add homepage chart

charts/homepage/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: homepage
+version: 0.0.1
+description: Chart for benphelps homepage
+keywords:
+  - dashboard
+sources:
+  - https://github.com/gethomepage/homepage
+maintainers:
+  - name: alexlebens
+icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
+appVersion: 0.8.7

charts/homepage/README.md

@@ -0,0 +1,18 @@
+## Introduction
+
+[Homepage](https://github.com/benphelps/homepage)
+
+A modern (fully static, fast), secure (fully proxied), highly customizable application dashboard with integrations for more than 25 services and translations for over 15 languages. Easily configured via YAML files (or discovery via docker labels).
+
+This chart bootstraps a [Homepage](https://github.com/benphelps/homepage) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+- Traefik v2 / IngressRoute
+- Authentik / Auth
+
+## Parameters
+
+See the [values files](values.yaml).

charts/homepage/templates/cluster-role-binding.yaml

@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: homepage
+subjects:
+  - kind: ServiceAccount
+    name: homepage
+    namespace: {{ .Release.Namespace }}

charts/homepage/templates/cluster-role.yaml

@@ -0,0 +1,52 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - nodes
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - traefik.containo.us
+      - traefik.io
+    resources:
+      - ingressroutes
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - metrics.k8s.io
+    resources:
+      - nodes
+      - pods
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions/status
+    verbs:
+      - get

charts/homepage/templates/config-map.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: homepage-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+data:
+  bookmarks.yaml: {{- if .Values.config.bookmarks }} |
+{{- .Values.config.bookmarks | toYaml | nindent 4}}
+{{- else }} ""
+{{- end }}
+  docker.yaml: {{- if .Values.config.docker }} |
+{{- .Values.config.docker | toYaml | nindent 4 }}
+{{- else }} ""
+{{- end }}
+  kubernetes.yaml: {{- if .Values.config.kubernetes }} |
+{{- .Values.config.kubernetes | toYaml | nindent 4 }}
+{{- else }} ""
+{{- end }}
+  services.yaml: {{- if .Values.config.services }} |
+{{- .Values.config.services | toYaml | nindent 4 }}
+{{- else }} ""
+{{- end }}
+  settings.yaml: {{- if .Values.config.settings }} |
+{{- .Values.config.settings | toYaml | nindent 4 }}
+{{- else }} ""
+{{- end }}
+  widgets.yaml: {{- if .Values.config.widgets }} |
+{{- .Values.config.widgets | toYaml | nindent 4 }}
+{{- else }} ""
+{{- end }}
+{{ end }}

charts/homepage/templates/deployment.yaml

@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.deployment.replicas }}
+  strategy:
+    type: {{ .Values.deployment.strategy }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: homepage
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: homepage
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: homepage
+      automountServiceAccountToken: true
+      containers:
+        - name: {{ .Release.Name }}
+          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
+          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.http.port }}
+              protocol: TCP
+          env:
+          volumeMounts:
+            - name: homepage-config
+              subPath: bookmarks.yaml
+              mountPath: /app/config/bookmarks.yaml
+            - name: homepage-config
+              subPath: docker.yaml
+              mountPath: /app/config/docker.yaml
+            - name: homepage-config
+              subPath: kubernetes.yaml
+              mountPath: /app/config/kubernetes.yaml
+            - name: homepage-config
+              subPath: services.yaml
+              mountPath: /app/config/services.yaml
+            - name: homepage-config
+              subPath: settings.yaml
+              mountPath: /app/config/settings.yaml
+            - name: homepage-config
+              subPath: widgets.yaml
+              mountPath: /app/config/widgets.yaml
+            - name: logs
+              mountPath: /app/config/logs
+          resources:
+            {{- toYaml .Values.gluetun.resources | nindent 12 }}
+          livenessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 0
+            periodSeconds: 10
+            tcpSocket:
+              port: {{ .Values.service.http.port }}
+            timeoutSeconds: 1
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 0
+            periodSeconds: 10
+            tcpSocket:
+              port: {{ .Values.service.http.port }}
+            timeoutSeconds: 1
+          startupProbe:
+            failureThreshold: 30
+            initialDelaySeconds: 0
+            periodSeconds: 5
+            tcpSocket:
+              port: {{ .Values.service.http.port }}
+            timeoutSeconds: 1
+      volumes:
+        - name: homepage-config
+          configMap:
+            name: homepage-config
+        - name: logs
+          emptyDir: {}

charts/homepage/templates/ingress-route.yaml

@@ -0,0 +1,33 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: "Host(`{{ .Values.ingressRoute.host }}`)"
+      middlewares:
+        - name: authentik
+          namespace: {{ .Release.Namespace }}
+      priority: 10
+      services:
+        - kind: Service
+          name: homepage
+          port: {{ .Values.service.http.port }}
+    - kind: Rule
+      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      services:
+        - kind: Service
+          name: {{ .Values.ingressRoute.authentik.outpost }}
+          port: {{ .Values.ingressRoute.authentik.port }}

charts/homepage/templates/middleware.yaml

@@ -0,0 +1,28 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: auth
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+spec:
+  forwardAuth:
+    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version

charts/homepage/templates/secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: "{{ .Release.Name }}-sa-token"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+  annotations:
+    kubernetes.io/service-account.name: homepage

charts/homepage/templates/service-account.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+secrets:
+  - name: "{{ .Release.Name }}-sa-token"

charts/homepage/templates/service.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: homepage
+    app.kubernetes.io/managed-by: helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ .Values.service.http.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/homepage/values.yaml

@@ -0,0 +1,31 @@
+deployment:
+  image:
+    repository: ghcr.io/benphelps/homepage
+    tag: v0.8.7
+    imagePullPolicy: IfNotPresent
+  replicas: 1
+  strategy: Rolling Update
+  resources:
+    requests:
+      memory: 10Mi
+      cpu: 10m
+    limits:
+      memory: 200Mi
+      cpu: 500m    
+service:
+  http:
+    port: 3000
+ingressRoute:
+  host: homepage.alexlebens.net
+  certResolver: letsencrypt
+  authentik:
+    outpost: authentik-proxy-outpost
+    port: 9000
+config:
+  bookmarks:
+  services:
+  widgets:
+  kubernetes:
+    mode: cluster
+  docker:
+  settings: