diff --git a/charts/homepage/Chart.yaml b/charts/homepage/Chart.yaml new file mode 100644 index 0000000..f670e7c --- /dev/null +++ b/charts/homepage/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: homepage +version: 0.0.1 +description: Chart for benphelps homepage +keywords: + - dashboard +sources: + - https://github.com/gethomepage/homepage +maintainers: + - name: alexlebens +icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png +appVersion: 0.8.7 diff --git a/charts/homepage/README.md b/charts/homepage/README.md new file mode 100644 index 0000000..47ca62e --- /dev/null +++ b/charts/homepage/README.md @@ -0,0 +1,18 @@ +## Introduction + +[Homepage](https://github.com/benphelps/homepage) + +A modern (fully static, fast), secure (fully proxied), highly customizable application dashboard with integrations for more than 25 services and translations for over 15 languages. Easily configured via YAML files (or discovery via docker labels). + +This chart bootstraps a [Homepage](https://github.com/benphelps/homepage) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes +- Helm +- Traefik v2 / IngressRoute +- Authentik / Auth + +## Parameters + +See the [values files](values.yaml). diff --git a/charts/homepage/templates/cluster-role-binding.yaml b/charts/homepage/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..0bbbe37 --- /dev/null +++ b/charts/homepage/templates/cluster-role-binding.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: homepage +subjects: + - kind: ServiceAccount + name: homepage + namespace: {{ .Release.Namespace }} diff --git a/charts/homepage/templates/cluster-role.yaml b/charts/homepage/templates/cluster-role.yaml new file mode 100644 index 0000000..8be89a5 --- /dev/null +++ b/charts/homepage/templates/cluster-role.yaml @@ -0,0 +1,52 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + - nodes + verbs: + - get + - list + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - apiGroups: + - traefik.containo.us + - traefik.io + resources: + - ingressroutes + verbs: + - get + - list + - apiGroups: + - metrics.k8s.io + resources: + - nodes + - pods + verbs: + - get + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get diff --git a/charts/homepage/templates/config-map.yaml b/charts/homepage/templates/config-map.yaml new file mode 100644 index 0000000..38fb4e2 --- /dev/null +++ b/charts/homepage/templates/config-map.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: homepage-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +data: + bookmarks.yaml: {{- if .Values.config.bookmarks }} | +{{- .Values.config.bookmarks | toYaml | nindent 4}} +{{- else }} "" +{{- end }} + docker.yaml: {{- if .Values.config.docker }} | +{{- .Values.config.docker | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} + kubernetes.yaml: {{- if .Values.config.kubernetes }} | +{{- .Values.config.kubernetes | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} + services.yaml: {{- if .Values.config.services }} | +{{- .Values.config.services | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} + settings.yaml: {{- if .Values.config.settings }} | +{{- .Values.config.settings | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} + widgets.yaml: {{- if .Values.config.widgets }} | +{{- .Values.config.widgets | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} +{{ end }} diff --git a/charts/homepage/templates/deployment.yaml b/charts/homepage/templates/deployment.yaml new file mode 100644 index 0000000..1e9ba27 --- /dev/null +++ b/charts/homepage/templates/deployment.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +spec: + revisionHistoryLimit: 3 + replicas: {{ .Values.deployment.replicas }} + strategy: + type: {{ .Values.deployment.strategy }} + selector: + matchLabels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: homepage + automountServiceAccountToken: true + containers: + - name: {{ .Release.Name }} + image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" + imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.http.port }} + protocol: TCP + env: + volumeMounts: + - name: homepage-config + subPath: bookmarks.yaml + mountPath: /app/config/bookmarks.yaml + - name: homepage-config + subPath: docker.yaml + mountPath: /app/config/docker.yaml + - name: homepage-config + subPath: kubernetes.yaml + mountPath: /app/config/kubernetes.yaml + - name: homepage-config + subPath: services.yaml + mountPath: /app/config/services.yaml + - name: homepage-config + subPath: settings.yaml + mountPath: /app/config/settings.yaml + - name: homepage-config + subPath: widgets.yaml + mountPath: /app/config/widgets.yaml + - name: logs + mountPath: /app/config/logs + resources: + {{- toYaml .Values.gluetun.resources | nindent 12 }} + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + tcpSocket: + port: {{ .Values.service.http.port }} + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + tcpSocket: + port: {{ .Values.service.http.port }} + timeoutSeconds: 1 + startupProbe: + failureThreshold: 30 + initialDelaySeconds: 0 + periodSeconds: 5 + tcpSocket: + port: {{ .Values.service.http.port }} + timeoutSeconds: 1 + volumes: + - name: homepage-config + configMap: + name: homepage-config + - name: logs + emptyDir: {} diff --git a/charts/homepage/templates/ingress-route.yaml b/charts/homepage/templates/ingress-route.yaml new file mode 100644 index 0000000..2c329ea --- /dev/null +++ b/charts/homepage/templates/ingress-route.yaml @@ -0,0 +1,33 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: "Host(`{{ .Values.ingressRoute.host }}`)" + middlewares: + - name: authentik + namespace: {{ .Release.Namespace }} + priority: 10 + services: + - kind: Service + name: homepage + port: {{ .Values.service.http.port }} + - kind: Rule + match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + services: + - kind: Service + name: {{ .Values.ingressRoute.authentik.outpost }} + port: {{ .Values.ingressRoute.authentik.port }} diff --git a/charts/homepage/templates/middleware.yaml b/charts/homepage/templates/middleware.yaml new file mode 100644 index 0000000..72bae78 --- /dev/null +++ b/charts/homepage/templates/middleware.yaml @@ -0,0 +1,28 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: authentik + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: auth + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +spec: + forwardAuth: + address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik" + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/charts/homepage/templates/secret.yaml b/charts/homepage/templates/secret.yaml new file mode 100644 index 0000000..a8a67c7 --- /dev/null +++ b/charts/homepage/templates/secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: "{{ .Release.Name }}-sa-token" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm + annotations: + kubernetes.io/service-account.name: homepage diff --git a/charts/homepage/templates/service-account.yaml b/charts/homepage/templates/service-account.yaml new file mode 100644 index 0000000..cc715e6 --- /dev/null +++ b/charts/homepage/templates/service-account.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +secrets: + - name: "{{ .Release.Name }}-sa-token" diff --git a/charts/homepage/templates/service.yaml b/charts/homepage/templates/service.yaml new file mode 100644 index 0000000..3b777f8 --- /dev/null +++ b/charts/homepage/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/homepage/values.yaml b/charts/homepage/values.yaml new file mode 100644 index 0000000..fbf7bda --- /dev/null +++ b/charts/homepage/values.yaml @@ -0,0 +1,31 @@ +deployment: + image: + repository: ghcr.io/benphelps/homepage + tag: v0.8.7 + imagePullPolicy: IfNotPresent + replicas: 1 + strategy: Rolling Update + resources: + requests: + memory: 10Mi + cpu: 10m + limits: + memory: 200Mi + cpu: 500m +service: + http: + port: 3000 +ingressRoute: + host: homepage.alexlebens.net + certResolver: letsencrypt + authentik: + outpost: authentik-proxy-outpost + port: 9000 +config: + bookmarks: + services: + widgets: + kubernetes: + mode: cluster + docker: + settings: