Varnish Helm Chart


To get started with the Varnish Helm Chart, make sure Helm is already installed.

Adding the Varnish Helm Chart Repository

To add the Varnish Helm Chart repository to Helm:

$ helm repo add varnish --username <token> --password does-not-matter

Replace <token> with your Varnish Enterprise’s PackageCloud token.

Creating an Image Pull Secret

A pull secret must also be created to allow the Kubernetes cluster to download from the Varnish Docker repository.

Create a file named dockerconfig.json with the following content:

  "auths": {
    "": {
      "username": "<username>",
      "password": "<password>"

Replace <username> and <password> with your Varnish Docker image’s credentials.

Then either use Kustomize or create the secret file manually.

Using Kustomize

To generate varnish-pull-secret using Kustomize, create a varnish-pull-secret directory and move dockerconfig.json into it:

$ mkdir -p varnish-pull-secret/
$ mv dockerconfig.json varnish-pull-secret/

Then create varnish-pull-secret/kustomization.yaml:

kind: Kustomization
  - name: varnish-pull-secret
      - .dockerconfigjson=dockerconfig.json

Once varnish-pull-secret/kustomization.yaml is created, it can now be deployed onto the cluster:

$ kubectl apply -k varnish-pull-secret

Note: Kustomize will create a secret with a unique name depending on the content of the secret file.


To manually generate varnish-pull-secret.yaml, run the following command:

$ DOCKERCONFIG_JSON_BASE64=$(base64 -w 0 < dockerconfig.json)
# on macOS, you may need to use base64 -b 0 < dockerconfig.json instead

$ cat <<EOF > varnish-pull-secret.yaml
apiVersion: v1
kind: Secret
  name: varnish-pull-secret
  .dockerconfigjson: $DOCKERCONFIG_JSON_BASE64

Once varnish-pull-secret.yaml is created, it can now be deployed onto the cluster:

$ kubectl apply -f varnish-pull-secret.yaml

To list the newly created secret use:

$ kubectl get secrets

Deploying Varnish Enterprise

Create values.yaml for Varnish Enterprise with basic configuration:

    - name: varnish-pull-secret # replace with your newly created secret

  kind: "StatefulSet"
  replicas: 1

  vclConfig: |
    vcl 4.1;

    backend default {
      .host = "";
      .port = "80";

    sub vcl_backend_fetch {
      set bereq.http.Host = "";

Deploy Varnish Enterprise:

$ helm install -f values.yaml varnish-enterprise varnish/varnish-enterprise

You should now have Varnish Enterprise running in the cluster! Follow an on-screen instruction on how to access a Varnish Enterprise instance from outside the cluster.