seqeralabs · gavinelder · Apr 30, 2026 · May 5, 2026
@@ -5,6 +5,12 @@ All notable changes to this chart will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Changed
+
+- Refresh deployment snapshots after `platformServiceAddress` requirement (#131) and bump license-header year range on `templates/extra-list.yaml` / `tests/extra-list_test.yaml`.
+
 ## [0.33.0] - 2026-04-30
 
 ### Added

@@ -5,6 +5,12 @@ All notable changes to this chart will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Changed
+
+- Refresh deployment snapshot after `platformServiceAddress` requirement (#131).
+
 ## [0.5.0] - 2026-05-05
 
 - **Enhancement**: allow global configuration of Ingress options. A new `global.ingress` block (`enabled`, `path`, `defaultPathType`, `ingressClassName`, `annotations`, `extraLabels`, `tls`) lets cluster-wide Ingress defaults be set once at the parent and propagate to every subchart, removing the need to repeat controller-wide config per subchart. `enabled` is OR-merged; scalar fields fall back to global when local is unset; `annotations` and `extraLabels` are merged with local winning on key collision; `tls` is concatenated (useful for a single wildcard certificate across all services).

@@ -0,0 +1,94 @@
+# Agent Backend - Standalone Deployment Example
+#
+# Use this file when deploying the agent-backend chart independently,
+# without the parent platform chart.
+#
+# Prerequisites:
+# - Seqera Platform already running and accessible
+# - MySQL database provisioned
+# - Redis provisioned
+# - AWS Bedrock or Anthropic API access configured
+# - AWS Load Balancer Controller installed in the cluster
+# - ACM certificate ARN for TLS
+#
+# Deploy with:
+#   helm repo add seqera https://seqeralabs.github.io/helm-charts
+#   helm show values seqera/agent-backend > values.yaml  # pull full defaults to customise
+#   helm upgrade --install agent-backend seqera/agent-backend \
+#     -f values.yaml \
+#     -n seqera
+
+global:
+  # Domain where your existing Seqera Platform is accessible
+  platformExternalDomain: platform.example.com
+
+  # Address of the Seqera Platform backend service.
+  # When Platform is deployed in the same cluster, use its internal service name:
+  #   platformServiceAddress: my-platform-platform-backend
+  # When Platform is external, use its hostname:
+  platformServiceAddress: platform.example.com
+  # platformServicePort: 8080  # default
+
+  # Domain where this agent-backend instance will be accessible
+  agentBackendDomain: ai-api.platform.example.com
+
+database:
+  host: mysql.example.com
+  # port: 3306  # default
+  name: agent_backend
+  username: agent_backend
+  existingSecretName: agent-backend-db-credentials
+  existingSecretKey: password
+
+redis:
+  host: redis.example.com
+  # port: 6379  # default
+  existingSecretName: agent-backend-redis-credentials
+  existingSecretKey: password
+
+# AWS Bedrock configuration (required for AI capabilities)
+bedrockAgentCoreArn: "arn:aws:bedrock:us-east-1:123456789012:agent-runtime/XXXXXXXXXX"
+# Optional: cross-account access via an assumed role
+# bedrockAssumeRoleArn: "arn:aws:iam::123456789012:role/BedrockAccessRole"
+
+embeddings:
+  bedrock:
+    region: us-east-1
+    # modelId: amazon.titan-embed-text-v2:0  # default
+    # dimensions: "1024"                      # default
+
+# Alternatively, use Anthropic directly instead of Bedrock:
+# anthropicApiKeyExistingSecretName: agent-backend-anthropic-credentials
+# anthropicApiKeyExistingSecretKey: api-key
+
+# Token encryption key — must be a valid Fernet key.
+# Generate one with: python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+tokenEncryptionKeyExistingSecretName: agent-backend-secrets
+tokenEncryptionKeyExistingSecretKey: token-encryption-key
+
+# ALB requires NodePort service type
+service:
+  type: NodePort
+
+ingress:
+  enabled: true
+  ingressClassName: alb
+  # ALB requires path "/*" instead of "/"
+  path: "/*"
+  defaultPathType: Prefix
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123456789012:certificate/abcd-1234
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+    alb.ingress.kubernetes.io/ssl-redirect: "443"
+    alb.ingress.kubernetes.io/healthcheck-path: /health
+  # TLS is handled by ACM; no tls section needed
+  tls: []
+
+# resources:
+#   requests:
+#     cpu: "100m"
+#     memory: "1000Mi"
+#   limits:
+#     memory: "1000Mi"
@@ -129,7 +129,7 @@ should render a Deployment with default values:
                 - sh
                 - -c
                 - |
-                  if [ -n "$REDISCLI_AUTH" ]; then echo "$(date): starting check redis '$REDIS_URI' (auth set)"; else echo "$(date): starting check redis '$REDIS_URI' (auth not set)"; fi
+                  echo "$(date): starting check redis '$REDIS_URI' (auth ${REDISCLI_AUTH:+set})"
                   until redis-cli -u "$REDIS_URI" get hello; do
                     echo "$(date): see you in $SLEEP_PERIOD_SECONDS seconds"
                     sleep $SLEEP_PERIOD_SECONDS

@@ -0,0 +1,80 @@
+# MCP - Standalone Deployment Example
+#
+# Use this file when deploying the mcp chart independently,
+# without the parent platform chart.
+#
+# Prerequisites:
+# - Seqera Platform already running and accessible with OIDC enabled
+# - The OIDC initial access token from Platform (used to register MCP as an OAuth client)
+# - AWS Load Balancer Controller installed in the cluster
+# - ACM certificate ARN for TLS
+#
+# Deploy with:
+#   helm repo add seqera https://seqeralabs.github.io/helm-charts
+#   helm show values seqera/mcp > values.yaml  # pull full defaults to customise
+#   helm upgrade --install mcp seqera/mcp \
+#     -f values.yaml \
+#     -n seqera
+
+global:
+  # Domain where your existing Seqera Platform is accessible
+  platformExternalDomain: platform.example.com
+
+  # Address of the Seqera Platform backend service.
+  # When Platform is in the same cluster, use its internal service name:
+  #   platformServiceAddress: my-platform-platform-backend
+  # When Platform is external, use its hostname:
+  platformServiceAddress: platform.example.com
+  # platformServicePort: 8080  # default
+
+  # mcpDomain: mcp.platform.example.com  # default: mcp.<platformExternalDomain>
+  # The OAuth redirect URL is automatically derived as: <mcpDomain>/oauth/callback
+
+# micronautEnvironments:   # default: [oauth-platform]
+#   - oauth-platform
+# Remove 'oauth-platform' and set oauth.issuerUrl explicitly if using a separate OIDC provider.
+
+# OIDC initial access token — must match the value configured in Seqera Platform.
+# When deploying alongside the platform chart, this is wired up automatically.
+# For standalone, retrieve it from the Platform backend Secret:
+#   kubectl get secret <platform-backend-secret> -o jsonpath='{.data.TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN}' | base64 -d
+oidcToken:
+  existingSecretName: platform-backend-secret
+  existingSecretKey: TOWER_OIDC_REGISTRATION_INITIAL_ACCESS_TOKEN
+
+oauth:
+  # JWT seed used to sign MCP authentication tokens.
+  # Provide a stable value so tokens survive pod restarts and upgrades.
+  jwtSeedString: ""  # or use jwtSeedSecretName / jwtSeedSecretKey
+
+# Disable the init container that waits for Platform since it is already running externally
+initContainerDependencies:
+  waitForPlatform:
+    enabled: false
+
+# ALB requires NodePort service type
+service:
+  type: NodePort
+
+ingress:
+  enabled: true
+  ingressClassName: alb
+  # ALB requires path "/*" instead of "/"
+  path: "/*"
+  defaultPathType: Prefix
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123456789012:certificate/abcd-1234
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+    alb.ingress.kubernetes.io/ssl-redirect: "443"
+    alb.ingress.kubernetes.io/healthcheck-path: /health
+  # TLS is handled by ACM; no tls section needed
+  tls: []
+
+# resources:
+#   requests:
+#     cpu: "100m"
+#     memory: "512Mi"
+#   limits:
+#     memory: "512Mi"
@@ -5,6 +5,12 @@ All notable changes to this chart will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Changed
+
+- Bump license-header year range on configmap, secret, service templates and tests (no functional change).
+
 ## [2.0.6] - 2026-05-05
 
