change values handling in backup

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.gitea/workflows/lint-test.yaml

@@ -0,0 +1,38 @@
+name: lint-and-test-charts
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+          check-latest: true
+
+      - name: Set up Chart Testing
+        uses: helm/chart-testing-action@v2.7.0
+
+      - name: Run Chart Testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run Chart Testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ gitea.event.repository.default_branch }}

.gitea/workflows/release-charts-cloudflared.yml

@@ -0,0 +1,66 @@
+name: release-charts-cloudflared
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/cloudflared/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/cloudflared"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

.gitea/workflows/release-charts-generic-device-plugin.yml

@@ -0,0 +1,66 @@
+name: release-charts-generic-device-plugin
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/generic-device-plugin/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/generic-device-plugin"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

.gitea/workflows/release-charts-postgres-cluster.yml

@@ -0,0 +1,66 @@
+name: release-charts-postgres-cluster
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/postgres-cluster/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/postgres-cluster"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

.github/renovate-update-notification/Dockerfile

@@ -1,2 +0,0 @@
-# This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
-FROM renovate/renovate:37

.github/renovate.json

@@ -1,93 +0,0 @@
-{
-    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": [
-        "config:recommended",
-        "mergeConfidence:all-badges",
-        ":rebaseStalePrs"
-    ],
-    "timezone": "US/Mountain",
-    "schedule": [
-        "after 10am every weekday",
-        "before 5pm every weekday"
-    ],
-    "labels": [
-    ],
-    "packageRules": [
-        {
-            "description": "Disables for non major Renovate version",
-            "matchPaths": [
-                ".github/renovate-update-notification/Dockerfile"
-            ],
-            "matchUpdateTypes": [
-                "minor",
-                "patch",
-                "pin",
-                "digest",
-                "rollback"
-            ],
-            "enabled": false
-        },
-        {
-            "description": "Generate for major Renovate version",
-            "matchPaths": [
-                ".github/renovate-update-notification/Dockerfile"
-            ],
-            "matchUpdateTypes": [
-                "major"
-            ],
-            "addLabels": [
-                "upgrade"
-            ],
-            "automerge": false
-        },
-        {
-            "description": "Generate image updates on Tuesdays",
-            "matchPackageNames": [
-                "linuxserver/calibre",
-                "homeassistant/home-assistant",
-                "linuxserver/code-server",
-                "ghcr.io/gethomepage/homepage",
-                "ghcr.io/alex1989hu/kubelet-serving-cert-approver",
-                "rmcrackan/libation",
-                "outlinewiki/outline",
-                "ghcr.io/cloudnative-pg/postgresql"
-            ],
-            "matchDatasources": [
-                "docker"
-            ],
-            "schedule": [
-                "after 10am on tuesday",
-                "before 5pm on tuesday"
-            ],
-            "addLabels": [
-                "upgrade",
-                "weekly",
-                "image"
-            ],
-            "bumpVersion": "minor",
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        },
-        {
-            "description": "Generate application charts on Tuesdays",
-            "matchPackageNames": [
-                "redis"
-            ],
-            "matchDatasources": [
-                "helm"
-            ],
-            "schedule": [
-                "after 10am on tuesday",
-                "before 5pm on tuesday"
-            ],
-            "addLabels": [
-                "upgrade",
-                "weekly",
-                "chart"
-            ],
-            "bumpVersion": "minor",
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        }
-    ]
-}

.github/workflows/lint-test.yaml

@@ -1,37 +0,0 @@
-name: lint-and-test-charts
-
-on: pull_request
-
-jobs:
-  lint-test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          version: v3.13.3
-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: "3.10"
-          check-latest: true
-
-      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
-
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Run chart-testing (lint)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }}

.github/workflows/release-charts.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+    paths:
+      - "charts/**"
 
 jobs:
   release:
@@ -22,6 +24,6 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -1,3 +1,6 @@
+# Archived
+charts/**/archive
+
 # Compiled Helm chart dependencies
 charts/**/Chart.lock
 charts/**/charts/

.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.3.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: check-yaml
+        exclude: 'charts/'
+        args:
+          - --multi
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v1.14.2
+    hooks:
+      - id: helm-docs
+        args:
+          - --chart-search-root=charts
+          - --template-files=./_templates.gotmpl
+          - --template-files=README.md.gotmpl

charts/calibre-server/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: calibre-server
-version: 0.0.5
-description: Chart for Calibre content database
-keywords:
-  - media
-  - books
-sources:
-  - https://github.com/kovidgoyal/calibre
-maintainers:
-  - name: alexlebens
-icon: https://raw.githubusercontent.com/kovidgoyal/calibre/master/resources/images/lt.png
-appVersion: 7.5.1

charts/calibre-server/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Calibre](https://calibre-ebook.com/)
-
-calibre is an e-book manager. It can view, convert, edit and catalog e-books in all of the major e-book formats. It can also talk to e-book reader devices. It can go out to the internet and fetch metadata for your books. It can download newspapers and convert them into e-books for convenient reading.
-
-This chart bootstraps a [Calibre](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/calibre-server/templates/deployment.yaml

@@ -1,83 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: calibre-server
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: calibre-server
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: calibre-server
-      automountServiceAccountToken: true
-      containers:
-        - name: calibre-server
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-            - name: content
-              containerPort: {{ .Values.service.content.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - mountPath: /config
-              name: calibre-server-config
-            - mountPath: /books
-              name: calibre-server-books
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-      volumes:
-        - name: calibre-server-config
-          persistentVolumeClaim:
-            claimName: calibre-server-config
-        - name: calibre-server-books
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.books.claimName }}

charts/calibre-server/templates/ingress-route.yaml

@@ -1,34 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: calibre-server
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.http.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: calibre-server
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.http.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}
-{{- end }}

charts/calibre-server/templates/middleware.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-{{- end }}

charts/calibre-server/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: calibre-server-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/calibre-server/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: calibre-server

charts/calibre-server/templates/service.yaml

@@ -1,44 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: calibre-server-content
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.content.port }}
-      targetPort: content
-      protocol: TCP
-      name: content
-  selector:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/calibre-server/values.yaml

@@ -1,42 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: linuxserver/calibre
-    tag: v7.5.1-ls269
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "1001"
-    PUID: "1001"
-    TZ: UTC
-    UMASK_SET: "022"
-    CUSTOM_USER: calibre
-    TITLE: Calibre Server
-    NO_DECOR: true
-  envFrom:
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  http:
-    port: 8080
-  content:
-    port: 8081
-ingressRoute:
-  enabled: true
-  http:
-    host:
-  authentik:
-    outpost: authentik-proxy-outpost
-    port: 9000
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/cloudflared/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: cloudflared
+version: 1.15.0
+description: Cloudflared Tunnel
+keywords:
+  - cloudflare
+  - tunnel
+sources:
+  - https://github.com/cloudflare/cloudflared
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.0.1
+icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
+appVersion: "2025.5.0"

charts/cloudflared/README.md

@@ -0,0 +1,35 @@
+# cloudflared
+
+![Version: 1.15.0](https://img.shields.io/badge/Version-1.15.0-informational?style=flat-square) ![AppVersion: 2025.5.0](https://img.shields.io/badge/AppVersion-2025.5.0-informational?style=flat-square)
+
+Cloudflared Tunnel
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/cloudflare/cloudflared>
+* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
+| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.5.0"}` | Default image |
+| name | string | `"cloudflared"` | Name override of release |
+| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/cloudflared/templates/common.yaml

@@ -0,0 +1,41 @@
+{{- include "bjw-s.common.loader.init" . }}
+
+{{- define "cloudflared.hardcodedValues" -}}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: deployment
+    strategy: Recreate
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - tunnel
+          - --protocol
+          - http2
+          - --no-autoupdate
+          - run
+          - --token
+          - $(CF_MANAGED_TUNNEL_TOKEN)
+        env:
+          - name: CF_MANAGED_TUNNEL_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.existingSecretName }}
+                key: {{ .Values.existingSecretKey }}
+        resources:
+        {{- with .Values.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{ end }}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/cloudflared/values.yaml

