.serviceAccountName" . }}
+      securityContext:
+        {}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          env:
+            - name: DOZZLE_MODE
+              value: {{- if and .Values.config (get .Values.config "DOZZLE_REMOTE_AGENT") }} "server" {{ else }} "k8s" {{ end }}
+            {{- $config := omit .Values.config "DOZZLE_MODE" }}
+            {{- range $key, $value := $config }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- if .Values.auth.secret.existingSecret }}
+          volumeMounts:
+            - name: auth-config
+              mountPath: "/data"
+              readOnly: true
+          {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- if .Values.auth.secret.existingSecret }}
+      volumes:
+        - name: auth-config
+          secret:
+            secretName: {{ .Values.auth.secret.existingSecret }}
+            items:
+              - key: {{ .Values.auth.secret.key }}
+                path: {{ .Values.auth.secret.key }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "dozzle.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "dozzle.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path | quote }}
+            pathType: {{ .pathType | quote }}
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/helm/templates/role.yaml b/helm/templates/role.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.rbac.create (not .Values.rbac.clusterScoped) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "dozzle.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dozzle.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "pods/log", "nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+{{- end }}
diff --git a/helm/templates/rolebinding.yaml b/helm/templates/rolebinding.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.rbac.create (not .Values.rbac.clusterScoped) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "dozzle.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dozzle.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "dozzle.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "dozzle.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "dozzle.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dozzle.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "dozzle.selectorLabels" . | nindent 4 }}
diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "dozzle.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dozzle.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}