change default cpu limit

* Update Helm release rabbitmq to v14

* update chart

* align comments for readability

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>

charts/home-assistant/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: home-assistant
-version: 0.1.9
+version: 0.1.10
 description: Chart for Home Assistant
 keywords:
   - home-automation

charts/home-assistant/values.yaml

@@ -56,7 +56,7 @@ codeserver:
   enabled: false
   image:
     repository: linuxserver/code-server
-    tag: 4.23.0
+    tag: 4.23.1
     imagePullPolicy: IfNotPresent
   env:
     TZ: UTC

charts/homepage/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: homepage
-version: 0.0.10
+version: 0.0.11
 description: Chart for benphelps homepage
 keywords:
   - dashboard
@@ -9,4 +9,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.11
+appVersion: v0.8.12

charts/homepage/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.11
+    tag: v0.8.12
     imagePullPolicy: IfNotPresent
   env:
   envFrom:

charts/matrix-hookshot/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: matrix-hookshot
-version: 0.1.0
+version: 0.1.1
 description: Chart for Matrix Hookshot
 keywords:
   - matrix
@@ -11,4 +11,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4
-appVersion: "5.2.1"
+appVersion: "5.3.0"

charts/matrix-hookshot/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: halfshot/matrix-hookshot
-    tag: "5.2.1"
+    tag: "5.3.0"
     imagePullPolicy: IfNotPresent
   env: {}
   envFrom: []
@@ -81,7 +81,7 @@ hookshot:
         resources:
           - widgets
 
-    #github:
+    # github:
     #  # (Optional) Configure this to enable GitHub support
     #  auth:
     #    # Authentication for the GitHub App.
@@ -104,7 +104,7 @@ hookshot:
     #    # (Optional) Prefix used when creating ghost users for GitHub accounts.
     #    _github_
 
-    #gitlab:
+    # gitlab:
     #  # (Optional) Configure this to enable GitLab support
     #  instances:
     #    gitlab.com:
@@ -119,7 +119,7 @@ hookshot:
     #    # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds)
     #    5000
 
-    #figma:
+    # figma:
     #  # (Optional) Configure this to enable Figma support
     #  publicUrl: https://example.com/hookshot/
     #  instances:
@@ -128,7 +128,7 @@ hookshot:
     #      accessToken: your-personal-access-token
     #      passcode: your-webhook-passcode
 
-    #jira:
+    # jira:
     #  # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
     #  webhook:
     #    # Webhook settings for JIRA
@@ -139,7 +139,7 @@ hookshot:
     #    client_secret: bar
     #    redirect_uri: https://example.com/oauth/
 
-    #generic:
+    # generic:
     #  # (Optional) Support for generic webhook events.
     #  #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
 
@@ -150,23 +150,23 @@ hookshot:
     #  allowJsTransformationFunctions: false
     #  waitForComplete: false
 
-    #feeds:
+    # feeds:
     #  # (Optional) Configure this to enable RSS/Atom feed support
     #  enabled: false
     #  pollConcurrency: 4
     #  pollIntervalSeconds: 600
     #  pollTimeoutSeconds: 30
 
-    #provisioning:
+    # provisioning:
     #  # (Optional) Provisioning API for integration managers
     #  secret: "!secretToken"
 
-    #bot:
+    # bot:
     #  # (Optional) Define profile information for the bot user
     #  displayname: Hookshot Bot
     #  avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
 
-    #serviceBots:
+    # serviceBots:
     #  # (Optional) Define additional bot users for specific services
     #  - localpart: feeds
     #    displayname: Feeds
@@ -174,21 +174,21 @@ hookshot:
     #    prefix: "!feeds"
     #    service: feeds
 
-    #metrics:
+    # metrics:
     #  # (Optional) Prometheus metrics support
     #  enabled: true
 
-    #cache:
+    # cache:
     #  # (Optional) Cache options for large scale deployments.
     #  # For encryption to work, this must be configured.
     #  redisUri: redis://localhost:6379
 
-    #queue:
+    # queue:
     #  # (Optional) Message queue configuration options for large scale deployments.
     #  # For encryption to work, this must not be configured.
     #  redisUri: redis://localhost:6379
 
-    #widgets:
+    # widgets:
     #  # (Optional) EXPERIMENTAL support for complimentary widgets
     #  addToAdminRooms: false
     #  disallowedIpRanges:
@@ -217,12 +217,12 @@ hookshot:
     #  branding:
     #    widgetTitle: Hookshot Configuration
 
-    #sentry:
+    # sentry:
     #  # (Optional) Configure Sentry error reporting
     #  dsn: https://examplePublicKey@o0.ingest.sentry.io/0
     #  environment: production
 
-    #permissions:
+    # permissions:
     #  # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
     #  - actor: example.com
     #    services:

charts/mautrix-whatsapp/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: mautrix-whatsapp
-version: 0.0.2
+version: 0.0.3
 description: Chart for Matrix Whatsapp Bridge
 keywords:
   - matrix
@@ -12,4 +12,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4
-appVersion: v0.10.6
+appVersion: v0.10.7

charts/mautrix-whatsapp/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: dock.mau.dev/mautrix/whatsapp
-    tag: v0.10.6
+    tag: v0.10.7
     imagePullPolicy: IfNotPresent
   env: {}
   envFrom: []
@@ -45,11 +45,9 @@ persistence:
   accessMode: ReadWriteOnce
   size: 500Mi
 
-
 # Reference the following for examples
 # https://github.com/mautrix/whatsapp/blob/main/example-config.yaml
 mautrixWhatsapp:
-
   # config.yml contents
   existingSecret: ""
   config:

charts/outline/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: outline
-version: 0.4.0
+version: 0.5.1
 description: Chart for Outline wiki
 keywords:
   - wiki
@@ -14,5 +14,5 @@ icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
 dependencies:
   - name: redis
     repository: https://charts.bitnami.com/bitnami
-    version: 19.1.0
+    version: 19.1.1
 appVersion: v0.75.2

charts/outline/templates/deployment.yaml

@@ -102,41 +102,14 @@ spec:
                 secretKeyRef:
                   name: "{{ .Values.persistence.s3.credentialsSecret }}"
                   key: AWS_SECRET_ACCESS_KEY
-          {{- if .Values.persistence.s3.endpointConfigMap.enabled }}
-            - name: AWS_REGION
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_REGION
-            - name: AWS_S3_UPLOAD_BUCKET_NAME
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_NAME
-            - name: AWS_S3_UPLOAD_BUCKET_HOST
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_HOST
-            - name: AWS_S3_UPLOAD_BUCKET_PORT
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_PORT
-            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
-            - name: AWS_S3_ACCELERATE_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"         
-          {{- else }}
             - name: AWS_REGION
               value: "{{ .Values.persistence.s3.region }}"
             - name: AWS_S3_UPLOAD_BUCKET_NAME
               value: "{{ .Values.persistence.s3.bucketName }}"
             - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
+              value: "{{ .Values.persistence.s3.bucketUrl }}"
             - name: AWS_S3_ACCELERATE_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"              
-          {{- end }}
+              value: "{{ .Values.persistence.s3.bucketUrl }}"
             - name: AWS_S3_FORCE_PATH_STYLE
               value: "{{ .Values.persistence.s3.forcePathStyle }}"
             - name: AWS_S3_ACL

charts/outline/values.yaml

@@ -24,13 +24,9 @@ persistence:
   type: s3
   s3:
     credentialsSecret:
-    endpointConfigMap:
-      enabled: false
-      name:
     region:
     bucketName:
-    host:
-    urlProtocol: http
+    bucketUrl:
     uploadMaxSize: "26214400"
     forcePathStyle: false
     acl: private

charts/postgres-cluster-upgrade/Chart.yaml

@@ -1,14 +0,0 @@
-apiVersion: v2
-name: postgres-cluster-upgrade
-version: 0.1.2
-description: Chart for upgrading a cloudnative-pg cluster in the same namespace
-keywords:
-  - database
-  - postgres
-  - upgrade
-sources:
-  - https://github.com/cloudnative-pg/cloudnative-pg
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.22.2

charts/postgres-cluster-upgrade/README.md

@@ -1,19 +0,0 @@
-## Introduction
-
-[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
-
-CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
-
-This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster upgraade on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-The process is designed to be used in conjunction with the [postgres-cluster](https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster) chart. The cluster in this chart connects to the orignal cluster, peforms an upgrade, then backups to the objectStore endpoint. Afterwards the upgrade cluster is removed and the orignal cluster bootstraps from the upgrade's backup.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- CloudNative PG Operator
-
-## Parameters
-
-See the [values files](values.yaml).

charts/postgres-cluster-upgrade/templates/backup.yaml

@@ -1,17 +0,0 @@
-{{- if .Values.backup.inititeBackup }}
-apiVersion: postgresql.cnpg.io/v1
-kind: Backup
-metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  method: barmanObjectStore
-  cluster:
-    name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
-{{- end }}

charts/postgres-cluster-upgrade/templates/postgresql-cluster.yaml

@@ -1,68 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  instances: {{ .Values.cluster.instances }}
-  affinity:
-    enablePodAntiAffinity: true
-    topologyKey: kubernetes.io/hostname
-  postgresql:
-    parameters:
-      {{- toYaml .Values.cluster.parameters | nindent 6 }}
-  resources:
-    {{- toYaml .Values.cluster.resources | nindent 4 }}
-  storage:
-    storageClass: {{ .Values.cluster.storage.data.storageClass }}
-    size: {{ .Values.cluster.storage.data.size }}
-  walStorage:
-    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
-    size: {{ .Values.cluster.storage.wal.size }}
-  monitoring:
-    enablePodMonitor: true
-
-  bootstrap:
-    initdb:
-      import:
-        type: {{ .Values.upgrade.importType }}
-        databases:
-          {{- toYaml .Values.upgrade.importDatabases | nindent 10 }}
-        source:
-          externalCluster: "postgresql-{{ .Release.Name }}-cluster"
-  externalClusters:
-    - name: "postgresql-{{ .Release.Name }}-cluster"
-      connectionParameters:
-        host: "postgresql-{{ .Release.Name }}-cluster-rw"
-        user: app
-        dbname: app
-      password:
-        name: "postgresql-{{ .Release.Name }}-cluster-app"
-        key: password
-
-  {{- if .Values.backup.backupEnabled }}
-  backup:
-    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
-    barmanObjectStore:
-      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
-      endpointURL: {{ .Values.backup.endpointURL }}
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
-      s3Credentials:
-        accessKeyId:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_KEY_ID
-        secretAccessKey:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_SECRET_KEY
-      data:
-        compression: {{ .Values.cluster.compression }}
-      wal:
-        compression: {{ .Values.cluster.compression }}
-  {{- end }}

charts/postgres-cluster-upgrade/values.yaml

@@ -1,37 +0,0 @@
-cluster:
-  name:
-  image:
-    repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 16.2
-  instances: 1
-  parameters:
-    shared_buffers: 128MB
-    max_slot_wal_keep_size: 2000MB
-    hot_standby_feedback: "on"
-  compression: snappy
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 100m
-    limits:
-      memory: 2Gi
-      cpu: 1500m
-      hugepages-2Mi: 512Mi
-  storage:
-    data:
-      storageClass:
-      size: 10Gi
-    wal:
-      storageClass:
-      size: 2Gi
-upgrade:
-  importType: microservice
-  importDatabases:
-    - app
-backup:
-  backupEnabled: false
-  inititeBackup: false  
-  retentionPolicy: 3d  
-  backupIndex: 1
-  endpointURL:
-  bucket:

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.3.0
+version: 2.4.0
 description: Chart for cloudnative-pg cluster
 keywords:
   - database

charts/postgres-cluster/templates/_backup.tpl

@@ -0,0 +1,30 @@
+{{- define "cluster.backup" -}}
+{{- if .Values.backup.enabled }}
+backup:
+  retentionPolicy: {{ .Values.backup.retentionPolicy }}
+  barmanObjectStore:
+    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.backupName" . }}"
+    endpointURL: {{ .Values.backup.endpointURL }}
+    {{- if .Values.backup.endpointCA }}
+    endpointCA:
+      name: {{ .Values.backup.endpointCA }}
+      key: ca-bundle.crt
+    {{- end }}
+    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
+    s3Credentials:
+      accessKeyId:
+        name: {{ include "cluster.backupCredentials" . }}
+        key: ACCESS_KEY_ID
+      secretAccessKey:
+        name: {{ include "cluster.backupCredentials" . }}
+        key: ACCESS_SECRET_KEY
+    wal:
+      compression: {{ .Values.backup.wal.compression }}
+      encryption: {{ .Values.backup.wal.encryption }}
+      maxParallel: {{ .Values.backup.wal.maxParallel }}
+    data:
+      compression: {{ .Values.backup.data.compression }}
+      encryption: {{ .Values.backup.data.encryption }}
+      jobs: {{ .Values.backup.data.jobs }}
+{{- end }}
+{{- end }}

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -0,0 +1,91 @@
+{{- define "cluster.bootstrap" -}}
+bootstrap:
+{{- if eq .Values.mode "standalone" }}
+  initdb:
+    {{- with .Values.cluster.initdb }}
+    {{- with (omit . "postInitApplicationSQL") }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+    {{- end }}
+    postInitApplicationSQL:
+      {{- if eq .Values.type "postgis" }}
+      - CREATE EXTENSION IF NOT EXISTS postgis;
+      - CREATE EXTENSION IF NOT EXISTS postgis_topology;
+      - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
+      - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
+      {{- else if eq .Values.type "timescaledb" }}
+      - CREATE EXTENSION IF NOT EXISTS timescaledb;
+      {{- end }}
+      {{- with .Values.cluster.initdb }}
+      {{- range .postInitApplicationSQL }}
+      {{- printf "- %s" . | nindent 6 }}
+      {{- end }}
+      {{- end }}
+{{- else if eq .Values.mode "replica" }}
+  initdb:
+    import:
+      type: {{ .Values.replica.importType }}
+      databases:
+        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
+          {{ fail "Too many databases in import type of microservice!" }}
+        {{- else}}
+        {{- with .Values.replica.importDatabases }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+        {{- end }}        
+      {{- if eq .Values.replica.importType "monolith" }}
+      roles:
+        {{- with .Values.replica.importRoles }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
+      postImportApplicationSQL:
+        {{- with .Values.replica.postImportApplicationSQL }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}      
+      {{- end }}
+      source:
+        externalCluster: "{{ include "cluster.name" . }}-cluster"
+externalClusters:
+  - name: "{{ include "cluster.name" . }}-cluster"
+    {{- with .Values.replica.externalCluster }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}    
+{{- else if eq .Values.mode "recovery" }}
+  recovery:
+    {{- with .Values.recovery.pitrTarget.time }}
+    recoveryTarget:
+      targetTime: {{ . }}
+    {{- end }}
+    source: {{ include "cluster.recoveryServerName" . }}
+externalClusters:
+  - name: {{ include "cluster.recoveryServerName" . }}
+    barmanObjectStore:
+      serverName: {{ include "cluster.recoveryServerName" . }}
+      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.recoveryInstanceName" . }}"
+      endpointURL: {{ .Values.recovery.endpointURL }}
+      {{- with .Values.recovery.endpointCA }}
+      endpointCA:
+        name: {{ . }}
+        key: ca-bundle.crt
+      {{- end }}
+      s3Credentials:
+        accessKeyId:
+          name: {{ include "cluster.recoveryCredentials" . }}
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: {{ include "cluster.recoveryCredentials" . }}
+          key: ACCESS_SECRET_KEY
+      wal:
+        compression: {{ .Values.recovery.wal.compression }}
+        encryption: {{ .Values.recovery.wal.encryption }}
+        maxParallel: {{ .Values.recovery.wal.maxParallel }}
+      data:
+        compression: {{ .Values.recovery.data.compression }}
+        encryption: {{ .Values.recovery.data.encryption }}
+        jobs: {{ .Values.recovery.data.jobs }}
+{{- else }}
+  {{ fail "Invalid cluster mode!" }}
+{{- end }}
+{{- end }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -0,0 +1,91 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster.name" -}}
+  {{- if .Values.nameOverride }}
+    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster.labels" -}}
+helm.sh/chart: {{ include "cluster.chart" . }}
+{{ include "cluster.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: cloudnative-pg
+{{- end }}
+
+{{/*
+Generate name for object store credentials
+*/}}
+{{- define "cluster.recoveryCredentials" -}}
+  {{- if .Values.recovery.endpointCredentials -}}
+    {{- .Values.recovery.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{- define "cluster.backupCredentials" -}}
+  {{- if .Values.backup.endpointCredentials -}}
+    {{- .Values.backup.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate backup server name
+*/}}
+{{- define "cluster.backupName" -}}
+  {{- if .Values.backup.backupName -}}
+    {{- .Values.backup.backupName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}
+
+
+{{/*
+Generate recovery server name
+*/}}
+{{- define "cluster.recoveryServerName" -}}
+  {{- if .Values.recovery.recoveryServerName -}}
+    {{- .Values.recovery.recoveryServerName -}}
+  {{- else -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) .Values.recovery.recoveryIndex | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate recovery instance name
+*/}}
+{{- define "cluster.recoveryInstanceName" -}}
+  {{- if .Values.recovery.recoveryInstanceName -}}
+    {{- .Values.recovery.recoveryInstanceName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -0,0 +1,52 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ include "cluster.name" . }}-cluster
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.cluster.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  instances: {{ .Values.cluster.instances }}
+  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
+  imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
+  postgresUID: {{ .Values.cluster.postgresUID }}
+  postgresGID: {{ .Values.cluster.postgresGID }}
+  walStorage:
+    size: {{ .Values.cluster.walStorage.size }}
+    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+  storage:
+    size: {{ .Values.cluster.storage.size }}
+    storageClass: {{ .Values.cluster.storage.storageClass }}
+  {{- with .Values.cluster.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  {{- with .Values.cluster.affinity }}
+  affinity:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  priorityClassName: {{ .Values.cluster.priorityClassName }}
+  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
+  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
+  logLevel: {{ .Values.cluster.logLevel }}
+  postgresql:
+    shared_preload_libraries:
+      {{- if eq .Values.type "timescaledb" }}
+      - timescaledb
+      {{- end }}
+    {{- with .Values.cluster.postgresql.parameters }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  monitoring:
+    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+
+  {{ include "cluster.bootstrap" . | nindent 2 }}
+  {{ include "cluster.backup" . | nindent 2 }}

charts/postgres-cluster/templates/postgresql-cluster.yaml

@@ -1,81 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: postgresql
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  instances: {{ .Values.cluster.instances }}
-  replicationSlots:
-    highAvailability:
-      enabled: true
-  affinity:
-    enablePodAntiAffinity: true
-    topologyKey: kubernetes.io/hostname
-  postgresql:
-    parameters:
-      {{- toYaml .Values.cluster.parameters | nindent 6 }}
-  resources:
-    {{- toYaml .Values.cluster.resources | nindent 4 }}
-  storage:
-    storageClass: {{ .Values.cluster.storage.data.storageClass }}
-    size: {{ .Values.cluster.storage.data.size }}
-  walStorage:
-    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
-    size: {{ .Values.cluster.storage.wal.size }}
-  monitoring:
-    enablePodMonitor: true
-
-  {{- if .Values.bootstrap.initdbEnabled }}
-  bootstrap:
-    initdb:
-      {{- toYaml .Values.bootstrap.initdb | nindent 6 }}
-  {{- end }}
-
-  {{- if .Values.bootstrap.recoveryEnabled }}
-  bootstrap:
-    recovery:
-      source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
-  externalClusters:
-    - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
-      barmanObjectStore:
-        endpointURL: {{ .Values.bootstrap.endpointURL }}
-        destinationPath: "s3://{{ .Values.bootstrap.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
-        s3Credentials:
-          accessKeyId:
-            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-            key: ACCESS_KEY_ID
-          secretAccessKey:
-            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-            key: ACCESS_SECRET_KEY
-        data:
-          compression: {{ .Values.cluster.compression }}
-        wal:
-          compression: {{ .Values.cluster.compression }}
-  {{- end }}
-
-  {{- if .Values.backup.backupEnabled }}
-  backup:
-    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
-    barmanObjectStore:
-      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
-      endpointURL: {{ .Values.backup.endpointURL }}
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
-      s3Credentials:
-        accessKeyId:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_KEY_ID
-        secretAccessKey:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_SECRET_KEY
-      data:
-        compression: {{ .Values.cluster.compression }}
-      wal:
-        compression: {{ .Values.cluster.compression }}
-  {{- end }}

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -0,0 +1,30 @@
+{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "cluster.name" . }}-alert-rules
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  groups:
+    - name: cloudnative-pg/{{ include "cluster.name" . }}
+      rules:
+        {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
+        {{- $_ := set $dict "value"       "{{ $value }}" -}}
+        {{- $_ := set $dict "namespace"   .Release.Namespace -}}
+        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
+        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
+        {{- $_ := set $dict "Values"      .Values -}}
+        {{- $_ := set $dict "Template"    .Template -}}
+        {{- range $path, $_ := .Files.Glob  "prometheus_rules/**.yaml" }}
+        {{- $tpl := tpl ($.Files.Get $path) $dict | nindent 10 | trim -}}
+        {{- with $tpl }}
+        - {{ $tpl }}
+        {{- end -}}
+        {{- end -}}
+{{ end }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -1,16 +1,18 @@
+{{ if .Values.backup.enabled }}
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster-backup"
+  name: {{ include "cluster.name" . }}-scheduled-backup
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: postgresql
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
 spec:
+  immediate: true
   schedule: {{ .Values.backup.schedule }}
   backupOwnerReference: self
   cluster:
-    name: "postgresql-{{ .Release.Name }}-cluster"
+    name: {{ include "cluster.name" . }}-cluster
+{{ end }}

