Helm Chart
Deploy the OnePAM Zero Trust Access Gateway on Kubernetes using Helm.
OnePAM Gateway Helm Chart
Deploy and manage OnePAM gateways on Kubernetes clusters with the official Helm chart. Supports session recording, TLS, VPN, and multi-replica deployments.
helm repo add onepam https://onepamcom.github.io/helm-charts
helm install gateway onepam/onepam-gatewayRequirements
- Kubernetes 1.24+
- Helm 3.x
- A registered gateway in your OnePAM instance (Gateway ID and API token)
- Outbound HTTPS (443) to your OnePAM server
Quick Start
# Add the Helm repository
helm repo add onepam https://onepamcom.github.io/helm-charts
helm repo update
# Install with required values
helm install gateway onepam/onepam-gateway \
--set gateway.gatewayId="YOUR-GATEWAY-ID" \
--set gateway.apiUrl="https://your-instance.onepam.com" \
--set gateway.apiToken="YOUR-API-TOKEN" \
--namespace onepam \
--create-namespace
# Verify the deployment
kubectl -n onepam get podsConfiguration
Key Values
| Value | Default | Description |
|---|---|---|
gateway.gatewayId | - | Gateway ID from OnePAM (required) |
gateway.apiUrl | - | OnePAM server URL (required) |
gateway.apiToken | - | API token for gateway authentication (required) |
replicaCount | 1 | Number of gateway replicas |
image.repository | ghcr.io/onepam/gateway | Container image repository |
image.tag | latest | Container image tag |
service.type | ClusterIP | Kubernetes service type |
service.port | 443 | Service port |
S3 Session Recording
| Value | Default | Description |
|---|---|---|
gateway.s3.bucket | - | S3 bucket for session recordings |
gateway.s3.region | - | S3 bucket region |
gateway.s3.accessKey | - | S3 access key |
gateway.s3.secretKey | - | S3 secret key |
TLS / ACME
| Value | Default | Description |
|---|---|---|
gateway.acme.enabled | false | Enable Let's Encrypt TLS |
gateway.acme.domain | - | Domain for TLS certificate |
gateway.acme.email | - | ACME registration email |
Example Values File
values.yaml
replicaCount: 2
gateway:
gatewayId: "your-gateway-uuid"
apiUrl: "https://your-instance.onepam.com"
apiToken: "your-api-token"
s3:
bucket: "onepam-recordings"
region: "us-east-1"
acme:
enabled: true
domain: "gateway.example.com"
email: "[email protected]"
vpn:
enabled: false
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi# Deploy with values file
helm install gateway onepam/onepam-gateway \
-f values.yaml \
--namespace onepam \
--create-namespaceChart Management
# Upgrade to a newer chart version
helm repo update
helm upgrade gateway onepam/onepam-gateway -f values.yaml -n onepam
# Check release status
helm status gateway -n onepam
# View release history
helm history gateway -n onepam
# Rollback to a previous revision
helm rollback gateway 1 -n onepam
# Uninstall
helm uninstall gateway -n onepam