inject db secrets into deployment

.github/renovate.json

@@ -45,19 +45,15 @@
             "matchPackageNames": [
                 "linuxserver/calibre",
                 "homeassistant/home-assistant",
+                "linuxserver/code-server",
                 "ghcr.io/gethomepage/homepage",
-                "ghcr.io/cloudnative-pg/postgresql",
-                "linuxserver/code-server"
+                "ghcr.io/alex1989hu/kubelet-serving-cert-approver",
+                "rmcrackan/libation",
+                "outlinewiki/outline",
+                "ghcr.io/cloudnative-pg/postgresql"
             ],
             "matchDatasources": [
-                "docker",
-                "gitea-releases",
-                "gitea-tags",
-                "github-releases",
-                "github-tags",
-                "gitlab-packages",
-                "gitlab-releases",
-                "gitlab-tags"
+                "docker"
             ],
             "schedule": [
                 "after 10am on tuesday",
@@ -71,6 +67,27 @@
             "bumpVersion": "minor",
             "automerge": false,
             "minimumReleaseAge": "3 days"
+        },
+        {
+            "description": "Generate application charts on Tuesdays",
+            "matchPackageNames": [
+                "redis"
+            ],
+            "matchDatasources": [
+                "helm"
+            ],
+            "schedule": [
+                "after 10am on tuesday",
+                "before 5pm on tuesday"
+            ],
+            "addLabels": [
+                "upgrade",
+                "weekly",
+                "chart"
+            ],
+            "bumpVersion": "minor",
+            "automerge": false,
+            "minimumReleaseAge": "3 days"
         }
     ]
-}
+}

charts/calibre-server/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: calibre-server
-version: 0.0.4
+version: 0.0.5
 description: Chart for Calibre content database
 keywords:
   - media

charts/calibre-server/README.md

@@ -11,6 +11,7 @@ This chart bootstraps a [Calibre](https://github.com/home-assistant) deployment
 - Kubernetes
 - Helm
 - Traefik v2 / IngressRoute
+- Authentik / Auth
 
 ## Parameters
 

charts/calibre-server/templates/deployment.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   revisionHistoryLimit: 3
   replicas: {{ .Values.deployment.replicas }}
@@ -28,7 +27,7 @@ spec:
       serviceAccountName: calibre-server
       automountServiceAccountToken: true
       containers:
-        - name: {{ .Release.Name }}
+        - name: calibre-server
           image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
           imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
           ports:

charts/calibre-server/templates/ingress-route.yaml

@@ -10,7 +10,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: calibre-server
-    app.kubernetes.io/managed-by: helm
 spec:
   entryPoints:
     - websecure
@@ -18,7 +17,7 @@ spec:
     - kind: Rule
       match: "Host(`{{ .Values.ingressRoute.http.host }}`)"
       middlewares:
-        - name: authentik
+        - name: "authentik-{{ .Release.Name }}"
           namespace: {{ .Release.Namespace }}
       priority: 10
       services:

charts/calibre-server/templates/middleware.yaml

@@ -2,15 +2,14 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: authentik
+  name: "authentik-{{ .Release.Name }}"
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: calibre-server
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: calibre-server
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   forwardAuth:
     address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"

charts/calibre-server/templates/persistant-volume-claim.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   accessModes:
     - ReadWriteOnce

charts/calibre-server/templates/service-account.yaml

@@ -9,4 +9,3 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: calibre-server
-    app.kubernetes.io/managed-by: helm

charts/calibre-server/templates/service.yaml

@@ -2,14 +2,13 @@ apiVersion: v1
 kind: Service
 metadata:
   name: calibre-server
-  namespace: {{ .Release.Namespace }}  
+  namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: calibre-server
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   type: ClusterIP
   ports:
@@ -26,14 +25,13 @@ apiVersion: v1
 kind: Service
 metadata:
   name: calibre-server-content
-  namespace: {{ .Release.Namespace }}  
+  namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: calibre-server
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   type: ClusterIP
   ports:

charts/calibre-server/values.yaml

@@ -29,14 +29,14 @@ service:
 ingressRoute:
   enabled: true
   http:
-    host: server.calibre.alexlebens.net
+    host:
   authentik:
     outpost: authentik-proxy-outpost
     port: 9000
 persistence:
   config:
-    storageClassName: ceph-block
+    storageClassName: default
     storageSize: 5Gi
     volumeMode: Filesystem
   books:
-    claimName: calibre-server-nfs-storage
+    claimName:

charts/home-assistant/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: home-assistant
-version: 0.0.14
+version: 0.0.15
 description: Chart for Home Assistant
 keywords:
   - home-automation

charts/home-assistant/templates/deployment.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   revisionHistoryLimit: 3
   replicas: {{ .Values.deployment.replicas }}

charts/home-assistant/templates/ingress-route.yaml

@@ -10,7 +10,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: home-assistant
-    app.kubernetes.io/managed-by: helm
 spec:
   entryPoints:
     - websecure
@@ -18,7 +17,7 @@ spec:
     - kind: Rule
       match: "Host(`{{ .Values.ingressRoute.host }}`)"
       middlewares:
-        - name: authentik
+        - name: "authentik-{{ .Release.Name }}"
           namespace: {{ .Release.Namespace }}
       priority: 10
       services:
@@ -47,7 +46,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: home-assistant
-    app.kubernetes.io/managed-by: helm
 spec:
   entryPoints:
     - websecure
@@ -59,4 +57,4 @@ spec:
         - kind: Service
           name: home-assistant-codeserver
           port: {{ .Values.codeserver.service.http.port }}
-{{- end }}          
+{{- end }}

charts/home-assistant/templates/middleware.yaml

@@ -2,15 +2,14 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: authentik
+  name: "authentik-{{ .Release.Name }}"
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: home-assistant
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   forwardAuth:
     address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"

charts/home-assistant/templates/persistant-volume-claim.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   accessModes:
     - ReadWriteOnce

charts/home-assistant/templates/prometheus-rule.yaml

@@ -10,7 +10,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: home-assistant
-    app.kubernetes.io/managed-by: helm
 spec:
   groups:
     - name: {{ .Release.Name }}

charts/home-assistant/templates/service-account.yaml

@@ -9,4 +9,3 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: home-assistant
-    app.kubernetes.io/managed-by: helm

charts/home-assistant/templates/service-monitor.yaml

@@ -10,7 +10,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: home-assistant
-    app.kubernetes.io/managed-by: helm
 spec:
   selector:
     matchLabels:

charts/home-assistant/templates/service.yaml

@@ -2,14 +2,13 @@ apiVersion: v1
 kind: Service
 metadata:
   name: home-assistant
-  namespace: {{ .Release.Namespace }}  
+  namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: home-assistant
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   type: ClusterIP
   ports:
@@ -27,14 +26,13 @@ apiVersion: v1
 kind: Service
 metadata:
   name: home-assistant-codeserver
-  namespace: {{ .Release.Namespace }}  
+  namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: home-assistant
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   type: ClusterIP
   ports:

charts/home-assistant/values.yaml

@@ -3,10 +3,10 @@ deployment:
   strategy: Recreate
   image:
     repository: homeassistant/home-assistant
-    tag: 2024.2.5
+    tag: 2024.3.0
     imagePullPolicy: IfNotPresent
   env:
-    TZ: US/Mountain
+    TZ: UTC
   envFrom:
   resources:
     requests:
@@ -20,7 +20,7 @@ service:
     port: 8123
 ingressRoute:
   enabled: true
-  host: homeassistant.alexlebens.net
+  host:
   authentik:
     outpost: authentik-proxy-outpost
     port: 9000
@@ -49,17 +49,17 @@ metrics:
           severity: critical
 persistence:
   config:
-    storageClassName: ceph-block
+    storageClassName: default
     storageSize: 1Gi
     volumeMode: Filesystem
 codeserver:
-  enabled: true
+  enabled: false
   image:
     repository: linuxserver/code-server
     tag: 4.22.0
     imagePullPolicy: IfNotPresent
   env:
-    TZ: US/Mountain
+    TZ: UTC
     PUID: 1000
     PGID: 1000
     DEFAULT_WORKSPACE: /config
@@ -70,5 +70,5 @@ codeserver:
     http:
       port: 8443
   ingressRoute:
-    enabled: true
-    host: codeserver.homeassistant.alexlebens.net
+    enabled: false
+    host:

charts/homepage/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: homepage
-version: 0.0.5
+version: 0.0.7
 description: Chart for benphelps homepage
 keywords:
   - dashboard
@@ -9,4 +9,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.8
+appVersion: v0.8.9

