Skip to content

Add Helm Chart for MISP Kubernetes Deployment #354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ostefano merged 1 commit into from
Dec 23, 2025
Merged

Add Helm Chart for MISP Kubernetes Deployment #354

ostefano merged 1 commit into from
Dec 23, 2025

Conversation

@tobmes42
Copy link
Contributor

@tobmes42 tobmes42 commented Dec 23, 2025

Description

This PR adds a production-ready Helm chart for deploying MISP on Kubernetes with all required dependencies.

Features

Core Functionality

  • Complete Helm chart with MariaDB and Valkey (Redis alternative) as dependencies
  • Configurable deployment via values.yaml and example community-values.yaml
  • Support for custom initialization scripts via ConfigMap
  • Automatic secret generation for passwords and API keys

Security

  • Security contexts with non-root containers
  • Read-only root filesystems
  • Network policies support
  • Integration with Kubernetes Secrets
  • Support for Vault secret management

Networking

  • Ingress support with nginx-ingress-controller
  • Automatic TLS certificate management via cert-manager
  • Support for Istio service mesh (alternative to Ingress)
  • Configurable service types (ClusterIP, NodePort, LoadBalancer)

Configuration

  • OIDC/Keycloak authentication support
  • Custom CA certificates mounting
  • Environment variable configuration
  • SOAR user creation
  • Configurable resource limits and requests

Documentation

  • Comprehensive deployment guide (DEPLOYMENT.md)
  • Step-by-step installation instructions
  • cert-manager setup guide
  • Troubleshooting section
  • Configuration examples

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.0+
  • Ingress Controller (e.g., nginx-ingress-controller)
  • cert-manager for TLS certificate management
  • StorageClass for persistent volumes

Testing

Tested on:

  • ✅ OrbStack Kubernetes v1.33.5+orb1
  • ✅ Local development environment
  • ✅ nginx-ingress-controller v1.12.0-beta.0
  • ✅ cert-manager v1.19.2

Installation Example

# 1. Install cert-manager
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --set crds.enabled=true

# 2. Create ClusterIssuer
kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}
EOF

# 3. Deploy MISP
helm upgrade --install misp ./kubernetes/helm-chart \
  -n misp \
  --create-namespace \
  -f ./kubernetes/helm-chart/community-values.yaml

@ostefano ostefano linked an issue Dec 23, 2025 that may be closed by this pull request
Helm Chart for MISP #353
Closed
@ostefano ostefano merged commit 0ee4fbe into MISP:master Dec 23, 2025
0 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Helm Chart for MISP

2 participants

@tobmes42 @ostefano