@@ -0,0 +1,20 @@
+# -- Name override of release
+name: cloudflared
+
+# -- Name of existing secret that contains Cloudflare token
+existingSecretName: cloudflared-secret
+
+# -- Name of key that contains the token in the existingSecret
+existingSecretKey: cf-tunnel-token
+
+# -- Default image
+image:
+  repository: cloudflare/cloudflared
+  tag: "2025.5.0"
+  pullPolicy: IfNotPresent
+
+# -- Default resources
+resources:
+  requests:
+    cpu: 10m
+    memory: 128Mi

charts/generic-device-plugin/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: generic-device-plugin
+version: 0.1.10
+description: Generic Device Plugin
+keywords:
+  - generic-device-plugin
+  - device
+  - plugin
+sources:
+  - https://github.com/squat/generic-device-plugin
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.7.3
+appVersion: 0.1.10

charts/generic-device-plugin/README.md

@@ -0,0 +1,37 @@
+# generic-device-plugin
+
+![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![AppVersion: 0.1.10](https://img.shields.io/badge/AppVersion-0.1.10-informational?style=flat-square)
+
+Generic Device Plugin
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/squat/generic-device-plugin>
+* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
+| config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
+| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5"}` | Default image |
+| name | string | `"generic-device-plugin"` | Name override of release |
+| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
+| service | object | `{"listenPort":8080}` | Service port |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/generic-device-plugin/templates/common.yaml

@@ -0,0 +1,82 @@
+{{ include "bjw-s.common.loader.init" . }}
+
+{{ define "genericDevicePlugin.hardcodedValues" }}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: daemonset
+    pod:
+      priorityClassName: system-node-critical
+      tolerations:
+        - operator: "Exists"
+          effect: "NoExecute"
+        - operator: "Exists"
+          effect: "NoSchedule"
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --config=/config/config.yaml
+        env:
+          - name: LISTEN
+            value: :{{ .Values.service.listenPort }}
+          - name: PLUGIN_DIRECTORY
+            value: /var/lib/kubelet/device-plugins
+          - name: DOMAIN
+            value: {{ .Values.deviceDomain }}
+        probes:
+          liveness:
+            type: HTTP
+            path: /health
+          readiness:
+            type: HTTP
+            path: /health
+          startup:
+            type: HTTP
+            path: /health
+        securityContext:
+          privileged: True
+configMaps:
+  config:
+    enabled: {{ .Values.config.enabled }}
+    data:
+      config.yaml: {{ toYaml .Values.config.data | nindent 8 }}
+service:
+  main:
+    controller: main
+    ports:
+      http:
+        port: {{ .Values.service.listenPort }}
+persistence:
+  config:
+    enabled: true
+    type: configMap
+    name: {{ .Values.name }}-config
+  device-plugins:
+    enabled: true
+    type: hostPath
+    hostPath: /var/lib/kubelet/device-plugins
+  dev:
+    enabled: true
+    type: hostPath
+    hostPath: /dev
+serviceMonitor:
+  main:
+    serviceName: generic-device-plugin
+    endpoints:
+      - port: http
+        scheme: http
+        path: /metrics
+        interval: 30s
+        scrapeTimeout: 10s
+{{ end }}
+{{ $_ := mergeOverwrite .Values (include "genericDevicePlugin.hardcodedValues" . | fromYaml) }}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/generic-device-plugin/values.yaml

@@ -0,0 +1,80 @@
+# -- Name override of release
+name: generic-device-plugin
+
+# -- Default image
+image:
+  repository: ghcr.io/squat/generic-device-plugin
+  tag: latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5
+  pullPolicy: Always
+
+# -- Domain used by devices for identifcation
+deviceDomain: squat.ai
+
+# -- Service port
+service:
+  listenPort: 8080
+
+# -- Default resources
+resources:
+  limit:
+    cpu: 100m
+    memory: 20Mi
+  requests:
+    cpu: 50m
+    memory: 10Mi
+
+# -- Config map
+config:
+  enabled: true
+  # -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)
+  # @default -- See [values.yaml](./values.yaml)
+  data: |
+    devices:
+      - name: serial
+        groups:
+          - paths:
+              - path: /dev/ttyUSB*
+          - paths:
+              - path: /dev/ttyACM*
+          - paths:
+              - path: /dev/tty.usb*
+          - paths:
+              - path: /dev/cu.*
+          - paths:
+              - path: /dev/cuaU*
+          - paths:
+              - path: /dev/rfcomm*
+      - name: video
+        groups:
+          - paths:
+              - path: /dev/video0
+      - name: fuse
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/fuse
+      - name: audio
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/snd
+      - name: capture
+        groups:
+          - paths:
+              - path: /dev/snd/controlC0
+              - path: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC1
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC1D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC2
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC2D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC3
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC3D0c
+                mountPath: /dev/snd/pcmC0D0c

charts/home-assistant/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: home-assistant
-version: 0.0.15
-description: Chart for Home Assistant
-keywords:
-  - home-automation
-sources:
-  - https://github.com/home-assistant
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
-appVersion: v2024.2.5

charts/home-assistant/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Home Assistant](https://www.home-assistant.io/)
-
-Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. 
-
-This chart bootstraps a [Home-Assistant](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/home-assistant/templates/deployment.yaml

@@ -1,98 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: home-assistant
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: home-assistant
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: home-assistant
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - mountPath: /config
-              name: home-assistant-config
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-        {{- if .Values.codeserver.enabled }}
-        - name: codeserver
-          image: "{{ .Values.codeserver.image.repository }}:{{ .Values.codeserver.image.tag }}"
-          imagePullPolicy: {{ .Values.codeserver.image.imagePullPolicy }}
-          ports:
-            - containerPort: {{ .Values.codeserver.service.http.port }}
-              name: codeserver-http
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.codeserver.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.codeserver.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          securityContext:
-            {{- toYaml .Values.codeserver.securityContext | nindent 12 }}
-          volumeMounts:
-            - mountPath: /config/home-assistant
-              name: home-assistant-config
-        {{- end }}
-      volumes:
-        - name: home-assistant-config
-          persistentVolumeClaim:
-            claimName: home-assistant-config

charts/home-assistant/templates/ingress-route.yaml

@@ -1,60 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: home-assistant
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: home-assistant
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}
-{{- end }}
-
----
-{{- if and .Values.codeserver.ingressRoute.enabled .Values.codeserver.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: home-assistant-codeserver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: home-assistant
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.codeserver.ingressRoute.host }}`)"
-      priority: 10
-      services:
-        - kind: Service
-          name: home-assistant-codeserver
-          port: {{ .Values.codeserver.service.http.port }}
-{{- end }}

charts/home-assistant/templates/middleware.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-{{- end }}

charts/home-assistant/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: home-assistant-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/home-assistant/templates/prometheus-rule.yaml

@@ -1,18 +0,0 @@
-{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: home-assistant
-spec:
-  groups:
-    - name: {{ .Release.Name }}
-      rules:
-        {{- toYaml .Values.metrics.prometheusRule.rules | nindent 8 }}
-{{- end }}

charts/home-assistant/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: home-assistant

charts/home-assistant/templates/service-monitor.yaml

@@ -1,26 +0,0 @@
-{{- if .Values.metrics.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: home-assistant
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: home-assistant
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: http
-      interval: {{ .Values.metrics.serviceMonitor.interval }}
-      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
-      path: /api/prometheus
-      bearerTokenSecret:
-        name: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.name }}
-        key: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.key }}
-{{- end }}

charts/home-assistant/templates/service.yaml

@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-
----
-{{- if .Values.codeserver.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: home-assistant-codeserver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.codeserver.service.http.port }}
-      targetPort: codeserver-http
-      protocol: TCP
-      name: codeserver-http
-  selector:
-    app.kubernetes.io/name: home-assistant
-    app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}

charts/home-assistant/values.yaml

@@ -1,74 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: homeassistant/home-assistant
-    tag: 2024.3.0
-    imagePullPolicy: IfNotPresent
-  env:
-    TZ: UTC
-  envFrom:
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  http:
-    port: 8123
-ingressRoute:
-  enabled: true
-  host:
-  authentik:
-    outpost: authentik-proxy-outpost
-    port: 9000
-metrics:
-  enabled: false
-  serviceMonitor:
-    interval: 1m
-    scrapeTimeout: 30s
-    ## See https://www.home-assistant.io/docs/authentication/ for where to find
-    ## long lived access token creation under your account profile, which is
-    ## needed to monitor Home Assistant
-    bearerTokenSecret:
-      name: ""
-      key: ""
-  prometheusRule:
-    enabled: false
-    rules:
-      - alert: HomeAssistantAbsent
-        annotations:
-          description: Home Assistant has disappeared from Prometheus service discovery.
-          summary: Home Assistant is down.
-        expr: |
-          absent(up{job=~".*home-assistant.*"} == 1)
-        for: 5m
-        labels:
-          severity: critical
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 1Gi
-    volumeMode: Filesystem
-codeserver:
-  enabled: false
-  image:
-    repository: linuxserver/code-server
-    tag: 4.22.0
-    imagePullPolicy: IfNotPresent
-  env:
-    TZ: UTC
-    PUID: 1000
-    PGID: 1000
-    DEFAULT_WORKSPACE: /config
-  envFrom:
-  securityContext:
-    runAsUser: 0
-  service:
-    http:
-      port: 8443
-  ingressRoute:
-    enabled: false
-    host:

charts/homepage/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: homepage
-version: 0.0.7
-description: Chart for benphelps homepage
-keywords:
-  - dashboard
-sources:
-  - https://github.com/gethomepage/homepage
-maintainers:
-  - name: alexlebens
-icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.9

charts/homepage/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Homepage](https://github.com/benphelps/homepage)
-
-A modern (fully static, fast), secure (fully proxied), highly customizable application dashboard with integrations for more than 25 services and translations for over 15 languages. Easily configured via YAML files (or discovery via docker labels).
-
-This chart bootstraps a [Homepage](https://github.com/benphelps/homepage) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/homepage/templates/cluster-role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Release.Name }}
-subjects:
-  - kind: ServiceAccount
-    name: homepage
-    namespace: {{ .Release.Namespace }}

charts/homepage/templates/cluster-role.yaml

@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - pods
-      - nodes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - traefik.containo.us
-      - traefik.io
-    resources:
-      - ingressroutes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - metrics.k8s.io
-    resources:
-      - nodes
-      - pods
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - apiextensions.k8s.io
-    resources:
-      - customresourcedefinitions/status
-    verbs:
-      - get

charts/homepage/templates/config-map.yaml

@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: homepage-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-data:
-  bookmarks.yaml: {{- if .Values.config.bookmarks }} |
-{{- .Values.config.bookmarks | toYaml | nindent 4}}
-{{- else }} ""
-{{- end }}
-  docker.yaml: {{- if .Values.config.docker }} |
-{{- .Values.config.docker | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  kubernetes.yaml: {{- if .Values.config.kubernetes }} |
-{{- .Values.config.kubernetes | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  services.yaml: {{- if .Values.config.services }} |
-{{- .Values.config.services | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  settings.yaml: {{- if .Values.config.settings }} |
-{{- .Values.config.settings | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  widgets.yaml: {{- if .Values.config.widgets }} |
-{{- .Values.config.widgets | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}

charts/homepage/templates/deployment.yaml

@@ -1,95 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: homepage
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: homepage
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: homepage
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - name: homepage-config
-              subPath: bookmarks.yaml
-              mountPath: /app/config/bookmarks.yaml
-            - name: homepage-config
-              subPath: docker.yaml
-              mountPath: /app/config/docker.yaml
-            - name: homepage-config
-              subPath: kubernetes.yaml
-              mountPath: /app/config/kubernetes.yaml
-            - name: homepage-config
-              subPath: services.yaml
-              mountPath: /app/config/services.yaml
-            - name: homepage-config
-              subPath: settings.yaml
-              mountPath: /app/config/settings.yaml
-            - name: homepage-config
-              subPath: widgets.yaml
-              mountPath: /app/config/widgets.yaml
-            - name: logs
-              mountPath: /app/config/logs
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-          readinessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-          startupProbe:
-            failureThreshold: 30
-            initialDelaySeconds: 0
-            periodSeconds: 5
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-      volumes:
-        - name: homepage-config
-          configMap:
-            name: homepage-config
-        - name: logs
-          emptyDir: {}

charts/homepage/templates/ingress-route.yaml

@@ -1,32 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: homepage
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}

charts/homepage/templates/middleware.yaml

@@ -1,27 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version

charts/homepage/templates/secret.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: "{{ .Release.Name }}-sa-token"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-  annotations:
-    kubernetes.io/service-account.name: homepage

charts/homepage/templates/service-account.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-secrets:
-  - name: "{{ .Release.Name }}-sa-token"

charts/homepage/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/homepage/values.yaml

@@ -1,32 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.9
-    imagePullPolicy: IfNotPresent
-  env:
-  envFrom:
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 512Mi
-      cpu: 500m 
-service:
-  http:
-    port: 3000
-ingressRoute:
-  host:
-  authentik:
-    outpost: authentik-proxy-outpost
-    port: 9000
-config:
-  bookmarks:
-  services:
-  widgets:
-  kubernetes:
-    mode: cluster
-  docker:
-  settings:

charts/kubelet-serving-cert-approver/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: kubelet-serving-cert-approver
-version: 0.0.4
-description: Kubelet Serving TLS Certificate Signing Request Approver
-keywords:
-  - kubernetes
-  - certificate
-sources:
-  - https://github.com/alex1989hu/kubelet-serving-cert-approver
-  - https://github.com/alexlebens/helm-charts/charts/homepage
-maintainers:
-  - name: alexlebens
-appVersion: 0.8.1

charts/kubelet-serving-cert-approver/README.md

@@ -1,16 +0,0 @@
-## Introduction
-
-[Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver)
-
-Kubelet Serving Certificate Approver is a custom approving controller which approves kubernetes.io/kubelet-serving Certificate Signing Request that kubelet use to serve TLS endpoints.
-
-This chart bootstraps a [Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: "certificates:{{ .Release.Name }}"
-subjects:
-  - kind: ServiceAccount
-    name: {{ .Release.Name }}
-    namespace: {{ .Release.Namespace }}

charts/kubelet-serving-cert-approver/templates/cluster-role.yaml

@@ -1,61 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: "certificates:{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-rules:
-  - apiGroups:
-      - certificates.k8s.io
-    resources:
-      - certificatesigningrequests
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - certificates.k8s.io
-    resources:
-      - certificatesigningrequests/approval
-    verbs:
-      - update
-  - apiGroups:
-      - authorization.k8s.io
-    resources:
-      - subjectaccessreviews
-    verbs:
-      - create
-  - apiGroups:
-      - certificates.k8s.io
-    resourceNames:
-      - kubernetes.io/kubelet-serving
-    resources:
-      - signers
-    verbs:
-      - approve
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: "events:{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approverv
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch

charts/kubelet-serving-cert-approver/templates/deployment.yaml

@@ -1,88 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: kubelet-serving-cert-approver
-      app.kubernetes.io/instance: {{ .Release.Name }}
-
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: kubelet-serving-cert-approver
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - preference:
-                matchExpressions:
-                  - key: node-role.kubernetes.io/master
-                    operator: DoesNotExist
-                  - key: node-role.kubernetes.io/control-plane
-                    operator: DoesNotExist
-              weight: 100
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - containerPort: 8080
-              name: health
-            - containerPort: 9090
-              name: metrics
-          args:
-            - serve
-          env:
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: health
-            initialDelaySeconds: 6
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: health
-            initialDelaySeconds: 3
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            privileged: false
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-      priorityClassName: {{ .Values.deployment.priorityClassName }}
-      securityContext:
-        fsGroup: 65534
-        runAsGroup: 65534
-        runAsUser: 65534
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: kubelet-serving-cert-approver
-      tolerations:
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/master
-          operator: Exists
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/control-plane
-          operator: Exists

charts/kubelet-serving-cert-approver/templates/namespace.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kubelet-serving-cert-approver
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/warn: restricted

charts/kubelet-serving-cert-approver/templates/role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: "events:{{ .Release.Name }}"
-  namespace: default
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: "events:{{ .Release.Name }}"
-subjects:
-  - kind: ServiceAccount
-    name: kubelet-serving-cert-approver
-    namespace: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver

charts/kubelet-serving-cert-approver/templates/service.yaml

@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-spec:
-  ports:
-    - name: metrics
-      port: 9090
-      protocol: TCP
-      targetPort: metrics
-  selector:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/values.yaml

