Initial release of the Tenzir Node Helm chart.
🚀 Features
Section titled “🚀 Features”Optional NetworkPolicy and PodDisruptionBudget
Section titled “Optional NetworkPolicy and PodDisruptionBudget”Jun 17, 2026 · @Zedoraps, @claude · #2
Render an optional NetworkPolicy scoping ingress to the node pods by setting networkPolicy.enabled: true. Render an optional PodDisruptionBudget spanning every node pod in the release by setting podDisruptionBudget.minAvailable or podDisruptionBudget.maxUnavailable. Neither resource is rendered with the chart defaults.
Hardened container security defaults
Section titled “Hardened container security defaults”Jun 17, 2026 · @Zedoraps, @claude · #2
Container securityContext ships hardened by default: runAsNonRoot: true with runAsUser and runAsGroup pinned to 999 (matching the image’s tenzir user), seccompProfile: { type: RuntimeDefault }, allowPrivilegeEscalation: false, capabilities.drop: [ALL], and readOnlyRootFilesystem: true. An emptyDir mounted at /tmp keeps the writable surface to just that path and the /var/lib/tenzir PVC.
Two patterns for exposing listener ports
Section titled “Two patterns for exposing listener ports”Jun 17, 2026 · @Zedoraps, @claude · #2
Open additional listener ports through nodes[].extraPorts, which attaches a port to one specific node’s pod and Service (optionally backed by its own dedicated Service when serviceType is set), or through sharedServices, which creates a single fleet-wide Service whose endpoints span every selected node’s pod so kube-proxy load-balances across them.
Per-node configuration with checksum-driven rollouts
Section titled “Per-node configuration with checksum-driven rollouts”Jun 17, 2026 · @Zedoraps, @claude · #2
Compose each node’s tenzir.yaml from a global tenzir.config overlay merged with each entry’s nodes[].config. A per-node checksum/config annotation on the pod template ensures helm upgrade only rolls the pods whose merged configuration actually changed; untouched nodes keep running.
Initial Tenzir Node Helm chart
Section titled “Initial Tenzir Node Helm chart”Jun 17, 2026 · @Zedoraps, @claude · #2
Install the chart from oci://ghcr.io/tenzir/charts/tenzir-node to deploy one or more tenzir-node instances on Kubernetes. Each entry in the chart’s nodes list renders as its own one-pod StatefulSet with a dedicated Service, ConfigMap, Secret, and persistent volume claim, scaled independently of the others.