Semaphore UI Fleet Bundle

Deploys Semaphore UI through Rancher Fleet.

  • Namespace: semaphore
  • Fleet release name: semaphore-ui
  • Ingress: https://semaphore.gem.mintfit.hamburg
  • Image: semaphoreui/semaphore:v2.18.9
  • Database: SQLite at /etc/semaphore/semaphore.sqlite
  • Admin password Secret: semaphore-admin

The local Helm chart in this directory mirrors semaphore_ui/ so Fleet can render and apply the same Deployment, PVC, Service, Ingress, Secret, RBAC, and bootstrap Job from this repository.

Before First Deploy

Create the stable admin password Secret before Fleet applies this bundle. The password is intentionally not stored in Git.

kubectl --context gem-cluster-01 create namespace semaphore \
  --dry-run=client -o yaml \
| kubectl --context gem-cluster-01 apply -f -

kubectl --context gem-cluster-01 -n semaphore create secret generic semaphore-admin \
  --from-literal=admin-password='<choose-a-strong-password>'

To generate a password locally:

openssl rand -base64 32

BoltDB is deprecated upstream and removed in Semaphore 2.19. This Fleet bundle uses SQLite and sets SEMAPHORE_MIGRATE_FROM_BOLTDB so an existing /etc/semaphore/database.boltdb on the PVC can be imported on first SQLite startup.

The admin password is read from a separate, stable Kubernetes Secret. Fleet must not render a random admin password on every sync, because the Secret would rotate while the password stored inside Semaphore's database would not.