OpenReel Video
OpenReel Video is a browser-based video editor. The HelmForge chart serves the static application with hardened runtime defaults and modern Kubernetes exposure options.
Key Features
- HelmForge-maintained
docker.io/helmforge/openreel-video:v0.4.0image - Static hosting for the upstream browser-based editor
- WebCodecs-ready deployment with writable temporary volume support
- Ingress, Gateway API through the single
gatewayvalues block, dual-stack Service fields, HPA, PDB, NetworkPolicy, and Helm tests - Non-root runtime with dropped Linux capabilities
Installation
helm repo add helmforge https://repo.helmforge.dev
helm repo update
helm install openreel-video helmforge/openreel-video --namespace openreel-video --create-namespacehelm install openreel-video oci://ghcr.io/helmforgedev/helm/openreel-video --namespace openreel-video --create-namespaceExamples
Ingress:
ingress:
enabled: true
ingressClassName: nginx
hosts:
- host: video.example.com
paths:
- path: /
pathType: PrefixGateway API:
gateway:
enabled: true
parentRefs:
- name: public
hostnames:
- video.example.comOperations
The chart is stateless by default. Scale horizontally with HPA when the ingress layer can distribute requests across replicas.
Architecture
OpenReel Video is deployed as a stateless web workload. The chart is designed for browser-based editing frontends and WebCodecs-ready static hosting, so the main operational concerns are routing, cache behavior, temporary writable storage, and safe horizontal scaling.
Runtime flow:
- Ingress or Gateway API receives public HTTPS traffic.
- The Service load-balances requests across OpenReel Video pods.
- The container serves static assets and browser application code.
- Temporary files are written only to the configured
tmpVolume. - Optional HPA and PDB keep the frontend available during rollouts.
Production Values
Use multiple replicas, explicit resources, NetworkPolicy, and either Ingress or Gateway API:
replicaCount: 2
service:
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv4
- IPv6
ingress:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: openreel.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: openreel-video-tls
hosts:
- openreel.example.com
networkPolicy:
enabled: true
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256MiExternalName Compatibility
When the Kubernetes Service should point clients at an externally hosted OpenReel endpoint, use ExternalName and keep
Ingress/Gateway disabled:
service:
type: ExternalName
externalName: openreel-static.example.com
ingress:
enabled: false
gateway:
enabled: falseThis is useful during migration from external hosting into the cluster, or when consumers need a stable Kubernetes DNS name for a service that remains outside Kubernetes.
Gateway API
Gateway API is first-class and uses the shared HelmForge gateway shape:
gateway:
enabled: true
parentRefs:
- name: public
namespace: gateway-system
hostnames:
- openreel.example.com
path: /
pathType: PathPrefixScaling And Rollouts
The chart is stateless, so HPA is safe when the edge layer can distribute requests:
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 6
pdb:
enabled: true
minAvailable: 1Keep tmpVolume.enabled=true unless your custom image does not need writable temporary storage. The root filesystem can
remain read-only while /tmp stays writable.
Validation
After deployment:
helm test openreel-video -n openreel-video
kubectl get pods -n openreel-video -l app.kubernetes.io/name=openreel-video
kubectl logs -n openreel-video deploy/openreel-video --since=10m
kubectl get events -n openreel-video --sort-by=.lastTimestampFor public routes, validate that static assets load with the same host, scheme, and path used by the browser.
Common Issues
| Symptom | Likely Cause | Fix |
|---|---|---|
| Blank page after route exposure | Base URL or static asset path does not match the route | Check browser network errors and Gateway/Ingress path settings. |
| Pods fail with read-only filesystem errors | Application writes outside tmpVolume | Mount an explicit writable volume for the path or fix the image. |
| HPA scales but requests still hit one pod | Edge proxy affinity or cache behavior | Review ingress/gateway load-balancing settings. |
| ExternalName has no endpoints | Expected Kubernetes behavior | Validate DNS resolution from a client pod instead of checking Endpoints. |
Values
| Parameter | Default | Description |
|---|---|---|
replicaCount | 1 | Number of pods when autoscaling is disabled. |
image.repository | docker.io/helmforge/openreel-video | HelmForge OpenReel Video image. |
service.type | ClusterIP | Kubernetes Service type. |
service.ipFamilyPolicy | null | Optional Service dual-stack policy. |
ingress.enabled | false | Render Ingress. |
gateway.enabled | false | Render Gateway API HTTPRoute. |
autoscaling.enabled | false | Render HPA. |
pdb.enabled | false | Render PodDisruptionBudget. |
networkPolicy.enabled | false | Render NetworkPolicy. |
tmpVolume.enabled | true | Mount writable temporary storage. |