charts/homepage/templates/cluster-role-binding.yaml

@@ -1,19 +1,18 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: homepage
+  name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: homepage
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: homepage
+  name: {{ .Release.Name }}
 subjects:
   - kind: ServiceAccount
     name: homepage

charts/homepage/templates/cluster-role.yaml

@@ -1,15 +1,14 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: homepage
+  name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: homepage
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 rules:
   - apiGroups:
       - ""

charts/homepage/templates/config-map.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
 data:
   bookmarks.yaml: {{- if .Values.config.bookmarks }} |
 {{- .Values.config.bookmarks | toYaml | nindent 4}}

charts/homepage/templates/deployment.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
 spec:
   revisionHistoryLimit: 3
   replicas: {{ .Values.deployment.replicas }}

charts/homepage/templates/ingress-route.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
 spec:
   entryPoints:
     - websecure
@@ -17,7 +16,7 @@ spec:
     - kind: Rule
       match: "Host(`{{ .Values.ingressRoute.host }}`)"
       middlewares:
-        - name: authentik
+        - name: "authentik-{{ .Release.Name }}"
           namespace: {{ .Release.Namespace }}
       priority: 10
       services:

charts/homepage/templates/middleware.yaml

@@ -1,15 +1,14 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: authentik
+  name: "authentik-{{ .Release.Name }}"
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: homepage
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   forwardAuth:
     address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"

charts/homepage/templates/secret.yaml

@@ -10,6 +10,5 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
   annotations:
     kubernetes.io/service-account.name: homepage

charts/homepage/templates/service-account.yaml

@@ -9,6 +9,5 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
 secrets:
   - name: "{{ .Release.Name }}-sa-token"

charts/homepage/templates/service.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: homepage
-    app.kubernetes.io/managed-by: helm
 spec:
   type: ClusterIP
   ports:

charts/homepage/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.8
+    tag: v0.8.9
     imagePullPolicy: IfNotPresent
   env:
   envFrom:
@@ -18,7 +18,7 @@ service:
   http:
     port: 3000
 ingressRoute:
-  host: homepage.alexlebens.net
+  host:
   authentik:
     outpost: authentik-proxy-outpost
     port: 9000

charts/kubelet-serving-cert-approver/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubelet-serving-cert-approver
-version: 0.0.3
+version: 0.0.4
 description: Kubelet Serving TLS Certificate Signing Request Approver
 keywords:
   - kubernetes

charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml

@@ -1,15 +1,14 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ .Release.Name }}
+  name: kubelet-serving-cert-approver
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: kubelet-serving-cert-approver
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

charts/kubelet-serving-cert-approver/templates/cluster-role.yaml

@@ -4,12 +4,11 @@ metadata:
   name: "certificates:{{ .Release.Name }}"
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: kubelet-serving-cert-approver
 rules:
   - apiGroups:
       - certificates.k8s.io
@@ -47,12 +46,11 @@ metadata:
   name: "events:{{ .Release.Name }}"
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: kubelet-serving-cert-approverv
 rules:
   - apiGroups:
       - ""

charts/kubelet-serving-cert-approver/templates/deployment.yaml

@@ -1,15 +1,14 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ .Release.Name }}
+  name: kubelet-serving-cert-approver
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: kubelet-serving-cert-approver
 spec:
   revisionHistoryLimit: 3
   replicas: {{ .Values.deployment.replicas }}
@@ -17,13 +16,14 @@ spec:
     type: {{ .Values.deployment.strategy }}
   selector:
     matchLabels:
+      app.kubernetes.io/name: kubelet-serving-cert-approver
       app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/name: {{ .Release.Name }}
+
   template:
     metadata:
       labels:
+        app.kubernetes.io/name: kubelet-serving-cert-approver
         app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/name: {{ .Release.Name }}
     spec:
       affinity:
         nodeAffinity:
@@ -43,7 +43,7 @@ spec:
             - containerPort: 8080
               name: health
             - containerPort: 9090
-              name: metrics          
+              name: metrics
           args:
             - serve
           env:
@@ -52,7 +52,7 @@ spec:
                 fieldRef:
                   fieldPath: metadata.namespace
           resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}                  
+            {{- toYaml .Values.deployment.resources | nindent 12 }}
           livenessProbe:
             httpGet:
               path: /healthz
@@ -78,7 +78,7 @@ spec:
         runAsUser: 65534
         seccompProfile:
           type: RuntimeDefault
-      serviceAccountName: {{ .Release.Name }}
+      serviceAccountName: kubelet-serving-cert-approver
       tolerations:
         - effect: NoSchedule
           key: node-role.kubernetes.io/master