@@ -1,15 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  priorityClassName: system-cluster-critical
-  image:
-    repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
-    tag: main
-    imagePullPolicy: Always
-  resources:
-    limits:
-      cpu: 250m
-      memory: 32Mi
-    requests:
-      cpu: 10m
-      memory: 16Mi

charts/libation/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: libation
-version: 0.0.5
-description: Import library from audible
-keywords:
-  - audiobooks
-  - job
-sources:
-  - https://github.com/rmcrackan/Libation
-maintainers:
-  - name: alexlebens
-icon: https://getlibation.com/images/libation-logo.png
-appVersion: "11.1.0"

charts/libation/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Libation](https://github.com/rmcrackan/Libation)
-
-Libation: Liberate your Library. Import library from audible, including cover art
-
-
-This chart bootstraps a [Libation](https://github.com/benphelps/homepage) CronJob on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- CronJob
-
-## Parameters
-
-See the [values files](values.yaml).

charts/libation/templates/job.yaml

@@ -1,39 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: libation
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: job
-    app.kubernetes.io/part-of: libation
-spec:
-  schedule: {{ .Values.job.schedule }}
-  successfulJobsHistoryLimit: 3
-  failedJobsHistoryLimit: 3
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          restartPolicy: Never
-          containers:
-            - name: libation
-              image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-              imagePullPolicy: {{ .Values.image.pullPolicy }}
-              env:
-                - name: SLEEP_TIME
-                  value: "-1"
-              volumeMounts:
-                - name: libation-config
-                  mountPath: /config
-                - name: libation-books
-                  mountPath: /data
-          volumes:
-            - name: libation-config
-              persistentVolumeClaim:
-                claimName: libation-config
-            - name: libation-books
-              persistentVolumeClaim:
-                claimName: {{ .Values.persistence.books.claimName }}

charts/libation/templates/persistent-volume-claim.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: libation-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: libation
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/libation/values.yaml

@@ -1,13 +0,0 @@
-job:
-  schedule: "0 * * * *"
-image:
-  repository: rmcrackan/libation
-  tag: "11.1.0"
-  pullPolicy: IfNotPresent
-persistence:
-  config:
-    storageClassName: nfs-client
-    storageSize: 1Gi
-    volumeMode: Filesystem
-  books:
-    claimName: libation-nfs-storage

charts/outline/Chart.yaml

@@ -1,18 +0,0 @@
-apiVersion: v2
-name: outline
-version: 0.0.4
-description: Chart for Outline wiki
-keywords:
-  - wiki
-  - documentation
-sources:
-  - https://github.com/outline/outline
-  - https://github.com/bitnami/charts/tree/main/bitnami/redis
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
-dependencies:
-  - name: redis
-    repository: https://charts.bitnami.com/bitnami
-    version: 18.x.x
-appVersion: v0.75.2

charts/outline/README.md

@@ -1,17 +0,0 @@
-## Introduction
-
-[Outline](https://github.com/outline/outline)
-
-The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.
-
-This chart bootstraps an [Outline](https://github.com/outline/outline) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Bitnami Redis Chart
-
-## Parameters
-
-See the [values files](values.yaml).

charts/outline/templates/deployment.yaml

@@ -1,201 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: outline
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: outline
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: outline
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: outline
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: outline
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: web
-              containerPort: {{ .Values.service.web.port }}
-              protocol: TCP
-          env:
-            - name: NODE_ENV
-              value: "{{ .Values.outline.nodeEnv }}"
-            - name: URL
-              value: "{{ .Values.outline.url }}"
-            - name: PORT
-              value: "{{ .Values.service.web.port }}"
-            - name: SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.secretKey.existingSecretName }}"
-                  key: "{{ .Values.outline.secretKey.existingSecretKey }}"
-            - name: UTILS_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.utilsSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.secretKey.existingSecretKey }}"
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.passwordSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.database.passwordSecret.existingSecretKey }}"
-            - name: POSTGRES_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.usernameSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.database.usernameSecret.existingSecretKey }}"
-            - name: POSTGRES_DATABASE_NAME
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.databaseName.existingSecretName }}"
-                  key: "{{ .Values.outline.database.databaseName.existingSecretKey }}"
-            - name: POSTGRES_DATABASE_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.databaseHost.existingSecretName }}"
-                  key: "{{ .Values.outline.database.databaseHost.existingSecretKey }}"
-            - name: DATABASE_URL
-              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@postgresql-{{ .Release.Name }}-cluster-rw:5432/$(POSTGRES_DATABASE_NAME)"
-            - name: DATABASE_URL_TEST
-              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@postgresql-{{ .Release.Name }}-cluster-rw:5432/$(POSTGRES_DATABASE_NAME)-test"
-            - name: DATABASE_CONNECTION_POOL_MIN
-              value: "{{ .Values.outline.database.connectionPoolMin }}"
-            - name: DATABASE_CONNECTION_POOL_MAX
-              value: "{{ .Values.outline.database.connectionPoolMax }}"
-            - name: PGSSLMODE
-              value: "{{ .Values.outline.database.sslMode }}"
-            - name: REDIS_URL
-              value: "redis://{{ .Release.Name }}-redis-master:6379"
-            - name: FILE_STORAGE
-              value: "{{ .Values.persistence.type }}"
-
-          {{- if eq .Values.persistence.type "s3" }}
-            - name: AWS_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.persistence.s3.credentialsSecret }}"
-                  key: AWS_ACCESS_KEY_ID
-            - name: AWS_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.persistence.s3.credentialsSecret }}"
-                  key: AWS_SECRET_ACCESS_KEY
-          {{- if .Values.persistence.s3.endpointConfigMap.enabled }}
-            - name: AWS_REGION
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_REGION
-            - name: AWS_S3_UPLOAD_BUCKET_NAME
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_NAME
-            - name: AWS_S3_UPLOAD_BUCKET_HOST
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_HOST
-            - name: AWS_S3_UPLOAD_BUCKET_PORT
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_PORT
-            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)|"
-          {{- else }}
-            - name: AWS_REGION
-              value: "{{ .Values.persistence.s3.region }}"
-            - name: AWS_S3_UPLOAD_BUCKET_NAME
-              value: "{{ .Values.persistence.s3.bucketName }}"
-            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.endpoint }}"
-          {{- end }}
-            - name: AWS_S3_FORCE_PATH_STYLE
-              value: "{{ .Values.persistence.s3.forcePathStyle }}"
-            - name: AWS_S3_ACL
-              value: "{{ .Values.persistence.s3.acl }}"
-            - name: FILE_STORAGE_UPLOAD_MAX_SIZE
-              value: "{{ .Values.persistence.s3.uploadMaxSize }}"
-          {{- else if eq .Values.persistence.type "local" }}
-            - name: FILE_STORAGE_LOCAL_ROOT_DIR
-              value: "{{ .Values.persistence.local.localRootDir }}"
-            - name: FILE_STORAGE_UPLOAD_MAX_SIZE
-              value: "{{ .Values.persistence.local.uploadMaxSize }}"
-          {{- end }}
-
-            - name: FORCE_HTTPS
-              value: "{{ .Values.outline.optional.forceHttps }}"
-            - name: ENABLE_UPDATES
-              value: "{{ .Values.outline.optional.enableUpdates }}"
-            - name: WEB_CONCURRENCY
-              value: "{{ .Values.outline.optional.webConcurrency }}"
-            - name: FILE_STORAGE_IMPORT_MAX_SIZE
-              value: "{{ .Values.outline.optional.maximumImportSize }}"
-            - name: LOG_LEVEL
-              value: "{{ .Values.outline.optional.logLevel }}"
-            - name: DEFAULT_LANGUAGE
-              value: "{{ .Values.outline.optional.defaultLanguage }}"
-            - name: RATE_LIMITER_ENABLED
-              value: "{{ .Values.outline.optional.rateLimiter.enabled }}"
-            - name: RATE_LIMITER_REQUESTS
-              value: "{{ .Values.outline.optional.rateLimiter.requests }}"
-            - name: RATE_LIMITER_DURATION_WINDOW
-              value: "{{ .Values.outline.optional.rateLimiter.durationWindow }}"
-            - name: DEVELOPMENT_UNSAFE_INLINE_CSP
-              value: "{{ .Values.outline.optional.developmentUnsafeInlineCsp }}"
-
-          {{- if .Values.outline.auth.oidc.enabled }}
-            - name: OIDC_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.auth.oidc.clientId.existingSecretName }}"
-                  key: "{{ .Values.outline.auth.oidc.clientId.existingSecretKey }}"
-            - name: OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.auth.oidc.clientSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.auth.oidc.clientSecret.existingSecretKey }}"
-            - name: OIDC_AUTH_URI
-              value: "{{ .Values.outline.auth.oidc.authUri }}"
-            - name: OIDC_TOKEN_URI
-              value: "{{ .Values.outline.auth.oidc.tokenUri }}"
-            - name: OIDC_USERINFO_URI
-              value: "{{ .Values.outline.auth.oidc.userinfoUri }}"
-            - name: OIDC_USERNAME_CLAIM
-              value: "{{ .Values.outline.auth.oidc.usernameClaim }}"
-            - name: OIDC_DISPLAY_NAME
-              value: "{{ .Values.outline.auth.oidc.displayName }}"
-            - name: OIDC_SCOPES
-              value: "{{ .Values.outline.auth.oidc.scopes }}"
-          {{- end }}
-
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-
-      {{- if eq .Values.persistence.type "local" }}
-          volumeMounts:
-          - name: "{{ .Release.Name }}-volume-claim"
-            mountPath: {{ .Values.persistence.local.localRootDir }}
-      volumes:
-      - name: "{{ .Release.Name }}-volume-claim"
-        persistentVolumeClaim:
-          claimName: "{{ .Release.Name }}-volume-claim"
-      {{- end }}

charts/outline/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: outline-web
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-web
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: outline
-  annotations:
-    {{- toYaml .Values.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Release.Name }}-tls-secret
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: outline-web
-                port:
-                  name: web
-{{- end }}

charts/outline/templates/persistent-volume-claim.yaml

@@ -1,20 +0,0 @@
-{{- if eq .Values.persistence.type "local" }}
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Release.Name }}-volume-claim
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: outline
-spec:
-  storageClassName: {{ .Values.persistence.local.storageClassName }}
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.local.storageSize }}
-{{- end }}

charts/outline/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: outline
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: outline

charts/outline/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: outline-web
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-web
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: outline
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.web.port }}
-      targetPort: web
-      protocol: TCP
-      name: web
-  selector:
-    app.kubernetes.io/name: outline-web
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/outline/values.yaml

@@ -1,96 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: outlinewiki/outline
-    tag: "0.75.2"
-    imagePullPolicy: IfNotPresent
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  web:
-    port: 3000
-ingress:
-  enabled: true
-  className: traefik
-  annotations:
-  host:
-persistence:
-  type: s3
-  s3:
-    credentialsSecret:
-    endpointConfigMap:
-      enabled: false
-      name:
-    region:
-    bucketName:
-    endpoint:
-    uploadMaxSize: "26214400"
-    forcePathStyle: false
-    acl: private
-  local:
-    storageClassName: default
-    storageSize: 50Gi
-    localRootDir: /var/lib/outline/data
-    uploadMaxSize: 26214400
-redis:
-  architecture: standalone
-  auth:
-    enabled: false
-outline:
-  nodeEnv: production
-  url:
-  secretKey:
-    existingSecretName: outline-key-secret
-    existingSecretKey: secret-key
-  utilsSecret:
-    existingSecretName: outline-key-secret
-    existingSecretKey: utils-key
-  database:
-    passwordSecret:
-      existingSecretName:
-      existingSecretKey: password
-    usernameSecret:
-      existingSecretName:
-      existingSecretKey: username
-    databaseName:
-      existingSecretName:
-      existingSecretKey: dbname
-    databaseHost:
-      existingSecretName:
-      existingSecretKey: host
-    connectionPoolMin: ""
-    connectionPoolMax: "20"
-    sslMode: disable
-  optional:
-    forceHttps: false
-    enableUpdates: false
-    webConcurrency: 1
-    maximumImportSize: 5120000
-    logLevel: info
-    defaultLanguage: en_US
-    rateLimiter:
-      enabled: false
-      requests: 1000
-      durationWindow: 60
-    developmentUnsafeInlineCsp: false
-  auth:
-    oidc:
-      enabled: true
-      clientId:
-        existingSecretName: outline-auth-secret
-        existingSecretKey: oidc-client-id
-      clientSecret:
-        existingSecretName: outline-auth-secret
-        existingSecretKey: oidc-client-secret
-      authUri:
-      tokenUri:
-      userinfoUri:
-      usernameClaim:
-      displayName:
-      scopes: openid profile email

charts/postgres-cluster/Chart.yaml

@@ -1,13 +1,14 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.2.3
+version: 6.2.0
-description: Chart for cloudnative-pg cluster
+description: Cloudnative-pg Cluster
 keywords:
   - database
   - postgres
 sources:
   - https://github.com/cloudnative-pg/cloudnative-pg
+  - https://github.com/cloudnative-pg/charts/tree/main/charts/cluster
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.22.1
+appVersion: v1.26.0

charts/postgres-cluster/README.md

@@ -1,17 +1,120 @@
-## Introduction
+# postgres-cluster
 
-[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
+![Version: 6.2.0](https://img.shields.io/badge/Version-6.2.0-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
 
-CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
+Cloudnative-pg Cluster
 
-This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+## Maintainers
 
-## Prerequisites
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
 
-- Kubernetes
+## Source Code
-- Helm
-- CloudNative PG Operator
 
-## Parameters
+* <https://github.com/cloudnative-pg/cloudnative-pg>
+* <https://github.com/cloudnative-pg/charts/tree/main/charts/cluster>
 
-See the [values files](values.yaml).
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| backup | object | `{"enabled":true,"method":"objectStore","objectStore":[],"scheduledBackups":[{"backupName":"external","backupOwnerReference":"self","name":"daily-backup","plugin":"barman-cloud.cloudnative-pg.io","schedule":"0 0 */3 * *","suspend":false}]}` | Backup settings |
+| backup.enabled | bool | `true` | You need to configure backups manually, so backups are disabled by default. |
+| backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
+| backup.objectStore | list | `[]` | Options for object store backups |
+| backup.scheduledBackups[0].backupName | string | `"external"` | Name of backup target |
+| backup.scheduledBackups[0].backupOwnerReference | string | `"self"` | Backup owner reference |
+| backup.scheduledBackups[0].name | string | `"daily-backup"` | Scheduled backup name |
+| backup.scheduledBackups[0].plugin | string | `"barman-cloud.cloudnative-pg.io"` | Backup method, can be `barman-cloud.cloudnative-pg.io` (default) |
+| backup.scheduledBackups[0].schedule | string | `"0 0 */3 * *"` | Schedule in cron format |
+| backup.scheduledBackups[0].suspend | bool | `false` | Temporarily stop scheduled backups from running |
+| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
+| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
+| cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
+| cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
+| cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
+| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"}` | Default image |
+| cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
+| cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
+| cluster.initdb | object | `{}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
+| cluster.logLevel | string | `"info"` | The instances' log level, one of the following values: error, warning, info (default), debug, trace |
+| cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
+| cluster.monitoring.customQueries | list | `[]` | Custom Prometheus metrics Will be stored in the ConfigMap |
+| cluster.monitoring.customQueriesSecret | list | `[]` | The list of secrets containing the custom queries |
+| cluster.monitoring.disableDefaultQueries | bool | `false` | Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. |
+| cluster.monitoring.enabled | bool | `false` | Whether to enable monitoring |
+| cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
+| cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
+| cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
+| cluster.monitoring.prometheusRule.enabled | bool | `false` | Whether to enable the PrometheusRule automated alerts |
+| cluster.monitoring.prometheusRule.excludeRules | list | `[]` | Exclude specified rules |
+| cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
+| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
+| cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
+| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
+| cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
+| cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
+| cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
+| cluster.postgresql.synchronous | object | `{}` | Quorum-based Synchronous Replication |
+| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
+| cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
+| cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
+| cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
+| cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
+| cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
+| cluster.storage | object | `{"size":"10Gi","storageClass":""}` | Default storage size |
+| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup |
+| nameOverride | string | `""` | Override the name of the cluster |
+| namespaceOverride | string | `""` | Override the namespace of the chart |
+| poolers | list | `[]` | List of PgBouncer poolers |
+| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
+| recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
+| recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.backup.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
+| recovery.backup.pitrTarget.time | string | `""` | Time in RFC3339 format |
+| recovery.import.databases | list | `[]` | Databases to import |
+| recovery.import.pgDumpExtraOptions | list | `[]` | List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
+| recovery.import.pgRestoreExtraOptions | list | `[]` | List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
+| recovery.import.postImportApplicationSQL | list | `[]` | List of SQL queries to be executed as a superuser in the application database right after is imported. To be used with extreme care. Only available in microservice type. |
+| recovery.import.roles | list | `[]` | Roles to import |
+| recovery.import.schemaOnly | bool | `false` | When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import. |
+| recovery.import.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"}` | Configuration for the source database |
+| recovery.import.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
+| recovery.import.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
+| recovery.import.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
+| recovery.import.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
+| recovery.import.type | string | `"microservice"` | One of `microservice` or `monolith.` See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works |
+| recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported). * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to        migrate databases to CloudNativePG, even from outside Kubernetes. * `import` - Import one or more databases from an existing Postgres cluster. |
+| recovery.objectStore.clusterName | string | `""` | Override the name of the backup cluster, defaults to "cluster.name" |
+| recovery.objectStore.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.objectStore.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.objectStore.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| recovery.objectStore.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.objectStore.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
+| recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
+| recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
+| recovery.objectStore.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| recovery.objectStore.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
+| recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
+| recovery.objectStore.name | string | `"recovery"` | Object store backup name |
+| recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.objectStore.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
+| recovery.objectStore.pitrTarget.time | string | `""` | Time in RFC3339 format |
+| recovery.objectStore.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
+| recovery.objectStore.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.objectStore.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.objectStore.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| recovery.pgBaseBackup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.pgBaseBackup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.pgBaseBackup.secret | string | `""` | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch |
+| recovery.pgBaseBackup.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}` | Configuration for the source database |
+| recovery.pgBaseBackup.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
+| recovery.pgBaseBackup.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
+| recovery.pgBaseBackup.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
+| recovery.pgBaseBackup.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
+| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `tensorchord` |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/postgres-cluster/prometheus_rules/cluster-backends_waiting-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterBackendsWaitingWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster a backend is waiting for longer than 5 minutes.
+  description: |-
+    Pod {{`{{`}} $labels.pod {{`}}`}}
+    has been waiting for longer than 5 minutes
+expr: |
+  cnpg_backends_waiting_total > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-database_deadlock_conflicts-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterDatabaseDeadlockConflictsWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has over 10 deadlock conflicts.
+  description: |-
+    There are over 10 deadlock conflicts in
+    {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  cnpg_pg_stat_database_deadlocks > 10
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-ha-critical.yaml

@@ -0,0 +1,26 @@
+{{- $alert := "CNPGClusterHACritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has no standby replicas!
+  description: |-
+    CloudNativePG Cluster "{{ .labels.job }}" has no ready standby replicas. Your cluster at a severe
+    risk of data loss and downtime if the primary instance fails.
+
+    The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint
+    will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main.
+
+    This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less
+    instances. The replaced instance may need some time to catch-up with the cluster primary instance.
+
+    This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this
+    case you may want to silence it.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
+expr: |
+  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 1
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-ha-warning.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterHAWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster less than 2 standby replicas.
+  description: |-
+    CloudNativePG Cluster "{{ .labels.job }}" has only {{ .value }} standby replicas, putting
+    your cluster at risk if another instance fails. The cluster is still able to operate normally, although
+    the `-ro` and `-r` endpoints operate at reduced capacity.
+
+    This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may
+    need some time to catch-up with the cluster primary instance.
+
+    This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances.
+    In this case you may want to silence it.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
+expr: |
+  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 2
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_connection-critical.yaml

@@ -0,0 +1,17 @@
+{{- $alert := "CNPGClusterHighConnectionsCritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance maximum number of connections critical!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
+    the maximum number of connections.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
+expr: |
+  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 95
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_connection-warning.yaml

@@ -0,0 +1,17 @@
+{{- $alert := "CNPGClusterHighConnectionsWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is approaching the maximum number of connections.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
+    the maximum number of connections.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
+expr: |
+  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 80
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_replication_lag.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterHighReplicationLag" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster high replication lag
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is experiencing a high replication lag of
+    {{ .value }}ms.
+
+    High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
+expr: |
+  max(cnpg_pg_replication_lag{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) * 1000 > 1000
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-instances_on_same_node.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterInstancesOnSameNode" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster instances are located on the same node.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has {{ .value }}
+    instances on the same node {{ .labels.node }}.
+
+    A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
+expr: |
+  count by (node) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) > 1
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-last_failed_archive_time-warning.yaml

@@ -0,0 +1,15 @@
+{{- $alert := "CNPGClusterLastFailedArchiveTimeWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster last time archiving failed.
+  description: |-
+    Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-long_running_transaction-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterLongRunningTransactionWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster query is taking longer than 5 minutes.
+  description: |-
+    CloudNativePG Cluster Pod {{`{{`}} $labels.pod {{`}}`}}
+    is taking more than 5 minutes (300 seconds) for a query.
+expr: |-
+  cnpg_backends_max_tx_duration_seconds > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-low_disk_space-critical.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterLowDiskSpaceCritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is running out of disk space!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running extremely low on disk space. Check attached PVCs!
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
+expr: |
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.9 OR
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.9 OR
+  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      /
+      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      *
+      on(namespace, persistentvolumeclaim) group_left(volume)
+      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
+  ) > 0.9
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-low_disk_space-warning.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterLowDiskSpaceWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is running out of disk space.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running low on disk space. Check attached PVCs.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
+expr: |
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.7 OR
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.7 OR
+  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      /
+      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      *
+      on(namespace, persistentvolumeclaim) group_left(volume)
+      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
+  ) > 0.7
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-offline.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterOffline" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has no running instances!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has no ready instances.
+
+    Having an offline cluster means your applications will not be able to access the database, leading to
+    potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
+expr: |
+  (count(cnpg_collector_up{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) OR on() vector(0)) == 0
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-pg_database_xid_age-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterPGDatabaseXidAgeWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
+  description: |-
+    Over 300,000,000 transactions from frozen xid
+    on pod {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  cnpg_pg_database_xid_age > 300000000
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-pg_replication-warning.yaml

@@ -0,0 +1,15 @@
+{{- $alert := "CNPGClusterPGReplicationWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster standby is lagging behind the primary.
+  description: |-
+    Standby is lagging behind by over 300 seconds (5 minutes)
+expr: |
+  cnpg_pg_replication_lag > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-replica_failing_replication-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterReplicaFailingReplicationWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has a replica is failing to replicate.
+  description: |-
+    Replica {{`{{`}} $labels.pod {{`}}`}}
+    is failing to replicate
+expr: |
+  cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-zone_spread-warning.yaml

@@ -0,0 +1,18 @@
+{{- $alert := "CNPGClusterZoneSpreadWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster instances in the same zone.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has instances in the same availability zone.
+
+    A disaster in one availability zone will lead to a potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
+expr: |
+  {{ .Values.cluster.instances }} > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -0,0 +1,146 @@
+{{- define "cluster.bootstrap" -}}
+
+{{- if eq .Values.mode "standalone" }}
+bootstrap:
+  initdb:
+    {{- with .Values.cluster.initdb }}
+        {{- with (omit . "postInitApplicationSQL" "owner" "import") }}
+            {{- . | toYaml | nindent 4 }}
+        {{- end }}
+    {{- end }}
+    {{- if .Values.cluster.initdb.owner }}
+    owner: {{ tpl .Values.cluster.initdb.owner . }}
+    {{- end }}
+    {{- if eq .Values.type "tensorchord" }}
+    dataChecksums: true
+    {{- end }}
+    {{- if or (eq .Values.type "tensorchord") (.Values.cluster.initdb.postInitApplicationSQL) }}
+    postInitApplicationSQL:
+      {{- if eq .Values.type "tensorchord" }}
+      - ALTER SYSTEM SET search_path TO "$user", public, vectors;
+      - SET search_path TO "$user", public, vectors;
+      - CREATE EXTENSION IF NOT EXISTS "vectors";
+      - CREATE EXTENSION IF NOT EXISTS "cube";
+      - CREATE EXTENSION IF NOT EXISTS "earthdistance";
+      - ALTER SCHEMA vectors OWNER TO "app";
+      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "app";
+      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "app";
+      {{- end }}
+      {{- with .Values.cluster.initdb }}
+        {{- range .postInitApplicationSQL }}
+          {{- printf "- %s" . | nindent 6 }}
+        {{- end -}}
+      {{- end }}
+    {{- end }}
+
+{{- else if eq .Values.mode "recovery" -}}
+bootstrap:
+
+{{- if eq .Values.recovery.method "pgBaseBackup" }}
+  pg_basebackup:
+    source: pgBaseBackupSource
+    {{ with .Values.recovery.pgBaseBackup.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.pgBaseBackup.owner }}
+    owner: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.pgBaseBackup.secret }}
+    secret:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+externalClusters:
+  {{- include "cluster.externalSourceCluster" (list "pgBaseBackupSource" .Values.recovery.pgBaseBackup.source) | nindent 2 }}
+
+{{- else if eq .Values.recovery.method "import" }}
+  initdb:
+    {{- with .Values.cluster.initdb }}
+      {{- with (omit . "owner" "import" "postInitApplicationSQL") }}
+        {{- . | toYaml | nindent 4 }}
+      {{- end }}
+    {{- end }}
+    {{- if .Values.cluster.initdb.owner }}
+    owner: {{ tpl .Values.cluster.initdb.owner . }}
+    {{- end }}
+    import:
+      source:
+        externalCluster: importSource
+      type: {{ .Values.recovery.import.type }}
+      databases:
+        {{- if and (gt (len .Values.recovery.import.databases) 1) (eq .Values.recovery.import.type "microservice") }}
+          {{ fail "Too many databases in import type of microservice!" }}
+        {{- else}}
+        {{- with .Values.recovery.import.databases }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+        {{- end }}
+      {{- if eq .Values.recovery.import.type "monolith" }}
+      roles:
+        {{- with .Values.replica.importRoles }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if and (.Values.recovery.import.postImportApplicationSQL) (eq .Values.recovery.import.type "microservice") }}
+      postImportApplicationSQL:
+        {{- with .Values.recovery.import.postImportApplicationSQL }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      schemaOnly: {{ .Values.recovery.import.schemaOnly }}
+      {{ with .Values.recovery.import.pgDumpExtraOptions }}
+      pgDumpExtraOptions:
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
+      {{ with .Values.recovery.import.pgRestoreExtraOptions }}
+      pgRestoreExtraOptions:
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
+externalClusters:
+  {{- include "cluster.externalSourceCluster" (list "importSource" .Values.recovery.import.source) | nindent 2 }}
+
+{{- else if eq .Values.recovery.method "backup" }}
+  recovery:
+    {{- with .Values.recovery.backup.pitrTarget.time }}
+    recoveryTarget:
+      targetTime: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.backup.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.backup.owner }}
+    owner: {{ . }}
+    {{- end }}
+    backup:
+      name: {{ .Values.recovery.backup.backupName }}
+
+{{- else if eq .Values.recovery.method "objectStore" }}
+  recovery:
+    {{- with .Values.recovery.objectStore.pitrTarget.time }}
+    recoveryTarget:
+      targetTime: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.objectStore.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.objectStore.owner }}
+    owner: {{ . }}
+    {{- end }}
+    source: {{ include "cluster.recoveryServerName" . }}
+
+externalClusters:
+  - name: {{ include "cluster.recoveryServerName" . }}
+    plugin:
+      name: barman-cloud.cloudnative-pg.io
+      parameters:
+        barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
+        serverName: {{ include "cluster.recoveryServerName" . }}
+
+{{-  else }}
+  {{ fail "Invalid recovery mode!" }}
+{{- end }}
+
+{{-  else }}
+  {{ fail "Invalid cluster mode!" }}
+{{- end }}
+
+{{- end }}

charts/postgres-cluster/templates/_colorize.tpl

@@ -0,0 +1,12 @@
+{{- define "cluster.color-error" }}
+  {{- printf "\033[0;31m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-ok" }}
+  {{- printf "\033[0;32m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-warning" }}
+  {{- printf "\033[0;33m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-info" }}
+  {{- printf "\033[0;34m%s\033[0m" . -}}
+{{- end }}

charts/postgres-cluster/templates/_external_source_cluster.tpl

@@ -0,0 +1,33 @@
+{{- define "cluster.externalSourceCluster" -}}
+{{- $name := first . -}}
+{{- $config := last . -}}
+- name: {{ first . }}
+  connectionParameters:
+    host: {{ $config.host | quote }}
+    port: {{ $config.port | quote }}
+    user: {{ $config.username | quote }}
+    {{- with $config.database }}
+    dbname: {{ . | quote }}
+    {{- end }}
+    sslmode: {{ $config.sslMode | quote }}
+  {{- if $config.passwordSecret.name }}
+  password:
+    name: {{ $config.passwordSecret.name }}
+    key: {{ $config.passwordSecret.key }}
+  {{- end }}
+  {{- if $config.sslKeySecret.name }}
+  sslKey:
+    name: {{ $config.sslKeySecret.name }}
+    key: {{ $config.sslKeySecret.key }}
+  {{- end }}
+  {{- if $config.sslCertSecret.name }}
+  sslCert:
+    name: {{ $config.sslCertSecret.name }}
+    key: {{ $config.sslCertSecret.key }}
+  {{- end }}
+  {{- if $config.sslRootCertSecret.name }}
+  sslRootCert:
+    name: {{ $config.sslRootCertSecret.name }}
+    key: {{ $config.sslRootCertSecret.key }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -0,0 +1,96 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster.name" -}}
+  {{- if .Values.nameOverride }}
+    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster.labels" -}}
+helm.sh/chart: {{ include "cluster.chart" $ }}
+{{ include "cluster.selectorLabels" $ }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.Version | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.cluster.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster.name" $ }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "cluster.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Postgres UID
+*/}}
+{{- define "cluster.postgresUID" -}}
+  {{- if ge (int .Values.cluster.postgresUID) 0 -}}
+    {{- .Values.cluster.postgresUID }}
+  {{- else -}}
+    {{- 26 -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Postgres GID
+*/}}
+{{- define "cluster.postgresGID" -}}
+  {{- if ge (int .Values.cluster.postgresGID) 0 -}}
+    {{- .Values.cluster.postgresGID }}
+  {{- else -}}
+    {{- 26 -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Generate recovery server name
+*/}}
+{{- define "cluster.recoveryServerName" -}}
+  {{- if .Values.recovery.recoveryServerName -}}
+    {{- .Values.recovery.recoveryServerName -}}
+  {{- else -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate name for recovery object store credentials
+*/}}
+{{- define "cluster.recoveryCredentials" -}}
+  {{- if .Values.recovery.endpointCredentials -}}
+    {{- .Values.recovery.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -0,0 +1,152 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ include "cluster.name" . }}-cluster
+  namespace: {{ include "cluster.namespace" . }}
+  {{- with .Values.cluster.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+spec:
+  instances: {{ .Values.cluster.instances }}
+  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
+  imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
+  {{- with .Values.cluster.imagePullSecrets }}
+  imagePullSecrets:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+  postgresUID: {{ include "cluster.postgresUID" . }}
+  postgresGID: {{ include "cluster.postgresGID" . }}
+  {{ if or (and (.Values.backup.enabled) (eq .Values.backup.method "objectStore")) (eq .Values.recovery.method "objectStore") }}
+  plugins:
+  {{ end }}
+  {{ if and (.Values.backup.enabled) (eq .Values.backup.method "objectStore") }}
+  {{ $context := . -}}
+  {{ range .Values.backup.objectStore -}}
+    - name: barman-cloud.cloudnative-pg.io
+      isWALArchiver: {{ .isWALArchiver }}
+      parameters:
+        barmanObjectName: "{{ include "cluster.name" $context }}-{{ .name }}-backup"
+  {{ end -}}
+  {{ end }}
+  {{ if eq .Values.recovery.method "objectStore" }}
+    - name: barman-cloud.cloudnative-pg.io
+      parameters:
+        barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
+  {{ end }}
+  storage:
+    size: {{ .Values.cluster.storage.size }}
+    {{- if not (empty .Values.cluster.storage.storageClass) }}
+    storageClass: {{ .Values.cluster.storage.storageClass }}
+    {{- end }}
+  {{- if .Values.cluster.walStorage.enabled }}
+  walStorage:
+    size: {{ .Values.cluster.walStorage.size }}
+    {{- if not (empty .Values.cluster.walStorage.storageClass) }}
+    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+    {{- end }}
+  {{- end }}
+  {{- with .Values.cluster.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  {{- with .Values.cluster.affinity }}
+  affinity:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.cluster.priorityClassName }}
+  priorityClassName: {{ .Values.cluster.priorityClassName }}
+  {{- end }}
+
+  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
+  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
+  logLevel: {{ .Values.cluster.logLevel }}
+  {{- with .Values.cluster.certificates }}
+  certificates:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
+  {{- with .Values.cluster.superuserSecret }}
+  superuserSecret:
+    name: {{ . }}
+  {{ end }}
+  enablePDB: {{ .Values.cluster.enablePDB }}
+
+  postgresql:
+    {{- if or (eq .Values.type "tensorchord") (not (empty .Values.cluster.postgresql.shared_preload_libraries)) }}
+    shared_preload_libraries:
+      {{- if eq .Values.type "tensorchord" }}
+      - vectors.so
+      {{- end }}
+      {{- with .Values.cluster.postgresql.shared_preload_libraries }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    {{- end }}
+    {{- with .Values.cluster.postgresql.pg_hba }}
+    pg_hba:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.cluster.postgresql.pg_ident }}
+    pg_ident:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.cluster.postgresql.ldap  }}
+    ldap:
+      {{- toYaml . | nindent 6 }}
+    {{- end}}
+    {{- with .Values.cluster.postgresql.synchronous }}
+    synchronous:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- with .Values.cluster.postgresql.parameters }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+
+  {{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
+  managed:
+    {{- with .Values.cluster.services }}
+    services:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- with .Values.cluster.roles }}
+    roles:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  {{- end }}
+
+  {{- with .Values.cluster.serviceAccountTemplate }}
+  serviceAccountTemplate:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
+  monitoring:
+    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+    disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
+    {{- if not (empty .Values.cluster.monitoring.customQueries) }}
+    customQueriesConfigMap:
+      - name: {{ include "cluster.name" . }}-monitoring
+        key: custom-queries
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.customQueriesSecret) }}
+    {{- with .Values.cluster.monitoring.customQueriesSecret }}
+    customQueriesSecret:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.podMonitor.relabelings) }}
+    {{- with .Values.cluster.monitoring.podMonitor.relabelings }}
+    podMonitorRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.podMonitor.metricRelabelings) }}
+    {{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
+    podMonitorMetricRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
+
+  {{ include "cluster.bootstrap" . | nindent 2 }}

charts/postgres-cluster/templates/config-map.yaml

@@ -0,0 +1,18 @@
+{{- if not (empty .Values.cluster.monitoring.customQueries) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "cluster.name" $ }}-monitoring
+  namespace: {{ include "cluster.namespace" $ }}
+  labels:
+    cnpg.io/reload: ""
+    {{- include "cluster.labels" $ | nindent 4 }}
+data:
+  custom-queries: |
+    {{- range .Values.cluster.monitoring.customQueries }}
+    {{ .name }}:
+      query: {{ .query | quote }}
+      metrics:
+        {{- .metrics | toYaml | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/postgres-cluster/templates/object-store.yaml

@@ -0,0 +1,99 @@
+{{ if and (.Values.backup.enabled) (eq .Values.backup.method "objectStore") }}
+{{ $context := . -}}
+{{ range .Values.backup.objectStore -}}
+---
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: "{{ include "cluster.name" $context }}-{{ .name }}-backup"
+  namespace: {{ include "cluster.namespace" $context }}
+  labels:
+    {{- include "cluster.labels" $context | nindent 4 }}
+spec:
+  retentionPolicy: {{ .retentionPolicy | default "30d" }}
+  configuration:
+    destinationPath: {{ .destinationPath | required "Destination path is required" }}
+    endpointURL: {{ .endpointURL | default "https://nyc3.digitaloceanspaces.com" }}
+    {{- if .endpointCA }}
+    endpointCA:
+      name: {{ .endpointCA.name }}
+      key: {{ .endpointCA.key }}
+    {{- end }}
+    {{- if .clusterName }}
+    serverName: "{{ .clusterName }}-backup-{{ .index }}"
+    {{- else }}
+    serverName: "{{ include "cluster.name" $context }}-backup-{{ .index }}"
+    {{- end }}
+    {{- if .wal }}
+    wal:
+      compression: {{ .wal.compression | default "snappy" }}
+      {{- with .wal.encryption }}
+      encryption: {{ . }}
+      {{- end }}
+      maxParallel: {{ .wal.maxParallel | default 1 }}
+    {{- end }}
+    {{- if .wal }}
+    data:
+      compression: {{ .data.compression | default "snappy"  }}
+      {{- with .data.encryption }}
+      encryption: {{ . }}
+      {{- end }}
+      jobs: {{ .data.jobs | default 1 }}
+    {{- end }}
+    s3Credentials:
+      accessKeyId:
+        {{- if .endpointCredentials }}
+        name: {{ .endpointCredentials }}
+        {{- else }}
+        name: {{- printf "%s-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-" -}}
+        {{- end }}
+        key: ACCESS_KEY_ID
+      secretAccessKey:
+        {{- if .endpointCredentials }}
+        name: {{ .endpointCredentials }}
+        {{- else }}
+        name: {{- printf "%s-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-" -}}
+        {{- end }}
+        key: ACCESS_SECRET_KEY
+{{ end -}}
+{{ end }}
+
+{{ if eq .Values.recovery.method "objectStore" }}
+---
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
+  namespace: {{ include "cluster.namespace" . }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+spec:
+  configuration:
+    destinationPath: {{ .Values.recovery.objectStore.destinationPath }}
+    endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
+    {{- if .Values.recovery.objectStore.endpointCA.name }}
+    endpointCA:
+      name: {{ .Values.recovery.objectStore.endpointCA.name }}
+      key: {{ .Values.recovery.objectStore.endpointCA.key }}
+    {{- end }}
+    serverName: {{ include "cluster.recoveryServerName" . }}
+    wal:
+      compression: {{ .Values.recovery.objectStore.wal.compression }}
+      {{- with .Values.recovery.objectStore.wal.encryption}}
+      encryption: {{ . }}
+      {{- end }}
+      maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
+    data:
+      compression: {{ .Values.recovery.objectStore.data.compression }}
+      {{- with .Values.recovery.objectStore.data.encryption }}
+      encryption: {{ . }}
+      {{- end }}
+      jobs: {{ .Values.recovery.objectStore.data.jobs }}
+    s3Credentials:
+      accessKeyId:
+        name: {{ include "cluster.recoveryCredentials" . }}
+        key: ACCESS_KEY_ID
+      secretAccessKey:
+        name: {{ include "cluster.recoveryCredentials" . }}
+        key: ACCESS_SECRET_KEY
+{{ end }}

charts/postgres-cluster/templates/poolers.yaml

@@ -0,0 +1,51 @@
+{{- range .Values.poolers }}
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Pooler
+metadata:
+  name: {{ include "cluster.name" $  }}-pooler-{{ .name }}
+  namespace: {{ include "cluster.namespace" $ }}
+  labels:
+    {{- include "cluster.labels" $ | nindent 4 }}
+spec:
+  cluster:
+    name: {{ include "cluster.name" $ }}
+  instances: {{ .instances }}
+  type: {{ default "rw" .type }}
+  pgbouncer:
+    poolMode: {{ default "session" .poolMode }}
+    {{- with .authQuerySecret }}
+    authQuerySecret:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .authQuery }}
+    authQuery:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .parameters }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .pg_hba }}
+    pg_hba:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{ with .monitoring }}
+  monitoring:
+  {{- if not (empty .podMonitor) }}
+    enablePodMonitor: {{ and .enabled .podMonitor.enabled }}
+    {{- with .podMonitor.relabelings }}
+    podMonitorRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- with .podMonitor.metricRelabelings }}
+    podMonitorMetricRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  {{- end }}
+  {{- end }}
+  {{- with .template }}
+  template:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}