charts/postgres-cluster/values.yaml

@@ -1,42 +1,198 @@
+# -- Override the name of the cluster
+nameOverride: ""
+
+###
+# -- Type of the CNPG database. Available types:
+# * `postgresql`
+# * `postgis`
+# * `timescaledb`
+type: postgresql
+
+###
+# Cluster mode of operation. Available modes:
+# * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
+# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
+# * `replica` - Create database as a replica from another CNPG cluster
+mode: standalone
+
+# Generates bucket name and path for recovery and backup, creates: <endpointBucket>/<clusterName>/postgresql/{{ .Release.Name }}
+kubernetesClusterName: ""
+
 cluster:
-  name:
+  instances: 3
+
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 16.2
-  instances: 3
+    tag: "16.2"
+    pullPolicy: IfNotPresent
+
+  # The UID and GID of the postgres user inside the image
+  postgresUID: 26
+  postgresGID: 26
+
+  walStorage:
+    size: 2Gi
+    storageClass: ""
+  storage:
+    size: 10Gi
+    storageClass: ""
+
+  resources:
+    requests:
+      memory: 256Mi
+      cpu: 10m
+    limits:
+      memory: 1Gi
+      cpu: 1000m
+      hugepages-2Mi: 256Mi
+
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
+  affinity:
+    enablePodAntiAffinity: true
+    topologyKey: kubernetes.io/hostname
+
+  additionalLabels: {}
+  annotations: {}
+
+  priorityClassName: ""
+
+  # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated. It can be switchover (default) or in-place (restart).
+  primaryUpdateMethod: switchover
+
+  # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
+  primaryUpdateStrategy: unsupervised
+
+  logLevel: "info"
+
+  monitoring:
+    enabled: false
+    podMonitor:
+      enabled: true
+    prometheusRule:
+      enabled: true
+      excludeRules: []
+
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
+  postgresql:
     parameters:
       shared_buffers: 128MB
       max_slot_wal_keep_size: 2000MB
       hot_standby_feedback: "on"
-  compression: snappy
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 100m
-    limits:
-      memory: 2Gi
-      cpu: 1500m
-      hugepages-2Mi: 512Mi
-  storage:
-    data:
-      storageClass:
-      size: 10Gi
-    wal:
-      storageClass:
-      size: 2Gi
-bootstrap:
-  recoveryEnabled: false
+
+  # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
+  # See: https://cloudnative-pg.io/documentation/current/bootstrap/
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
+  initdb: {}
+    # database: app
+    # owner: app
+    # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+    # postInitApplicationSQL:
+    #   - CREATE TABLE IF NOT EXISTS example;
+
+recovery:
+  # Point in time recovery target in RFC3339 format
+  pitrTarget:
+    time: ""
+
+  # Overrides the provider specific default endpoint. Defaults to:
+  # S3: https://s3.<region>.amazonaws.com"
+  endpointURL: ""
+  endpointBucket: ""
+
+  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  endpointCA: ""
+
+  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  endpointCredentials: ""
+
+  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
   recoveryIndex: 1
-  endpointURL:
-  bucket:
-  initdbEnabled: false
-  initdb:
-    database: app
-    owner: app
+
+  # Name of the recovery cluster in the object store, defaults to "cluster.name"
+  recoveryServerName: ""
+
+  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
+  recoveryInstanceName: ""
+
+  wal:
+    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of WAL files to be archived or restored in parallel.
+    maxParallel: 2
+  data:
+    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of data files to be archived or restored in parallel.
+    jobs: 2
+
+replica:
+  # See https://cloudnative-pg.io/documentation/current/database_import/
+  # * `microservice` - Single database import as expected from cnpg clusters
+  # * `monolith` - Import multiple databases and roles
+  importType: microservice
+
+  # If type microservice only one database is allowed, default is app as standard in cnpg clusters
+  importDatabases:
+    - app
+  
+  # If type microservice no roles are imported and ignored
+  importRoles: []
+
+  # If import type is monolith postImportApplicationSQL is not supported and ignored
+  postImportApplicationSQL: []
+
+  # External cluster connection, password specifies a secret name and the key containing the password value
+  externalCluster:
+    connectionParameters:
+      host: postgresql
+      user: app
+      dbname: app
+    password:
+      name: postgresql
+      key: password
+
 backup:
-  backupEnabled: true
-  schedule: "0 0 0 * * *"
-  retentionPolicy: 14d
+  enabled: false
+
+  # Overrides the provider specific default endpoint
+  endpointURL: ""
+  endpointBucket: ""
+
+  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  endpointCA: ""
+
+  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  endpointCredentials: ""
+
+  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
   backupIndex: 1
-  endpointURL:
-  bucket:
+
+  # Name of the backup cluster in the object store, defaults to "cluster.name"
+  backupName: ""
+
+  wal:
+    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of WAL files to be archived or restored in parallel.
+    maxParallel: 2
+  data:
+    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of data files to be archived or restored in parallel.
+    jobs: 2
+
+  # Retention policy for backups
+  retentionPolicy: "30d"
+
+  # Scheduled backup in cron format
+  schedule: "0 0 0 * * *"

charts/taiga/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: taiga
+version: 0.2.0
+description: Chart for Taiga
+keywords:
+  - kanban
+  - project management
+sources:
+  - https://github.com/taigaio
+  - https://github.com/rabbitmq/rabbitmq-server
+  - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
+dependencies:
+  - name: rabbitmq
+    version: 14.0.1
+    repository: https://charts.bitnami.com/bitnami
+    alias: async-rabbitmq
+  - name: rabbitmq
+    version: 14.0.1
+    repository: https://charts.bitnami.com/bitnami
+    alias: events-rabbitmq
+appVersion: 6.7.7

charts/taiga/README.md

@@ -0,0 +1,17 @@
+## Introduction
+
+[Taiga 6](https://github.com/taigaio)
+
+Intuitive and simple, yet feature complete Kanban board
+
+This chart bootstraps a [Taiga](https://github.com/taigaio) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+
+## Parameters
+
+See the [values files](values.yaml).

charts/taiga/templates/_helpers.tpl

@@ -0,0 +1,135 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "taiga.name" -}}
+  {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "taiga.fullname" -}}
+  {{- if .Values.global.fullnameOverride -}}
+    {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+  {{- else -}}
+    {{- $name := default .Chart.Name .Values.global.nameOverride -}}
+    {{- if contains $name .Release.Name -}}
+      {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- else -}}
+      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label
+*/}}
+{{- define "taiga.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "taiga.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Common labels for specific components
+*/}}
+{{- define "taiga.back.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-back
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- define "taiga.async.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-async
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- define "taiga.front.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-front
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- define "taiga.events.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-events
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- define "taiga.protected.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+*/}}
+{{- define "taiga.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.back.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-back
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.async.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-async
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.front.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-front
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.events.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-events
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.protected.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "taiga.serviceAccountName" -}}
+  {{- if .Values.serviceAccount.create -}}
+    {{ default (include "taiga.fullname" .) .Values.serviceAccount.name }}
+  {{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the static persistent volume
+*/}}
+{{- define "taiga.staticVolumeName" -}}
+  {{- if .Values.persistence.static.existingClaim -}}
+    {{ .Values.persistence.static.existingClaim }}
+  {{- else -}}
+    {{ printf "%s-static" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the media persistent volume
+*/}}
+{{- define "taiga.mediaVolumeName" -}}
+  {{- if .Values.persistence.media.existingClaim -}}
+    {{ .Values.persistence.media.existingClaim }}
+  {{- else -}}
+    {{ printf "%s-media" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
+  {{- end -}}
+{{- end -}}

charts/taiga/templates/config-map.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.createInitialUser }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "taiga.fullname" . }}-create-initial-user
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+data:
+  createinitialuser.sh: |
+    #!/bin/sh
+    echo """
+    import time
+    import requests
+    import subprocess
+
+    print('Waiting for backend ...')
+    while requests.get('http://{{ template "taiga.fullname" . }}-back/api/v1/').status_code != 200:
+        print('...')
+        time.sleep(2)
+
+    if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
+        print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
+    else:
+        print('Admin user yet created.')
+        """ > /tmp/create_superuser.py
+        python /tmp/create_superuser.py
+{{- end }}

charts/taiga/templates/deployment-back.yaml

@@ -0,0 +1,515 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "taiga.fullname" . }}-back
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.back.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.back.replicas }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "taiga.back.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "taiga.back.labels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ template "taiga.name" . }}-back
+      annotations:
+        {{- with .Values.back.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        {{- with .Values.back.affinity }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.back.nodeSelector }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.back.tolerations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
+      securityContext:
+        {{- with .Values.back.securityContext }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: {{ template "taiga.fullname" . }}-back
+          image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
+          imagePullPolicy: {{ .Values.back.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.back.resources | nindent 12 }}
+          ports:
+            - name: taiga-back
+              containerPort: {{ .Values.back.service.port }}
+              protocol: TCP
+          volumeMounts:
+            - name: taiga-static
+              mountPath: /taiga-back/static
+            - name: taiga-media
+              mountPath: /taiga-back/media
+          env:
+            - name: TAIGA_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.secretKey.existingSecretName }}"
+                  key: "{{ .Values.secretKey.existingSecretKey }}"
+            - name: ENABLE_TELEMETRY
+              value: "{{ .Values.enableTelemetry }}"
+            - name: PUBLIC_REGISTER_ENABLED
+              value: "{{ .Values.publicRegisterEnabled }}"
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.usernameKey }}"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.passwordKey }}"
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.databaseNameKey }}"
+            - name: POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.hostKey }}"
+
+          {{ if .Values.oidc.enabled }}
+            - name: OIDC_ENABLED
+              value: "True"
+            - name: OIDC_SCOPES
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.scopesKey }}"
+            - name: OIDC_SIGN_ALGO
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.signatureAlgorithmKey }}"
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.clientIdKey }}"
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.clientSecretKey }}"
+            - name: OIDC_BASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.baseUrlKey }}"
+            - name: OIDC_JWKS_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.jwksEndpointKey }}"
+            - name: OIDC_AUTHORIZATION_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.authorizationEndpointKey }}"
+            - name: OIDC_TOKEN_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.tokenEndpointKey }}"
+            - name: OIDC_USER_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.userEndpointKey }}"
+          {{ end }}
+
+          {{ if .Values.email.enabled }}
+            - name: EMAIL_BACKEND
+              value: "django.core.mail.backends.smtp.EmailBackend"
+            - name: DEFAULT_FROM_EMAIL
+              value: "{{ .Values.email.from }}"
+            - name: EMAIL_HOST
+              value: "{{ .Values.email.host }}"
+            - name: EMAIL_PORT
+              value: "{{ .Values.email.port }}"
+            - name: EMAIL_USE_TLS
+              value: "{{ .Values.email.tls }}"
+            - name: EMAIL_USE_SSL
+              value: "{{ .Values.email.ssl }}"
+            - name: EMAIL_HOST_USER
+              value: "{{ .Values.email.user }}"
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.email.existingPasswordSecret }}"
+                  key: "{{ .Values.email.existingSecretPasswordKey }}"
+          {{ end }}
+
+            - name: ENABLE_GITHUB_AUTH
+              value: "false"
+            - name: ENABLE_GITLAB_AUTH
+              value: "false"
+            - name: ENABLE_SLACK
+              value: "{{ .Values.enableSlack }}"
+
+          {{ if .Values.githubImporter.enabled }}
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "True"
+            - name: GITHUB_API_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.githubImporter.existingSecretName }}"
+                  key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
+            - name: GITHUB_API_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.githubImporter.existingSecretName }}"
+                  key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
+          {{ else }}
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "False"
+          {{ end }}
+
+          {{ if .Values.jiraImporter.enabled }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "True"
+            - name: JIRA_IMPORTER_CONSUMER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
+            - name: JIRA_IMPORTER_CERT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
+            - name: JIRA_IMPORTER_PUB_CERT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
+          {{ else }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "False"
+          {{ end }}
+
+          {{ if .Values.trelloImporter.enabled }}
+            - name: ENABLE_TRELLO_IMPORTER
+              value: "True"
+            - name: TRELLO_IMPORTER_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.trelloImporter.existingSecretName }}"
+                  key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
+            - name: TRELLO_IMPORTER_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.trelloImporter.existingSecretName }}"
+                  key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
+          {{ else }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "False"
+          {{ end }}
+
+            - name: RABBITMQ_USER
+              value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
+            - name: RABBITMQ_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
+                  key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
+
+          {{ if .Values.ingress.enabled }}
+            - name: TAIGA_SITES_DOMAIN
+              value: "{{ .Values.ingress.host }}"
+            - name: TAIGA_SITES_SCHEME
+              value: "https"
+            - name: SESSION_COOKIE_SECURE
+              value: "True"
+            - name: CSRF_COOKIE_SECURE
+              value: "True"
+          {{- end }}
+
+          {{- if .Values.back.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.back.service.port }}
+            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.back.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.back.service.port }}
+            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
+          {{- end }}
+
+        - name: {{ template "taiga.fullname" . }}-async
+          image: "{{ .Values.async.image.repository }}:{{ .Values.async.image.tag }}"
+          imagePullPolicy: {{ .Values.async.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.async.resources | nindent 12 }}
+          command:
+            - /taiga-back/docker/async_entrypoint.sh
+          volumeMounts:
+            - name: taiga-static
+              mountPath: /taiga-back/static
+            - name: taiga-media
+              mountPath: /taiga-back/media
+          env:
+            - name: TAIGA_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.secretKey.existingSecretName }}"
+                  key: "{{ .Values.secretKey.existingSecretKey }}"
+            - name: ENABLE_TELEMETRY
+              value: "{{ .Values.enableTelemetry }}"
+            - name: PUBLIC_REGISTER_ENABLED
+              value: "{{ .Values.publicRegisterEnabled }}"
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.usernameKey }}"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.passwordKey }}"
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.databaseNameKey }}"
+            - name: POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.hostKey }}"
+
+          {{ if .Values.oidc.enabled }}
+            - name: OIDC_ENABLED
+              value: "True"
+            - name: OIDC_SCOPES
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.scopesKey }}"
+            - name: OIDC_SIGN_ALGO
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.signatureAlgorithmKey }}"
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.clientIdKey }}"
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.clientSecretKey }}"
+            - name: OIDC_BASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.baseUrlKey }}"
+            - name: OIDC_JWKS_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.jwksEndpointKey }}"
+            - name: OIDC_AUTHORIZATION_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.authorizationEndpointKey }}"
+            - name: OIDC_TOKEN_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.tokenEndpointKey }}"
+            - name: OIDC_USER_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.userEndpointKey }}"
+          {{ end }}
+
+          {{ if .Values.email.enabled }}
+            - name: EMAIL_BACKEND
+              value: "django.core.mail.backends.smtp.EmailBackend"
+            - name: DEFAULT_FROM_EMAIL
+              value: "{{ .Values.email.from }}"
+            - name: EMAIL_HOST
+              value: "{{ .Values.email.host }}"
+            - name: EMAIL_PORT
+              value: "{{ .Values.email.port }}"
+            - name: EMAIL_USE_TLS
+              value: "{{ .Values.email.tls }}"
+            - name: EMAIL_USE_SSL
+              value: "{{ .Values.email.ssl }}"
+            - name: EMAIL_HOST_USER
+              value: "{{ .Values.email.user }}"
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.email.existingPasswordSecret }}"
+                  key: "{{ .Values.email.existingSecretPasswordKey }}"
+          {{ end }}
+
+            - name: ENABLE_GITHUB_AUTH
+              value: "false"
+            - name: ENABLE_GITLAB_AUTH
+              value: "false"
+            - name: ENABLE_SLACK
+              value: "{{ .Values.enableSlack }}"
+
+          {{ if .Values.githubImporter.enabled }}
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "True"
+            - name: GITHUB_API_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.githubImporter.existingSecretName }}"
+                  key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
+            - name: GITHUB_API_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.githubImporter.existingSecretName }}"
+                  key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
+          {{ else }}
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "False"
+          {{ end }}
+
+          {{ if .Values.jiraImporter.enabled }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "True"
+            - name: JIRA_IMPORTER_CONSUMER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
+            - name: JIRA_IMPORTER_CERT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
+            - name: JIRA_IMPORTER_PUB_CERT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
+          {{ else }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "False"
+          {{ end }}
+
+          {{ if .Values.trelloImporter.enabled }}
+            - name: ENABLE_TRELLO_IMPORTER
+              value: "True"
+            - name: TRELLO_IMPORTER_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.trelloImporter.existingSecretName }}"
+                  key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
+            - name: TRELLO_IMPORTER_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.trelloImporter.existingSecretName }}"
+                  key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
+          {{ else }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "False"
+          {{ end }}
+
+            - name: RABBITMQ_USER
+              value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
+            - name: RABBITMQ_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
+                  key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
+
+          {{ if .Values.ingress.enabled }}
+            - name: TAIGA_SITES_DOMAIN
+              value: "{{ .Values.ingress.host }}"
+            - name: TAIGA_SITES_SCHEME
+              value: "https"
+            - name: SESSION_COOKIE_SECURE
+              value: "True"
+            - name: CSRF_COOKIE_SECURE
+              value: "True"
+          {{- end }}
+
+          {{- if .Values.back.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.back.service.port }}
+            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.back.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.back.service.port }}
+            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
+          {{- end }}
+
+      volumes:
+        - name: taiga-static
+      {{- if .Values.persistence.static.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "taiga.staticVolumeName" . }}
+      {{- else }}
+          emptyDir: {}
+      {{- end }}
+        - name: taiga-media
+      {{- if .Values.persistence.media.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "taiga.mediaVolumeName" . }}
+      {{- else }}
+          emptyDir: {}
+      {{- end }}

charts/taiga/templates/deployment-events.yaml

@@ -0,0 +1,101 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "taiga.fullname" . }}-events
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.events.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.events.replicas }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "taiga.events.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "taiga.events.labels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ template "taiga.name" . }}-events
+      annotations:
+        {{- with .Values.events.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        {{- with .Values.events.affinity }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.events.nodeSelector }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.events.tolerations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
+      securityContext:
+        {{- with .Values.events.securityContext }}
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "taiga.fullname" . }}-events
+          image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}"
+          imagePullPolicy: {{ .Values.events.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.events.resources | nindent 12 }}
+          ports:
+            - name: taiga-events
+              containerPort: {{ .Values.events.service.http.port }}
+              protocol: TCP
+            - name: taiga-app
+              containerPort: {{ .Values.events.service.app.port }}
+              protocol: TCP
+          env:
+            - name: TAIGA_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.secretKey.existingSecretName }}"
+                  key: "{{ .Values.secretKey.existingSecretKey }}"
+            - name: RABBITMQ_USER
+              value: "{{ index .Values "events-rabbitmq" "auth" "username" }}"
+            - name: RABBITMQ_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ index .Values "events-rabbitmq" "auth" "existingPasswordSecret" }}
+                  key: {{ index .Values "events-rabbitmq" "auth" "existingSecretPasswordKey" }}
+            - name: APP_PORT
+              value: "{{ .Values.events.service.app.port }}"
+
+          {{- if .Values.events.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.events.service.app.port }}
+            initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.events.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.events.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.events.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.events.service.app.port }}
+            initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.events.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.events.readinessProbe.failureThreshold }}
+          {{- end }}

charts/taiga/templates/deployment-front.yaml

@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "taiga.fullname" . }}-front
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.front.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.front.replicas }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "taiga.front.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "taiga.front.labels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ template "taiga.name" . }}-front
+      annotations:
+        {{- with .Values.front.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        {{- with .Values.front.affinity }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.front.nodeSelector }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.front.tolerations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
+      securityContext:
+        {{- with .Values.front.securityContext }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: {{ template "taiga.fullname" . }}-front
+          image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
+          imagePullPolicy: {{ .Values.front.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.front.resources | nindent 12 }}
+          ports:
+            - name: taiga-front
+              containerPort: {{ .Values.front.service.port }}
+              protocol: TCP
+          env:
+          {{ if .Values.ingress.enabled }}
+            - name: TAIGA_URL
+              value: "https://{{ .Values.ingress.host }}"
+          {{ else }}
+            - name: TAIGA_URL
+              value: "http://localhost:{{ .Values.front.service.port }}"
+          {{ end }}
+
+            - name: PUBLIC_REGISTER_ENABLED
+              value: "{{ .Values.publicRegisterEnabled }}"
+            - name: ENABLE_GITHUB_AUTH
+              value: "false"
+            - name: ENABLE_GITLAB_AUTH
+              value: "false"
+            - name: ENABLE_OIDC
+              value: "{{ .Values.oidc.enabled }}"              
+            - name: ENABLE_SLACK
+              value: "{{ .Values.enableSlack }}"
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "{{ .Values.githubImporter.enabled }}"
+            - name: ENABLE_JIRA_IMPORTER
+              value: "{{ .Values.jiraImporter.enabled }}"
+            - name: ENABLE_TRELLO_IMPORTER
+              value: "{{ .Values.trelloImporter.enabled }}"
+
+          {{- if .Values.front.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.front.service.port }}
+            initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.front.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.front.service.port }}
+            initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
+          {{- end }}

charts/taiga/templates/deployment-protected.yaml

@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "taiga.fullname" . }}-protected
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.protected.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.protected.replicas }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "taiga.protected.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "taiga.protected.labels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ template "taiga.name" . }}-protected
+      annotations:
+        {{- with .Values.protected.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        {{- with .Values.protected.affinity }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.protected.nodeSelector }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.protected.tolerations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
+      securityContext:
+        {{- with .Values.protected.securityContext }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: {{ template "taiga.fullname" . }}-protected
+          image: "{{ .Values.protected.image.repository }}:{{ .Values.protected.image.tag }}"
+          imagePullPolicy: {{ .Values.protected.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.protected.resources | nindent 12 }}
+          ports:
+            - name: taiga-protected
+              containerPort: {{ .Values.protected.service.port }}
+              protocol: TCP
+          env:
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.secretKey.existingSecretName }}"
+                  key: "{{ .Values.secretKey.existingSecretKey }}"
+            - name: MAX_AGE
+              value: "{{ .Values.maxAge }}"
+
+          {{- if .Values.protected.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.protected.service.port }}
+            initialDelaySeconds: {{ .Values.protected.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.protected.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.protected.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.protected.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.protected.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.protected.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.protected.service.port }}
+            initialDelaySeconds: {{ .Values.protected.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.protected.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.protected.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.protected.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.protected.readinessProbe.failureThreshold }}
+          {{- end }}

charts/taiga/templates/ingress.yaml

@@ -0,0 +1,74 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "taiga.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.ingress.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.host }}
+      secretName: {{ template "taiga.fullname" . }}-secret-tls
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-front"
+                port:
+                  name: taiga-front
+            pathType: ImplementationSpecific
+          - path: /api
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-back"
+                port:
+                  name: taiga-back
+            pathType: ImplementationSpecific     
+          - path: /admin
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-back"
+                port:
+                  name: taiga-back
+            pathType: ImplementationSpecific
+        {{ if .Values.oidc.enabled }}
+          - path: /oidc
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-back"
+                port:
+                  name: taiga-back
+            pathType: ImplementationSpecific
+        {{- end }}                  
+          - path: /events
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-events"
+                port:
+                  name: taiga-events
+            pathType: ImplementationSpecific
+          - path: /media
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-protected"
+                port:
+                  name: taiga-protected
+            pathType: ImplementationSpecific
+{{- end }}

charts/taiga/templates/job.yaml

@@ -0,0 +1,66 @@
+{{- if .Values.createInitialUser }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "taiga.fullname" . }}-create-initial-user
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  backoffLimit: 4
+  template:
+    spec:
+      {{- if .Values.back.nodeSelector }}
+      nodeSelector:
+        {{ toYaml .Values.back.nodeSelector | nindent 8 }}
+      {{- end }}
+      restartPolicy: Never
+      containers:
+      - name: {{ template "taiga.fullname" . }}-create-initial-user
+        image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
+        imagePullPolicy: {{ .Values.back.image.pullPolicy }}
+        command:
+          - sh
+          - /scripts/createinitialuser.sh
+        volumeMounts:
+          - name: create-initial-user
+            mountPath: /scripts
+        env:
+          - name: TAIGA_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.secretKey.existingSecretName }}"
+                key: "{{ .Values.secretKey.existingSecretKey }}"
+          - name: POSTGRES_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.postgresql.existingSecretName }}"
+                key: "{{ .Values.postgresql.usernameKey }}"
+          - name: POSTGRES_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.postgresql.existingSecretName }}"
+                key: "{{ .Values.postgresql.passwordKey }}"
+          - name: POSTGRES_DATABASE_NAME
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.postgresql.existingSecretName }}"
+                key: "{{ .Values.postgresql.databaseNameKey }}"
+          - name: POSTGRES_DATABASE_HOST
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.postgresql.existingSecretName }}"
+                key: "{{ .Values.postgresql.hostKey }}"
+      volumes:
+        - name: create-initial-user
+          configMap:
+            name: {{ template "taiga.fullname" . }}-create-initial-user
+            defaultMode: 0744
+{{- end }}

charts/taiga/templates/persistent-volume-claim.yaml

@@ -0,0 +1,54 @@
+{{- if and .Values.persistence.static.enabled (not .Values.persistence.static.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "taiga.staticVolumeName" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- if .Values.persistence.static.retain }}
+    helm.sh/resource-policy: keep
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  storageClassName: {{ .Values.persistence.static.storageClass }}
+  accessModes:
+    - {{ .Values.persistence.static.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.static.size }}
+{{- end }}
+
+---
+{{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "taiga.mediaVolumeName" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- if .Values.persistence.media.retain }}
+    "helm.sh/resource-policy": keep
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  storageClassName: {{ .Values.persistence.media.storageClass }}
+  accessModes:
+    - {{ .Values.persistence.media.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.media.size }}
+{{- end }}

charts/taiga/templates/service-account.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "taiga.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccount.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccount.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}

charts/taiga/templates/service.yaml

@@ -0,0 +1,138 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "taiga.fullname" . }}-back
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.back.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.back.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.back.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.back.service.type }}
+  ports:
+    - port: {{ .Values.back.service.port }}
+      targetPort: taiga-back
+      protocol: TCP
+      name: taiga-back
+  selector:
+    {{- include "taiga.back.matchLabels" . | nindent 4 }}
+    {{- with .Values.back.service.extraSelectorLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "taiga.fullname" . }}-events
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.events.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.events.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.events.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.events.service.type }}
+  ports:
+    - port: {{ .Values.events.service.http.port }}
+      targetPort: taiga-events
+      protocol: TCP
+      name: taiga-events
+    - port: {{ .Values.events.service.app.port }}
+      targetPort: taiga-app
+      protocol: TCP
+      name: taiga-app
+  selector:
+    {{- include "taiga.events.matchLabels" . | nindent 4 }}
+    {{- with .Values.events.service.extraSelectorLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "taiga.fullname" . }}-front
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.front.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.front.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.front.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.front.service.type }}
+  ports:
+    - port: {{ .Values.front.service.port }}
+      targetPort: taiga-front
+      protocol: TCP
+      name: taiga-front
+  selector:
+    {{- include "taiga.front.matchLabels" . | nindent 4 }}
+    {{- with .Values.front.service.extraSelectorLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "taiga.fullname" . }}-protected
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.protected.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.protected.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.protected.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.protected.service.type }}
+  ports:
+    - port: {{ .Values.protected.service.port }}
+      targetPort: taiga-protected
+      protocol: TCP
+      name: taiga-protected
+  selector:
+    {{- include "taiga.protected.matchLabels" . | nindent 4 }}
+    {{- with .Values.protected.service.extraSelectorLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}

charts/taiga/values.yaml

@@ -0,0 +1,817 @@
+## Global
+##
+global:
+  # -- Set an override for the prefix of the fullname
+  nameOverride:
+
+  # -- Set the entire name definition
+  fullnameOverride:
+
+  # -- Set additional global labels. Helm templates can be used.
+  labels: {}
+
+  # -- Set additional global annotations. Helm templates can be used.
+  annotations: {}
+
+## Service Account
+##
+serviceAccount:
+  # -- Specifies whether a service account should be created
+  create: false
+
+  # -- Annotations to add to the service account
+  annotations: {}
+
+  # -- Labels to add to the service account
+  labels: {}
+
+  # -- The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+## Secret key
+## Specificy the secret name and the key containg a strong secret key
+##
+secretKey:
+  existingSecretName: ""
+  existingSecretKey: ""
+
+## Create initial user with credentials admin/123123
+## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
+##
+# TODO: set to false by default or create with a random password which is stored in a secret
+# or allow to pass in the data for username and secret
+createInitialUser: true
+
+## Max age
+##
+maxAge: 360
+
+## Create initial templates
+## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
+##
+# TODO: This values seems to be unused
+createInitialTemplates: false
+
+## Telemetry settings
+##
+enableTelemetry: true
+
+## Public registration
+##
+publicRegisterEnabled: true
+
+## Enable debug
+## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
+debug: false
+
+## Postgresql
+## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
+##
+postgresql:
+  existingSecretName: ""
+  usernameKey: ""
+  passwordKey: ""
+  databaseNameKey: ""
+  hostKey: ""
+  portKey: ""
+
+## OIDC authentication
+## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
+##
+oidc:
+  enabled: false
+  existingSecretName: ""
+  scopesKey: ""                  # "openid profile email"
+  signatureAlgorithmKey: ""      # "RS256"
+  clientIdKey: ""                # <generate from auth provider>
+  clientSecretKey: ""            # <generate from auth provider>
+  baseUrlKey: ""                 # "https://id.fedoraproject.org/openidc"
+  jwksEndpointKey: ""            # "https://id.fedoraproject.org/openidc/Jwks"
+  authorizationEndpointKey: ""   # "https://id.fedoraproject.org/openidc/Authorization"
+  tokenEndpointKey: ""           # "https://id.fedoraproject.org/openidc/Token"
+  userEndpointKey: ""            # "https://id.fedoraproject.org/openidc/UserInfo"
+
+## SMTP mail delivery configuration
+## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
+##
+email:
+  enabled: false
+  from: no-reply@example.com
+  host: localhost
+  port: 587
+  tls: false
+  ssl: false
+  user: ""
+
+  ## Specificy an existing secret containg the password for the smtp user
+  ##
+  existingPasswordSecret: ""
+  existingSecretPasswordKey: ""
+
+## Slack
+##
+enableSlack: false
+
+## Importers
+##
+# Github importer
+githubImporter:
+  enabled: false
+  existingSecretName: ""
+  existingSecretClientIdKey: ""
+  existingSecretClientSecretKey: ""
+
+# Jira importer
+jiraImporter:
+  enabled: false
+  existingSecretName: ""
+  existingSecretConsumerKeyKey: ""
+  existingSecretCertKey: ""
+  existingSecretPubCertKey: ""
+
+# Trello importer
+trelloImporter:
+  enabled: false
+  existingSecretName: ""
+  existingSecretApiKeyKey: ""
+  existingSecretSecretKeyKey: ""
+
+## taiga-back
+##
+back:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-back
+    tag: "6.7.3"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    # -- HTTP port number
+    port: 8000
+
+## Async
+##
+async:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-back
+    tag: "6.7.3"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    # -- HTTP port number
+    port: 8000
+
+## Async Rabbitmq
+## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
+##
+async-rabbitmq:
+  auth:
+    ## @param auth.username RabbitMQ application username
+    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
+    ##
+    username: taiga
+
+    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
+    ## e.g:
+    ## existingPasswordSecret: name-of-existing-secret
+    ##
+    existingPasswordSecret: ""
+    existingSecretPasswordKey: ""
+
+    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
+    ## e.g:
+    ## existingErlangSecret: name-of-existing-secret
+    ##
+    existingErlangSecret: ""
+    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
+    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
+    ##
+    existingSecretErlangKey: ""
+
+  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
+  ## Must contain the key "rabbitmq.conf"
+  ## Takes precedence over `configuration`, so do not use both simultaneously
+  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
+  ##
+  configurationExistingSecret: ""
+  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
+  ## Use this instead of `configuration` to add more configuration
+  ## Do not use simultaneously with `extraConfigurationExistingSecret`
+  ##
+  extraConfiguration: |-
+    default_vhost = taiga
+    default_permissions.configure = .*
+    default_permissions.read = .*
+    default_permissions.write = .*
+
+## Events
+##
+events:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-events
+    tag: "6.7.0"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    http:
+      # -- HTTP port number
+      port: 8888
+
+    app:
+      # -- HTTP port number
+      port: 3023
+
+## Events Rabbitmq
+## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
+##
+events-rabbitmq:
+  auth:
+    ## @param auth.username RabbitMQ application username
+    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
+    ##
+    username: taiga
+
+    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
+    ## e.g:
+    ## existingPasswordSecret: name-of-existing-secret
+    ##
+    existingPasswordSecret: ""
+    existingSecretPasswordKey: ""
+
+    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
+    ## e.g:
+    ## existingErlangSecret: name-of-existing-secret
+    ##
+    existingErlangSecret: ""
+    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
+    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
+    ##
+    existingSecretErlangKey: ""
+
+  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
+  ## Must contain the key "rabbitmq.conf"
+  ## Takes precedence over `configuration`, so do not use both simultaneously
+  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
+  ##
+  configurationExistingSecret: ""
+  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
+  ## Use this instead of `configuration` to add more configuration
+  ## Do not use simultaneously with `extraConfigurationExistingSecret`
+  ##
+  extraConfiguration: |-
+    default_vhost = taiga
+    default_permissions.configure = .*
+    default_permissions.read = .*
+    default_permissions.write = .*
+
+## Protected
+##
+protected:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-protected
+    tag: "6.7.0"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    # -- HTTP port number
+    port: 8003
+
+## Front
+##
+front:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-front
+    tag: "6.7.7"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    # -- HTTP port number
+    port: 80
+
+## Configure the ingress resource that allows you to access the
+## taiga installation. Set up the URL
+## ref: http://kubernetes.io/docs/user-guide/ingress/
+##
+ingress:
+  # -- Enables or disables the ingress
+  enabled: false
+
+  # -- Provide additional annotations which may be required.
+  annotations: {}
+
+  # -- Provide additional labels which may be required.
+  labels: {}
+
+  # -- Set the ingressClass that is used for this ingress.
+  className: ""
+
+  ## Configure the hosts for the ingress
+  host: chart-example.local
+
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+  static:
+    # -- Enables or disables the persistence item. Defaults to true
+    enabled: true
+
+    # -- Storage Class for the config volume.
+    # If set to `-`, dynamic provisioning is disabled.
+    # If set to something else, the given storageClass is used.
+    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
+    storageClass: ""
+
+    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
+    existingClaim: ""
+
+    # -- AccessMode for the persistent volume.
+    # Make sure to select an access mode that is supported by your storage provider!
+    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
+    accessMode: ReadWriteOnce
+
+    # -- The amount of storage that is requested for the persistent volume.
+    size: 5Gi
+
+    # -- Set to true to retain the PVC upon `helm uninstall`
+    retain: false
+
+  media:
+    # -- Enables or disables the persistence item. Defaults to true
+    enabled: true
+
+    # -- Storage Class for the config volume.
+    # If set to `-`, dynamic provisioning is disabled.
+    # If set to something else, the given storageClass is used.
+    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
+    storageClass: ""
+
+    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
+    existingClaim: ""
+
+    # -- AccessMode for the persistent volume.
+    # Make sure to select an access mode that is supported by your storage provider!
+    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
+    accessMode: ReadWriteOnce
+
+    # -- The amount of storage that is requested for the persistent volume.
+    size: 5Gi
+
+    # -- Set to true to retain the PVC upon `helm uninstall`
+    retain: false

charts/tubearchivist/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: tubearchivist
-version: 0.2.0
+version: 0.2.2
 description: Chart for Tube Archivist
 keywords:
   - download
@@ -14,7 +14,7 @@ maintainers:
 icon: https://avatars.githubusercontent.com/u/102734415?s=48&v=4
 dependencies:
   - name: redis
-    version: 19.1.0
+    version: 19.1.1
     repository: https://charts.bitnami.com/bitnami
   - name: elasticsearch
     version: 20.0.4

charts/tubearchivist/values.yaml

@@ -20,18 +20,18 @@ service:
     port: 8000
 ingress:
   enabled: false
-  className:
-  annotations:
-  host:
+  className: ""
+  annotations: ""
+  host: ""
 persistence:
   cache:
     enabled: false
-    storageClassName: default
+    storageClassName: ""
     storageSize: 5Gi
     accessMode: ReadWriteOnce
     volumeMode: Filesystem
   youtube:
-    claimName:
+    claimName: ""
 redis:
   image:
     repository: redis/redis-stack-server
@@ -48,17 +48,17 @@ redis:
     loadmodule /opt/redis-stack/lib/rejson.so
 elasticsearch:
   global:
-    storageClass: default
+    storageClass: ""
   extraEnvVars:
     - name: "discovery.type"
       value: "single-node"
     - name: xpack.security.enabled
       value: "true"
-  extraEnvVarsSecret:
+  extraEnvVarsSecret: []
   extraConfig:
     path:
       repo: /usr/share/elasticsearch/data/snapshot
-  extraVolumes:
+  extraVolumes: []
   extraVolumeMounts:
     - name: snapshot
       mountPath: /usr/share/elasticsearch/data/snapshot