charts/kubelet-serving-cert-approver/templates/namespace.yaml

@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ .Release.Name }}
+  name: kubelet-serving-cert-approver
   labels:
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/name: {{ .Release.Name }}
     pod-security.kubernetes.io/audit: restricted
     pod-security.kubernetes.io/enforce: restricted
     pod-security.kubernetes.io/warn: restricted

charts/kubelet-serving-cert-approver/templates/role-binding.yaml

@@ -4,17 +4,16 @@ metadata:
   name: "events:{{ .Release.Name }}"
   namespace: default
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: kubelet-serving-cert-approver
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: "events:{{ .Release.Name }}"
 subjects:
   - kind: ServiceAccount
-    name: {{ .Release.Name }}
+    name: kubelet-serving-cert-approver
     namespace: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/templates/service-account.yaml

@@ -1,12 +1,11 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Release.Name }}
+  name: kubelet-serving-cert-approver
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: kubelet-serving-cert-approver

charts/kubelet-serving-cert-approver/templates/service.yaml

@@ -1,15 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Release.Name }}
+  name: kubelet-serving-cert-approver
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/part-of: kubelet-serving-cert-approver
 spec:
   ports:
     - name: metrics
@@ -17,5 +16,5 @@ spec:
       protocol: TCP
       targetPort: metrics
   selector:
+    app.kubernetes.io/name: kubelet-serving-cert-approver
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/name: {{ .Release.Name }}

charts/libation/Chart.yaml

@@ -1,9 +1,10 @@
 apiVersion: v2
 name: libation
-version: 0.0.1
-description: Chart for benphelps homepage
+version: 0.0.5
+description: Import library from audible
 keywords:
-  - dashboard
+  - audiobooks
+  - job
 sources:
   - https://github.com/rmcrackan/Libation
 maintainers:

charts/libation/README.md

@@ -0,0 +1,18 @@
+## Introduction
+
+[Libation](https://github.com/rmcrackan/Libation)
+
+Libation: Liberate your Library. Import library from audible, including cover art
+
+
+This chart bootstraps a [Libation](https://github.com/benphelps/homepage) CronJob on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+- CronJob
+
+## Parameters
+
+See the [values files](values.yaml).

charts/libation/templates/job.yaml

@@ -10,7 +10,7 @@ metadata:
     app.kubernetes.io/component: job
     app.kubernetes.io/part-of: libation
 spec:
-  schedule: {{ .Values.libation.job.schedule }}
+  schedule: {{ .Values.job.schedule }}
   successfulJobsHistoryLimit: 3
   failedJobsHistoryLimit: 3
   jobTemplate:
@@ -20,8 +20,8 @@ spec:
           restartPolicy: Never
           containers:
             - name: libation
-              image: "{{ .Values.libation.image.repository }}:{{ .Values.libation.image.tag }}"
-              imagePullPolicy: {{ .Values.libation.image.pullPolicy }}
+              image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+              imagePullPolicy: {{ .Values.image.pullPolicy }}
               env:
                 - name: SLEEP_TIME
                   value: "-1"

charts/libation/values.yaml

@@ -1,14 +1,13 @@
-libation:
-  job:
-    schedule: "0 * * * *"
-  image:
-    repository: rmcrackan/libation
-    tag: "11.1.0"
-    pullPolicy: IfNotPresent
+job:
+  schedule: "0 * * * *"
+image:
+  repository: rmcrackan/libation
+  tag: "11.1.0"
+  pullPolicy: IfNotPresent
 persistence:
   config:
     storageClassName: nfs-client
     storageSize: 1Gi
     volumeMode: Filesystem
   books:
-    claimName: libation-nfs-storage  
+    claimName: libation-nfs-storage

charts/outline/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: outline
+version: 0.0.4
+description: Chart for Outline wiki
+keywords:
+  - wiki
+  - documentation
+sources:
+  - https://github.com/outline/outline
+  - https://github.com/bitnami/charts/tree/main/bitnami/redis
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
+dependencies:
+  - name: redis
+    repository: https://charts.bitnami.com/bitnami
+    version: 18.x.x
+appVersion: v0.75.2

charts/outline/README.md

@@ -0,0 +1,17 @@
+## Introduction
+
+[Outline](https://github.com/outline/outline)
+
+The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.
+
+This chart bootstraps an [Outline](https://github.com/outline/outline) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+- Bitnami Redis Chart
+
+## Parameters
+
+See the [values files](values.yaml).

