Base Library Chart

The matih-base library chart (v1.1.0) provides shared Helm templates that all MATIH service charts inherit. It defines reusable helpers for deployments, services, health probes, security contexts, environment variables, billing labels, and scheduling.

Chart Metadata

# From infrastructure/helm/base/Chart.yaml
apiVersion: v2
name: matih-base
description: Common Helm chart providing shared templates for all Matih services
type: library
version: 1.1.0
appVersion: "1.1.0"

As a library chart, matih-base cannot be installed directly. Service charts declare it as a dependency and invoke its named templates.

Template Categories

Naming Helpers

Template	Purpose
`matih.name`	Chart name truncated to 63 characters
`matih.fullname`	Release-qualified name (release-chart)
`matih.chart`	Chart name and version for labels
`matih.selectorLabels`	Minimal labels for pod selection
`matih.labels`	Full set of standard Kubernetes labels
`matih.podLabels`	Selector labels + `part-of: matih-platform`

Image Resolution

# matih.image - resolves the full image reference
# Priority: image.registry > global.imageRegistry > matihlabsacr.azurecr.io
{{ include "matih.image" . }}
# Renders: matihlabsacr.azurecr.io/matih/ai-service:1.0.0

Environment Variable Templates

Three environment templates for different service types:

Template	Target	Key Variables
`matih.env.spring`	Java Spring Boot	SPRING_DATASOURCE_URL, DB_HOST, REDIS_HOST, KAFKA_BOOTSTRAP_SERVERS
`matih.env.python`	Python FastAPI	DATABASE_URL, REDIS_URL, KAFKA_BOOTSTRAP_SERVERS
`matih.env.node`	Node.js/React	NODE_ENV, PORT, NEXT_PUBLIC_API_URL

Deployment Templates

Pre-built deployment templates for each service type:

# Java Spring Boot service
{{ include "matih.deployment.spring" . }}
 
# Python FastAPI service
{{ include "matih.deployment.python" . }}
 
# Node.js frontend
{{ include "matih.deployment.node" . }}

Each deployment template includes security contexts, health probes, image pull secrets, scheduling constraints, and Prometheus annotations.

Health Probe Templates

The base chart provides startup, liveness, and readiness probes for each service type:

Probe Template	Default Path	Initial Delay	Failure Threshold
`matih.startupProbe.spring`	/actuator/health/liveness	10s	30 (300s max)
`matih.livenessProbe.spring`	/actuator/health/liveness	0s	3
`matih.readinessProbe.spring`	/actuator/health/readiness	0s	3
`matih.startupProbe.python`	/health	5s	20 (100s max)
`matih.livenessProbe.python`	/health	0s	3
`matih.readinessProbe.python`	/health	0s	3
`matih.startupProbe.node`	/api/health	5s	15 (75s max)

Billing Labels

The base chart implements a hierarchical billing label system:

# Required billing labels (always present)
matih.io/cost-center: "CC-ML"
matih.io/application: "data-plane"
matih.io/team: "ml-engineering"
matih.io/environment: "matih-data-plane"
 
# Optional billing labels
matih.io/tenant-id: "platform"
matih.io/workload-type: "api"
matih.io/service: "ai-service"
matih.io/cost-type: "static"

Billing templates include: matih.billingLabels, matih.platformBillingLabels, matih.dynamicBillingLabels, and matih.executorBillingLabels.

Scheduling Templates

Multi-architecture and workload-specific scheduling:

# Combined scheduling helper
{{ include "matih.scheduling" . }}
 
# Renders nodeSelector, tolerations, and affinity based on:
# - nodepool value
# - multiArch configuration
# - GPU requirements
# - Pod anti-affinity rules

Security Templates

# Pod security context
{{ include "matih.podSecurityContext" . }}
# Default: runAsNonRoot: true, runAsUser: 1000, fsGroup: 1000
 
# Container security context
{{ include "matih.securityContext" . }}
# Default: allowPrivilegeEscalation: false, readOnlyRootFilesystem: true, drop ALL capabilities

Infrastructure Connection Templates

Template	Output
`matih.postgresql.url`	`jdbc:postgresql://host:5432/database`
`matih.redis.url`	`redis://host:6379`
`matih.kafka.bootstrapServers`	`strimzi-kafka-kafka-bootstrap.ns.svc.cluster.local:9092`
`matih.elasticsearch.url`	`http://host:9200`

Chart Structure Umbrella Charts