 ### Changed

@@ -1,5 +1,5 @@
 {{/*
- Copyright (c) 2025 Seqera Labs
+ Copyright (c) 2025 - 2026 Seqera Labs
  All rights reserved.
 
  SPDX-License-Identifier: Apache-2.0

@@ -1,5 +1,5 @@
 {{/*
- Copyright (c) 2025 Seqera Labs
+ Copyright (c) 2025 - 2026 Seqera Labs
  All rights reserved.
 
  SPDX-License-Identifier: Apache-2.0

@@ -1,5 +1,5 @@
 {{/*
- Copyright (c) 2025 Seqera Labs
+ Copyright (c) 2025 - 2026 Seqera Labs
  All rights reserved.
 
  SPDX-License-Identifier: Apache-2.0

@@ -1,6 +1,6 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 #
-# Copyright (c) 2025 Seqera Labs
+# Copyright (c) 2025 - 2026 Seqera Labs
 # All rights reserved.
 #
 # SPDX-License-Identifier: Apache-2.0

@@ -1,6 +1,6 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 #
-# Copyright (c) 2025 Seqera Labs
+# Copyright (c) 2025 - 2026 Seqera Labs
 # All rights reserved.
 #
 # SPDX-License-Identifier: Apache-2.0

@@ -1,6 +1,6 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 #
-# Copyright (c) 2025 Seqera Labs
+# Copyright (c) 2025 - 2026 Seqera Labs
 # All rights reserved.
 #
 # SPDX-License-Identifier: Apache-2.0

@@ -1,6 +1,6 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 #
-# Copyright (c) 2025 Seqera Labs
+# Copyright (c) 2025 - 2026 Seqera Labs
 # All rights reserved.
 #
 # SPDX-License-Identifier: Apache-2.0

@@ -0,0 +1,50 @@
+# Portal Web - Standalone Deployment Example
+#
+# Use this file when deploying the portal-web chart independently,
+# without the parent platform chart.
+#
+# Prerequisites:
+# - Seqera Platform already running and accessible
+# - Agent Backend already running and accessible
+# - AWS Load Balancer Controller installed in the cluster
+# - ACM certificate ARN for TLS
+#
+# Deploy with:
+#   helm repo add seqera https://seqeralabs.github.io/helm-charts
+#   helm show values seqera/portal-web > values.yaml  # pull full defaults to customise
+#   helm upgrade --install portal-web seqera/portal-web \
+#     -f values.yaml \
+#     -n seqera
+
+global:
+  # Domain where your existing Seqera Platform is accessible
+  platformExternalDomain: platform.example.com
+
+  # agentBackendDomain: ai-api.platform.example.com  # default: ai-api.<platformExternalDomain>
+  # portalWebDomain: ai.platform.example.com          # default: ai.<platformExternalDomain>
+
+# ALB requires NodePort service type
+service:
+  type: NodePort
+
+ingress:
+  enabled: true
+  ingressClassName: alb
+  # ALB requires path "/*" instead of "/"
+  path: "/*"
+  defaultPathType: Prefix
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:123456789012:certificate/abcd-1234
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+    alb.ingress.kubernetes.io/ssl-redirect: "443"
+  # TLS is handled by ACM; no tls section needed
+  tls: []
+
+# resources:           # chart defaults: 100m CPU / 500Mi memory
+#   requests:
+#     cpu: "100m"
+#     memory: "500Mi"
+#   limits:
+#     memory: "500Mi"