charts/outline/templates/deployment.yaml

@@ -0,0 +1,201 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: outline
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: outline
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.deployment.replicas }}
+  strategy:
+    type: {{ .Values.deployment.strategy }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: outline
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: outline
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: outline
+      automountServiceAccountToken: true
+      containers:
+        - name: {{ .Release.Name }}
+          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
+          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
+          ports:
+            - name: web
+              containerPort: {{ .Values.service.web.port }}
+              protocol: TCP
+          env:
+            - name: NODE_ENV
+              value: "{{ .Values.outline.nodeEnv }}"
+            - name: URL
+              value: "{{ .Values.outline.url }}"
+            - name: PORT
+              value: "{{ .Values.service.web.port }}"
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.secretKey.existingSecretName }}"
+                  key: "{{ .Values.outline.secretKey.existingSecretKey }}"
+            - name: UTILS_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.utilsSecret.existingSecretName }}"
+                  key: "{{ .Values.outline.secretKey.existingSecretKey }}"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.database.passwordSecret.existingSecretName }}"
+                  key: "{{ .Values.outline.database.passwordSecret.existingSecretKey }}"
+            - name: POSTGRES_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.database.usernameSecret.existingSecretName }}"
+                  key: "{{ .Values.outline.database.usernameSecret.existingSecretKey }}"
+            - name: POSTGRES_DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.database.databaseName.existingSecretName }}"
+                  key: "{{ .Values.outline.database.databaseName.existingSecretKey }}"
+            - name: POSTGRES_DATABASE_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.database.databaseHost.existingSecretName }}"
+                  key: "{{ .Values.outline.database.databaseHost.existingSecretKey }}"
+            - name: DATABASE_URL
+              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@postgresql-{{ .Release.Name }}-cluster-rw:5432/$(POSTGRES_DATABASE_NAME)"
+            - name: DATABASE_URL_TEST
+              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@postgresql-{{ .Release.Name }}-cluster-rw:5432/$(POSTGRES_DATABASE_NAME)-test"
+            - name: DATABASE_CONNECTION_POOL_MIN
+              value: "{{ .Values.outline.database.connectionPoolMin }}"
+            - name: DATABASE_CONNECTION_POOL_MAX
+              value: "{{ .Values.outline.database.connectionPoolMax }}"
+            - name: PGSSLMODE
+              value: "{{ .Values.outline.database.sslMode }}"
+            - name: REDIS_URL
+              value: "redis://{{ .Release.Name }}-redis-master:6379"
+            - name: FILE_STORAGE
+              value: "{{ .Values.persistence.type }}"
+
+          {{- if eq .Values.persistence.type "s3" }}
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.persistence.s3.credentialsSecret }}"
+                  key: AWS_ACCESS_KEY_ID
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.persistence.s3.credentialsSecret }}"
+                  key: AWS_SECRET_ACCESS_KEY
+          {{- if .Values.persistence.s3.endpointConfigMap.enabled }}
+            - name: AWS_REGION
+              valueFrom:
+                configMapKeyRef:
+                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
+                  key: BUCKET_REGION
+            - name: AWS_S3_UPLOAD_BUCKET_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
+                  key: BUCKET_NAME
+            - name: AWS_S3_UPLOAD_BUCKET_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
