docs: improve Kubernetes Helm deployment guide

[devin-ai-integration]

Context

This PR comprehensively rewrites the Kubernetes Helm deployment guide to add missing information and improve the structure for better user experience. The previous guide was minimal and lacked operational guidance that users need for production deployments.

New sections added:

• System requirements table (cluster-level and per-pod resource defaults)
• Explicit namespace creation step (was previously implied)
• Deployment verification steps with expected output examples
• "Managing Your Deployment" section covering pod logs, scaling, upgrading, and uninstalling
• Persistent Volume Claims explanation with customization options
• Additional Configuration accordions for: SMTP/email, custom domain with TLS (cert-manager and manual), network policies, external database/Redis, Prometheus monitoring, and high availability configuration
• Comprehensive Troubleshooting section with 7 common issues and solutions

Formatting improvements:

• Reformatted using <Steps>/<Step> components consistent with other deployment guides
• Changed secrets creation from YAML manifests to kubectl commands with inline secret generation (more practical for users)
• Added tables for system requirements, SMTP providers, and managed database services
• Used <AccordionGroup> for optional configuration sections

Steps to verify the change

1. Preview the documentation in Mintlify to verify formatting renders correctly
2. Verify kubectl commands are syntactically correct
3. Spot-check that Helm values examples match the actual values.yaml
4. Verify pod label selectors (e.g., app.kubernetes.io/name=infisical) match actual Helm chart output

Human review checklist

• Verify the port number (8080) used in port-forward commands is correct for the Helm deployment
• Verify PVC names (data-postgresql-0, redis-data-redis-master-0) match actual Bitnami chart output
• Verify database credentials in pg_dump command (-U infisical, database infisicalDB) match Helm defaults
• Review network policy example for correctness with typical cluster setups

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

---

Link to Devin run: https://app.devin.ai/sessions/de8b36ae4d4c4287ace71741aef029fe
Requested by: ashwin@infisical.com

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR significantly improves the Kubernetes Helm deployment guide by transforming it from a minimal setup guide into a comprehensive production-ready deployment reference. The changes add critical operational information including system requirements, verification steps, deployment management commands, troubleshooting guidance, and advanced configuration examples.

Key improvements:

• Added system requirements table with node, CPU, RAM, and disk specifications
• Added explicit namespace creation step and deployment verification with expected output
• Added comprehensive "Managing Your Deployment" section covering logs, scaling, upgrading, and uninstalling
• Added troubleshooting section with 7 common scenarios and their solutions
• Added accordion sections for optional configurations (SMTP, TLS, network policies, external databases, monitoring, HA)
• Changed from YAML manifests to inline kubectl commands for secret creation, which is more practical
• Fixed label selectors throughout to use component=infisical matching actual Helm chart templates

Technical accuracy verified:

• Port 8080 is correct (matches infisical.yaml:59,108)
• Database credentials (-U infisical, database infisicalDB) match Helm defaults (values.yaml:141,145)
• Label selectors now correctly use component=infisical (matching _helpers.tpl:39)
• Resource defaults match values.yaml (Infisical: 350m CPU, 1000Mi memory)
• PVC names are standard Bitnami chart conventions

Confidence Score: 5/5

• This documentation-only PR is safe to merge with no risk to production systems
• This is a documentation improvement PR that makes no code changes. All technical details have been verified against the actual Helm chart templates and values. Previous review comments about incorrect label selectors have been addressed. The commands are syntactically correct and follow Kubernetes best practices
• No files require special attention

[greptile-apps]

_{1 file reviewed, 8 comments}

_{Edit Code Review Agent Settings | Greptile}

[devin-ai-integration]

Addressing Greptile Review Feedback

All issues identified in the Greptile review have been addressed in commit a0dd9f99ed:

1. Pod label selectors corrected: Changed all Infisical pod label selectors from app.kubernetes.io/name=infisical to component=infisical to match the actual Helm chart labels defined in _helpers.tpl. This affects:

   • kubectl logs commands
   • Network policies
   • ServiceMonitor selector
   • topologySpreadConstraints labelSelector
   • PodDisruptionBudget selector

2. PostgreSQL and Redis label selectors: Kept as app.kubernetes.io/name=postgresql and app.kubernetes.io/name=redis since these are Bitnami charts that use standard Kubernetes labels.

The label selectors now match the actual Helm chart templates in helm-charts/infisical-standalone-postgres/templates/_helpers.tpl.

[ashwin-infisical]

@greptileai Can you re-review this PR with all of your comments addressed?