increase chart version

Update linuxserver/code-server Docker tag to v4.22.0

.github/renovate.json

@@ -10,8 +10,8 @@
         "after 10am every weekday",
         "before 5pm every weekday"
     ],
-    "labels": ["outside-rule"],
-    "bumpVersion": "minor",
+    "labels": [
+    ],
     "packageRules": [
         {
             "description": "Disables for non major Renovate version",
@@ -46,7 +46,8 @@
                 "linuxserver/calibre",
                 "homeassistant/home-assistant",
                 "ghcr.io/gethomepage/homepage",
-                "ghcr.io/cloudnative-pg/postgresql"
+                "ghcr.io/cloudnative-pg/postgresql",
+                "linuxserver/code-server"
             ],
             "matchDatasources": [
                 "docker",
@@ -57,7 +58,7 @@
                 "gitlab-packages",
                 "gitlab-releases",
                 "gitlab-tags"
-            ],            
+            ],
             "schedule": [
                 "after 10am on tuesday",
                 "before 5pm on tuesday"
@@ -67,8 +68,9 @@
                 "weekly",
                 "image"
             ],
+            "bumpVersion": "minor",
             "automerge": false,
             "minimumReleaseAge": "3 days"
-        }   
+        }
     ]
-}
+}

.github/workflows/lint-test.yaml

@@ -12,7 +12,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: v3.13.3
 
@@ -35,11 +35,3 @@ jobs:
       - name: Run chart-testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
         run: ct lint --target-branch ${{ github.event.repository.default_branch }}
-
-      - name: Create kind cluster
-        if: steps.list-changed.outputs.changed == 'true'
-        uses: helm/kind-action@v1.9.0
-
-      - name: Run chart-testing (install)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct install --target-branch ${{ github.event.repository.default_branch }}

charts/home-assistant/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: home-assistant
-version: 0.0.12
+version: 0.0.14
 description: Chart for Home Assistant
 keywords:
   - home-automation
@@ -9,4 +9,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
-appVersion: v2024.2.4
+appVersion: v2024.2.5

charts/home-assistant/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: homeassistant/home-assistant
-    tag: 2024.2.4
+    tag: 2024.2.5
     imagePullPolicy: IfNotPresent
   env:
     TZ: US/Mountain
@@ -56,7 +56,7 @@ codeserver:
   enabled: true
   image:
     repository: linuxserver/code-server
-    tag: 4.21.1
+    tag: 4.22.0
     imagePullPolicy: IfNotPresent
   env:
     TZ: US/Mountain

charts/kubelet-serving-cert-approver/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+name: kubelet-serving-cert-approver
+version: 0.0.3
+description: Kubelet Serving TLS Certificate Signing Request Approver
+keywords:
+  - kubernetes
+  - certificate
+sources:
+  - https://github.com/alex1989hu/kubelet-serving-cert-approver
+  - https://github.com/alexlebens/helm-charts/charts/homepage
+maintainers:
+  - name: alexlebens
+appVersion: 0.8.1

charts/kubelet-serving-cert-approver/README.md

@@ -0,0 +1,16 @@
+## Introduction
+
+[Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver)
+
+Kubelet Serving Certificate Approver is a custom approving controller which approves kubernetes.io/kubelet-serving Certificate Signing Request that kubelet use to serve TLS endpoints.
+
+This chart bootstraps a [Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+
+## Parameters
+
+See the [values files](values.yaml).

charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml

@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "certificates:{{ .Release.Name }}"
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}
+    namespace: {{ .Release.Namespace }}

charts/kubelet-serving-cert-approver/templates/cluster-role.yaml

@@ -0,0 +1,63 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "certificates:{{ .Release.Name }}"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+rules:
+  - apiGroups:
+      - certificates.k8s.io
+    resources:
+      - certificatesigningrequests
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - certificates.k8s.io
+    resources:
+      - certificatesigningrequests/approval
+    verbs:
+      - update
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+  - apiGroups:
+      - certificates.k8s.io
+    resourceNames:
+      - kubernetes.io/kubelet-serving
+    resources:
+      - signers
+    verbs:
+      - approve
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "events:{{ .Release.Name }}"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch

charts/kubelet-serving-cert-approver/templates/deployment.yaml

@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.deployment.replicas }}
+  strategy:
+    type: {{ .Values.deployment.strategy }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/name: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/name: {{ .Release.Name }}
+    spec:
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                  - key: node-role.kubernetes.io/master
+                    operator: DoesNotExist
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: DoesNotExist
+              weight: 100
+      containers:
+        - name: {{ .Release.Name }}
+          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
+          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
+          ports:
+            - containerPort: 8080
+              name: health
+            - containerPort: 9090
+              name: metrics          
+          args:
+            - serve
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          resources:
+            {{- toYaml .Values.deployment.resources | nindent 12 }}                  
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: health
+            initialDelaySeconds: 6
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: health
+            initialDelaySeconds: 3
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+      priorityClassName: {{ .Values.deployment.priorityClassName }}
+      securityContext:
+        fsGroup: 65534
+        runAsGroup: 65534
+        runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: {{ .Release.Name }}
+      tolerations:
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Exists
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+          operator: Exists

charts/kubelet-serving-cert-approver/templates/namespace.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/name: {{ .Release.Name }}
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/warn: restricted

charts/kubelet-serving-cert-approver/templates/role-binding.yaml

@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: "events:{{ .Release.Name }}"
+  namespace: default
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "events:{{ .Release.Name }}"
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}
+    namespace: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/templates/service-account.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm

charts/kubelet-serving-cert-approver/templates/service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+spec:
+  ports:
+    - name: metrics
+      port: 9090
+      protocol: TCP
+      targetPort: metrics
+  selector:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/name: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/values.yaml

@@ -0,0 +1,15 @@
+deployment:
+  replicas: 1
+  strategy: Recreate
+  priorityClassName: system-cluster-critical
+  image:
+    repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
+    tag: main
+    imagePullPolicy: Always
+  resources:
+    limits:
+      cpu: 250m
+      memory: 32Mi
+    requests:
+      cpu: 10m
+      memory: 16Mi

charts/libation/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+name: libation
+version: 0.0.4
+description: Import library from audible
+keywords:
+  - audiobooks
+  - job
+sources:
+  - https://github.com/rmcrackan/Libation
+maintainers:
+  - name: alexlebens
+icon: https://getlibation.com/images/libation-logo.png
+appVersion: "11.1.0"

charts/libation/README.md

@@ -0,0 +1,18 @@
+## Introduction
+
+[Libation](https://github.com/rmcrackan/Libation)
+
+Libation: Liberate your Library. Import library from audible, including cover art
+
+
+This chart bootstraps a [Libation](https://github.com/benphelps/homepage) CronJob on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+- CronJob
+
+## Parameters
+
+See the [values files](values.yaml).

charts/libation/templates/job.yaml

@@ -0,0 +1,39 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: libation
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: libation
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: job
+    app.kubernetes.io/part-of: libation
+spec:
+  schedule: {{ .Values.libation.job.schedule }}
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: Never
+          containers:
+            - name: libation
+              image: "{{ .Values.libation.image.repository }}:{{ .Values.libation.image.tag }}"
+              imagePullPolicy: {{ .Values.libation.image.pullPolicy }}
+              env:
+                - name: SLEEP_TIME
+                  value: "-1"
+              volumeMounts:
+                - name: libation-config
+                  mountPath: /config
+                - name: libation-books
+                  mountPath: /data
+          volumes:
+            - name: libation-config
+              persistentVolumeClaim:
+                claimName: libation-config
+            - name: libation-books
+              persistentVolumeClaim:
+                claimName: {{ .Values.persistence.books.claimName }}

charts/libation/templates/persistent-volume-claim.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: libation-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: libation
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: libation
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.persistence.config.storageSize }}
+  storageClassName: {{ .Values.persistence.config.storageClassName }}
+  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/libation/values.yaml

@@ -0,0 +1,13 @@
+job:
+  schedule: "0 * * * *"
+image:
+  repository: rmcrackan/libation
+  tag: "11.1.0"
+  pullPolicy: IfNotPresent
+persistence:
+  config:
+    storageClassName: nfs-client
+    storageSize: 1Gi
+    volumeMode: Filesystem
+  books:
+    claimName: libation-nfs-storage

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.1.0
+version: 0.2.1
 description: Chart for cloudnative-pg cluster
 keywords:
   - database

charts/postgres-cluster/templates/postgresql-cluster.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/part-of: {{ .Release.Name }}
     app.kubernetes.io/managed-by: helm
 spec:
-  imageName: "{{ .Values.cluster.imageRepo }}:{{ .Values.cluster.imageTag }}"
+  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
   instances: {{ .Values.cluster.instances }}
   replicationSlots:
     highAvailability:
@@ -42,12 +42,12 @@ spec:
   {{- if .Values.backup.recoveryEnabled }}
   bootstrap:
     recovery:
-      source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.recoveryIndex }}"
+      source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
   externalClusters:
-    - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.recoveryIndex }}"
+    - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
       barmanObjectStore:
-        endpointURL: {{ .Values.backup.endpointURL }}
-        destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
+        endpointURL: {{ .Values.bootstrap.endpointURL }}
+        destinationPath: "s3://{{ .Values.bootstrap.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
         s3Credentials:
           accessKeyId:
             name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
@@ -56,9 +56,9 @@ spec:
             name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
             key: ACCESS_SECRET_KEY
         data:
-          compression: {{ .Values.backup.compression }}
+          compression: {{ .Values.cluster.compression }}
         wal:
-          compression: {{ .Values.backup.compression }}
+          compression: {{ .Values.cluster.compression }}
   {{- end }}
 
   {{- if .Values.backup.backupEnabled }}
@@ -76,7 +76,7 @@ spec:
           name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
           key: ACCESS_SECRET_KEY
       data:
-        compression: {{ .Values.backup.compression }}
+        compression: {{ .Values.cluster.compression }}
       wal:
-        compression: {{ .Values.backup.compression }}
+        compression: {{ .Values.cluster.compression }}
   {{- end }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: database
     app.kubernetes.io/part-of: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: helm
 spec:
   schedule: {{ .Values.backup.schedule }}
   backupOwnerReference: self

charts/postgres-cluster/values.yaml

@@ -1,12 +1,14 @@
 cluster:
   name: cl01tl
-  imageName: ghcr.io/cloudnative-pg/postgresql
-  imageTag: 16.0
+  image:
+    repository: ghcr.io/cloudnative-pg/postgresql
+    tag: 16.0
   instances: 2
   parameters:
     shared_buffers: 128MB
     max_slot_wal_keep_size: 2000MB
     hot_standby_feedback: "on"
+  compression: snappy
   resources:
     requests:
       memory: 512Mi
@@ -23,17 +25,18 @@ cluster:
       storageClass: ceph-block
       size: 2Gi
 bootstrap:
+  recoveryEnabled: false
+  recoveryIndex: 1
+  endpointURL: https://nyc3.digitaloceanspaces.com
+  bucket: alexlebens.net
   initdbEnabled: false
   initdb:
     database: app
     owner: app
 backup:
   backupEnabled: true
-  recoveryEnabled: false  
   schedule: "0 0 0 * * *"
   retentionPolicy: 14d
   backupIndex: 1
-  recoveryIndex: 1
   endpointURL: https://nyc3.digitaloceanspaces.com
-  bucket: net-infra
-  compression: snappy
+  bucket: alexlebens.net