+                  key: BUCKET_HOST
+            - name: AWS_S3_UPLOAD_BUCKET_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
+                  key: BUCKET_PORT
+            - name: AWS_S3_UPLOAD_BUCKET_URL
+              value: "$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)|"
+          {{- else }}
+            - name: AWS_REGION
+              value: "{{ .Values.persistence.s3.region }}"
+            - name: AWS_S3_UPLOAD_BUCKET_NAME
+              value: "{{ .Values.persistence.s3.bucketName }}"
+            - name: AWS_S3_UPLOAD_BUCKET_URL
+              value: "{{ .Values.persistence.s3.endpoint }}"
+          {{- end }}
+            - name: AWS_S3_FORCE_PATH_STYLE
+              value: "{{ .Values.persistence.s3.forcePathStyle }}"
+            - name: AWS_S3_ACL
+              value: "{{ .Values.persistence.s3.acl }}"
+            - name: FILE_STORAGE_UPLOAD_MAX_SIZE
+              value: "{{ .Values.persistence.s3.uploadMaxSize }}"
+          {{- else if eq .Values.persistence.type "local" }}
+            - name: FILE_STORAGE_LOCAL_ROOT_DIR
+              value: "{{ .Values.persistence.local.localRootDir }}"
+            - name: FILE_STORAGE_UPLOAD_MAX_SIZE
+              value: "{{ .Values.persistence.local.uploadMaxSize }}"
+          {{- end }}
+
+            - name: FORCE_HTTPS
+              value: "{{ .Values.outline.optional.forceHttps }}"
+            - name: ENABLE_UPDATES
+              value: "{{ .Values.outline.optional.enableUpdates }}"
+            - name: WEB_CONCURRENCY
+              value: "{{ .Values.outline.optional.webConcurrency }}"
+            - name: FILE_STORAGE_IMPORT_MAX_SIZE
+              value: "{{ .Values.outline.optional.maximumImportSize }}"
+            - name: LOG_LEVEL
+              value: "{{ .Values.outline.optional.logLevel }}"
+            - name: DEFAULT_LANGUAGE
+              value: "{{ .Values.outline.optional.defaultLanguage }}"
+            - name: RATE_LIMITER_ENABLED
+              value: "{{ .Values.outline.optional.rateLimiter.enabled }}"
+            - name: RATE_LIMITER_REQUESTS
+              value: "{{ .Values.outline.optional.rateLimiter.requests }}"
+            - name: RATE_LIMITER_DURATION_WINDOW
+              value: "{{ .Values.outline.optional.rateLimiter.durationWindow }}"
+            - name: DEVELOPMENT_UNSAFE_INLINE_CSP
+              value: "{{ .Values.outline.optional.developmentUnsafeInlineCsp }}"
+
+          {{- if .Values.outline.auth.oidc.enabled }}
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.auth.oidc.clientId.existingSecretName }}"
+                  key: "{{ .Values.outline.auth.oidc.clientId.existingSecretKey }}"
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.outline.auth.oidc.clientSecret.existingSecretName }}"
+                  key: "{{ .Values.outline.auth.oidc.clientSecret.existingSecretKey }}"
+            - name: OIDC_AUTH_URI
+              value: "{{ .Values.outline.auth.oidc.authUri }}"
+            - name: OIDC_TOKEN_URI
+              value: "{{ .Values.outline.auth.oidc.tokenUri }}"
+            - name: OIDC_USERINFO_URI
+              value: "{{ .Values.outline.auth.oidc.userinfoUri }}"
+            - name: OIDC_USERNAME_CLAIM
+              value: "{{ .Values.outline.auth.oidc.usernameClaim }}"
+            - name: OIDC_DISPLAY_NAME
+              value: "{{ .Values.outline.auth.oidc.displayName }}"
+            - name: OIDC_SCOPES
+              value: "{{ .Values.outline.auth.oidc.scopes }}"
+          {{- end }}
+
+          resources:
+            {{- toYaml .Values.deployment.resources | nindent 12 }}
+
+      {{- if eq .Values.persistence.type "local" }}
+          volumeMounts:
+          - name: "{{ .Release.Name }}-volume-claim"
+            mountPath: {{ .Values.persistence.local.localRootDir }}
+      volumes:
+      - name: "{{ .Release.Name }}-volume-claim"
+        persistentVolumeClaim:
+          claimName: "{{ .Release.Name }}-volume-claim"
+      {{- end }}

