chore(deps): update helm/chart-testing-action action to v2.8.0

feat: add trailing slash to path
Merge pull request 'chore(deps): update dependency cloudflare/cloudflared to v2026.3.0' (#179 ) from renovate/unified-cloudflarecloudflared into main
2026-03-11 19:36:59 +00:00 · 2026-03-11 14:36:00 -05:00 · 2026-03-09 21:59:32 +00:00 · 2026-03-09 21:18:40 +00:00 · 2026-03-09 21:17:37 +00:00 · 2026-03-09 21:17:07 +00:00
113 changed files with 4061 additions and 1662 deletions
@@ -0,0 +1,266 @@
 name: lint-and-test
 on:
  pull_request:
    branches:
      - main
    paths:
      - 'charts/**'
  push:
    branches:
      - main
    paths:
      - 'charts/**'
 env:
  BASE_BRANCH: "origin/${{ gitea.base_ref }}"
 jobs:
  chart-testing:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Set up Node.js
        uses: actions/setup-node@v6
        with:
          node-version: '24'
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: '3.14'
      - name: Set up Chart Testing
        uses: helm/chart-testing-action@v2.8.0
        with:
          yamale_version: "6.0.0"
      - name: Run Chart Testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
          if [[ -n "$changed" ]]; then
            echo ""
            echo ">> Changed Charts:"
            echo "$(echo "${changed}" | sort -u)"
            echo "----"
            echo "changed=true" >> $GITHUB_OUTPUT
            echo "changed-charts=$changed" >> $GITHUB_OUTPUT
          fi
      - name: Add Repositories
        if: steps.list-changed.outputs.changed == 'true'
        env:
          CHANGED_CHARTS: ${{ steps.list-changed.outputs.changed-charts }}
        run: |
          echo ">> Adding repositories for chart dependencies ..."
          for dir in ${CHANGED_CHARTS}; do
            helm dependency list --max-col-width 120 $dir 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do
                if [[ "$cmd" == "*oci://*" ]]; then
                  echo ">> Ignoring OCI repo"
                else
                  echo "$cmd" | sh;
                fi
              done || true
          done
          if helm repo list | tail +2 | read -r; then
            echo ""
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Run Chart Testing (lint)
        if: steps.list-changed.outputs.changed == 'true'
        run: ct lint --validate-maintainers=false --target-branch ${{ gitea.event.repository.default_branch }}
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Helm Charts'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Tests have failed for Helm Charts'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=lint-test.yaml", "clear": true}]'
          image: true
  lint-helm:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
        uses: GuillaumeFalourd/branch-exists@v1.1
        with:
          branch: ${{ gitea.base_ref }}
      - name: Report Branch Exists
        id: branch-exists
        if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
        run: |
          if [ ${{ github.event_name == 'push' }} ]; then
            echo ">> Action is from a push event, will continue with linting"
          else
            echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
          fi
          echo "----"
          echo "exists=true" >> $GITEA_OUTPUT
      - name: Set up Helm
        uses: azure/setup-helm@v4
        if: steps.branch-exists.outputs.exists == 'true'
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3
      - name: Check Directories for Changes
        id: check-dir-changes
        if: steps.branch-exists.outputs.exists == 'true'
        run: |
          CHANGED_CHARTS=()
          echo ">> Target branch for diff is: ${BASE_BRANCH}"
          if [ "${{ github.event_name }}" == "pull_request" ]; then
            echo ""
            echo ">> Checking for changes in a pull request ..."
            GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "charts/")
          else
            echo ""
            echo ">> Checking for changes from a push ..."
            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "charts/")
          fi
          if [ -n "${GIT_DIFF}" ]; then
            echo ""
            echo ">> Changes detected:"
            echo "$GIT_DIFF"
            for path in $GIT_DIFF; do
              CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $2}')
              CHANGED_CHARTS+=$(echo " ")
            done
          else
            echo ""
            echo ">> No changes detected"
          fi
          if [ -n "${CHANGED_CHARTS}" ]; then
            echo ""
            echo ">> Chart to Lint:"
            echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
            echo "----"
            echo "changes-detected=true" >> $GITEA_OUTPUT
            echo "chart-dir<<EOF" >> $GITEA_OUTPUT
            echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
            echo "EOF" >> $GITEA_OUTPUT
          else
            echo "changes-detected=false" >> $GITEA_OUTPUT
          fi
      - name: Add Repositories
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
        run: |
          echo ">> Adding repositories for chart dependencies ..."
          for dir in ${CHANGED_CHARTS}; do
            helm dependency list --max-col-width 120 charts/$dir 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do
                if [[ "$cmd" == "*oci://*" ]]; then
                  echo ">> Ignoring OCI repo"
                else
                  echo "$cmd" | sh;
                fi
              done || true
          done
          if helm repo list | tail +2 | read -r; then
            echo ""
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Lint Helm Chart
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
        run: |
          echo ">> Running linting on changed charts ..."
          for dir in ${CHANGED_CHARTS}; do
            chart_path=charts/$dir
            chart_name=$(basename "$chart_path")
            if [ -f "$chart_path/Chart.yaml" ]; then
              cd $chart_path
              echo ""
              echo ">> Building helm dependency ..."
              helm dependency build --skip-refresh
              echo ""
              echo ">> Linting helm ..."
              helm lint --namespace "$chart_name"
            else
              echo ""
              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
              echo ""
            fi
          done
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Helm Charts'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Tests have failed for Helm Charts'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=lint-test.yaml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-cloudflared
 on:
  push:
    branches:
      - main
    paths:
      - "charts/cloudflared/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/cloudflared"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-cloudflared.yml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-generic-device-plugin
 on:
  push:
    branches:
      - main
    paths:
      - "charts/generic-device-plugin/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/generic-device-plugin"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-generic-device-plugin.yml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-postgres-cluster
 on:
  push:
    branches:
      - main
    paths:
      - "charts/postgres-cluster/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/postgres-cluster"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-postgres-cluster.yml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-valkey
 on:
  push:
    branches:
      - main
    paths:
      - "charts/valkey/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/valkey"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-volsync-target.yml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-volsync-target
 on:
  push:
    branches:
      - main
    paths:
      - "charts/volsync-target/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/volsync-target"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-volsync-target.yml", "clear": true}]'
          image: true
@@ -0,0 +1,32 @@
 name: renovate
 on:
  schedule:
    - cron: "@daily"
  push:
    branches:
      - main
  workflow_dispatch:
 jobs:
  renovate:
    runs-on: ubuntu-latest
    container: ghcr.io/renovatebot/renovate:43
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Renovate
        run: renovate
        env:
          RENOVATE_PLATFORM: gitea
          RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
          RENOVATE_REPOSITORIES: alexlebens/helm-charts
          RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
          LOG_LEVEL: info
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
          RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
@@ -1,2 +0,0 @@
 # This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
 FROM renovate/renovate:37
@@ -1,76 +0,0 @@
 {
    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
    "extends": [
        "config:recommended",
        "mergeConfidence:all-badges",
        ":rebaseStalePrs"
    ],
    "timezone": "US/Mountain",
    "schedule": [
        "after 10am every weekday",
        "before 5pm every weekday"
    ],
    "labels": [
    ],
    "packageRules": [
        {
            "description": "Disables for non major Renovate version",
            "matchPaths": [
                ".github/renovate-update-notification/Dockerfile"
            ],
            "matchUpdateTypes": [
                "minor",
                "patch",
                "pin",
                "digest",
                "rollback"
            ],
            "enabled": false
        },
        {
            "description": "Generate for major Renovate version",
            "matchPaths": [
                ".github/renovate-update-notification/Dockerfile"
            ],
            "matchUpdateTypes": [
                "major"
            ],
            "addLabels": [
                "upgrade"
            ],
            "automerge": false
        },
        {
            "description": "Generate image updates on Tuesdays",
            "matchPackageNames": [
                "linuxserver/calibre",
                "homeassistant/home-assistant",
                "ghcr.io/gethomepage/homepage",
                "ghcr.io/cloudnative-pg/postgresql",
                "linuxserver/code-server"
            ],
            "matchDatasources": [
                "docker",
                "gitea-releases",
                "gitea-tags",
                "github-releases",
                "github-tags",
                "gitlab-packages",
                "gitlab-releases",
                "gitlab-tags"
            ],
            "schedule": [
                "after 10am on tuesday",
                "before 5pm on tuesday"
            ],
            "addLabels": [
                "upgrade",
                "weekly",
                "image"
            ],
            "bumpVersion": "minor",
            "automerge": false,
            "minimumReleaseAge": "3 days"
        }
    ]
 }
@@ -1,37 +0,0 @@
 name: lint-and-test-charts
 on: pull_request
 jobs:
  lint-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          version: v3.13.3
      - uses: actions/setup-python@v5
        with:
          python-version: "3.10"
          check-latest: true
      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.6.1
      - name: Run chart-testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
          if [[ -n "$changed" ]]; then
            echo "changed=true" >> "$GITHUB_OUTPUT"
          fi
      - name: Run chart-testing (lint)
        if: steps.list-changed.outputs.changed == 'true'
        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
@@ -0,0 +1,39 @@
 name: release-charts
 on:
  push:
    branches:
      - main
    paths:
      - "charts/**"
 jobs:
  release:
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
      - name: Add Repositories
        run: |
          echo ">> Adding repositories for chart dependencies ..."
          for dir in $(ls -d charts/*/); do
            helm dependency list $dir --max-col-width 120 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
          done
      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.7.0
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
@@ -1,27 +0,0 @@
 name: release-charts
 on:
  push:
    branches:
      - main
 jobs:
  release:
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.6.0
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
@@ -1,9 +1,2 @@
 # Compiled Helm chart dependencies
 charts/**/Chart.lock
 charts/**/charts/
 # Testing
 __snapshot__/
 # Docs
 _site/
@@ -0,0 +1,19 @@
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v2.3.0
    hooks:
      - id: end-of-file-fixer
      - id: trailing-whitespace
      - id: check-added-large-files
      - id: check-yaml
        exclude: 'charts/'
        args:
          - --multi
  - repo: https://github.com/norwoodj/helm-docs
    rev: v1.14.2
    hooks:
      - id: helm-docs
        args:
          - --chart-search-root=charts
          - --template-files=./_templates.gotmpl
          - --template-files=README.md.gotmpl
@@ -1,13 +0,0 @@
 apiVersion: v2
 name: calibre-server
 version: 0.0.4
 description: Chart for Calibre content database
 keywords:
  - media
  - books
 sources:
  - https://github.com/kovidgoyal/calibre
 maintainers:
  - name: alexlebens
 icon: https://raw.githubusercontent.com/kovidgoyal/calibre/master/resources/images/lt.png
 appVersion: 7.5.1
@@ -1,17 +0,0 @@
 ## Introduction
 [Calibre](https://calibre-ebook.com/)
 calibre is an e-book manager. It can view, convert, edit and catalog e-books in all of the major e-book formats. It can also talk to e-book reader devices. It can go out to the internet and fetch metadata for your books. It can download newspapers and convert them into e-books for convenient reading.
 This chart bootstraps a [Calibre](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 - Traefik v2 / IngressRoute
 ## Parameters
 See the [values files](values.yaml).
@@ -1,84 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: calibre-server
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.deployment.replicas }}
  strategy:
    type: {{ .Values.deployment.strategy }}
  selector:
    matchLabels:
      app.kubernetes.io/name: calibre-server
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: calibre-server
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      serviceAccountName: calibre-server
      automountServiceAccountToken: true
      containers:
        - name: {{ .Release.Name }}
          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
          ports:
            - name: http
              containerPort: {{ .Values.service.http.port }}
              protocol: TCP
            - name: content
              containerPort: {{ .Values.service.content.port }}
              protocol: TCP
          env:
          {{- range $k,$v := .Values.deployment.env }}
            - name: {{ $k }}
              value: {{ $v | quote }}
          {{- end }}
          {{- with .Values.deployment.envFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          volumeMounts:
            - mountPath: /config
              name: calibre-server-config
            - mountPath: /books
              name: calibre-server-books
          resources:
            {{- toYaml .Values.deployment.resources | nindent 12 }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.http.port }}
            initialDelaySeconds: 0
            failureThreshold: 3
            timeoutSeconds: 1
            periodSeconds: 10
          readinessProbe:
            tcpSocket:
              port: {{ .Values.service.http.port }}
            initialDelaySeconds: 0
            failureThreshold: 3
            timeoutSeconds: 1
            periodSeconds: 10
          startupProbe:
            tcpSocket:
              port: {{ .Values.service.http.port }}
            initialDelaySeconds: 0
            failureThreshold: 30
            timeoutSeconds: 1
            periodSeconds: 5
      volumes:
        - name: calibre-server-config
          persistentVolumeClaim:
            claimName: calibre-server-config
        - name: calibre-server-books
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.books.claimName }}
@@ -1,35 +0,0 @@
 {{- if .Values.ingressRoute.enabled }}
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: calibre-server
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: calibre-server
    app.kubernetes.io/managed-by: helm
 spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: "Host(`{{ .Values.ingressRoute.http.host }}`)"
      middlewares:
        - name: authentik
          namespace: {{ .Release.Namespace }}
      priority: 10
      services:
        - kind: Service
          name: calibre-server
          port: {{ .Values.service.http.port }}
    - kind: Rule
      match: "Host(`{{ .Values.ingressRoute.http.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
      priority: 15
      services:
        - kind: Service
          name: {{ .Values.ingressRoute.authentik.outpost }}
          port: {{ .Values.ingressRoute.authentik.port }}
 {{- end }}
@@ -1,30 +0,0 @@
 {{- if .Values.ingressRoute.enabled }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: authentik
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: auth
    app.kubernetes.io/part-of: calibre-server
    app.kubernetes.io/managed-by: helm
 spec:
  forwardAuth:
    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
    trustForwardHeader: true
    authResponseHeaders:
      - X-authentik-username
      - X-authentik-groups
      - X-authentik-email
      - X-authentik-name
      - X-authentik-uid
      - X-authentik-jwt
      - X-authentik-meta-jwks
      - X-authentik-meta-outpost
      - X-authentik-meta-provider
      - X-authentik-meta-app
      - X-authentik-meta-version
 {{- end }}
@@ -1,20 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: calibre-server-config
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.persistence.config.storageSize }}
  storageClassName: {{ .Values.persistence.config.storageClassName }}
  volumeMode: {{ .Values.persistence.config.volumeMode }}
@@ -1,12 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: calibre-server
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: calibre-server
    app.kubernetes.io/managed-by: helm
@@ -1,46 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: calibre-server
  namespace: {{ .Release.Namespace }}  
  labels:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  type: ClusterIP
  ports:
    - port: {{ .Values.service.http.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: calibre-server-content
  namespace: {{ .Release.Namespace }}  
  labels:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  type: ClusterIP
  ports:
    - port: {{ .Values.service.content.port }}
      targetPort: content
      protocol: TCP
      name: content
  selector:
    app.kubernetes.io/name: calibre-server
    app.kubernetes.io/instance: {{ .Release.Name }}
@@ -1,42 +0,0 @@
 deployment:
  replicas: 1
  strategy: Recreate
  image:
    repository: linuxserver/calibre
    tag: v7.5.1-ls269
    imagePullPolicy: IfNotPresent
  env:
    PGID: "1001"
    PUID: "1001"
    TZ: UTC
    UMASK_SET: "022"
    CUSTOM_USER: calibre
    TITLE: Calibre Server
    NO_DECOR: true
  envFrom:
  resources:
    requests:
      memory: 256Mi
      cpu: 50m
    limits:
      memory: 1Gi
      cpu: 500m
 service:
  http:
    port: 8080
  content:
    port: 8081
 ingressRoute:
  enabled: true
  http:
    host: server.calibre.alexlebens.net
  authentik:
    outpost: authentik-proxy-outpost
    port: 9000
 persistence:
  config:
    storageClassName: ceph-block
    storageSize: 5Gi
    volumeMode: Filesystem
  books:
    claimName: calibre-server-nfs-storage
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.6.2
 digest: sha256:35e8f4e5d15d878c246a04eb51de580291f31203fa10e9e4d2318f16026b2061
 generated: "2026-01-16T13:29:29.385123-06:00"
@@ -0,0 +1,19 @@
 apiVersion: v2
 name: cloudflared
 version: 2.4.0
 description: Cloudflared Tunnel
 keywords:
  - cloudflare
  - tunnel
 sources:
  - https://github.com/cloudflare/cloudflared
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
 maintainers:
  - name: alexlebens
 dependencies:
  - name: common
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
 # renovate: datasource=github-releases depName=cloudflare/cloudflared
 appVersion: "2026.3.0"
@@ -0,0 +1,38 @@
 # cloudflared
 ![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 2026.2.0](https://img.shields.io/badge/AppVersion-2026.2.0-informational?style=flat-square)
 Cloudflared Tunnel
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | alexlebens |  |  |
 ## Source Code
 * <https://github.com/cloudflare/cloudflared>
 * <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
 ## Requirements
 | Repository | Name | Version |
 |------------|------|---------|
 | https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.2 |
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2026.2.0"}` | Default image |
 | name | string | `""` | Name override of release |
 | resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
 | secret | object | `{"existingSecret":{"key":"cf-tunnel-token","name":"cloudflared-secret"},"externalSecret":{"additionalLabels":{},"enabled":true,"nameOverride":"","store":{"name":"vault","path":"/cloudflare/tunnels","property":"token"}}}` | Secret configuration |
 | secret.existingSecret | object | `{"key":"cf-tunnel-token","name":"cloudflared-secret"}` | Name of existing secret that contains Cloudflare token |
 | secret.externalSecret | object | `{"additionalLabels":{},"enabled":true,"nameOverride":"","store":{"name":"vault","path":"/cloudflare/tunnels","property":"token"}}` | External Secret configuration |
 | secret.externalSecret.additionalLabels | object | `{}` | Add additional labels |
 | secret.externalSecret.store | object | `{"name":"vault","path":"/cloudflare/tunnels","property":"token"}` | Cluster store config |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -0,0 +1,86 @@
 {{/*
 Generate the root name
 */}}
 {{- define "cloudflared.name" -}}
  {{- if .Values.name }}
    {{- printf "%s-cloudflared" .Values.name -}}
  {{- else }}
    {{- printf "cloudflared" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate the secret name
 */}}
 {{- define "secret.name" -}}
  {{- if .Values.secret.externalSecret.enabled }}
    {{- if .Values.secret.externalSecret.nameOverride }}
      {{- .Values.secret.externalSecret.nameOverride | trunc 63 | trimSuffix "-" }}
    {{- else }}
      {{- printf "%s-%s-secret" .Release.Name (include "cloudflared.name" .) -}}
    {{- end }}
  {{- else if .Values.secret.existingSecret.name }}
    {{- printf "%s" .Values.secret.existingSecret.name -}}
  {{- else }}
    {{ fail "No Secret Name Found!" }}
  {{- end }}
 {{- end }}
 {{/*
 Generate the name of the secret key
 */}}
 {{- define "secret.key" -}}
  {{- if .Values.secret.externalSecret.enabled }}
    {{- printf "cf-tunnel-token" -}}
  {{- else if .Values.secret.existingSecret.key }}
    {{- printf "%s" .Values.secret.existingSecret.key -}}
  {{- else }}
    {{ fail "No Secret Key Found!" }}
  {{- end }}
 {{- end }}
 {{/*
 Generate path in the secret store
 */}}
 {{- define "secret.path" -}}
  {{- if and (.Values.secret.externalSecret.enabled) (.Values.secret.externalSecret.store.path) }}
    {{- if .Values.name }}
      {{- printf "%s/%s-%s" .Values.secret.externalSecret.store.path .Release.Name .Values.name -}}
    {{- else }}
      {{- printf "%s/%s" .Values.secret.externalSecret.store.path .Release.Name -}}
    {{- end }}
  {{- else }}
    {{ fail "No Secret Store Path Found!" }}
  {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "secret.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "secret.labels" -}}
 helm.sh/chart: {{ include "secret.chart" $ }}
 {{ include "secret.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.Version | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/name: {{ include "secret.name" . }}
 {{- with .Values.secret.externalSecret.additionalLabels }}
 {{ toYaml . }}
 {{- end }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "secret.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
@@ -0,0 +1,40 @@
 {{- include "bjw-s.common.loader.init" . }}
 {{- define "cloudflared.hardcodedValues" -}}
 global:
  nameOverride: {{ include "cloudflared.name" . }}
  fullNameOverride: {{ include "cloudflared.name" . }}
 controllers:
  main:
    type: deployment
    strategy: Recreate
    containers:
      main:
        image:
          repository: {{ .Values.image.repository }}
          tag: {{ .Values.image.tag }}
          pullPolicy: {{ .Values.image.pullPolicy }}
        args:
          - tunnel
          - --protocol
          - http2
          - --no-autoupdate
          - run
          - --token
          - $(CF_MANAGED_TUNNEL_TOKEN)
        env:
          - name: CF_MANAGED_TUNNEL_TOKEN
            valueFrom:
              secretKeyRef:
                name: {{ include "secret.name" . }}
                key: {{ include "secret.key" . }}
        resources:
        {{- with .Values.resources }}
        resources:
          {{- toYaml . | nindent 10 }}
        {{ end }}
 {{- end -}}
 {{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}
 {{/* Render the templates */}}
 {{ include "bjw-s.common.loader.generate" . }}
@@ -0,0 +1,23 @@
 {{- if .Values.secret.externalSecret.enabled }}
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: {{ include "secret.name" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "secret.labels" . | nindent 4 }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: {{ .Values.secret.externalSecret.store.name | required "External Secret store name is required" }}
  data:
    - secretKey: {{ include "secret.key" . }}
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: {{ include "secret.path" . }}
        metadataPolicy: None
        property: {{ .Values.secret.externalSecret.store.property | required "External Secret store property is required" }}
 {{- end }}
@@ -0,0 +1,36 @@
 # -- Name override of release
 name: ""
 # -- Secret configuration
 secret:
  # -- External Secret configuration
  externalSecret:
