From 72d4a1d4b7a1996c91b6f14926df7d8d39c9f928 Mon Sep 17 00:00:00 2001 From: Alex Date: Fri, 9 Feb 2024 20:53:54 -0700 Subject: [PATCH] add homepage chart --- charts/homepage/Chart.yaml | 12 +++ charts/homepage/README.md | 18 ++++ .../templates/cluster-role-binding.yaml | 20 +++++ charts/homepage/templates/cluster-role.yaml | 52 +++++++++++ charts/homepage/templates/config-map.yaml | 38 ++++++++ charts/homepage/templates/deployment.yaml | 88 +++++++++++++++++++ charts/homepage/templates/ingress-route.yaml | 33 +++++++ charts/homepage/templates/middleware.yaml | 28 ++++++ charts/homepage/templates/secret.yaml | 15 ++++ .../homepage/templates/service-account.yaml | 14 +++ charts/homepage/templates/service.yaml | 22 +++++ charts/homepage/values.yaml | 31 +++++++ 12 files changed, 371 insertions(+) create mode 100644 charts/homepage/Chart.yaml create mode 100644 charts/homepage/README.md create mode 100644 charts/homepage/templates/cluster-role-binding.yaml create mode 100644 charts/homepage/templates/cluster-role.yaml create mode 100644 charts/homepage/templates/config-map.yaml create mode 100644 charts/homepage/templates/deployment.yaml create mode 100644 charts/homepage/templates/ingress-route.yaml create mode 100644 charts/homepage/templates/middleware.yaml create mode 100644 charts/homepage/templates/secret.yaml create mode 100644 charts/homepage/templates/service-account.yaml create mode 100644 charts/homepage/templates/service.yaml create mode 100644 charts/homepage/values.yaml diff --git a/charts/homepage/Chart.yaml b/charts/homepage/Chart.yaml new file mode 100644 index 0000000..f670e7c --- /dev/null +++ b/charts/homepage/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: homepage +version: 0.0.1 +description: Chart for benphelps homepage +keywords: + - dashboard +sources: + - https://github.com/gethomepage/homepage +maintainers: + - name: alexlebens +icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png +appVersion: 0.8.7 diff --git a/charts/homepage/README.md b/charts/homepage/README.md new file mode 100644 index 0000000..47ca62e --- /dev/null +++ b/charts/homepage/README.md @@ -0,0 +1,18 @@ +## Introduction + +[Homepage](https://github.com/benphelps/homepage) + +A modern (fully static, fast), secure (fully proxied), highly customizable application dashboard with integrations for more than 25 services and translations for over 15 languages. Easily configured via YAML files (or discovery via docker labels). + +This chart bootstraps a [Homepage](https://github.com/benphelps/homepage) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes +- Helm +- Traefik v2 / IngressRoute +- Authentik / Auth + +## Parameters + +See the [values files](values.yaml). diff --git a/charts/homepage/templates/cluster-role-binding.yaml b/charts/homepage/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..0bbbe37 --- /dev/null +++ b/charts/homepage/templates/cluster-role-binding.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: homepage +subjects: + - kind: ServiceAccount + name: homepage + namespace: {{ .Release.Namespace }} diff --git a/charts/homepage/templates/cluster-role.yaml b/charts/homepage/templates/cluster-role.yaml new file mode 100644 index 0000000..8be89a5 --- /dev/null +++ b/charts/homepage/templates/cluster-role.yaml @@ -0,0 +1,52 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + - nodes + verbs: + - get + - list + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - apiGroups: + - traefik.containo.us + - traefik.io + resources: + - ingressroutes + verbs: + - get + - list + - apiGroups: + - metrics.k8s.io + resources: + - nodes + - pods + verbs: + - get + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get diff --git a/charts/homepage/templates/config-map.yaml b/charts/homepage/templates/config-map.yaml new file mode 100644 index 0000000..38fb4e2 --- /dev/null +++ b/charts/homepage/templates/config-map.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: homepage-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +data: + bookmarks.yaml: {{- if .Values.config.bookmarks }} | +{{- .Values.config.bookmarks | toYaml | nindent 4}} +{{- else }} "" +{{- end }} + docker.yaml: {{- if .Values.config.docker }} | +{{- .Values.config.docker | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} + kubernetes.yaml: {{- if .Values.config.kubernetes }} | +{{- .Values.config.kubernetes | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} + services.yaml: {{- if .Values.config.services }} | +{{- .Values.config.services | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} + settings.yaml: {{- if .Values.config.settings }} | +{{- .Values.config.settings | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} + widgets.yaml: {{- if .Values.config.widgets }} | +{{- .Values.config.widgets | toYaml | nindent 4 }} +{{- else }} "" +{{- end }} +{{ end }} diff --git a/charts/homepage/templates/deployment.yaml b/charts/homepage/templates/deployment.yaml new file mode 100644 index 0000000..1e9ba27 --- /dev/null +++ b/charts/homepage/templates/deployment.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +spec: + revisionHistoryLimit: 3 + replicas: {{ .Values.deployment.replicas }} + strategy: + type: {{ .Values.deployment.strategy }} + selector: + matchLabels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: homepage + automountServiceAccountToken: true + containers: + - name: {{ .Release.Name }} + image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}" + imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.http.port }} + protocol: TCP + env: + volumeMounts: + - name: homepage-config + subPath: bookmarks.yaml + mountPath: /app/config/bookmarks.yaml + - name: homepage-config + subPath: docker.yaml + mountPath: /app/config/docker.yaml + - name: homepage-config + subPath: kubernetes.yaml + mountPath: /app/config/kubernetes.yaml + - name: homepage-config + subPath: services.yaml + mountPath: /app/config/services.yaml + - name: homepage-config + subPath: settings.yaml + mountPath: /app/config/settings.yaml + - name: homepage-config + subPath: widgets.yaml + mountPath: /app/config/widgets.yaml + - name: logs + mountPath: /app/config/logs + resources: + {{- toYaml .Values.gluetun.resources | nindent 12 }} + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + tcpSocket: + port: {{ .Values.service.http.port }} + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + tcpSocket: + port: {{ .Values.service.http.port }} + timeoutSeconds: 1 + startupProbe: + failureThreshold: 30 + initialDelaySeconds: 0 + periodSeconds: 5 + tcpSocket: + port: {{ .Values.service.http.port }} + timeoutSeconds: 1 + volumes: + - name: homepage-config + configMap: + name: homepage-config + - name: logs + emptyDir: {} diff --git a/charts/homepage/templates/ingress-route.yaml b/charts/homepage/templates/ingress-route.yaml new file mode 100644 index 0000000..2c329ea --- /dev/null +++ b/charts/homepage/templates/ingress-route.yaml @@ -0,0 +1,33 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: "Host(`{{ .Values.ingressRoute.host }}`)" + middlewares: + - name: authentik + namespace: {{ .Release.Namespace }} + priority: 10 + services: + - kind: Service + name: homepage + port: {{ .Values.service.http.port }} + - kind: Rule + match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + services: + - kind: Service + name: {{ .Values.ingressRoute.authentik.outpost }} + port: {{ .Values.ingressRoute.authentik.port }} diff --git a/charts/homepage/templates/middleware.yaml b/charts/homepage/templates/middleware.yaml new file mode 100644 index 0000000..72bae78 --- /dev/null +++ b/charts/homepage/templates/middleware.yaml @@ -0,0 +1,28 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: authentik + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: auth + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +spec: + forwardAuth: + address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik" + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/charts/homepage/templates/secret.yaml b/charts/homepage/templates/secret.yaml new file mode 100644 index 0000000..a8a67c7 --- /dev/null +++ b/charts/homepage/templates/secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: "{{ .Release.Name }}-sa-token" + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm + annotations: + kubernetes.io/service-account.name: homepage diff --git a/charts/homepage/templates/service-account.yaml b/charts/homepage/templates/service-account.yaml new file mode 100644 index 0000000..cc715e6 --- /dev/null +++ b/charts/homepage/templates/service-account.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +secrets: + - name: "{{ .Release.Name }}-sa-token" diff --git a/charts/homepage/templates/service.yaml b/charts/homepage/templates/service.yaml new file mode 100644 index 0000000..3b777f8 --- /dev/null +++ b/charts/homepage/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: homepage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: homepage + app.kubernetes.io/managed-by: helm +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: homepage + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/homepage/values.yaml b/charts/homepage/values.yaml new file mode 100644 index 0000000..fbf7bda --- /dev/null +++ b/charts/homepage/values.yaml @@ -0,0 +1,31 @@ +deployment: + image: + repository: ghcr.io/benphelps/homepage + tag: v0.8.7 + imagePullPolicy: IfNotPresent + replicas: 1 + strategy: Rolling Update + resources: + requests: + memory: 10Mi + cpu: 10m + limits: + memory: 200Mi + cpu: 500m +service: + http: + port: 3000 +ingressRoute: + host: homepage.alexlebens.net + certResolver: letsencrypt + authentik: + outpost: authentik-proxy-outpost + port: 9000 +config: + bookmarks: + services: + widgets: + kubernetes: + mode: cluster + docker: + settings: