Poznote
Deploy Poznote on Kubernetes as a self-hosted note-taking and documentation platform.
Overview
The HelmForge Poznote chart uses the official ghcr.io/timothepoznanski/poznote:6.29.0 image. The container serves the web frontend and API on port 80, stores all data (notes, attachments, configuration) in a SQLite database under /var/www/html/data.
Poznote is designed for personal and small-team use. Data persistence relies on a single PVC. Scaling beyond one replica is not supported because SQLite does not handle concurrent writes from multiple instances.
Configuration Reference
Core runtime:
image.repository,image.tag,image.pullPolicy: official pinned Poznote image and pull behavior.replicaCount: pod count. The chart rejects values greater than1because Poznote uses SQLite.app.timezone,app.debug.commonLabels,nameOverride,fullnameOverride.
Secrets:
secrets.existingSecret: existing Secret for Poznote OIDC credentials.secrets.oidcClientIdKey,secrets.oidcClientId: OIDC client ID source.secrets.oidcClientSecretKey,secrets.oidcClientSecret: OIDC client secret source.
OIDC:
poznote.oidc.disableNormalLogin: force SSO-only mode, hiding the local login form.
Persistence:
persistence.data: SQLite database, notes, attachments, and configuration. Single PVC, 5Gi default.
Exposure and operations:
service.type,service.port,service.annotations,service.ipFamilyPolicy,service.ipFamilies.ingress.enabled,ingress.ingressClassName,ingress.annotations,ingress.hosts,ingress.tls.gatewayAPI.enabled,gatewayAPI.httpRoutes.externalSecrets.enabled,externalSecrets.items.networkPolicy.enabled,networkPolicy.ingressFrom,networkPolicy.egress.probes.startup,probes.liveness,probes.readiness.resources,podSecurityContext,securityContext.serviceAccount,pdb,nodeSelector,tolerations,affinity,topologySpreadConstraints.priorityClassName,terminationGracePeriodSeconds,podLabels,podAnnotations,extraVolumes,extraVolumeMounts,extraManifests.
Installation
helm repo add helmforge https://repo.helmforge.dev
helm repo update
helm install poznote helmforge/poznote
OCI install:
helm install poznote oci://ghcr.io/helmforgedev/helm/poznote
Production Example
secrets:
existingSecret: poznote-oidc
persistence:
data:
size: 10Gi
ingress:
enabled: true
ingressClassName: traefik
hosts:
- host: notes.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: notes-tls
hosts:
- notes.example.com
networkPolicy:
enabled: true
Create the OIDC Secret before enabling SSO:
apiVersion: v1
kind: Secret
metadata:
name: poznote-oidc
type: Opaque
stringData:
oidc-client-id: your-oidc-client-id
oidc-client-secret: your-oidc-client-secret
Default login credentials are admin_change_me / admin. Change them immediately after first login.
Gateway API
gatewayAPI:
enabled: true
httpRoutes:
- parentRefs:
- name: public
namespace: gateway-system
hostnames:
- notes.example.com
External Secrets
secrets:
existingSecret: poznote-oidc
externalSecrets:
enabled: true
items:
- fullnameOverride: poznote-oidc
spec:
secretStoreRef:
kind: ClusterSecretStore
name: production
target:
name: poznote-oidc
creationPolicy: Owner
data:
- secretKey: oidc-client-id
remoteRef:
key: poznote/oidc
property: client-id
- secretKey: oidc-client-secret
remoteRef:
key: poznote/oidc
property: client-secret
Backup
Back up the data PVC regularly. It contains the SQLite database, all notes, attachments, and application configuration. Use your storage provider’s snapshot mechanism or a tool like Velero. Poznote also supports data export from the web interface (Settings > Export).