    enabled: true
    nameOverride: ""
    # -- Cluster store config
    store:
      name: vault
      path: /cloudflare/tunnels
      property: token
    # -- Add additional labels
    additionalLabels: {}
  # -- Name of existing secret that contains Cloudflare token
  existingSecret:
    name: cloudflared-secret
    key: cf-tunnel-token
 # -- Default image
 image:
  repository: cloudflare/cloudflared
  tag: "2026.3.0"
  pullPolicy: IfNotPresent
 # -- Default resources
 resources:
  requests:
    cpu: 10m
    memory: 128Mi
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.6.2
 digest: sha256:35e8f4e5d15d878c246a04eb51de580291f31203fa10e9e4d2318f16026b2061
 generated: "2026-01-16T13:29:01.760344-06:00"
@@ -0,0 +1,18 @@
 apiVersion: v2
 name: generic-device-plugin
 version: 0.20.21
 description: Generic Device Plugin
 keywords:
  - generic-device-plugin
  - device
  - plugin
 sources:
  - https://github.com/squat/generic-device-plugin
  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
 maintainers:
  - name: alexlebens
 dependencies:
  - name: common
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
 appVersion: 0.20.17
@@ -0,0 +1,37 @@
 # generic-device-plugin
 ![Version: 0.20.20](https://img.shields.io/badge/Version-0.20.20-informational?style=flat-square) ![AppVersion: 0.20.17](https://img.shields.io/badge/AppVersion-0.20.17-informational?style=flat-square)
 Generic Device Plugin
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | alexlebens |  |  |
 ## Source Code
 * <https://github.com/squat/generic-device-plugin>
 * <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
 ## Requirements
 | Repository | Name | Version |
 |------------|------|---------|
 | https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.2 |
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
 | config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
 | deviceDomain | string | `"devic.es"` | Domain used by devices for identifcation |
 | image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:78127620563730680371e2915d48d69dc3ab513f12c742ca6bcacd156051fd4b"}` | Default image |
 | name | string | `"generic-device-plugin"` | Name override of release |
 | resources | object | `{"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
 | service | object | `{"listenPort":8080}` | Service port |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -0,0 +1,82 @@
 {{ include "bjw-s.common.loader.init" . }}
 {{ define "genericDevicePlugin.hardcodedValues" }}
 {{ if not .Values.global.nameOverride }}
 global:
  nameOverride: {{ .Values.name }}
 {{ end }}
 controllers:
  main:
    type: daemonset
    pod:
      priorityClassName: system-node-critical
      tolerations:
        - operator: "Exists"
          effect: "NoExecute"
        - operator: "Exists"
          effect: "NoSchedule"
    containers:
      main:
        image:
          repository: {{ .Values.image.repository }}
          tag: {{ .Values.image.tag }}
          pullPolicy: {{ .Values.image.pullPolicy }}
        args:
          - --config=/config/config.yaml
        env:
          - name: LISTEN
            value: :{{ .Values.service.listenPort }}
          - name: PLUGIN_DIRECTORY
            value: /var/lib/kubelet/device-plugins
          - name: DOMAIN
            value: {{ .Values.deviceDomain }}
        probes:
          liveness:
            type: HTTP
            path: /health
          readiness:
            type: HTTP
            path: /health
          startup:
            type: HTTP
            path: /health
        securityContext:
          privileged: True
 configMaps:
  config:
    enabled: {{ .Values.config.enabled }}
    data:
      config.yaml: {{ toYaml .Values.config.data | nindent 8 }}
 service:
  main:
    controller: main
    ports:
      http:
        port: {{ .Values.service.listenPort }}
 persistence:
  config:
    enabled: true
    type: configMap
    name: {{ .Values.name }}-config
  device-plugins:
    enabled: true
    type: hostPath
    hostPath: /var/lib/kubelet/device-plugins
  dev:
    enabled: true
    type: hostPath
    hostPath: /dev
 serviceMonitor:
  main:
    serviceName: generic-device-plugin
    endpoints:
      - port: http
        scheme: http
        path: /metrics
        interval: 30s
        scrapeTimeout: 10s
 {{ end }}
 {{ $_ := mergeOverwrite .Values (include "genericDevicePlugin.hardcodedValues" . | fromYaml) }}
 {{/* Render the templates */}}
 {{ include "bjw-s.common.loader.generate" . }}
@@ -0,0 +1,77 @@
 # -- Name override of release
 name: generic-device-plugin
 # -- Default image
 image:
  repository: ghcr.io/squat/generic-device-plugin
  tag: latest@sha256:5acdaa40af84adf8b6f7bb1b8930d4e7be1ebe7f0109f00211ce3df43217b3b7
  pullPolicy: Always
 # -- Domain used by devices for identifcation
 deviceDomain: devic.es
 # -- Service port
 service:
  listenPort: 8080
 # -- Default resources
 resources:
  requests:
    cpu: 50m
    memory: 10Mi
 # -- Config map
 config:
  enabled: true
  # -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)
  # @default -- See [values.yaml](./values.yaml)
  data: |
    devices:
      - name: serial
        groups:
          - paths:
              - path: /dev/ttyUSB*
          - paths:
              - path: /dev/ttyACM*
          - paths:
              - path: /dev/tty.usb*
          - paths:
              - path: /dev/cu.*
          - paths:
              - path: /dev/cuaU*
          - paths:
              - path: /dev/rfcomm*
      - name: video
        groups:
          - paths:
              - path: /dev/video0
      - name: fuse
        groups:
          - count: 10
            paths:
              - path: /dev/fuse
      - name: audio
        groups:
          - count: 10
            paths:
              - path: /dev/snd
      - name: capture
        groups:
          - paths:
              - path: /dev/snd/controlC0
              - path: /dev/snd/pcmC0D0c
          - paths:
              - path: /dev/snd/controlC1
                mountPath: /dev/snd/controlC0
              - path: /dev/snd/pcmC1D0c
                mountPath: /dev/snd/pcmC0D0c
          - paths:
              - path: /dev/snd/controlC2
                mountPath: /dev/snd/controlC0
              - path: /dev/snd/pcmC2D0c
                mountPath: /dev/snd/pcmC0D0c
          - paths:
              - path: /dev/snd/controlC3
                mountPath: /dev/snd/controlC0
              - path: /dev/snd/pcmC3D0c
                mountPath: /dev/snd/pcmC0D0c
@@ -1,12 +0,0 @@
 apiVersion: v2
 name: home-assistant
 version: 0.0.14
 description: Chart for Home Assistant
 keywords:
  - home-automation
 sources:
  - https://github.com/home-assistant
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
 appVersion: v2024.2.5
@@ -1,18 +0,0 @@
 ## Introduction
 [Home Assistant](https://www.home-assistant.io/)
 Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. 
 This chart bootstraps a [Home-Assistant](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 - Traefik v2 / IngressRoute
 - Authentik / Auth
 ## Parameters
 See the [values files](values.yaml).
@@ -1,99 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: home-assistant
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.deployment.replicas }}
  strategy:
    type: {{ .Values.deployment.strategy }}
  selector:
    matchLabels:
      app.kubernetes.io/name: home-assistant
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: home-assistant
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      serviceAccountName: home-assistant
      automountServiceAccountToken: true
      containers:
        - name: {{ .Release.Name }}
          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
          ports:
            - name: http
              containerPort: {{ .Values.service.http.port }}
              protocol: TCP
          env:
          {{- range $k,$v := .Values.deployment.env }}
            - name: {{ $k }}
              value: {{ $v | quote }}
          {{- end }}
          {{- with .Values.deployment.envFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          volumeMounts:
            - mountPath: /config
              name: home-assistant-config
          resources:
            {{- toYaml .Values.deployment.resources | nindent 12 }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.http.port }}
            initialDelaySeconds: 0
            failureThreshold: 3
            timeoutSeconds: 1
            periodSeconds: 10
          readinessProbe:
            tcpSocket:
              port: {{ .Values.service.http.port }}
            initialDelaySeconds: 0
            failureThreshold: 3
            timeoutSeconds: 1
            periodSeconds: 10
          startupProbe:
            tcpSocket:
              port: {{ .Values.service.http.port }}
            initialDelaySeconds: 0
            failureThreshold: 30
            timeoutSeconds: 1
            periodSeconds: 5
        {{- if .Values.codeserver.enabled }}
        - name: codeserver
          image: "{{ .Values.codeserver.image.repository }}:{{ .Values.codeserver.image.tag }}"
          imagePullPolicy: {{ .Values.codeserver.image.imagePullPolicy }}
          ports:
            - containerPort: {{ .Values.codeserver.service.http.port }}
              name: codeserver-http
              protocol: TCP
          env:
          {{- range $k,$v := .Values.codeserver.env }}
            - name: {{ $k }}
              value: {{ $v | quote }}
          {{- end }}
          {{- with .Values.codeserver.envFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          securityContext:
            {{- toYaml .Values.codeserver.securityContext | nindent 12 }}
          volumeMounts:
            - mountPath: /config/home-assistant
              name: home-assistant-config
        {{- end }}
      volumes:
        - name: home-assistant-config
          persistentVolumeClaim:
            claimName: home-assistant-config
@@ -1,62 +0,0 @@
 {{- if .Values.ingressRoute.enabled }}
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: home-assistant
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: home-assistant
    app.kubernetes.io/managed-by: helm
 spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: "Host(`{{ .Values.ingressRoute.host }}`)"
      middlewares:
        - name: authentik
          namespace: {{ .Release.Namespace }}
      priority: 10
      services:
        - kind: Service
          name: home-assistant
          port: {{ .Values.service.http.port }}
    - kind: Rule
      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
      priority: 15
      services:
        - kind: Service
          name: {{ .Values.ingressRoute.authentik.outpost }}
          port: {{ .Values.ingressRoute.authentik.port }}
 {{- end }}
 ---
 {{- if and .Values.codeserver.ingressRoute.enabled .Values.codeserver.enabled }}
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: home-assistant-codeserver
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: home-assistant
    app.kubernetes.io/managed-by: helm
 spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: "Host(`{{ .Values.codeserver.ingressRoute.host }}`)"
      priority: 10
      services:
        - kind: Service
          name: home-assistant-codeserver
          port: {{ .Values.codeserver.service.http.port }}
 {{- end }}          
@@ -1,30 +0,0 @@
 {{- if .Values.ingressRoute.enabled }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: authentik
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: auth
    app.kubernetes.io/part-of: home-assistant
    app.kubernetes.io/managed-by: helm
 spec:
  forwardAuth:
    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
    trustForwardHeader: true
    authResponseHeaders:
      - X-authentik-username
      - X-authentik-groups
      - X-authentik-email
      - X-authentik-name
      - X-authentik-uid
      - X-authentik-jwt
      - X-authentik-meta-jwks
      - X-authentik-meta-outpost
      - X-authentik-meta-provider
      - X-authentik-meta-app
      - X-authentik-meta-version
 {{- end }}
@@ -1,20 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: home-assistant-config
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.persistence.config.storageSize }}
  storageClassName: {{ .Values.persistence.config.storageClassName }}
  volumeMode: {{ .Values.persistence.config.volumeMode }}
@@ -1,19 +0,0 @@
 {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: home-assistant
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: home-assistant
    app.kubernetes.io/managed-by: helm
 spec:
  groups:
    - name: {{ .Release.Name }}
      rules:
        {{- toYaml .Values.metrics.prometheusRule.rules | nindent 8 }}
 {{- end }}
@@ -1,12 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: home-assistant
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: home-assistant
    app.kubernetes.io/managed-by: helm
@@ -1,27 +0,0 @@
 {{- if .Values.metrics.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: home-assistant
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: home-assistant
    app.kubernetes.io/managed-by: helm
 spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: home-assistant
      app.kubernetes.io/instance: {{ .Release.Name }}
  endpoints:
    - port: http
      interval: {{ .Values.metrics.serviceMonitor.interval }}
      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
      path: /api/prometheus
      bearerTokenSecret:
        name: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.name }}
        key: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.key }}
 {{- end }}
@@ -1,48 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: home-assistant
  namespace: {{ .Release.Namespace }}  
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  type: ClusterIP
  ports:
    - port: {{ .Values.service.http.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
 ---
 {{- if .Values.codeserver.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: home-assistant-codeserver
  namespace: {{ .Release.Namespace }}  
  labels:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  type: ClusterIP
  ports:
    - port: {{ .Values.codeserver.service.http.port }}
      targetPort: codeserver-http
      protocol: TCP
      name: codeserver-http
  selector:
    app.kubernetes.io/name: home-assistant
    app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
@@ -1,74 +0,0 @@
 deployment:
  replicas: 1
  strategy: Recreate
  image:
    repository: homeassistant/home-assistant
    tag: 2024.2.5
    imagePullPolicy: IfNotPresent
  env:
    TZ: US/Mountain
  envFrom:
  resources:
    requests:
      memory: 512Mi
      cpu: 50m
    limits:
      memory: 1Gi
      cpu: 500m
 service:
  http:
    port: 8123
 ingressRoute:
  enabled: true
  host: homeassistant.alexlebens.net
  authentik:
    outpost: authentik-proxy-outpost
    port: 9000
 metrics:
  enabled: false
  serviceMonitor:
    interval: 1m
    scrapeTimeout: 30s
    ## See https://www.home-assistant.io/docs/authentication/ for where to find
    ## long lived access token creation under your account profile, which is
    ## needed to monitor Home Assistant
    bearerTokenSecret:
      name: ""
      key: ""
  prometheusRule:
    enabled: false
    rules:
      - alert: HomeAssistantAbsent
        annotations:
          description: Home Assistant has disappeared from Prometheus service discovery.
          summary: Home Assistant is down.
        expr: |
          absent(up{job=~".*home-assistant.*"} == 1)
        for: 5m
        labels:
          severity: critical
 persistence:
  config:
    storageClassName: ceph-block
    storageSize: 1Gi
    volumeMode: Filesystem
 codeserver:
  enabled: true
  image:
    repository: linuxserver/code-server
    tag: 4.22.0
    imagePullPolicy: IfNotPresent
  env:
    TZ: US/Mountain
    PUID: 1000
    PGID: 1000
    DEFAULT_WORKSPACE: /config
  envFrom:
  securityContext:
    runAsUser: 0
  service:
    http:
      port: 8443
  ingressRoute:
    enabled: true
    host: codeserver.homeassistant.alexlebens.net
@@ -1,12 +0,0 @@
 apiVersion: v2
 name: homepage
 version: 0.0.5
 description: Chart for benphelps homepage
 keywords:
  - dashboard
 sources:
  - https://github.com/gethomepage/homepage
 maintainers:
  - name: alexlebens
 icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
 appVersion: v0.8.8
@@ -1,18 +0,0 @@
 ## Introduction
 [Homepage](https://github.com/benphelps/homepage)
 A modern (fully static, fast), secure (fully proxied), highly customizable application dashboard with integrations for more than 25 services and translations for over 15 languages. Easily configured via YAML files (or discovery via docker labels).
 This chart bootstraps a [Homepage](https://github.com/benphelps/homepage) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 - Traefik v2 / IngressRoute
 - Authentik / Auth
 ## Parameters
 See the [values files](values.yaml).
@@ -1,20 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: homepage
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: homepage
 subjects:
  - kind: ServiceAccount
    name: homepage
    namespace: {{ .Release.Namespace }}
@@ -1,52 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: homepage
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
 rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
      - pods
      - nodes
    verbs:
      - get
      - list
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
  - apiGroups:
      - traefik.containo.us
      - traefik.io
    resources:
      - ingressroutes
    verbs:
      - get
      - list
  - apiGroups:
      - metrics.k8s.io
    resources:
      - nodes
      - pods
    verbs:
      - get
      - list
  - apiGroups:
      - apiextensions.k8s.io
    resources:
      - customresourcedefinitions/status
    verbs:
      - get
@@ -1,37 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: homepage-config
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
 data:
  bookmarks.yaml: {{- if .Values.config.bookmarks }} |
 {{- .Values.config.bookmarks | toYaml | nindent 4}}
 {{- else }} ""
 {{- end }}
  docker.yaml: {{- if .Values.config.docker }} |
 {{- .Values.config.docker | toYaml | nindent 4 }}
 {{- else }} ""
 {{- end }}
  kubernetes.yaml: {{- if .Values.config.kubernetes }} |
 {{- .Values.config.kubernetes | toYaml | nindent 4 }}
 {{- else }} ""
 {{- end }}
  services.yaml: {{- if .Values.config.services }} |
 {{- .Values.config.services | toYaml | nindent 4 }}
 {{- else }} ""
 {{- end }}
  settings.yaml: {{- if .Values.config.settings }} |
 {{- .Values.config.settings | toYaml | nindent 4 }}
 {{- else }} ""
 {{- end }}
  widgets.yaml: {{- if .Values.config.widgets }} |
 {{- .Values.config.widgets | toYaml | nindent 4 }}
 {{- else }} ""
 {{- end }}
@@ -1,96 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: homepage
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.deployment.replicas }}
  strategy:
    type: {{ .Values.deployment.strategy }}
  selector:
    matchLabels:
      app.kubernetes.io/name: homepage
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: homepage
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      serviceAccountName: homepage
      automountServiceAccountToken: true
      containers:
        - name: {{ .Release.Name }}
          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
          ports:
            - name: http
              containerPort: {{ .Values.service.http.port }}
              protocol: TCP
          env:
          {{- range $k,$v := .Values.deployment.env }}
            - name: {{ $k }}
              value: {{ $v | quote }}
          {{- end }}
          {{- with .Values.deployment.envFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          volumeMounts:
            - name: homepage-config
              subPath: bookmarks.yaml
              mountPath: /app/config/bookmarks.yaml
            - name: homepage-config
              subPath: docker.yaml
              mountPath: /app/config/docker.yaml
            - name: homepage-config
              subPath: kubernetes.yaml
              mountPath: /app/config/kubernetes.yaml
            - name: homepage-config
              subPath: services.yaml
              mountPath: /app/config/services.yaml
            - name: homepage-config
              subPath: settings.yaml
              mountPath: /app/config/settings.yaml
            - name: homepage-config
              subPath: widgets.yaml
              mountPath: /app/config/widgets.yaml
            - name: logs
              mountPath: /app/config/logs
          resources:
            {{- toYaml .Values.deployment.resources | nindent 12 }}
          livenessProbe:
            failureThreshold: 3
            initialDelaySeconds: 0
            periodSeconds: 10
            tcpSocket:
              port: {{ .Values.service.http.port }}
            timeoutSeconds: 1
          readinessProbe:
            failureThreshold: 3
            initialDelaySeconds: 0
            periodSeconds: 10
            tcpSocket:
              port: {{ .Values.service.http.port }}
            timeoutSeconds: 1
          startupProbe:
            failureThreshold: 30
            initialDelaySeconds: 0
            periodSeconds: 5
            tcpSocket:
              port: {{ .Values.service.http.port }}
            timeoutSeconds: 1
      volumes:
        - name: homepage-config
          configMap:
            name: homepage-config
        - name: logs
          emptyDir: {}
@@ -1,33 +0,0 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: homepage
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
 spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: "Host(`{{ .Values.ingressRoute.host }}`)"
      middlewares:
        - name: authentik
          namespace: {{ .Release.Namespace }}
      priority: 10
      services:
        - kind: Service
          name: homepage
          port: {{ .Values.service.http.port }}
    - kind: Rule
      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
      priority: 15
      services:
        - kind: Service
          name: {{ .Values.ingressRoute.authentik.outpost }}
          port: {{ .Values.ingressRoute.authentik.port }}
@@ -1,28 +0,0 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: authentik
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: auth
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
 spec:
  forwardAuth:
    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
    trustForwardHeader: true
    authResponseHeaders:
      - X-authentik-username
      - X-authentik-groups
      - X-authentik-email
      - X-authentik-name
      - X-authentik-uid
      - X-authentik-jwt
      - X-authentik-meta-jwks
      - X-authentik-meta-outpost
      - X-authentik-meta-provider
      - X-authentik-meta-app
      - X-authentik-meta-version
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Secret
 type: kubernetes.io/service-account-token
 metadata:
  name: "{{ .Release.Name }}-sa-token"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
  annotations:
    kubernetes.io/service-account.name: homepage
@@ -1,14 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: homepage
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
 secrets:
  - name: "{{ .Release.Name }}-sa-token"
@@ -1,22 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: homepage
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
    app.kubernetes.io/part-of: homepage
    app.kubernetes.io/managed-by: helm
 spec:
  type: ClusterIP
  ports:
    - port: {{ .Values.service.http.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: homepage
    app.kubernetes.io/instance: {{ .Release.Name }}
@@ -1,32 +0,0 @@
 deployment:
  replicas: 1
  strategy: Recreate
  image:
    repository: ghcr.io/gethomepage/homepage
    tag: v0.8.8
    imagePullPolicy: IfNotPresent
  env:
  envFrom:
  resources:
    requests:
      memory: 256Mi
      cpu: 50m
    limits:
      memory: 512Mi
      cpu: 500m 
 service:
  http:
    port: 3000
 ingressRoute:
  host: homepage.alexlebens.net
  authentik:
    outpost: authentik-proxy-outpost
    port: 9000
 config:
  bookmarks:
  services:
  widgets:
  kubernetes:
    mode: cluster
  docker:
  settings:
@@ -1,13 +0,0 @@
 apiVersion: v2
 name: kubelet-serving-cert-approver
 version: 0.0.3
 description: Kubelet Serving TLS Certificate Signing Request Approver
 keywords:
  - kubernetes
  - certificate
 sources:
  - https://github.com/alex1989hu/kubelet-serving-cert-approver
  - https://github.com/alexlebens/helm-charts/charts/homepage
 maintainers:
  - name: alexlebens
 appVersion: 0.8.1
@@ -1,16 +0,0 @@
 ## Introduction
 [Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver)
 Kubelet Serving Certificate Approver is a custom approving controller which approves kubernetes.io/kubelet-serving Certificate Signing Request that kubelet use to serve TLS endpoints.
 This chart bootstraps a [Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 ## Parameters
 See the [values files](values.yaml).
@@ -1,20 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Release.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: server
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: "certificates:{{ .Release.Name }}"
 subjects:
  - kind: ServiceAccount
    name: {{ .Release.Name }}
    namespace: {{ .Release.Namespace }}
@@ -1,63 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: "certificates:{{ .Release.Name }}"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Release.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: server
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 rules:
  - apiGroups:
      - certificates.k8s.io
    resources:
      - certificatesigningrequests
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - certificates.k8s.io
    resources:
      - certificatesigningrequests/approval
    verbs:
      - update
  - apiGroups:
      - authorization.k8s.io
    resources:
      - subjectaccessreviews
    verbs:
      - create
  - apiGroups:
      - certificates.k8s.io
    resourceNames:
      - kubernetes.io/kubelet-serving
    resources:
      - signers
    verbs:
      - approve
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: "events:{{ .Release.Name }}"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Release.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: server
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 rules:
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
@@ -1,88 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Release.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: server
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.deployment.replicas }}
  strategy:
    type: {{ .Values.deployment.strategy }}
  selector:
    matchLabels:
      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/name: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: {{ .Release.Name }}
        app.kubernetes.io/name: {{ .Release.Name }}
    spec:
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - preference:
                matchExpressions:
                  - key: node-role.kubernetes.io/master
                    operator: DoesNotExist
                  - key: node-role.kubernetes.io/control-plane
                    operator: DoesNotExist
              weight: 100
      containers:
        - name: {{ .Release.Name }}
          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
          ports:
            - containerPort: 8080
              name: health
            - containerPort: 9090
              name: metrics          
          args:
            - serve
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          resources:
            {{- toYaml .Values.deployment.resources | nindent 12 }}                  
          livenessProbe:
            httpGet:
              path: /healthz
              port: health
            initialDelaySeconds: 6
          readinessProbe:
            httpGet:
              path: /readyz
              port: health
            initialDelaySeconds: 3
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
      priorityClassName: {{ .Values.deployment.priorityClassName }}
      securityContext:
        fsGroup: 65534
        runAsGroup: 65534
        runAsUser: 65534
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: {{ .Release.Name }}
      tolerations:
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
          operator: Exists
        - effect: NoSchedule
          key: node-role.kubernetes.io/control-plane
          operator: Exists
@@ -1,10 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: {{ .Release.Name }}
  labels:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/name: {{ .Release.Name }}
    pod-security.kubernetes.io/audit: restricted
    pod-security.kubernetes.io/enforce: restricted
    pod-security.kubernetes.io/warn: restricted
@@ -1,20 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: "events:{{ .Release.Name }}"
  namespace: default
  labels:
    app.kubernetes.io/name: {{ .Release.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: server
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: "events:{{ .Release.Name }}"
 subjects:
  - kind: ServiceAccount
    name: {{ .Release.Name }}
    namespace: {{ .Release.Name }}
@@ -1,12 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Release.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: server
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
@@ -1,21 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ .Release.Name }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: server
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  ports:
    - name: metrics
      port: 9090
      protocol: TCP
      targetPort: metrics
  selector:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/name: {{ .Release.Name }}
@@ -1,15 +0,0 @@
 deployment:
  replicas: 1
  strategy: Recreate
  priorityClassName: system-cluster-critical
  image:
    repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
    tag: main
    imagePullPolicy: Always
  resources:
    limits:
      cpu: 250m
      memory: 32Mi
    requests:
      cpu: 10m
      memory: 16Mi
@@ -1,13 +1,15 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.2.1
+version: 7.9.0
-description: Chart for cloudnative-pg cluster
+description: Cloudnative-pg Cluster
 keywords:
  - database
  - postgres
 sources:
  - https://github.com/cloudnative-pg/cloudnative-pg
  - https://github.com/cloudnative-pg/charts/tree/main/charts/cluster
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.22.1
+# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
 appVersion: v1.28.1
@@ -1,17 +1,111 @@
-## Introduction
+# postgres-cluster
-[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
+![Version: 7.9.0](https://img.shields.io/badge/Version-7.9.0-informational?style=flat-square) ![AppVersion: v1.28.1](https://img.shields.io/badge/AppVersion-v1.28.1-informational?style=flat-square)
-CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication. 
+Cloudnative-pg Cluster
-This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+## Maintainers
-## Prerequisites
+| Name | Email | Url |
 | ---- | ------ | --- |
 | alexlebens |  |  |
- Kubernetes
+## Source Code
 - Helm
 - CloudNative PG Operator
-## Parameters
+* <https://github.com/cloudnative-pg/cloudnative-pg>
 * <https://github.com/cloudnative-pg/charts/tree/main/charts/cluster>
-See the [values files](values.yaml).
+## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | backup | object | `{"externalSecret":{"enabled":true},"method":"objectStore","objectStore":null,"scheduledBackups":[]}` | Backup settings |
 | backup.externalSecret | object | `{"enabled":true}` | Use generated External Secrets, credentialPath points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
 | backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
 | backup.objectStore | string | `nil` | Options for object store backups |
 | backup.scheduledBackups | list | `[]` | List of scheduled backups |
 | cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.3-standard-trixie"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{"database":"app","owner":"app"},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":true,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":"local-path"},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":"local-path"}}` | Cluster settings |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
 | cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
 | cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
 | cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.3-standard-trixie"}` | Default image |
 | cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
 | cluster.initdb | object | `{"database":"app","owner":"app"}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
 | cluster.logLevel | string | `"info"` | The instances' log level, one of the following values: error, warning, info (default), debug, trace |
 | cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":true,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}}` | Enable default monitoring and alert rules |
 | cluster.monitoring.customQueries | list | `[]` | Custom Prometheus metrics Will be stored in the ConfigMap |
 | cluster.monitoring.customQueriesSecret | list | `[]` | The list of secrets containing the custom queries |
 | cluster.monitoring.disableDefaultQueries | bool | `false` | Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. |
 | cluster.monitoring.enabled | bool | `true` | Whether to enable monitoring |
 | cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
 | cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
 | cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
 | cluster.monitoring.prometheusRule.enabled | bool | `true` | Whether to enable the PrometheusRule automated alerts |
 | cluster.monitoring.prometheusRule.excludeRules | list | `["CNPGClusterLastFailedArchiveTimeWarning"]` | Exclude specified rules |
 | cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
 | cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
 | cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
 | cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
 | cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
 | cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
 | cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
 | cluster.postgresql.synchronous | object | `{}` | Quorum-based Synchronous Replication |
 | cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
 | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
 | cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
 | cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
 | cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
 | cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
 | cluster.storage | object | `{"size":"10Gi","storageClass":"local-path"}` | Default storage size |
 | databases | list | `[]` | Database management configuration |
 | kubernetesClusterName | string | `"cl01tl"` | Kubernetes cluster name |
 | mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup |
 | nameOverride | string | `""` | Override the name of the cluster |
 | namespaceOverride | string | `""` | Override the namespace of the chart |
 | poolers | list | `[]` | List of PgBouncer poolers |
 | recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationBucket":"postgres-backups","destinationPathOverride":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointCredentialsIncludeRegion":true,"endpointURL":"http://garage-main.garage:3900","externalSecret":{"credentialPath":"/garage/home-infra/postgres-backups","enabled":true},"index":1,"owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}}}` | Recovery settings when booting cluster from external cluster |
 | recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
 | recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
 | recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
 | recovery.backup.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
 | recovery.backup.pitrTarget.time | string | `""` | Time in RFC3339 format |
 | recovery.import.databases | list | `[]` | Databases to import |
 | recovery.import.pgDumpExtraOptions | list | `[]` | List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
 | recovery.import.pgRestoreExtraOptions | list | `[]` | List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
 | recovery.import.postImportApplicationSQL | list | `[]` | List of SQL queries to be executed as a superuser in the application database right after is imported. To be used with extreme care. Only available in microservice type. |
 | recovery.import.roles | list | `[]` | Roles to import |
 | recovery.import.schemaOnly | bool | `false` | When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import. |
 | recovery.import.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"}` | Configuration for the source database |
 | recovery.import.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
 | recovery.import.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
 | recovery.import.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
 | recovery.import.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
 | recovery.import.type | string | `"microservice"` | One of `microservice` or `monolith.` See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works |
 | recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported). * `import` - Import one or more databases from an existing Postgres cluster. |
 | recovery.objectStore.clusterName | string | `""` | Override the name of the backup cluster, defaults to "cluster.name" |
 | recovery.objectStore.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | recovery.objectStore.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
 | recovery.objectStore.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
 | recovery.objectStore.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
 | recovery.objectStore.destinationBucket | string | `"postgres-backups"` | Desitination bucket |
 | recovery.objectStore.destinationPathOverride | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
 | recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
 | recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
 | recovery.objectStore.endpointCredentials | string | `""` | Defaults to <cluster name>-recovery-secret for the existing secret |
 | recovery.objectStore.endpointCredentialsIncludeRegion | bool | `true` | If the S3 endpoint require the ACCESS_REGION variable set in credentials |
 | recovery.objectStore.endpointURL | string | `"http://garage-main.garage:3900"` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
 | recovery.objectStore.externalSecret | object | `{"credentialPath":"/garage/home-infra/postgres-backups","enabled":true}` | Use generated External Secrets, credentialPath points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
 | recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
 | recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
 | recovery.objectStore.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
 | recovery.objectStore.pitrTarget.time | string | `""` | Time in RFC3339 format |
 | recovery.objectStore.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
 | recovery.objectStore.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | recovery.objectStore.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
 | recovery.objectStore.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
 | type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterBackendsWaitingWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster a backend is waiting for longer than 5 minutes.
  description: |-
    Pod {{`{{`}} $labels.pod {{`}}`}}
    has been waiting for longer than 5 minutes
 expr: |
  cnpg_backends_waiting_total{namespace="{{ .namespace }}"} > 300
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterDatabaseDeadlockConflictsWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has over 10 deadlock conflicts.
  description: |-
    There are over 10 deadlock conflicts in
    {{`{{`}} $labels.pod {{`}}`}}
 expr: |
  cnpg_pg_stat_database_deadlocks{namespace="{{ .namespace }}"} > 10
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,26 @@
 {{- $alert := "CNPGClusterHACritical" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has no standby replicas!
  description: |-
    CloudNativePG Cluster "{{ .labels.job }}" has no ready standby replicas. Your cluster at a severe
    risk of data loss and downtime if the primary instance fails.
    The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint
    will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main.
    This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less
    instances. The replaced instance may need some time to catch-up with the cluster primary instance.
    This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this
    case you may want to silence it.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
 expr: |
  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 1
 for: 5m
 labels:
  severity: critical
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,24 @@
 {{- $alert := "CNPGClusterHAWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster less than 2 standby replicas.
  description: |-
    CloudNativePG Cluster "{{ .labels.job }}" has only {{ .value }} standby replicas, putting
    your cluster at risk if another instance fails. The cluster is still able to operate normally, although
    the `-ro` and `-r` endpoints operate at reduced capacity.
    This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may
    need some time to catch-up with the cluster primary instance.
    This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances.
    In this case you may want to silence it.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
 expr: |
  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 2
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,17 @@
 {{- $alert := "CNPGClusterHighConnectionsCritical" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Instance maximum number of connections critical!
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
    the maximum number of connections.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
 expr: |
  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 95
 for: 5m
 labels:
  severity: critical
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,17 @@
 {{- $alert := "CNPGClusterHighConnectionsWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Instance is approaching the maximum number of connections.
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
    the maximum number of connections.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
 expr: |
  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 80
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,19 @@
 {{- $alert := "CNPGClusterHighReplicationLag" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster high replication lag
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is experiencing a high replication lag of
    {{ .value }}ms.
    High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
 expr: |
  max(cnpg_pg_replication_lag{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) * 1000 > 1000
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,19 @@
 {{- $alert := "CNPGClusterInstancesOnSameNode" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster instances are located on the same node.
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has {{ .value }}
    instances on the same node {{ .labels.node }}.
    A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
 expr: |
  count by (node) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) > 1
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,15 @@
 {{- $alert := "CNPGClusterLastFailedArchiveTimeWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster last time archiving failed.
  description: |-
    Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
 expr: |
  (cnpg_pg_stat_archiver_last_failed_time{namespace="{{ .namespace }}"} - cnpg_pg_stat_archiver_last_archived_time{namespace="{{ .namespace }}"}) > 2
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterLongRunningTransactionWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster query is taking longer than 5 minutes.
  description: |-
    CloudNativePG Cluster Pod {{`{{`}} $labels.pod {{`}}`}}
    is taking more than 5 minutes (300 seconds) for a query.
 expr: |-
  cnpg_backends_max_tx_duration_seconds{namespace="{{ .namespace }}"} > 300
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,24 @@
 {{- $alert := "CNPGClusterLowDiskSpaceCritical" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Instance is running out of disk space!
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running extremely low on disk space. Check attached PVCs!
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
 expr: |
  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.9 OR
  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.9 OR
  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
      /
      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
      *
      on(namespace, persistentvolumeclaim) group_left(volume)
      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
  ) > 0.9
 for: 5m
 labels:
  severity: critical
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,24 @@
 {{- $alert := "CNPGClusterLowDiskSpaceWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Instance is running out of disk space.
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running low on disk space. Check attached PVCs.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
 expr: |
  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.7 OR
  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.7 OR
  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
      /
      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
      *
      on(namespace, persistentvolumeclaim) group_left(volume)
      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
  ) > 0.7
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,19 @@
 {{- $alert := "CNPGClusterOffline" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has no running instances!
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has no ready instances.
    Having an offline cluster means your applications will not be able to access the database, leading to
    potential service disruption and/or data loss.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
 expr: |
  (count(cnpg_collector_up{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) OR on() vector(0)) == 0
 for: 5m
 labels:
  severity: critical
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterPGDatabaseXidAgeWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
  description: |-
    Over 300,000,000 transactions from frozen xid
    on pod {{`{{`}} $labels.pod {{`}}`}}
 expr: |
  cnpg_pg_database_xid_age{namespace="{{ .namespace }}"} > 300000000
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,15 @@
 {{- $alert := "CNPGClusterPGReplicationWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster standby is lagging behind the primary.
  description: |-
    Standby is lagging behind by over 300 seconds (5 minutes)
 expr: |
  cnpg_pg_replication_lag{namespace="{{ .namespace }}"} > 300
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterReplicaFailingReplicationWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has a replica is failing to replicate.
  description: |-
    Replica {{`{{`}} $labels.pod {{`}}`}}
    is failing to replicate
 expr: |
  cnpg_pg_replication_in_recovery{namespace="{{ .namespace }}"} > cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,18 @@
 {{- $alert := "CNPGClusterZoneSpreadWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster instances in the same zone.
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has instances in the same availability zone.
    A disaster in one availability zone will lead to a potential service disruption and/or data loss.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
 expr: |
  {{ .Values.cluster.instances }} > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,107 @@
 {{- define "cluster.bootstrap" -}}
 {{- if eq .Values.mode "standalone" }}
 bootstrap:
  initdb:
    {{- with .Values.cluster.initdb }}
        {{- with (omit . "postInitApplicationSQL" "owner" "import") }}
            {{- . | toYaml | nindent 4 }}
        {{- end }}
    {{- end }}
    {{- if .Values.cluster.initdb.owner }}
    owner: {{ tpl .Values.cluster.initdb.owner . }}
    {{- end }}
    {{- if (.Values.cluster.initdb.postInitApplicationSQL) }}
    postInitApplicationSQL:
      {{- with .Values.cluster.initdb }}
        {{- range .postInitApplicationSQL }}
          {{- printf "- %s" . | nindent 6 }}
        {{- end -}}
      {{- end }}
    {{- end }}
 {{- else if eq .Values.mode "recovery" -}}
 bootstrap:
  {{- if eq .Values.recovery.method "import" }}
  initdb:
    {{- with .Values.cluster.initdb }}
      {{- with (omit . "owner" "import" "postInitApplicationSQL") }}
        {{- . | toYaml | nindent 4 }}
      {{- end }}
    {{- end }}
    {{- if .Values.cluster.initdb.owner }}
    owner: {{ tpl .Values.cluster.initdb.owner . }}
    {{- end }}
    import:
      source:
        externalCluster: importSource
      type: {{ .Values.recovery.import.type }}
      databases:
        {{- if and (gt (len .Values.recovery.import.databases) 1) (eq .Values.recovery.import.type "microservice") }}
          {{ fail "Too many databases in import type of microservice!" }}
        {{- else}}
        {{- with .Values.recovery.import.databases }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
        {{- end }}
      {{- if eq .Values.recovery.import.type "monolith" }}
      roles:
        {{- with .Values.recovery.import.roles }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
      {{- end }}
      {{- if and (.Values.recovery.import.postImportApplicationSQL) (eq .Values.recovery.import.type "microservice") }}
      postImportApplicationSQL:
        {{- with .Values.recovery.import.postImportApplicationSQL }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
      {{- end }}
      schemaOnly: {{ .Values.recovery.import.schemaOnly }}
      {{ with .Values.recovery.import.pgDumpExtraOptions }}
      pgDumpExtraOptions:
        {{- . | toYaml | nindent 8 }}
      {{- end }}
      {{ with .Values.recovery.import.pgRestoreExtraOptions }}
      pgRestoreExtraOptions:
        {{- . | toYaml | nindent 8 }}
      {{- end }}
  {{- else if eq .Values.recovery.method "backup" }}
  recovery:
    {{- with .Values.recovery.backup.pitrTarget.time }}
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
    {{ with .Values.recovery.backup.database }}
    database: {{ . }}
    {{- end }}
    {{ with .Values.recovery.backup.owner }}
    owner: {{ . }}
    {{- end }}
    backup:
      name: {{ .Values.recovery.backup.backupName }}
  {{- else if eq .Values.recovery.method "objectStore" }}
  recovery:
    {{- with .Values.recovery.objectStore.pitrTarget.time }}
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
    {{ with .Values.recovery.objectStore.database }}
    database: {{ . }}
    {{- end }}
    {{ with .Values.recovery.objectStore.owner }}
    owner: {{ . }}
    {{- end }}
    source: {{ include "cluster.recoveryServerName" . }}
  {{-  else }}
    {{ fail "Invalid recovery mode!" }}
  {{- end }}
 {{-  else }}
  {{ fail "Invalid cluster mode!" }}
 {{- end }}
 {{- end }}
@@ -0,0 +1,12 @@
 {{- define "cluster.color-error" }}
  {{- printf "\033[0;31m%s\033[0m" . -}}
 {{- end }}
 {{- define "cluster.color-ok" }}
  {{- printf "\033[0;32m%s\033[0m" . -}}
 {{- end }}
 {{- define "cluster.color-warning" }}
  {{- printf "\033[0;33m%s\033[0m" . -}}
 {{- end }}
 {{- define "cluster.color-info" }}
  {{- printf "\033[0;34m%s\033[0m" . -}}
 {{- end }}
@@ -0,0 +1,21 @@
 {{- define "cluster.externalClusters" -}}
 {{- if eq .Values.mode "standalone" }}
 {{- else if eq .Values.mode "recovery" }}
 externalClusters:
  {{- if eq .Values.recovery.method "import" }}
  - name: importSource
     {{- include "cluster.externalSourceCluster" .Values.recovery.import.source | nindent 4 }}
  {{- else if eq .Values.recovery.method "objectStore" }}
  - name: {{ include "cluster.recoveryServerName" . }}
    plugin:
      name: barman-cloud.cloudnative-pg.io
      enabled: true
      isWALArchiver: false
      parameters:
        barmanObjectName: "{{ include "cluster.name" . }}-recovery"
        serverName: {{ include "cluster.recoveryServerName" . }}
  {{- end }}
 {{- else }}
  {{ fail "Invalid cluster mode!" }}
 {{- end }}
 {{ end }}
@@ -0,0 +1,33 @@
 {{- define "cluster.externalSourceCluster" -}}
 {{- $name := first . -}}
 {{- $config := last . -}}
 - name: {{ first . }}
  connectionParameters:
    host: {{ $config.host | quote }}
    port: {{ $config.port | quote }}
    user: {{ $config.username | quote }}
    {{- with $config.database }}
    dbname: {{ . | quote }}
    {{- end }}
    sslmode: {{ $config.sslMode | quote }}
  {{- if $config.passwordSecret.name }}
  password:
    name: {{ $config.passwordSecret.name }}
    key: {{ $config.passwordSecret.key }}
  {{- end }}
  {{- if $config.sslKeySecret.name }}
  sslKey:
    name: {{ $config.sslKeySecret.name }}
    key: {{ $config.sslKeySecret.key }}
  {{- end }}
  {{- if $config.sslCertSecret.name }}
  sslCert:
    name: {{ $config.sslCertSecret.name }}
    key: {{ $config.sslCertSecret.key }}
  {{- end }}
  {{- if $config.sslRootCertSecret.name }}
  sslRootCert:
    name: {{ $config.sslRootCertSecret.name }}
    key: {{ $config.sslRootCertSecret.key }}
  {{- end }}
 {{- end }}
@@ -0,0 +1,133 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "cluster.name" -}}
  {{- if .Values.nameOverride }}
    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
  {{- else }}
    {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "cluster.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "cluster.labels" -}}
 helm.sh/chart: {{ include "cluster.chart" $ }}
 {{ include "cluster.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.Version | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- with .Values.cluster.additionalLabels }}
 {{ toYaml . }}
 {{- end }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "cluster.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "cluster.name" $ }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
 Allow the release namespace to be overridden for multi-namespace deployments in combined charts
 */}}
 {{- define "cluster.namespace" -}}
  {{- if .Values.namespaceOverride -}}
    {{- .Values.namespaceOverride -}}
  {{- else -}}
    {{- .Release.Namespace -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Postgres UID
 */}}
 {{- define "cluster.postgresUID" -}}
  {{- if ge (int .Values.cluster.postgresUID) 0 -}}
    {{- .Values.cluster.postgresUID }}
  {{- else -}}
    {{- 26 -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Postgres GID
 */}}
 {{- define "cluster.postgresGID" -}}
  {{- if ge (int .Values.cluster.postgresGID) 0 -}}
    {{- .Values.cluster.postgresGID }}
  {{- else -}}
    {{- 26 -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Generate recovery server name
 */}}
 {{- define "cluster.recoveryServerName" -}}
  {{- if .Values.recovery.recoveryServerName -}}
    {{- .Values.recovery.recoveryServerName -}}
  {{- else -}}
    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate recovery destination path
 */}}
 {{- define "cluster.recoveryDestinationPath" -}}
  {{- if .Values.recovery.objectStore.destinationPathOverride -}}
    {{- .Values.recovery.objectStore.destinationPathOverride -}}
  {{- else -}}
    {{- printf "s3://%s/%s/%s/%s-cluster/" (.Values.recovery.objectStore.destinationBucket) (.Values.kubernetesClusterName) (include "cluster.namespace" .) (include "cluster.name" .) | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate recovery credentials name
 */}}
 {{- define "cluster.recoverySecretName" -}}
  {{- if and (.Values.recovery.objectStore.endpointCredentials) (not .Values.recovery.objectStore.externalSecret.enabled) }}
    {{- .Values.recovery.objectStore.endpointCredentials | trunc 63 | trimSuffix "-" }}
  {{- else -}}
    {{- printf "%s-recovery-secret" (include "cluster.name" .) -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate backup destination path
 */}}
 {{- define "cluster.backupDestinationPath" -}}
  {{- if .instance.destinationPathOverride -}}
    {{- .instance.destinationPathOverride -}}
  {{- else if .instance.destinationBucket -}}
    {{- printf "s3://%s/%s/%s/%s-cluster/" .instance.destinationBucket .global.Values.kubernetesClusterName (include "cluster.namespace" .global) (include "cluster.name" .global) | trimSuffix "-" -}}
  {{-  else -}}
    {{ fail "Invalid destination path!" }}
  {{- end -}}
 {{- end }}
 {{/*
 Generate backup destination path
 */}}
 {{- define "cluster.backupSecretName" -}}
  {{- if .instance.endpointCredentialsOverride -}}
    {{- .instance.endpointCredentialsOverride -}}
  {{- else if .instance.name -}}
    {{- printf "%s-backup-%s-secret" (include "cluster.name" .global) .instance.name | trunc 63 | trimSuffix "-" -}}
  {{-  else -}}
    {{ fail "Invalid backup secret name!" }}
  {{- end -}}
 {{- end }}
@@ -0,0 +1,151 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: {{ include "cluster.name" . }}-cluster
  namespace: {{ include "cluster.namespace" . }}
  {{- with .Values.cluster.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
 spec:
  instances: {{ .Values.cluster.instances }}
  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
  imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
  {{- with .Values.cluster.imagePullSecrets }}
  imagePullSecrets:
    {{- . | toYaml | nindent 4 }}
  {{- end }}
  postgresUID: {{ include "cluster.postgresUID" . }}
  postgresGID: {{ include "cluster.postgresGID" . }}
  storage:
    size: {{ .Values.cluster.storage.size }}
    {{- if not (empty .Values.cluster.storage.storageClass) }}
    storageClass: {{ .Values.cluster.storage.storageClass }}
    {{- end }}
  {{- if .Values.cluster.walStorage.enabled }}
  walStorage:
    size: {{ .Values.cluster.walStorage.size }}
    {{- if not (empty .Values.cluster.walStorage.storageClass) }}
    storageClass: {{ .Values.cluster.walStorage.storageClass }}
    {{- end }}
  {{- end }}
  {{- with .Values.cluster.resources }}
  resources:
    {{- toYaml . | nindent 4 }}
  {{ end }}
  {{- with .Values.cluster.affinity }}
  affinity:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- if .Values.cluster.priorityClassName }}
  priorityClassName: {{ .Values.cluster.priorityClassName }}
  {{- end }}
  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
  logLevel: {{ .Values.cluster.logLevel }}
  {{- with .Values.cluster.certificates }}
  certificates:
    {{- toYaml . | nindent 4 }}
  {{ end }}
  enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
  {{- with .Values.cluster.superuserSecret }}
  superuserSecret:
    name: {{ . }}
  {{ end }}
  enablePDB: {{ .Values.cluster.enablePDB }}
  postgresql:
    {{- if .Values.cluster.postgresql.shared_preload_libraries }}
    shared_preload_libraries:
      {{- with .Values.cluster.postgresql.shared_preload_libraries }}
      {{- toYaml . | nindent 6 }}
      {{- end }}
    {{- end }}
    {{- with .Values.cluster.postgresql.pg_hba }}
    pg_hba:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .Values.cluster.postgresql.pg_ident }}
    pg_ident:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .Values.cluster.postgresql.ldap  }}
    ldap:
      {{- toYaml . | nindent 6 }}
    {{- end}}
    {{- with .Values.cluster.postgresql.synchronous }}
    synchronous:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- with .Values.cluster.postgresql.parameters }}
    parameters:
      {{- toYaml . | nindent 6 }}
    {{- end }}
  {{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
  managed:
    {{- with .Values.cluster.services }}
    services:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- with .Values.cluster.roles }}
    roles:
      {{- toYaml . | nindent 6 }}
    {{ end }}
  {{- end }}
  {{- with .Values.cluster.serviceAccountTemplate }}
  serviceAccountTemplate:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  monitoring:
    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
    disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
    {{- if not (empty .Values.cluster.monitoring.customQueries) }}
    customQueriesConfigMap:
      - name: {{ include "cluster.name" . }}-monitoring
        key: custom-queries
    {{- end }}
    {{- if not (empty .Values.cluster.monitoring.customQueriesSecret) }}
    {{- with .Values.cluster.monitoring.customQueriesSecret }}
    customQueriesSecret:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- end }}
    {{- if not (empty .Values.cluster.monitoring.podMonitor.relabelings) }}
    {{- with .Values.cluster.monitoring.podMonitor.relabelings }}
    podMonitorRelabelings:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- end }}
    {{- if not (empty .Values.cluster.monitoring.podMonitor.metricRelabelings) }}
    {{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
    podMonitorMetricRelabelings:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- end }}
  plugins:
  {{- range $objectStore := .Values.backup.objectStore }}
    - name: barman-cloud.cloudnative-pg.io
      enabled: true
      {{- if $objectStore.isWALArchiver }}
      isWALArchiver: true
      {{- else }}
      isWALArchiver: false
      {{- end }}
      parameters:
        barmanObjectName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.name }}"
        {{- if $objectStore.clusterName }}
        serverName: "{{ $objectStore.clusterName }}-backup-{{ $objectStore.index }}"
        {{- else }}
        serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
        {{- end }}
  {{- end }}
  {{ include "cluster.bootstrap" . | nindent 2 }}
  {{ include "cluster.externalClusters" . | nindent 2 }}
@@ -0,0 +1,18 @@
 {{- if not (empty .Values.cluster.monitoring.customQueries) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "cluster.name" $ }}-monitoring
  namespace: {{ include "cluster.namespace" $ }}
  labels:
    cnpg.io/reload: ""
    {{- include "cluster.labels" $ | nindent 4 }}
 data:
  custom-queries: |
    {{- range .Values.cluster.monitoring.customQueries }}
    {{ .name }}:
      query: {{ .query | quote }}
      metrics:
        {{- .metrics | toYaml | nindent 8 }}
    {{- end }}
 {{- end }}
@@ -0,0 +1,76 @@
 {{- range .Values.databases }}
 ---
 apiVersion: postgresql.cnpg.io/v1
 kind: Database
 metadata:
  name: {{ include "cluster.name" $ }}-database-{{ .name | replace "_" "-" }}
  namespace: {{ include "cluster.namespace" $ }}
  labels:
    {{- include "cluster.labels" $ | nindent 4 }}
 spec:
  name: {{ .name }}
  cluster:
    name: {{ include "cluster.name" $ }}-cluster
  ensure: {{ .ensure | default "present" }}
  owner: {{ .owner }}
  template: {{ .template | default "template1" }}
  encoding: {{ .encoding | default "UTF8" }}
  databaseReclaimPolicy: {{ .databaseReclaimPolicy | default "retain" }}
  {{- with .isTemplate }}
  isTemplate: {{ . }}
  {{- end }}
  {{- with .allowConnections }}
  allowConnections: {{ . }}
  {{- end }}
  {{- with .connectionLimit }}
  connectionLimit: {{ . }}
  {{- end }}
  {{- with .tablespace }}
  tablespace: {{ . }}
  {{- end }}
  {{- with .locale }}
  locale: {{ . }}
  {{- end }}
  {{- with .localeProvider }}
  localeProvider: {{ . }}
  {{- end }}
  {{- with .localeCollate }}
  localeCollate: {{ . }}
  {{- end }}
  {{- with .localeCType }}
  localeCType: {{ . }}
  {{- end }}
  {{- with .icuLocale }}
  icuLocale: {{ . }}
  {{- end }}
  {{- with .icuRules }}
  icuRules: {{ . }}
  {{- end }}
  {{- with .builtinLocale }}
  builtinLocale: {{ . }}
  {{- end }}
  {{- with .collationVersion }}
  collationVersion: {{ . | quote }}
  {{- end }}
  {{- with .schemas }}
  schemas:
  {{- range . }}
    - name: {{ .name }}
      owner: {{ .owner }}
      ensure: {{ .ensure | default "present" }}
  {{- end }}
  {{- end }}
  {{- with .extensions }}
  extensions:
  {{- range . }}
    - name: {{ .name }}
      {{- with .version }}
      version: {{ . }}
      {{- end }}
      {{- with .schema }}
      schema: {{ . }}
      {{- end }}
      ensure: {{ .ensure | default "present" }}
  {{- end }}
  {{- end }}
 {{- end }}
@@ -0,0 +1,84 @@
 {{ if and (eq .Values.backup.method "objectStore") (.Values.backup.externalSecret.enabled) }}
 {{ $context := . -}}
 {{ range .Values.backup.objectStore -}}
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
  namespace: {{ include "cluster.namespace" $context }}
  labels:
    {{- include "cluster.labels" $context | nindent 4 }}
    app.kubernetes.io/name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
    {{- with $context.Values.cluster.additionalLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: ACCESS_REGION
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: {{ .externalSecretCredentialPath | required "External Secret Credential local path is required" }}
        metadataPolicy: None
        property: ACCESS_REGION
    - secretKey: ACCESS_KEY_ID
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: {{ .externalSecretCredentialPath | required "External Secret Credential local path is required" }}
        metadataPolicy: None
        property: ACCESS_KEY_ID
    - secretKey: ACCESS_SECRET_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: {{ .externalSecretCredentialPath| required "External Secret Credential local path is required" }}
        metadataPolicy: None
        property: ACCESS_SECRET_KEY
 {{ end -}}
 {{ end }}
 {{- if and (eq .Values.recovery.method "objectStore") (.Values.recovery.objectStore.externalSecret.enabled) }}
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: {{ include "cluster.recoverySecretName" . }}
  namespace: {{ include "cluster.namespace" . }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
    app.kubernetes.io/name: {{ include "cluster.recoverySecretName" . }}
    {{- with .Values.cluster.additionalLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault
  data:
    - secretKey: ACCESS_REGION
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: {{ .Values.recovery.objectStore.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
        metadataPolicy: None
        property: ACCESS_REGION
    - secretKey: ACCESS_KEY_ID
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: {{ .Values.recovery.objectStore.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
        metadataPolicy: None
        property: ACCESS_KEY_ID
    - secretKey: ACCESS_SECRET_KEY
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
        key: {{ .Values.recovery.objectStore.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
        metadataPolicy: None
        property: ACCESS_SECRET_KEY
 {{- end }}
@@ -0,0 +1,107 @@
 {{ if (eq .Values.backup.method "objectStore") }}
 {{ $context := . -}}
 {{ range .Values.backup.objectStore -}}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
  name: {{ include "cluster.name" $context }}-backup-{{ .name }}
  namespace: {{ include "cluster.namespace" $context }}
  labels:
    {{- include "cluster.labels" $context | nindent 4 }}
    app.kubernetes.io/name: {{ include "cluster.name" $context }}-backup-{{ .name }}
    {{- with $context.Values.cluster.additionalLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  retentionPolicy: {{ .retentionPolicy | default "7d" }}
  # Required when not using AWS S3
  # https://github.com/cloudnative-pg/cloudnative-pg/issues/8599
  instanceSidecarConfiguration:
    env:
      - name: AWS_REQUEST_CHECKSUM_CALCULATION
        value: when_required
      - name: AWS_RESPONSE_CHECKSUM_VALIDATION
        value: when_required
  configuration:
    destinationPath: {{ include "cluster.backupDestinationPath" (dict "instance" . "global" $context) }}
    endpointURL: {{ .endpointURL | default "http://garage-main.garage:3900" }}
    {{- if .endpointCA }}
    endpointCA:
      name: {{ .endpointCA.name }}
      key: {{ .endpointCA.key }}
    {{- end }}
    {{- if .wal }}
    wal:
      compression: {{ .wal.compression | default "snappy" }}
      {{ with .wal.encryption }}
      encryption: {{ . }}
      {{ end }}
      maxParallel: {{ .wal.maxParallel | default "1" }}
    {{- end }}
    {{- if .data }}
    data:
      compression: {{ .data.compression | default "snappy"  }}
      {{- with .data.encryption }}
      encryption: {{ . }}
      {{- end }}
      jobs: {{ .data.jobs | default 1 }}
    {{- end }}
    s3Credentials:
      accessKeyId:
        name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
        key: ACCESS_SECRET_KEY
      region:
        name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
        key: ACCESS_REGION
 {{ end -}}
 {{ end }}
 {{ if eq .Values.recovery.method "objectStore" }}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
  name: "{{ include "cluster.name" . }}-recovery"
  namespace: {{ include "cluster.namespace" . }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
    app.kubernetes.io/name: "{{ include "cluster.name" . }}-recovery"
    {{- with .Values.cluster.additionalLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  configuration:
    destinationPath: {{ include "cluster.recoveryDestinationPath" . }}
    endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
    {{- if .Values.recovery.objectStore.endpointCA.name }}
    endpointCA:
      name: {{ .Values.recovery.objectStore.endpointCA.name }}
      key: {{ .Values.recovery.objectStore.endpointCA.key }}
    {{- end }}
    wal:
      compression: {{ .Values.recovery.objectStore.wal.compression }}
      {{- with .Values.recovery.objectStore.wal.encryption}}
      encryption: {{ . }}
      {{- end }}
      maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
    data:
      compression: {{ .Values.recovery.objectStore.data.compression }}
      {{- with .Values.recovery.objectStore.data.encryption }}
      encryption: {{ . }}
      {{- end }}
      jobs: {{ .Values.recovery.objectStore.data.jobs }}
    s3Credentials:
      accessKeyId:
        name: {{ include "cluster.recoverySecretName" . }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: {{ include "cluster.recoverySecretName" . }}
        key: ACCESS_SECRET_KEY
      region:
        name: {{ include "cluster.recoverySecretName" . }}
        key: ACCESS_REGION
 {{ end }}
@@ -0,0 +1,51 @@
 {{- range .Values.poolers }}
 ---
 apiVersion: postgresql.cnpg.io/v1
 kind: Pooler
 metadata:
  name: {{ include "cluster.name" $ }}-pooler-{{ .name }}
  namespace: {{ include "cluster.namespace" $ }}
  labels:
    {{- include "cluster.labels" $ | nindent 4 }}
 spec:
  cluster:
    name: {{ include "cluster.name" $ }}
  instances: {{ .instances }}
  type: {{ default "rw" .type }}
  pgbouncer:
    poolMode: {{ default "session" .poolMode }}
    {{- with .authQuerySecret }}
    authQuerySecret:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .authQuery }}
    authQuery:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .parameters }}
    parameters:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .pg_hba }}
    pg_hba:
      {{- toYaml . | nindent 6 }}
    {{- end }}
  {{ with .monitoring }}
  monitoring:
  {{- if not (empty .podMonitor) }}
    enablePodMonitor: {{ and .enabled .podMonitor.enabled }}
    {{- with .podMonitor.relabelings }}
    podMonitorRelabelings:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- with .podMonitor.metricRelabelings }}
    podMonitorMetricRelabelings:
      {{- toYaml . | nindent 6 }}
    {{ end }}
  {{- end }}
  {{- end }}
  {{- with .template }}
  template:
    {{- . | toYaml | nindent 4 }}
  {{- end }}
 {{- end }}
@@ -1,82 +0,0 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: "postgresql-{{ .Release.Name }}-cluster"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
 spec:
  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
  instances: {{ .Values.cluster.instances }}
  replicationSlots:
    highAvailability:
      enabled: true
  affinity:
    enablePodAntiAffinity: true
    topologyKey: kubernetes.io/hostname
  postgresql:
    parameters:
      {{- toYaml .Values.cluster.parameters | nindent 6 }}
  resources:
    {{- toYaml .Values.cluster.resources | nindent 4 }}
  storage:
    storageClass: {{ .Values.cluster.storage.data.storageClass }}
    size: {{ .Values.cluster.storage.data.size }}
  walStorage:
    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
    size: {{ .Values.cluster.storage.wal.size }}
  monitoring:
    enablePodMonitor: true
  {{- if .Values.bootstrap.initdbEnabled }}
  bootstrap:
    initdb:
      {{- toYaml .Values.bootstrap.initdb | nindent 6 }}
  {{- end }}
  {{- if .Values.backup.recoveryEnabled }}
  bootstrap:
    recovery:
      source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
  externalClusters:
    - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
      barmanObjectStore:
        endpointURL: {{ .Values.bootstrap.endpointURL }}
        destinationPath: "s3://{{ .Values.bootstrap.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
        s3Credentials:
          accessKeyId:
            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
            key: ACCESS_KEY_ID
          secretAccessKey:
            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
            key: ACCESS_SECRET_KEY
        data:
          compression: {{ .Values.cluster.compression }}
        wal:
          compression: {{ .Values.cluster.compression }}
  {{- end }}
  {{- if .Values.backup.backupEnabled }}
  backup:
    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
    barmanObjectStore:
      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
      endpointURL: {{ .Values.backup.endpointURL }}
      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
      s3Credentials:
        accessKeyId:
          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
          key: ACCESS_KEY_ID
        secretAccessKey:
          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
          key: ACCESS_SECRET_KEY
      data:
        compression: {{ .Values.cluster.compression }}
      wal:
        compression: {{ .Values.cluster.compression }}
  {{- end }}
@@ -0,0 +1,27 @@
 {{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ include "cluster.name" $ }}-alert-rules
  namespace: {{ include "cluster.namespace" $ }}
  labels:
    {{- include "cluster.labels" $ | nindent 4 }}
 spec:
  groups:
    - name: cloudnative-pg/{{ include "cluster.name" . }}
      rules:
        {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
        {{- $_ := set $dict "value"       "{{`{{`}} $value {{`}}`}}" -}}
        {{- $_ := set $dict "namespace"   .Release.Namespace -}}
        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
        {{- $_ := set $dict "labels"      (dict "job" "{{`{{`}} $labels.job {{`}}`}}" "node" "{{`{{`}} $labels.node {{`}}`}}" "pod" "{{`{{`}} $labels.pod {{`}}`}}") -}}
        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
        {{- $_ := set $dict "Values"      .Values -}}
        {{- $_ := set $dict "Template"    .Template -}}
        {{- range $path, $_ := .Files.Glob  "prometheus_rules/**.yaml" }}
        {{- $tpl := tpl ($.Files.Get $path) $dict | nindent 10 | trim -}}
        {{- with $tpl }}
        - {{ $tpl }}
        {{- end -}}
        {{- end }}
 {{ end }}
--- a/Show More
+++ b/Show More
		`@@ -1,2 +0,0 @@`
			`# This file is processed by Renovate bot so that it creates a PR on new major Renovate versions`
			`FROM renovate/renovate:37`