Skip to content
Cofide Cofide

Quickstart: Helm

This page describes how to use the Cofide Helm charts to provision workload identity infrastructure.

Cofide SPIRE

Section titled “Cofide SPIRE”

Use cofidectl to generate values for the SPIRE Helm charts:

Terminal window
cofidectl trust-zone helm values \
  <trust zone> \
  --output-file spire-values.yaml

Install the Cofide Helm charts repository.

Terminal window
helm repo add cofide https://charts.cofide.dev

Cofide SPIRE does not require the SPIRE CRDs to be installed. If you are using OSS SPIRE, install the SPIRE CRDs:

Terminal window
helm upgrade --install spire-crds spire-crds \
  --repo cofide \
  --version 0.5.0-cofide.1 \
  --kube-context <context> \
  --namespace spire-mgmt \
  --create-namespace \
  --wait

Install Cofide SPIRE:

Terminal window
helm upgrade --install spire spire \
  --repo cofide \
  --version 0.26.0-cofide.3 \
  --kube-context <context> \
  --namespace spire-mgmt \
  --create-namespace \
  --values spire-values.yaml \
  --wait

See the SPIRE Helm documentation for further details.

Cofide Agent

Section titled “Cofide Agent”

Use cofidectl to generate values for the Cofide Agent Helm chart:

Terminal window
./cofidectl connect agent helm values \
  --trust-zone <trust zone> \
  --cluster <cluster> \
  --output-file cofide-agent-values.yaml

Install the Cofide Helm charts repository.

Terminal window
helm repo add cofide https://charts.cofide.dev

Install Cofide Agent:

Terminal window
helm upgrade --install \
  cofide-agent --repo cofide \
  --version 0.4.3 \
  --kube-context <context> \
  --namespace cofide \
  --create-namespace \
  --values cofide-agent-values.yaml \
  --wait

The generated values contain a short-lived join token that the agent uses to register itself with Connect. If the values file needs to be persisted unencrypted, it may be preferable to generate a join token and inject it separately. To do this, specify --generate-token=false when generating values, then generate a token:

Terminal window
./cofidectl connect agent join-token generate \
  --trust-zone <trust zone> \
  --cluster <cluster> \
  --output-file agent-token

The token can then be injected as a Helm value using --set agent.env.AGENT_TOKEN=<token>.

Cofide Observer

Section titled “Cofide Observer”

Install the Cofide Helm charts repository.

Terminal window
helm repo add cofide https://charts.cofide.dev

Install Cofide Observer:

Terminal window
helm upgrade --install \
  cofide-observer --repo cofide \
  --version 0.3.1 \
  --kube-context <context> \
  --namespace cofide \
  --create-namespace \
  --set observer.connectURL=<your.connect.url> \
  --set observer.connectTrustDomain=<connect.trust.domain> \
  --wait

© 2026 Cofide Limited. All rights reserved.