Skip to main content
Version: v2 (preview)

Deploy DevPortal to Kubernetes

This guide walks through deploying DevPortal V2 to a Kubernetes cluster using the veecode-devportal-platform Helm chart. See Plan your setup before proceeding.

For environments where Helm is not available, a no-Helm fallback using raw manifests is documented at the end of this page.

Step 1: Add the Helm repository

helm repo add next-charts https://veecode-platform.github.io/next-charts
helm repo update next-charts
helm search repo veecode-devportal-platform
# should show: 0.1.0 / 2.0.0

Step 2: Create the credentials Secret

Credentials for the presets you select must be in a Kubernetes Secret before helm install. The chart references it via existingSecret.

Never pass production credentials through --set credentials.* — that stores them in the Helm release manifest. Use existingSecret for production.

For the github and github-auth presets:

kubectl create secret generic my-devportal-creds \
  --namespace platform \
  --from-literal=GITHUB_PAT=<personal-access-token> \
  --from-literal=GITHUB_ORG=<your-org> \
  --from-literal=GITHUB_AUTH_CLIENT_ID=<oauth-client-id> \
  --from-literal=GITHUB_AUTH_CLIENT_SECRET=<oauth-client-secret>

For GitOps workflows, use an external secrets operator (External Secrets Operator, Vault Agent, Sealed Secrets) to populate the Secret from your secrets store.

Step 3: Install the chart

helm install devportal next-charts/veecode-devportal-platform \
  --namespace platform \
  --create-namespace \
  --set 'presets={recommended,github,github-auth}' \
  --set existingSecret=my-devportal-creds

To enable ingress at install time:

helm install devportal next-charts/veecode-devportal-platform \
  --namespace platform \
  --create-namespace \
  --set 'presets={recommended,github,github-auth}' \
  --set existingSecret=my-devportal-creds \
  --set ingress.enabled=true \
  --set ingress.hostname=devportal.example.com \
  --set ingress.ingressClassName=nginx

For the kubernetes preset, also pass --set rbac.clusterRoles.create=true so the chart creates the necessary ClusterRole and ClusterRoleBinding.

Step 4: Verify the deployment

kubectl rollout status deploy/devportal-veecode-devportal-platform \
  --namespace platform --timeout=10m

# quick smoke-test without ingress
kubectl port-forward svc/devportal-veecode-devportal-platform \
  --namespace platform 7007:7007
curl -sf localhost:7007/healthcheck && echo OK

A successful boot logs lines like:

VEECODE: preset resolver — VEECODE_PRESETS=recommended,github,github-auth
VEECODE: applying preset "recommended"
...
Running in PRODUCTION mode

If a required variable is missing, the container exits with code 78 and logs exactly which variable to set — the pod will not enter a crash loop silently.

Upgrading

helm upgrade devportal next-charts/veecode-devportal-platform \
  --namespace platform \
  --reuse-values \
  --set existingSecret=my-devportal-creds

No-Helm fallback

If Helm is not available, use the reference manifest from the devportal-platform repository. This manifest applies the same two PVCs, a Deployment, and a Service using plain kubectl:

kubectl apply -f https://raw.githubusercontent.com/veecode-platform/devportal-platform/main/examples/deploy/k8s.yaml

You will need to edit the manifest to:

  • Set VEECODE_PRESETS in the Deployment env block.
  • Add an envFrom referencing a Secret with the required variables for your preset combination.
  • Add an Ingress resource (see Plan your setup).

The Helm chart is the recommended path for production because it handles PVC provisioning, RBAC, ingress, and upgrades consistently. The raw manifest is suitable for minimal or air-gapped environments.

Next steps

  • Configure additional integrations — see Auth & Integrations
  • Review RBAC roles and assign them to users — see RBAC
  • Enable additional plugins via the marketplace in the DevPortal UI