charts/outline/templates/ingress.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: outline-web
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-web
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: outline
+  annotations:
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.host }}
+      secretName: {{ .Release.Name }}-tls-secret
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: outline-web
+                port:
+                  name: web
+{{- end }}

charts/outline/templates/persistent-volume-claim.yaml

@@ -0,0 +1,20 @@
+{{- if eq .Values.persistence.type "local" }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-volume-claim
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: outline
+spec:
+  storageClassName: {{ .Values.persistence.local.storageClassName }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.persistence.local.storageSize }}
+{{- end }}

charts/outline/templates/service-account.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: outline
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: outline

charts/outline/templates/service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: outline-web
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-web
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: outline
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ .Values.service.web.port }}
+      targetPort: web
+      protocol: TCP
+      name: web
+  selector:
+    app.kubernetes.io/name: outline-web
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/outline/values.yaml

@@ -0,0 +1,96 @@
+deployment:
+  replicas: 1
+  strategy: Recreate
+  image:
+    repository: outlinewiki/outline
+    tag: "0.75.2"
+    imagePullPolicy: IfNotPresent
+  resources:
+    requests:
+      memory: 256Mi
+      cpu: 50m
+    limits:
+      memory: 1Gi
+      cpu: 500m
+service:
+  web:
+    port: 3000
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+  host:
+persistence:
+  type: s3
+  s3:
+    credentialsSecret:
+    endpointConfigMap:
+      enabled: false
+      name:
+    region:
+    bucketName:
+    endpoint:
+    uploadMaxSize: "26214400"
+    forcePathStyle: false
+    acl: private
+  local:
+    storageClassName: default
+    storageSize: 50Gi
+    localRootDir: /var/lib/outline/data
+    uploadMaxSize: 26214400
+redis:
+  architecture: standalone
+  auth:
+    enabled: false
+outline:
+  nodeEnv: production
+  url:
+  secretKey:
+    existingSecretName: outline-key-secret
+    existingSecretKey: secret-key
+  utilsSecret:
+    existingSecretName: outline-key-secret
+    existingSecretKey: utils-key
+  database:
+    passwordSecret:
+      existingSecretName:
+      existingSecretKey: password
+    usernameSecret:
+      existingSecretName:
+      existingSecretKey: username
+    databaseName:
+      existingSecretName:
+      existingSecretKey: dbname
+    databaseHost:
+      existingSecretName:
+      existingSecretKey: host
+    connectionPoolMin: ""
+    connectionPoolMax: "20"
+    sslMode: disable
+  optional:
+    forceHttps: false
+    enableUpdates: false
+    webConcurrency: 1
+    maximumImportSize: 5120000
+    logLevel: info
+    defaultLanguage: en_US
+    rateLimiter:
+      enabled: false
+      requests: 1000
+      durationWindow: 60
+    developmentUnsafeInlineCsp: false
+  auth:
+    oidc:
+      enabled: true
+      clientId:
+        existingSecretName: outline-auth-secret
+        existingSecretKey: oidc-client-id
+      clientSecret:
+        existingSecretName: outline-auth-secret
+        existingSecretKey: oidc-client-secret
+      authUri:
+      tokenUri:
+      userinfoUri:
+      usernameClaim:
+      displayName:
+      scopes: openid profile email

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.2.1
+version: 0.2.3
 description: Chart for cloudnative-pg cluster
 keywords:
   - database

charts/postgres-cluster/README.md

@@ -2,7 +2,7 @@
 
 [CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
 
-CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication. 
+CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
 
 This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 

charts/postgres-cluster/templates/postgresql-cluster.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: database
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
   instances: {{ .Values.cluster.instances }}
@@ -39,7 +38,7 @@ spec:
       {{- toYaml .Values.bootstrap.initdb | nindent 6 }}
   {{- end }}
 
-  {{- if .Values.backup.recoveryEnabled }}
+  {{- if .Values.bootstrap.recoveryEnabled }}
   bootstrap:
     recovery:
       source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"

charts/postgres-cluster/values.yaml

@@ -19,16 +19,16 @@ cluster:
       hugepages-2Mi: 512Mi
   storage:
     data:
-      storageClass: ceph-block
+      storageClass: default
       size: 10Gi
     wal:
-      storageClass: ceph-block
+      storageClass: default
       size: 2Gi
 bootstrap:
   recoveryEnabled: false
   recoveryIndex: 1
-  endpointURL: https://nyc3.digitaloceanspaces.com
-  bucket: alexlebens.net
+  endpointURL:
+  bucket:
   initdbEnabled: false
   initdb:
     database: app
@@ -38,5 +38,5 @@ backup:
   schedule: "0 0 0 * * *"
   retentionPolicy: 14d
   backupIndex: 1
-  endpointURL: https://nyc3.digitaloceanspaces.com
-  bucket: alexlebens.net
+  endpointURL:
+  bucket: