add kyoo

Update Helm release redis to v19.1.2 (#39 )
* Update Helm release redis to v19.1.2 * update chart --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>
2024-04-19 04:08:55 -06:00 · 2024-04-18 22:02:37 -06:00 · 2024-04-18 05:49:15 -06:00 · 2024-04-18 05:35:06 -06:00 · 2024-04-18 04:35:42 -06:00 · 2024-04-18 03:43:52 -06:00
56 changed files with 5263 additions and 787 deletions
--- a/charts/home-assistant/Chart.yaml
+++ b/charts/home-assistant/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: home-assistant
-version: 0.1.8
+version: 0.1.10
 description: Chart for Home Assistant
 keywords:
  - home-automation
@@ -9,4 +9,4 @@ sources:
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
-appVersion: v2024.4.2
+appVersion: v2024.4.3
--- a/charts/home-assistant/values.yaml
+++ b/charts/home-assistant/values.yaml
@@ -3,7 +3,7 @@ deployment:
  strategy: Recreate
  image:
    repository: homeassistant/home-assistant
-    tag: 2024.4.2
+    tag: 2024.4.3
    imagePullPolicy: IfNotPresent
  env:
    TZ: UTC
@@ -56,7 +56,7 @@ codeserver:
  enabled: false
  image:
    repository: linuxserver/code-server
-    tag: 4.23.0
+    tag: 4.23.1
    imagePullPolicy: IfNotPresent
  env:
    TZ: UTC
--- a/charts/homepage/Chart.yaml
+++ b/charts/homepage/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: homepage
-version: 0.0.10
+version: 0.0.11
 description: Chart for benphelps homepage
 keywords:
  - dashboard
@@ -9,4 +9,4 @@ sources:
 maintainers:
  - name: alexlebens
 icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.11
+appVersion: v0.8.12
--- a/charts/homepage/values.yaml
+++ b/charts/homepage/values.yaml
@@ -3,7 +3,7 @@ deployment:
  strategy: Recreate
  image:
    repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.11
+    tag: v0.8.12
    imagePullPolicy: IfNotPresent
  env:
  envFrom:
--- a/charts/kyoo/Chart.yaml
+++ b/charts/kyoo/Chart.yaml
@@ -0,0 +1,23 @@
 apiVersion: v2
 name: kyoo
 version: 0.1.0
 description: Chart for Kyoo
 keywords:
  - media
 sources:
  - https://github.com/zoriya/Kyoo
  - https://github.com/rabbitmq/rabbitmq-server
  - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
  - https://github.com/meilisearch/meilisearch
  - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
 maintainers:
  - name: alexlebens
 icon: https://raw.githubusercontent.com/zoriya/Kyoo/master/icons/icon-256x256.png
 dependencies:
  - name: rabbitmq
    version: 14.0.1
    repository: https://charts.bitnami.com/bitnami
  - name: meilisearch
    version: 0.6.1
    repository: https://meilisearch.github.io/meilisearch-kubernetes  
 appVersion: v4.4.0
--- a/charts/kyoo/README.md
+++ b/charts/kyoo/README.md
@@ -0,0 +1,17 @@
 ## Introduction
 [Kyoo](https://github.com/zoriya/Kyoo)
 A portable and vast media library solution.
 This chart bootstraps a [Kyoo](https://github.com/zoriya/Kyoo) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 ## Parameters
 See the [values files](values.yaml).
--- a/charts/kyoo/templates/_helpers.tpl
+++ b/charts/kyoo/templates/_helpers.tpl
@@ -0,0 +1,155 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "kyoo.name" -}}
  {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "kyoo.fullname" -}}
  {{- if .Values.global.fullnameOverride -}}
    {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
  {{- else -}}
    {{- $name := default .Chart.Name .Values.global.nameOverride -}}
    {{- if contains $name .Release.Name -}}
      {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
    {{- else -}}
      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label
 */}}
 {{- define "kyoo.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "kyoo.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Common labels for specific components
 */}}
 {{- define "kyoo.autosync.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-autosync
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.back.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-back
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.front.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-front
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.matcher.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-matcher
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.migrations.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-migrations
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.scanner.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-scanner
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.transcoder.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-transcoder
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
 */}}
 {{- define "kyoo.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.autosync.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-autosync
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.back.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-back
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.front.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-front
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.matcher.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-matcher
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.migrations.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-migrations
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.scanner.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-scanner
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.transcoder.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-transcoder
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "kyoo.serviceAccountName" -}}
  {{- if .Values.serviceAccount.create -}}
    {{ default (include "kyoo.fullname" .) .Values.serviceAccount.name }}
  {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
  {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the back persistent volume
 */}}
 {{- define "kyoo.backVolumeName" -}}
  {{- if .Values.persistence.back.existingClaim -}}
    {{ .Values.persistence.back.existingClaim }}
  {{- else -}}
    {{ printf "%s-back" (include "kyoo.fullname" .) | trunc 63 | trimSuffix "-" }}
  {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the metadata persistent volume
 */}}
 {{- define "kyoo.metadataVolumeName" -}}
  {{- if .Values.persistence.metadata.existingClaim -}}
    {{ .Values.persistence.metadata.existingClaim }}
  {{- else -}}
    {{ printf "%s-metadata" (include "kyoo.fullname" .) | trunc 63 | trimSuffix "-" }}
  {{- end -}}
 {{- end -}}
--- a/charts/kyoo/templates/deployment-autosync.yaml
+++ b/charts/kyoo/templates/deployment-autosync.yaml
@@ -0,0 +1,75 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-autosync
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.autosync.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.autosync.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.autosync.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.autosync.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-autosync
      annotations:
        {{- with .Values.autosync.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.autosync.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.autosync.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.autosync.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.autosync.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-autosync
          image: "{{ .Values.autosync.image.repository }}:{{ .Values.autosync.image.tag }}"
          imagePullPolicy: {{ .Values.autosync.image.pullPolicy }}
          resources:
            {{ toYaml .Values.autosync.resources | nindent 12 }}
          env:
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
          {{ if .Values.config.secretAPIKey.existingSimklSecretKey }}
            - name: OIDC_SIMKL_CLIENTID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingSimklSecretKey }}"
          {{ end }}
          {{- with .Values.autosync.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
--- a/charts/kyoo/templates/deployment-back.yaml
+++ b/charts/kyoo/templates/deployment-back.yaml
@@ -0,0 +1,185 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-back
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.back.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.back.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.back.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.back.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-back
      annotations:
        {{- with .Values.back.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.back.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.back.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.back.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.back.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-back
          image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
          imagePullPolicy: {{ .Values.back.image.pullPolicy }}
          resources:
            {{ toYaml .Values.back.resources | nindent 12 }}
          ports:
            - name: kyoo-back
              containerPort: {{ .Values.back.service.port }}
              protocol: TCP
          volumeMounts:
            - name: kyoo-back
              mountPath: /kyoo
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: REQUIRE_ACCOUNT_VERIFICATION
              value: "{{ .Values.config.requireAccountVerification }}"
            - name: UNLOGGED_PERMISSIONS
              value: "{{ .Values.config.unloggedPermissions }}"
            - name: DEFAULT_PERMISSIONS
              value: "{{ .Values.config.defaultPermissions }}"
            - name: AUTHENTICATION_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAuthenticationKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAuthenticationKey.existingSecretKey }}"
            - name: KYOO_APIKEYS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}"
            - name: PUBLIC_URL
              value: "{{ .Values.config.publicUrl }}"
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.usernameKey }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.passwordKey }}"
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.databaseNameKey }}"
            - name: POSTGRES_SERVER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.hostKey }}"
            - name: POSTGRES_PORT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.portKey }}"
          {{ if .Values.config.oidc.enabled }}
            - name: OIDC_SERVICE_NAME
              value: "{{ .Values.config.oidc.name }}"
            - name: OIDC_SERVICE_LOGO
              value: "{{ .Values.config.oidc.logo }}"
            - name: OIDC_SERVICE_AUTHORIZATION
              value: "{{ .Values.config.oidc.authorization }}"
            - name: OIDC_SERVICE_TOKEN
              value: "{{ .Values.config.oidc.token }}"
            - name: OIDC_SERVICE_PROFILE
              value: "{{ .Values.config.oidc.profile }}"
            - name: OIDC_SERVICE_SCOPE
              value: "{{ .Values.config.oidc.scope }}"
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientIdKey }}"
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientSecretKey }}"
          {{ end }}
            - name: MEILI_HOST
              value: http://{{ template "kyoo.fullname" . }}-meilisearch.{{ .Release.Namespace }}:{{ .Values.meilisearch.service.port }}
            - name: MEILI_MASTER_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.meilisearch.auth.existingMasterKeySecret }}"
                  key: MEILI_MASTER_KEY
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
          {{- if .Values.back.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: {{ .Values.back.livenessProbe.path }}
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.back.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: {{ .Values.back.livenessProbe.path }}
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
          {{- end }}
      volumes:
        - name: kyoo-back
      {{- if .Values.persistence.back.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "kyoo.backVolumeName" . }}
      {{- else }}
          emptyDir: {}
      {{- end }}
--- a/charts/kyoo/templates/deployment-front.yaml
+++ b/charts/kyoo/templates/deployment-front.yaml
@@ -0,0 +1,90 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-front
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.front.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.front.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.front.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.front.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-front
      annotations:
        {{- with .Values.front.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.front.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.front.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.front.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.front.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-front
          image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
          imagePullPolicy: {{ .Values.front.image.pullPolicy }}
          resources:
            {{ toYaml .Values.front.resources | nindent 12 }}
          ports:
            - name: kyoo-front
              containerPort: {{ .Values.front.service.port }}
              protocol: TCP
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: KYOO_URL
              value: http://{{ template "kyoo.fullname" . }}-back.{{ .Release.Namespace }}:{{ .Values.back.service.port }}
          {{- if .Values.front.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: {{ .Values.front.livenessProbe.path }}
              port: {{ .Values.front.service.port }}
            initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.front.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: {{ .Values.front.livenessProbe.path }}
              port: {{ .Values.front.service.port }}
            initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
          {{- end }}
--- a/charts/kyoo/templates/deployment-matcher.yaml
+++ b/charts/kyoo/templates/deployment-matcher.yaml
@@ -0,0 +1,85 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-matcher
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.matcher.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.matcher.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.matcher.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.matcher.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-matcher
      annotations:
        {{- with .Values.matcher.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.matcher.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.matcher.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.matcher.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.matcher.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-matcher
          image: "{{ .Values.matcher.image.repository }}:{{ .Values.matcher.image.tag }}"
          imagePullPolicy: {{ .Values.matcher.image.pullPolicy }}
          resources:
            {{ toYaml .Values.matcher.resources | nindent 12 }}
          command:
            - matcher
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: KYOO_URL
              value: http://{{ template "kyoo.fullname" . }}-back.{{ .Release.Namespace }}:{{ .Values.back.service.port }}
            - name: KYOO_APIKEYS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}"
            - name: THEMOVIEDB_APIKEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingTMDBSecretKey }}"
            - name: LIBRARY_LANGUAGES
              value: "{{ .Values.config.libraryLanguages }}"
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
--- a/charts/kyoo/templates/deployment-migrations.yaml
+++ b/charts/kyoo/templates/deployment-migrations.yaml
@@ -0,0 +1,145 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-migrations
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.migrations.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.migrations.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.migrations.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.migrations.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-migrations
      annotations:
        {{- with .Values.migrations.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.migrations.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.migrations.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.migrations.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.migrations.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-migrations
          image: "{{ .Values.migrations.image.repository }}:{{ .Values.migrations.image.tag }}"
          imagePullPolicy: {{ .Values.migrations.image.pullPolicy }}
          resources:
            {{ toYaml .Values.migrations.resources | nindent 12 }}
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: REQUIRE_ACCOUNT_VERIFICATION
              value: "{{ .Values.config.requireAccountVerification }}"
            - name: UNLOGGED_PERMISSIONS
              value: "{{ .Values.config.unloggedPermissions }}"
            - name: DEFAULT_PERMISSIONS
              value: "{{ .Values.config.defaultPermissions }}"
            - name: AUTHENTICATION_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAuthenticationKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAuthenticationKey.existingSecretKey }}"
            - name: KYOO_APIKEYS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}"
            - name: PUBLIC_URL
              value: "{{ .Values.config.publicUrl }}"
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.usernameKey }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.passwordKey }}"
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.databaseNameKey }}"
            - name: POSTGRES_SERVER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.hostKey }}"
            - name: POSTGRES_PORT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.portKey }}"
          {{ if .Values.config.oidc.enabled }}
            - name: OIDC_SERVICE_NAME
              value: "{{ .Values.config.oidc.name }}"
            - name: OIDC_SERVICE_LOGO
              value: "{{ .Values.config.oidc.logo }}"
            - name: OIDC_SERVICE_AUTHORIZATION
              value: "{{ .Values.config.oidc.authorization }}"
            - name: OIDC_SERVICE_TOKEN
              value: "{{ .Values.config.oidc.token }}"
            - name: OIDC_SERVICE_PROFILE
              value: "{{ .Values.config.oidc.profile }}"
            - name: OIDC_SERVICE_SCOPE
              value: "{{ .Values.config.oidc.scope }}"
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientIdKey }}"
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientSecretKey }}"
          {{ end }}
            - name: MEILI_HOST
              value: http://{{ template "kyoo.fullname" . }}-meilisearch.{{ .Release.Namespace }}:{{ .Values.meilisearch.service.port }}
            - name: MEILI_MASTER_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.meilisearch.auth.existingMasterKeySecret }}"
                  key: MEILI_MASTER_KEY
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
--- a/charts/kyoo/templates/deployment-scanner.yaml
+++ b/charts/kyoo/templates/deployment-scanner.yaml
@@ -0,0 +1,101 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-scanner
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.scanner.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.scanner.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.scanner.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.scanner.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-scanner
      annotations:
        {{- with .Values.scanner.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.scanner.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.scanner.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.scanner.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.scanner.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-scanner
          image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag }}"
          imagePullPolicy: {{ .Values.scanner.image.pullPolicy }}
          resources:
            {{ toYaml .Values.scanner.resources | nindent 12 }}
          volumeMounts:
            - name: kyoo-library
              mountPath: "{{ .Values.persistence.library.mountPath }}"
          command:
            - scanner
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: KYOO_URL
              value: http://{{ template "kyoo.fullname" . }}-back.{{ .Release.Namespace }}:{{ .Values.back.service.port }}
            - name: KYOO_APIKEYS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}"
            - name: THEMOVIEDB_APIKEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingTMDBSecretKey }}"
            - name: LIBRARY_LANGUAGES
              value: "{{ .Values.config.libraryLanguages }}"
            - name: LIBRARY_IGNORE_PATTERN
              value: "{{ .Values.config.libraryIgnorePattern }}"
            - name: SCANNER_LIBRARY_ROOT
              value: "{{ .Values.persistence.library.mountPath }}"
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
      volumes:
        - name: kyoo-library
      {{- if .Values.persistence.library.enabled }}
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.library.existingClaim }}
      {{- else }}
          emptyDir: {}
      {{- end }}
--- a/charts/kyoo/templates/deployment-transcoder.yaml
+++ b/charts/kyoo/templates/deployment-transcoder.yaml
@@ -0,0 +1,114 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-transcoder
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.transcoder.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.transcoder.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.transcoder.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.transcoder.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-transcoder
      annotations:
        {{- with .Values.transcoder.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.transcoder.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.transcoder.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.transcoder.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.transcoder.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-transcoder
          image: "{{ .Values.transcoder.image.repository }}:{{ .Values.transcoder.image.tag }}"
          imagePullPolicy: {{ .Values.transcoder.image.pullPolicy }}
          resources:
            {{ toYaml .Values.transcoder.resources | nindent 12 }}
          ports:
            - name: kyoo-transcoder
              containerPort: {{ .Values.transcoder.service.port }}
              protocol: TCP
          volumeMounts:
            - name: kyoo-metadata
              mountPath: "{{ .Values.persistence.metadata.mountPath }}"
            - name: kyoo-cache
              mountPath: "{{ .Values.persistence.cache.mountPath }}"
            - name: kyoo-library
              mountPath: "{{ .Values.persistence.library.mountPath }}"
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- if eq .Values.config.transcoderProfile "vaapi" }}
            - name: GOCODER_HWACCEL
              value: "vaapi"
            - name: GOCODER_VAAPI_RENDERER
              value: "{{ .Values.config.transcoderRenderPath }}"
          {{- else if eq .Values.config.transcoderProfile "qsv" }}
            - name: GOCODER_HWACCEL
              value: "qsv"
            - name: GOCODER_QSV_RENDERER
              value: "{{ .Values.config.transcoderRenderPath }}"
          {{- else if eq .Values.config.transcoderProfile "nvidia" }}
            - name: GOCODER_HWACCEL
              value: "nvidia"
          {{- else }}
            - name: GOCODER_HWACCEL
              value: "disabled"
          {{- end }}
            - name: GOCODER_PRESET
              value: "{{ .Values.config.transcoderPreset }}"
            - name: GOCODER_METADATA_ROOT
              value: "{{ .Values.persistence.metadata.mountPath }}"
            - name: GOCODER_CACHE_ROOT
              value: "{{ .Values.persistence.cache.mountPath }}"
      volumes:
        - name: kyoo-metadata
      {{- if .Values.persistence.metadata.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "kyoo.metadataVolumeName" . }}
      {{- else }}
          emptyDir: {}
      {{- end }}
        - name: kyoo-cache
          emptyDir:
            sizeLimit: {{ .Values.persistence.cache.size }}
        - name: kyoo-library
      {{- if .Values.persistence.library.enabled }}
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.library.existingClaim }}
      {{- else }}
          emptyDir: {}
      {{- end }}
--- a/charts/kyoo/templates/ingress.yaml
+++ b/charts/kyoo/templates/ingress.yaml
@@ -0,0 +1,44 @@
 {{- if .Values.ingress.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ template "kyoo.fullname" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- toYaml .Values.ingress.annotations | nindent 4 }}
  labels:
    {{- include "kyoo.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.ingress.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  ingressClassName: {{ .Values.ingress.className }}
  tls:
    - hosts:
      - {{ .Values.ingress.host }}
      secretName: {{ template "kyoo.fullname" . }}-secret-tls
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: /
            backend:
              service:
                name: "{{ template "kyoo.fullname" . }}-front"
                port:
                  name: kyoo-front
            pathType: ImplementationSpecific
          - path: /api
            backend:
              service:
                name: "{{ template "kyoo.fullname" . }}-back"
                port:
                  name: kyoo-back
            pathType: ImplementationSpecific
 {{- end }}
--- a/charts/kyoo/templates/persistent-volume-claim.yaml
+++ b/charts/kyoo/templates/persistent-volume-claim.yaml
@@ -0,0 +1,54 @@
 {{- if and .Values.persistence.back.enabled (not .Values.persistence.back.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "kyoo.backVolumeName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if .Values.persistence.back.retain }}
    helm.sh/resource-policy: keep
    {{- end }}
  labels:
    {{- include "kyoo.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  storageClassName: {{ .Values.persistence.back.storageClass }}
  accessModes:
    - {{ .Values.persistence.back.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.back.size }}
 {{- end }}
 ---
 {{- if and .Values.persistence.metadata.enabled (not .Values.persistence.metadata.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "kyoo.metadataVolumeName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if .Values.persistence.metadata.retain }}
    "helm.sh/resource-policy": keep
    {{- end }}
  labels:
    {{- include "kyoo.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  storageClassName: {{ .Values.persistence.metadata.storageClass }}
  accessModes:
    - {{ .Values.persistence.metadata.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.metadata.size }}
 {{- end }}
--- a/charts/kyoo/templates/service-account.yaml
+++ b/charts/kyoo/templates/service-account.yaml
@@ -0,0 +1,20 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "kyoo.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/kyoo/templates/service.yaml
+++ b/charts/kyoo/templates/service.yaml
@@ -0,0 +1,100 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "kyoo.fullname" . }}-back
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.back.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.back.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.back.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.back.service.type }}
  ports:
    - port: {{ .Values.back.service.port }}
      targetPort: kyoo-back
      protocol: TCP
      name: kyoo-back
  selector:
    {{- include "kyoo.back.matchLabels" . | nindent 4 }}
    {{- with .Values.back.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "kyoo.fullname" . }}-front
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.front.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.front.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.front.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.front.service.type }}
  ports:
    - port: {{ .Values.front.service.port }}
      targetPort: kyoo-front
      protocol: TCP
      name: kyoo-front
  selector:
    {{- include "kyoo.front.matchLabels" . | nindent 4 }}
    {{- with .Values.front.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: transcoder
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.transcoder.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.transcoder.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.transcoder.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.transcoder.service.type }}
  ports:
    - port: {{ .Values.transcoder.service.port }}
      targetPort: kyoo-transcoder
      protocol: TCP
      name: kyoo-transcoder
  selector:
    {{- include "kyoo.transcoder.matchLabels" . | nindent 4 }}
    {{- with .Values.transcoder.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/kyoo/values.yaml
+++ b/charts/kyoo/values.yaml
@@ -0,0 +1,891 @@
 ## Global
 ##
 global:
  # -- Set an override for the prefix of the fullname
  nameOverride:
  # -- Set the entire name definition
  fullnameOverride:
  # -- Set additional global labels. Helm templates can be used.
  labels: {}
  # -- Set additional global annotations. Helm templates can be used.
  annotations: {}
 ## Service Account
 ##
 serviceAccount:
  # -- Specifies whether a service account should be created
  create: false
  # -- Annotations to add to the service account
  annotations: {}
  # -- Labels to add to the service account
  labels: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 ## Config options
 ##
 config:
  ## Secret key
  ## Specificy the secret name and the key containg a strong secret key
  ##
  secretAuthenticationKey:
    existingSecretName: ""
    existingSecretKey: ""
  ## API keys
  ## Specificy the secret name and the key containg an API key for that service
  ##
  secretAPIKey:
    existingSecretName: ""
    # -- Kyoo
    existingKyooSecretKey: ""
    # -- The Movie Database
    existingTMDBSecretKey: ""
    # -- Simkl: https://simkl.docs.apiary.io/#
    existingSimklSecretKey: ""
  # Langauges
  libraryLanguages: en
  # A pattern (regex) to ignore video files, ie ".*/[dD]ownloads?/.*"
  libraryIgnorePattern: ""
  # If this is true, new accounts wont have any permissions before you approve them in your admin dashboard.
  requireAccountVerification: true
  # Specify permissions of guest accounts, default is no permissions,
  # but you can allow anyone to use your instance without account by doing:
  # UNLOGGED_PERMISSIONS=overall.read,overall.play
  # You can specify this to allow guests users to see your collection without behing able to play videos for example:
  # UNLOGGED_PERMISSIONS=overall.read
  unloggedPermissions: ""
  # Specify permissions of new accounts.
  defaultPermissions: overall.read,overall.play
  # Hardware transcoding (equivalent of --profile docker compose option).
  # cpu (no hardware acceleration) or vaapi or qsv or nvidia
  transcoderProfile: cpu
  # Path to the hardware device for the specificied transcoder profile
  transcoderRenderPath: /dev/dri/renderD128
  # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels
  # warning: using vaapi hwaccel disable presets (they are not supported).
  transcoderPreset: fast
  # The url you can use to reach your kyoo instance. This is also used during oidc to redirect users to your instance.
  publicUrl: ""
  ## OIDC authentication
  ##
  oidc:
    enabled: false
    # Name of the OIDC provider, ie Authentik, Keycloak, Authelia, etc
    name: ""
    # URL to the an image of the provider logo
    logo: ""
    # Urls to access the provider
    authorization: ""
    token: ""
    profile: ""
    # Scopes space separeted
    scope: "openid profile email"
    # Generated from the provider, these are expected to be stored in a secret
    existingSecretName: ""
    clientIDKey: ""
    secretIDKey: ""
  ## Postgresql
  ## All configuration is expected to be stored in a secret, reference the secret name and each key for the value
  ##
  postgresql:
    existingSecretName: ""
    usernameKey: ""
    passwordKey: ""
    databaseNameKey: ""
    hostKey: ""
    portKey: ""
 ## Configure the ingress resource that allows you to access the
 ## kyoo installation. Set up the URL
 ## ref: http://kubernetes.io/docs/user-guide/ingress/
 ##
 ingress:
  # -- Enables or disables the ingress
  enabled: false
  # -- Provide additional annotations which may be required.
  annotations: {}
  # -- Provide additional labels which may be required.
  labels: {}
  # -- Set the ingressClass that is used for this ingress.
  className: ""
  ## Configure the hosts for the ingress
  host: chart-example.local
 ## Enable persistence using Persistent Volume Claims
 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
 ##
 persistence:
  back:
    # -- Enables or disables the persistence item. Defaults to true
    enabled: true
    # -- Storage Class for the config volume.
    # If set to `-`, dynamic provisioning is disabled.
    # If set to something else, the given storageClass is used.
    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
    storageClass: ""
    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
    existingClaim: ""
    # -- AccessMode for the persistent volume.
    # Make sure to select an access mode that is supported by your storage provider!
    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
    accessMode: ReadWriteOnce
    # -- The amount of storage that is requested for the persistent volume.
    size: 5Gi
    # -- Set to true to retain the PVC upon `helm uninstall`
    retain: false
  metadata:
    # -- Enables or disables the persistence item. Defaults to true
    enabled: true
    # -- Storage Class for the config volume.
    # If set to `-`, dynamic provisioning is disabled.
    # If set to something else, the given storageClass is used.
    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
    storageClass: ""
    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
    existingClaim: ""
    # -- AccessMode for the persistent volume.
    # Make sure to select an access mode that is supported by your storage provider!
    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
    accessMode: ReadWriteOnce
    # -- The amount of storage that is requested for the persistent volume.
    size: 5Gi
    # -- Set to true to retain the PVC upon `helm uninstall`
    retain: false
    # -- Mount path inside container
    mountPath: /metadata
  cache:
    # -- Transcoder cache will be mounted as an emptyDir, specificy a limit to the cache size
    size: 10Gi
    # -- Mount path inside container
    mountPath: /cache
  library:
    enabled: false
    # -- Provide an existing claim to you media library
    existingClaim: ""
    # -- Mount path inside container, used as the root path for the library
    mountPath: /video
 ## Auto Sync
 ##
 autosync:
  ## Kyoo Auto Sync image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_autosync/tags
  ##
  image:
    repository: zoriya/kyoo_autosync
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
 ## Back
 ##
 back:
  ## Kyoo Back image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_back/tags
  ##
  image:
    repository: zoriya/kyoo_back
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    path: /health
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    path: /health
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 5000
 ## Front
 ##
 front:
  ## Kyoo Front image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_front/tags
  ##
  image:
    repository: zoriya/kyoo_front
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    path: /
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    path: /
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 8901
 ## Matcher
 ##
 matcher:
  ## Kyoo Matcher image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_matcher/tags
  ##
  image:
    repository: zoriya/kyoo_scanner
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
 ## Migrations
 ##
 migrations:
  ## Kyoo Migrations image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_migrations/tags
  ##
  image:
    repository: zoriya/kyoo_migrations
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
 ## Scanner
 ##
 scanner:
  ## Kyoo Scanner image version
  ## ref: https://hub.docker.com/r/zoriya/zoriya/kyoo_scanner/tags
  ##
  image:
    repository: zoriya/zoriya/kyoo_scanner
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
 ## Transcoder
 ##
 transcoder:
  ## Kyoo Transcoder image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_transcoder/tags
  ##
  image:
    repository: zoriya/kyoo_transcoder
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 7666
 ## Rabbitmq
 ## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
 ##
 rabbitmq:
  auth:
    ## @param auth.username RabbitMQ application username
    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
    ##
    username: kyoo
    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
    ## e.g:
    ## existingPasswordSecret: name-of-existing-secret
    ##
    existingPasswordSecret: ""
    existingSecretPasswordKey: ""
    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
    ## e.g:
    ## existingErlangSecret: name-of-existing-secret
    ##
    existingErlangSecret: ""
    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
    ##
    existingSecretErlangKey: ""
  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
  ## Must contain the key "rabbitmq.conf"
  ## Takes precedence over `configuration`, so do not use both simultaneously
  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
  ##
  configurationExistingSecret: ""
  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
  ## Use this instead of `configuration` to add more configuration
  ## Do not use simultaneously with `extraConfigurationExistingSecret`
  ##
  extraConfiguration: |-
    default_vhost = kyoo
    default_permissions.configure = .*
    default_permissions.read = .*
    default_permissions.write = .*
 ## Meilisearch
 ## https://github.com/meilisearch/meilisearch-kubernetes/blob/main/charts/meilisearch/values.yaml
 ##
 meilisearch:
  environment:
    # -- Deactivates analytics
    MEILI_NO_ANALYTICS: true
    # -- Sets the environment. Either **production** or **development**
    MEILI_ENV: production
    # For production deployment, the environment MEILI_MASTER_KEY is required.
    # If MEILI_ENV is set to "production" without setting MEILI_MASTER_KEY, this
    # chart will automatically create a secure MEILI_MASTER_KEY and push it as a
    # secret. Otherwise the below value of MEILI_MASTER_KEY will be used instead.
    # MEILI_MASTER_KEY: ""
  auth:
    # -- Use an existing Kubernetes secret for the MEILI_MASTER_KEY
    existingMasterKeySecret: ""
  service:
    # -- Kubernetes Service type
    type: ClusterIP
    # -- Kubernetes Service port
    port: 7700
    # -- Additional annotations for service
    annotations: {}
  persistence:
    enabled: false
    # -- PVC Access Mode
    accessMode: ReadWriteOnce
    ## Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # -- PVC Storage Class
    storageClass: "-"
    ## Data Persistent Volume existing claim name
    ## Requires persistence.enabled: true
    ## If defined, PVC must be created manually before volume will be bound
    # -- Existing PVC
    existingClaim: ""
    # -- PVC Storage Request
    size: 10Gi
  resources: {}
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
  serviceMonitor:
    enabled: false
--- a/charts/matrix-hookshot/Chart.yaml
+++ b/charts/matrix-hookshot/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: matrix-hookshot
-version: 0.1.0
+version: 0.1.1
 description: Chart for Matrix Hookshot
 keywords:
  - matrix
@@ -11,4 +11,4 @@ sources:
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4
-appVersion: "5.2.1"
+appVersion: "5.3.0"
--- a/charts/matrix-hookshot/values.yaml
+++ b/charts/matrix-hookshot/values.yaml
@@ -3,7 +3,7 @@ deployment:
  strategy: Recreate
  image:
    repository: halfshot/matrix-hookshot
-    tag: "5.2.1"
+    tag: "5.3.0"
    imagePullPolicy: IfNotPresent
  env: {}
  envFrom: []
@@ -81,7 +81,7 @@ hookshot:
        resources:
          - widgets
-    #github:
+    # github:
    #  # (Optional) Configure this to enable GitHub support
    #  auth:
    #    # Authentication for the GitHub App.
@@ -104,7 +104,7 @@ hookshot:
    #    # (Optional) Prefix used when creating ghost users for GitHub accounts.
    #    _github_
-    #gitlab:
+    # gitlab:
    #  # (Optional) Configure this to enable GitLab support
    #  instances:
    #    gitlab.com:
@@ -119,7 +119,7 @@ hookshot:
    #    # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds)
    #    5000
-    #figma:
+    # figma:
    #  # (Optional) Configure this to enable Figma support
    #  publicUrl: https://example.com/hookshot/
    #  instances:
@@ -128,7 +128,7 @@ hookshot:
    #      accessToken: your-personal-access-token
    #      passcode: your-webhook-passcode
-    #jira:
+    # jira:
    #  # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
    #  webhook:
    #    # Webhook settings for JIRA
@@ -139,7 +139,7 @@ hookshot:
    #    client_secret: bar
    #    redirect_uri: https://example.com/oauth/
-    #generic:
+    # generic:
    #  # (Optional) Support for generic webhook events.
    #  #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
@@ -150,23 +150,23 @@ hookshot:
    #  allowJsTransformationFunctions: false
    #  waitForComplete: false
-    #feeds:
+    # feeds:
    #  # (Optional) Configure this to enable RSS/Atom feed support
    #  enabled: false
    #  pollConcurrency: 4
    #  pollIntervalSeconds: 600
    #  pollTimeoutSeconds: 30
-    #provisioning:
+    # provisioning:
    #  # (Optional) Provisioning API for integration managers
    #  secret: "!secretToken"
-    #bot:
+    # bot:
    #  # (Optional) Define profile information for the bot user
    #  displayname: Hookshot Bot
    #  avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
-    #serviceBots:
+    # serviceBots:
    #  # (Optional) Define additional bot users for specific services
    #  - localpart: feeds
    #    displayname: Feeds
@@ -174,21 +174,21 @@ hookshot:
    #    prefix: "!feeds"
    #    service: feeds
-    #metrics:
+    # metrics:
    #  # (Optional) Prometheus metrics support
    #  enabled: true
-    #cache:
+    # cache:
    #  # (Optional) Cache options for large scale deployments.
    #  # For encryption to work, this must be configured.
    #  redisUri: redis://localhost:6379
-    #queue:
+    # queue:
    #  # (Optional) Message queue configuration options for large scale deployments.
    #  # For encryption to work, this must not be configured.
    #  redisUri: redis://localhost:6379
-    #widgets:
+    # widgets:
    #  # (Optional) EXPERIMENTAL support for complimentary widgets
    #  addToAdminRooms: false
    #  disallowedIpRanges:
@@ -217,12 +217,12 @@ hookshot:
    #  branding:
    #    widgetTitle: Hookshot Configuration
-    #sentry:
+    # sentry:
    #  # (Optional) Configure Sentry error reporting
    #  dsn: https://examplePublicKey@o0.ingest.sentry.io/0
    #  environment: production
-    #permissions:
+    # permissions:
    #  # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
    #  - actor: example.com
    #    services:
--- a/charts/mautrix-whatsapp/Chart.yaml
+++ b/charts/mautrix-whatsapp/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: mautrix-whatsapp
-version: 0.0.2
+version: 0.0.3
 description: Chart for Matrix Whatsapp Bridge
 keywords:
  - matrix
@@ -12,4 +12,4 @@ sources:
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4
-appVersion: v0.10.6
+appVersion: v0.10.7
--- a/charts/mautrix-whatsapp/values.yaml
+++ b/charts/mautrix-whatsapp/values.yaml
@@ -3,7 +3,7 @@ deployment:
  strategy: Recreate
  image:
    repository: dock.mau.dev/mautrix/whatsapp
-    tag: v0.10.6
+    tag: v0.10.7
    imagePullPolicy: IfNotPresent
  env: {}
  envFrom: []
@@ -45,11 +45,9 @@ persistence:
  accessMode: ReadWriteOnce
  size: 500Mi
 # Reference the following for examples
 # https://github.com/mautrix/whatsapp/blob/main/example-config.yaml
 mautrixWhatsapp:
  # config.yml contents
  existingSecret: ""
  config:
--- a/charts/outline/Chart.yaml
+++ b/charts/outline/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: outline
-version: 0.3.0
+version: 0.5.2
 description: Chart for Outline wiki
 keywords:
  - wiki
@@ -14,5 +14,5 @@ icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
 dependencies:
  - name: redis
    repository: https://charts.bitnami.com/bitnami
-    version: 19.1.0
+    version: 19.1.2
 appVersion: v0.75.2
--- a/charts/outline/templates/deployment.yaml
+++ b/charts/outline/templates/deployment.yaml
@@ -102,41 +102,14 @@ spec:
                secretKeyRef:
                  name: "{{ .Values.persistence.s3.credentialsSecret }}"
                  key: AWS_SECRET_ACCESS_KEY
          {{- if .Values.persistence.s3.endpointConfigMap.enabled }}
            - name: AWS_REGION
              valueFrom:
                configMapKeyRef:
                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                  key: BUCKET_REGION
            - name: AWS_S3_UPLOAD_BUCKET_NAME
              valueFrom:
                configMapKeyRef:
                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                  key: BUCKET_NAME
            - name: AWS_S3_UPLOAD_BUCKET_HOST
              valueFrom:
                configMapKeyRef:
                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                  key: BUCKET_HOST
            - name: AWS_S3_UPLOAD_BUCKET_PORT
              valueFrom:
                configMapKeyRef:
                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                  key: BUCKET_PORT
            - name: AWS_S3_UPLOAD_BUCKET_URL
              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
            - name: AWS_S3_ACCELERATE_URL
              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"         
          {{- else }}
            - name: AWS_REGION
              value: "{{ .Values.persistence.s3.region }}"
            - name: AWS_S3_UPLOAD_BUCKET_NAME
              value: "{{ .Values.persistence.s3.bucketName }}"
            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
+              value: "{{ .Values.persistence.s3.bucketUrl }}"
            - name: AWS_S3_ACCELERATE_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"              
+              value: "{{ .Values.persistence.s3.bucketUrl }}"
          {{- end }}
            - name: AWS_S3_FORCE_PATH_STYLE
              value: "{{ .Values.persistence.s3.forcePathStyle }}"
            - name: AWS_S3_ACL
--- a/charts/outline/values.yaml
+++ b/charts/outline/values.yaml
@@ -24,13 +24,9 @@ persistence:
  type: s3
  s3:
    credentialsSecret:
    endpointConfigMap:
      enabled: false
      name:
    region:
    bucketName:
-    host:
+    bucketUrl:
    urlProtocol: http
    uploadMaxSize: "26214400"
    forcePathStyle: false
    acl: private
@@ -95,10 +91,6 @@ outline:
      displayName:
      scopes: openid profile email
 redis:
  image:
    registry: docker.io
    repository: valkey/valkey
    tag: 7.2.4-rc1
  architecture: standalone
  auth:
    enabled: false
--- a/charts/postgres-cluster-upgrade/Chart.yaml
+++ b/charts/postgres-cluster-upgrade/Chart.yaml
@@ -1,14 +0,0 @@
 apiVersion: v2
 name: postgres-cluster-upgrade
 version: 0.1.1
 description: Chart for upgrading a cloudnative-pg cluster in the same namespace
 keywords:
  - database
  - postgres
  - upgrade
 sources:
  - https://github.com/cloudnative-pg/cloudnative-pg
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
 appVersion: v1.22.1
--- a/charts/postgres-cluster-upgrade/README.md
+++ b/charts/postgres-cluster-upgrade/README.md
@@ -1,17 +0,0 @@
 ## Introduction
 [CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
 CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
 This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 - CloudNative PG Operator
 ## Parameters
 See the [values files](values.yaml).
--- a/charts/postgres-cluster-upgrade/templates/backup.yaml
+++ b/charts/postgres-cluster-upgrade/templates/backup.yaml
@@ -1,17 +0,0 @@
 {{- if .Values.backup.inititeBackup }}
 apiVersion: postgresql.cnpg.io/v1
 kind: Backup
 metadata:
  name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  method: barmanObjectStore
  cluster:
    name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
 {{- end }}
--- a/charts/postgres-cluster-upgrade/templates/postgresql-cluster.yaml
+++ b/charts/postgres-cluster-upgrade/templates/postgresql-cluster.yaml
@@ -1,68 +0,0 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
  instances: {{ .Values.cluster.instances }}
  affinity:
    enablePodAntiAffinity: true
    topologyKey: kubernetes.io/hostname
  postgresql:
    parameters:
      {{- toYaml .Values.cluster.parameters | nindent 6 }}
  resources:
    {{- toYaml .Values.cluster.resources | nindent 4 }}
  storage:
    storageClass: {{ .Values.cluster.storage.data.storageClass }}
    size: {{ .Values.cluster.storage.data.size }}
  walStorage:
    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
    size: {{ .Values.cluster.storage.wal.size }}
  monitoring:
    enablePodMonitor: true
  bootstrap:
    initdb:
      import:
        type: {{ .Values.upgrade.importType }}
        databases:
          {{- toYaml .Values.upgrade.importDatabases | nindent 10 }}
        source:
          externalCluster: "postgresql-{{ .Release.Name }}-cluster"
  externalClusters:
    - name: "postgresql-{{ .Release.Name }}-cluster"
      connectionParameters:
        host: "postgresql-{{ .Release.Name }}-cluster-rw"
        user: app
        dbname: app
      password:
        name: "postgresql-{{ .Release.Name }}-cluster-app"
        key: password
  {{- if .Values.backup.backupEnabled }}
  backup:
    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
    barmanObjectStore:
      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
      endpointURL: {{ .Values.backup.endpointURL }}
      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
      s3Credentials:
        accessKeyId:
          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
          key: ACCESS_KEY_ID
        secretAccessKey:
          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
          key: ACCESS_SECRET_KEY
      data:
        compression: {{ .Values.cluster.compression }}
      wal:
        compression: {{ .Values.cluster.compression }}
  {{- end }}
--- a/charts/postgres-cluster-upgrade/values.yaml
+++ b/charts/postgres-cluster-upgrade/values.yaml
@@ -1,37 +0,0 @@
 cluster:
  name:
  image:
    repository: ghcr.io/cloudnative-pg/postgresql
    tag: 16.2
  instances: 1
  parameters:
    shared_buffers: 128MB
    max_slot_wal_keep_size: 2000MB
    hot_standby_feedback: "on"
  compression: snappy
  resources:
    requests:
      memory: 512Mi
      cpu: 100m
    limits:
      memory: 2Gi
      cpu: 1500m
      hugepages-2Mi: 512Mi
  storage:
    data:
      storageClass:
      size: 10Gi
    wal:
      storageClass:
      size: 2Gi
 upgrade:
  importType: microservice
  importDatabases:
    - app
 backup:
  backupEnabled: true
  inititeBackup: false  
  retentionPolicy: 3d  
  backupIndex: 1
  endpointURL:
  bucket:
--- a/charts/postgres-cluster/Chart.yaml
+++ b/charts/postgres-cluster/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.2.5
+version: 2.4.2
 description: Chart for cloudnative-pg cluster
 keywords:
  - database
--- a/charts/postgres-cluster/templates/_backup.tpl
+++ b/charts/postgres-cluster/templates/_backup.tpl
@@ -0,0 +1,30 @@
 {{- define "cluster.backup" -}}
 {{- if .Values.backup.enabled }}
 backup:
  retentionPolicy: {{ .Values.backup.retentionPolicy }}
  barmanObjectStore:
    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.backupName" . }}"
    endpointURL: {{ .Values.backup.endpointURL }}
    {{- if .Values.backup.endpointCA }}
    endpointCA:
      name: {{ .Values.backup.endpointCA }}
      key: ca-bundle.crt
    {{- end }}
    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
    s3Credentials:
      accessKeyId:
        name: {{ include "cluster.backupCredentials" . }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: {{ include "cluster.backupCredentials" . }}
        key: ACCESS_SECRET_KEY
    wal:
      compression: {{ .Values.backup.wal.compression }}
      encryption: {{ .Values.backup.wal.encryption }}
      maxParallel: {{ .Values.backup.wal.maxParallel }}
    data:
      compression: {{ .Values.backup.data.compression }}
      encryption: {{ .Values.backup.data.encryption }}
      jobs: {{ .Values.backup.data.jobs }}
 {{- end }}
 {{- end }}
--- a/charts/postgres-cluster/templates/_bootstrap.tpl
+++ b/charts/postgres-cluster/templates/_bootstrap.tpl
@@ -0,0 +1,91 @@
 {{- define "cluster.bootstrap" -}}
 bootstrap:
 {{- if eq .Values.mode "standalone" }}
  initdb:
    {{- with .Values.cluster.initdb }}
    {{- with (omit . "postInitApplicationSQL") }}
    {{- . | toYaml | nindent 4 }}
    {{- end }}
    {{- end }}
    postInitApplicationSQL:
      {{- if eq .Values.type "postgis" }}
      - CREATE EXTENSION IF NOT EXISTS postgis;
      - CREATE EXTENSION IF NOT EXISTS postgis_topology;
      - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
      - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
      {{- else if eq .Values.type "timescaledb" }}
      - CREATE EXTENSION IF NOT EXISTS timescaledb;
      {{- end }}
      {{- with .Values.cluster.initdb }}
      {{- range .postInitApplicationSQL }}
      {{- printf "- %s" . | nindent 6 }}
      {{- end }}
      {{- end }}
 {{- else if eq .Values.mode "replica" }}
  initdb:
    import:
      type: {{ .Values.replica.importType }}
      databases:
        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
          {{ fail "Too many databases in import type of microservice!" }}
        {{- else}}
        {{- with .Values.replica.importDatabases }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
        {{- end }}        
      {{- if eq .Values.replica.importType "monolith" }}
      roles:
        {{- with .Values.replica.importRoles }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
      {{- end }}
      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
      postImportApplicationSQL:
        {{- with .Values.replica.postImportApplicationSQL }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}      
      {{- end }}
      source:
        externalCluster: "{{ include "cluster.name" . }}-cluster"
 externalClusters:
  - name: "{{ include "cluster.name" . }}-cluster"
    {{- with .Values.replica.externalCluster }}
    {{- . | toYaml | nindent 4 }}
    {{- end }}    
 {{- else if eq .Values.mode "recovery" }}
  recovery:
    {{- with .Values.recovery.pitrTarget.time }}
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
    source: {{ include "cluster.recoveryServerName" . }}
 externalClusters:
  - name: {{ include "cluster.recoveryServerName" . }}
    barmanObjectStore:
      serverName: {{ include "cluster.recoveryServerName" . }}
      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.recoveryInstanceName" . }}"
      endpointURL: {{ .Values.recovery.endpointURL }}
      {{- with .Values.recovery.endpointCA }}
      endpointCA:
        name: {{ . }}
        key: ca-bundle.crt
      {{- end }}
      s3Credentials:
        accessKeyId:
          name: {{ include "cluster.recoveryCredentials" . }}
          key: ACCESS_KEY_ID
        secretAccessKey:
          name: {{ include "cluster.recoveryCredentials" . }}
          key: ACCESS_SECRET_KEY
      wal:
        compression: {{ .Values.recovery.wal.compression }}
        encryption: {{ .Values.recovery.wal.encryption }}
        maxParallel: {{ .Values.recovery.wal.maxParallel }}
      data:
        compression: {{ .Values.recovery.data.compression }}
        encryption: {{ .Values.recovery.data.encryption }}
        jobs: {{ .Values.recovery.data.jobs }}
 {{- else }}
  {{ fail "Invalid cluster mode!" }}
 {{- end }}
 {{- end }}
--- a/charts/postgres-cluster/templates/_helpers.tpl
+++ b/charts/postgres-cluster/templates/_helpers.tpl
@@ -0,0 +1,91 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "cluster.name" -}}
  {{- if .Values.nameOverride }}
    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
  {{- else }}
    {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "cluster.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "cluster.labels" -}}
 helm.sh/chart: {{ include "cluster.chart" . }}
 {{ include "cluster.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "cluster.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "cluster.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: cloudnative-pg
 {{- end }}
 {{/*
 Generate name for object store credentials
 */}}
 {{- define "cluster.recoveryCredentials" -}}
  {{- if .Values.recovery.endpointCredentials -}}
    {{- .Values.recovery.endpointCredentials -}}
  {{- else -}}
    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{- define "cluster.backupCredentials" -}}
  {{- if .Values.backup.endpointCredentials -}}
    {{- .Values.backup.endpointCredentials -}}
  {{- else -}}
    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate backup server name
 */}}
 {{- define "cluster.backupName" -}}
  {{- if .Values.backup.backupName -}}
    {{- .Values.backup.backupName -}}
  {{- else -}}
    {{ include "cluster.name" . }}
  {{- end }}
 {{- end }}
 {{/*
 Generate recovery server name
 */}}
 {{- define "cluster.recoveryServerName" -}}
  {{- if .Values.recovery.recoveryServerName -}}
    {{- .Values.recovery.recoveryServerName -}}
  {{- else -}}
    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate recovery instance name
 */}}
 {{- define "cluster.recoveryInstanceName" -}}
  {{- if .Values.recovery.recoveryInstanceName -}}
    {{- .Values.recovery.recoveryInstanceName -}}
  {{- else -}}
    {{ include "cluster.name" . }}
  {{- end }}
 {{- end }}
--- a/charts/postgres-cluster/templates/cluster.yaml
+++ b/charts/postgres-cluster/templates/cluster.yaml
@@ -0,0 +1,52 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: {{ include "cluster.name" . }}-cluster
  namespace: {{ .Release.Namespace }}
  {{- with .Values.cluster.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  instances: {{ .Values.cluster.instances }}
  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
  imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
  postgresUID: {{ .Values.cluster.postgresUID }}
  postgresGID: {{ .Values.cluster.postgresGID }}
  walStorage:
    size: {{ .Values.cluster.walStorage.size }}
    storageClass: {{ .Values.cluster.walStorage.storageClass }}
  storage:
    size: {{ .Values.cluster.storage.size }}
    storageClass: {{ .Values.cluster.storage.storageClass }}
  {{- with .Values.cluster.resources }}
  resources:
    {{- toYaml . | nindent 4 }}
  {{ end }}
  {{- with .Values.cluster.affinity }}
  affinity:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  priorityClassName: {{ .Values.cluster.priorityClassName }}
  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
  logLevel: {{ .Values.cluster.logLevel }}
  postgresql:
    shared_preload_libraries:
      {{- if eq .Values.type "timescaledb" }}
      - timescaledb
      {{- end }}
    {{- with .Values.cluster.postgresql.parameters }}
    parameters:
      {{- toYaml . | nindent 6 }}
    {{ end }}
  monitoring:
    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
  {{ include "cluster.bootstrap" . | nindent 2 }}
  {{ include "cluster.backup" . | nindent 2 }}
--- a/charts/postgres-cluster/templates/postgresql-cluster.yaml
+++ b/charts/postgres-cluster/templates/postgresql-cluster.yaml
@@ -1,81 +0,0 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: "postgresql-{{ .Release.Name }}-cluster"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
  instances: {{ .Values.cluster.instances }}
  replicationSlots:
    highAvailability:
      enabled: true
  affinity:
    enablePodAntiAffinity: true
    topologyKey: kubernetes.io/hostname
  postgresql:
    parameters:
      {{- toYaml .Values.cluster.parameters | nindent 6 }}
  resources:
    {{- toYaml .Values.cluster.resources | nindent 4 }}
  storage:
    storageClass: {{ .Values.cluster.storage.data.storageClass }}
    size: {{ .Values.cluster.storage.data.size }}
  walStorage:
    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
    size: {{ .Values.cluster.storage.wal.size }}
  monitoring:
    enablePodMonitor: true
  {{- if .Values.bootstrap.initdbEnabled }}
  bootstrap:
    initdb:
      {{- toYaml .Values.bootstrap.initdb | nindent 6 }}
  {{- end }}
  {{- if .Values.bootstrap.recoveryEnabled }}
  bootstrap:
    recovery:
      source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
  externalClusters:
    - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
      barmanObjectStore:
        endpointURL: {{ .Values.bootstrap.endpointURL }}
        destinationPath: "s3://{{ .Values.bootstrap.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
        s3Credentials:
          accessKeyId:
            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
            key: ACCESS_KEY_ID
          secretAccessKey:
            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
            key: ACCESS_SECRET_KEY
        data:
          compression: {{ .Values.cluster.compression }}
        wal:
          compression: {{ .Values.cluster.compression }}
  {{- end }}
  {{- if .Values.backup.backupEnabled }}
  backup:
    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
    barmanObjectStore:
      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
      endpointURL: {{ .Values.backup.endpointURL }}
      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
      s3Credentials:
        accessKeyId:
          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
          key: ACCESS_KEY_ID
        secretAccessKey:
          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
          key: ACCESS_SECRET_KEY
      data:
        compression: {{ .Values.cluster.compression }}
      wal:
        compression: {{ .Values.cluster.compression }}
  {{- end }}
--- a/charts/postgres-cluster/templates/prometheus-rule.yaml
+++ b/charts/postgres-cluster/templates/prometheus-rule.yaml
@@ -0,0 +1,30 @@
 {{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ include "cluster.name" . }}-alert-rules
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  groups:
    - name: cloudnative-pg/{{ include "cluster.name" . }}
      rules:
        {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
        {{- $_ := set $dict "value"       "{{ $value }}" -}}
        {{- $_ := set $dict "namespace"   .Release.Namespace -}}
        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
        {{- $_ := set $dict "Values"      .Values -}}
        {{- $_ := set $dict "Template"    .Template -}}
        {{- range $path, $_ := .Files.Glob  "prometheus_rules/**.yaml" }}
        {{- $tpl := tpl ($.Files.Get $path) $dict | nindent 10 | trim -}}
        {{- with $tpl }}
        - {{ $tpl }}
        {{- end -}}
        {{- end -}}
 {{ end }}
--- a/charts/postgres-cluster/templates/scheduled-backup.yaml
+++ b/charts/postgres-cluster/templates/scheduled-backup.yaml
@@ -1,16 +1,18 @@
 {{ if .Values.backup.enabled }}
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster-backup"
+  name: {{ include "cluster.name" . }}-scheduled-backup
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: postgresql
+    {{- include "cluster.labels" . | nindent 4 }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- with .Values.cluster.additionalLabels }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    {{ toYaml . | nindent 4 }}
-    app.kubernetes.io/component: database
+  {{- end }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  immediate: true
  schedule: {{ .Values.backup.schedule }}
  backupOwnerReference: self
  cluster:
-    name: "postgresql-{{ .Release.Name }}-cluster"
+    name: {{ include "cluster.name" . }}-cluster
 {{ end }}
--- a/charts/postgres-cluster/values.yaml
+++ b/charts/postgres-cluster/values.yaml
@@ -1,42 +1,198 @@
 # -- Override the name of the cluster
 nameOverride: ""
 ###
 # -- Type of the CNPG database. Available types:
 # * `postgresql`
 # * `postgis`
 # * `timescaledb`
 type: postgresql
 ###
 # Cluster mode of operation. Available modes:
 # * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
 # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
 # * `replica` - Create database as a replica from another CNPG cluster
 mode: standalone
 # Generates bucket name and path for recovery and backup, creates: <endpointBucket>/<clusterName>/postgresql/{{ .Release.Name }}
 kubernetesClusterName: ""
 cluster:
-  name: cl01tl
+  instances: 3
  image:
    repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 16.2
+    tag: "16.2"
-  instances: 2
+    pullPolicy: IfNotPresent
  # The UID and GID of the postgres user inside the image
  postgresUID: 26
  postgresGID: 26
  walStorage:
    size: 2Gi
    storageClass: ""
  storage:
    size: 10Gi
    storageClass: ""
  resources:
    requests:
      memory: 256Mi
      cpu: 10m
    limits:
      memory: 1Gi
      cpu: 800m
      hugepages-2Mi: 256Mi
  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
  affinity:
    enablePodAntiAffinity: true
    topologyKey: kubernetes.io/hostname
  additionalLabels: {}
  annotations: {}
  priorityClassName: ""
  # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
  # successfully updated. It can be switchover (default) or in-place (restart).
  primaryUpdateMethod: switchover
  # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
  primaryUpdateStrategy: unsupervised
  logLevel: "info"
  monitoring:
    enabled: false
    podMonitor:
      enabled: true
    prometheusRule:
      enabled: true
      excludeRules: []
  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
  postgresql:
    parameters:
      shared_buffers: 128MB
      max_slot_wal_keep_size: 2000MB
      hot_standby_feedback: "on"
-  compression: snappy
+
-  resources:
+  # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
-    requests:
+  # See: https://cloudnative-pg.io/documentation/current/bootstrap/
-      memory: 512Mi
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
-      cpu: 100m
+  initdb: {}
-    limits:
+    # database: app
-      memory: 2Gi
+    # owner: app
-      cpu: 1500m
+    # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
-      hugepages-2Mi: 512Mi
+    # postInitApplicationSQL:
-  storage:
+    #   - CREATE TABLE IF NOT EXISTS example;
-    data:
+
-      storageClass:
+recovery:
-      size: 10Gi
+  # Point in time recovery target in RFC3339 format
-    wal:
+  pitrTarget:
-      storageClass:
+    time: ""
-      size: 2Gi
+
-bootstrap:
+  # Overrides the provider specific default endpoint. Defaults to:
-  recoveryEnabled: false
+  # S3: https://s3.<region>.amazonaws.com"
  endpointURL: ""
  endpointBucket: ""
  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
  endpointCA: ""
  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
  endpointCredentials: ""
  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
  recoveryIndex: 1
-  endpointURL:
+
-  bucket:
+  # Name of the recovery cluster in the object store, defaults to "cluster.name"
-  initdbEnabled: false
+  recoveryServerName: ""
-  initdb:
+
-    database: app
+  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
-    owner: app
+  recoveryInstanceName: ""
  wal:
    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    compression: snappy
    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    encryption: ""
    # Number of WAL files to be archived or restored in parallel.
    maxParallel: 2
  data:
    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    compression: snappy
    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    encryption: ""
    # Number of data files to be archived or restored in parallel.
    jobs: 2
 replica:
  # See https://cloudnative-pg.io/documentation/current/database_import/
  # * `microservice` - Single database import as expected from cnpg clusters
  # * `monolith` - Import multiple databases and roles
  importType: microservice
  # If type microservice only one database is allowed, default is app as standard in cnpg clusters
  importDatabases:
    - app
  # If type microservice no roles are imported and ignored
  importRoles: []
  # If import type is monolith postImportApplicationSQL is not supported and ignored
  postImportApplicationSQL: []
  # External cluster connection, password specifies a secret name and the key containing the password value
  externalCluster:
    connectionParameters:
      host: postgresql
      user: app
      dbname: app
    password:
      name: postgresql
      key: password
 backup:
-  backupEnabled: true
+  enabled: false
-  schedule: "0 0 0 * * *"
+
-  retentionPolicy: 14d
+  # Overrides the provider specific default endpoint
  endpointURL: ""
  endpointBucket: ""
  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
  endpointCA: ""
  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
  endpointCredentials: ""
  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
  backupIndex: 1
-  endpointURL:
+
-  bucket:
+  # Name of the backup cluster in the object store, defaults to "cluster.name"
  backupName: ""
  wal:
    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    compression: snappy
    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    encryption: ""
    # Number of WAL files to be archived or restored in parallel.
    maxParallel: 2
  data:
    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    compression: snappy
    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    encryption: ""
    # Number of data files to be archived or restored in parallel.
    jobs: 2
  # Retention policy for backups
  retentionPolicy: "30d"
  # Scheduled backup in cron format
  schedule: "0 0 0 * * *"
--- a/charts/taiga/Chart.yaml
+++ b/charts/taiga/Chart.yaml
@@ -0,0 +1,24 @@
 apiVersion: v2
 name: taiga
 version: 0.2.0
 description: Chart for Taiga
 keywords:
  - kanban
  - project management
 sources:
  - https://github.com/taigaio
  - https://github.com/rabbitmq/rabbitmq-server
  - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
 dependencies:
  - name: rabbitmq
    version: 14.0.1
    repository: https://charts.bitnami.com/bitnami
    alias: async-rabbitmq
  - name: rabbitmq
    version: 14.0.1
    repository: https://charts.bitnami.com/bitnami
    alias: events-rabbitmq
 appVersion: 6.7.7
--- a/charts/taiga/README.md
+++ b/charts/taiga/README.md
@@ -0,0 +1,17 @@
 ## Introduction
 [Taiga 6](https://github.com/taigaio)
 Intuitive and simple, yet feature complete Kanban board
 This chart bootstraps a [Taiga](https://github.com/taigaio) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 ## Parameters
 See the [values files](values.yaml).
--- a/charts/taiga/templates/_helpers.tpl
+++ b/charts/taiga/templates/_helpers.tpl
@@ -0,0 +1,135 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "taiga.name" -}}
  {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "taiga.fullname" -}}
  {{- if .Values.global.fullnameOverride -}}
    {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
  {{- else -}}
    {{- $name := default .Chart.Name .Values.global.nameOverride -}}
    {{- if contains $name .Release.Name -}}
      {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
    {{- else -}}
      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label
 */}}
 {{- define "taiga.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "taiga.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Common labels for specific components
 */}}
 {{- define "taiga.back.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-back
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "taiga.async.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-async
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "taiga.front.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-front
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "taiga.events.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-events
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "taiga.protected.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
 */}}
 {{- define "taiga.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.back.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-back
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.async.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-async
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.front.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-front
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.events.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-events
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.protected.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "taiga.serviceAccountName" -}}
  {{- if .Values.serviceAccount.create -}}
    {{ default (include "taiga.fullname" .) .Values.serviceAccount.name }}
  {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
  {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the static persistent volume
 */}}
 {{- define "taiga.staticVolumeName" -}}
  {{- if .Values.persistence.static.existingClaim -}}
    {{ .Values.persistence.static.existingClaim }}
  {{- else -}}
    {{ printf "%s-static" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
  {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the media persistent volume
 */}}
 {{- define "taiga.mediaVolumeName" -}}
  {{- if .Values.persistence.media.existingClaim -}}
    {{ .Values.persistence.media.existingClaim }}
  {{- else -}}
    {{ printf "%s-media" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
  {{- end -}}
 {{- end -}}
--- a/charts/taiga/templates/config-map.yaml
+++ b/charts/taiga/templates/config-map.yaml
@@ -0,0 +1,36 @@
 {{- if .Values.createInitialUser }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "taiga.fullname" . }}-create-initial-user
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 data:
  createinitialuser.sh: |
    #!/bin/sh
    echo """
    import time
    import requests
    import subprocess
    print('Waiting for backend ...')
    while requests.get('http://{{ template "taiga.fullname" . }}-back/api/v1/').status_code != 200:
        print('...')
        time.sleep(2)
    if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
        print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
    else:
        print('Admin user yet created.')
        """ > /tmp/create_superuser.py
        python /tmp/create_superuser.py
 {{- end }}
--- a/charts/taiga/templates/deployment-back.yaml
+++ b/charts/taiga/templates/deployment-back.yaml
@@ -0,0 +1,515 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "taiga.fullname" . }}-back
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.back.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.back.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "taiga.back.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "taiga.back.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "taiga.name" . }}-back
      annotations:
        {{- with .Values.back.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.back.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.back.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.back.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
      securityContext:
        {{- with .Values.back.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "taiga.fullname" . }}-back
          image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
          imagePullPolicy: {{ .Values.back.image.pullPolicy }}
          resources:
            {{ toYaml .Values.back.resources | nindent 12 }}
          ports:
            - name: taiga-back
              containerPort: {{ .Values.back.service.port }}
              protocol: TCP
          volumeMounts:
            - name: taiga-static
              mountPath: /taiga-back/static
            - name: taiga-media
              mountPath: /taiga-back/media
          env:
            - name: TAIGA_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: ENABLE_TELEMETRY
              value: "{{ .Values.enableTelemetry }}"
            - name: PUBLIC_REGISTER_ENABLED
              value: "{{ .Values.publicRegisterEnabled }}"
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.usernameKey }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.passwordKey }}"
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.databaseNameKey }}"
            - name: POSTGRES_HOST
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.hostKey }}"
          {{ if .Values.oidc.enabled }}
            - name: OIDC_ENABLED
              value: "True"
            - name: OIDC_SCOPES
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.scopesKey }}"
            - name: OIDC_SIGN_ALGO
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.signatureAlgorithmKey }}"
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientIdKey }}"
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientSecretKey }}"
            - name: OIDC_BASE_URL
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.baseUrlKey }}"
            - name: OIDC_JWKS_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.jwksEndpointKey }}"
            - name: OIDC_AUTHORIZATION_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.authorizationEndpointKey }}"
            - name: OIDC_TOKEN_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.tokenEndpointKey }}"
            - name: OIDC_USER_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.userEndpointKey }}"
          {{ end }}
          {{ if .Values.email.enabled }}
            - name: EMAIL_BACKEND
              value: "django.core.mail.backends.smtp.EmailBackend"
            - name: DEFAULT_FROM_EMAIL
              value: "{{ .Values.email.from }}"
            - name: EMAIL_HOST
              value: "{{ .Values.email.host }}"
            - name: EMAIL_PORT
              value: "{{ .Values.email.port }}"
            - name: EMAIL_USE_TLS
              value: "{{ .Values.email.tls }}"
            - name: EMAIL_USE_SSL
              value: "{{ .Values.email.ssl }}"
            - name: EMAIL_HOST_USER
              value: "{{ .Values.email.user }}"
            - name: EMAIL_HOST_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.email.existingPasswordSecret }}"
                  key: "{{ .Values.email.existingSecretPasswordKey }}"
          {{ end }}
            - name: ENABLE_GITHUB_AUTH
              value: "false"
            - name: ENABLE_GITLAB_AUTH
              value: "false"
            - name: ENABLE_SLACK
              value: "{{ .Values.enableSlack }}"
          {{ if .Values.githubImporter.enabled }}
            - name: ENABLE_GITHUB_IMPORTER
              value: "True"
            - name: GITHUB_API_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.githubImporter.existingSecretName }}"
                  key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
            - name: GITHUB_API_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.githubImporter.existingSecretName }}"
                  key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
          {{ else }}
            - name: ENABLE_GITHUB_IMPORTER
              value: "False"
          {{ end }}
          {{ if .Values.jiraImporter.enabled }}
            - name: ENABLE_JIRA_IMPORTER
              value: "True"
            - name: JIRA_IMPORTER_CONSUMER_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
            - name: JIRA_IMPORTER_CERT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
            - name: JIRA_IMPORTER_PUB_CERT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
          {{ else }}
            - name: ENABLE_JIRA_IMPORTER
              value: "False"
          {{ end }}
          {{ if .Values.trelloImporter.enabled }}
            - name: ENABLE_TRELLO_IMPORTER
              value: "True"
            - name: TRELLO_IMPORTER_API_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.trelloImporter.existingSecretName }}"
                  key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
            - name: TRELLO_IMPORTER_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.trelloImporter.existingSecretName }}"
                  key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
          {{ else }}
            - name: ENABLE_JIRA_IMPORTER
              value: "False"
          {{ end }}
            - name: RABBITMQ_USER
              value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
                  name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
                  key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
          {{ if .Values.ingress.enabled }}
            - name: TAIGA_SITES_DOMAIN
              value: "{{ .Values.ingress.host }}"
            - name: TAIGA_SITES_SCHEME
              value: "https"
            - name: SESSION_COOKIE_SECURE
              value: "True"
            - name: CSRF_COOKIE_SECURE
              value: "True"
          {{- end }}
          {{- if .Values.back.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.back.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
          {{- end }}
        - name: {{ template "taiga.fullname" . }}-async
          image: "{{ .Values.async.image.repository }}:{{ .Values.async.image.tag }}"
          imagePullPolicy: {{ .Values.async.image.pullPolicy }}
          resources:
            {{ toYaml .Values.async.resources | nindent 12 }}
          command:
            - /taiga-back/docker/async_entrypoint.sh
          volumeMounts:
            - name: taiga-static
              mountPath: /taiga-back/static
            - name: taiga-media
              mountPath: /taiga-back/media
          env:
            - name: TAIGA_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: ENABLE_TELEMETRY
              value: "{{ .Values.enableTelemetry }}"
            - name: PUBLIC_REGISTER_ENABLED
              value: "{{ .Values.publicRegisterEnabled }}"
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.usernameKey }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.passwordKey }}"
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.databaseNameKey }}"
            - name: POSTGRES_HOST
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.hostKey }}"
          {{ if .Values.oidc.enabled }}
            - name: OIDC_ENABLED
              value: "True"
            - name: OIDC_SCOPES
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.scopesKey }}"
            - name: OIDC_SIGN_ALGO
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.signatureAlgorithmKey }}"
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientIdKey }}"
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientSecretKey }}"
            - name: OIDC_BASE_URL
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.baseUrlKey }}"
            - name: OIDC_JWKS_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.jwksEndpointKey }}"
            - name: OIDC_AUTHORIZATION_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.authorizationEndpointKey }}"
            - name: OIDC_TOKEN_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.tokenEndpointKey }}"
            - name: OIDC_USER_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.userEndpointKey }}"
          {{ end }}
          {{ if .Values.email.enabled }}
            - name: EMAIL_BACKEND
              value: "django.core.mail.backends.smtp.EmailBackend"
            - name: DEFAULT_FROM_EMAIL
              value: "{{ .Values.email.from }}"
            - name: EMAIL_HOST
              value: "{{ .Values.email.host }}"
            - name: EMAIL_PORT
              value: "{{ .Values.email.port }}"
            - name: EMAIL_USE_TLS
              value: "{{ .Values.email.tls }}"
            - name: EMAIL_USE_SSL
              value: "{{ .Values.email.ssl }}"
            - name: EMAIL_HOST_USER
              value: "{{ .Values.email.user }}"
            - name: EMAIL_HOST_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.email.existingPasswordSecret }}"
                  key: "{{ .Values.email.existingSecretPasswordKey }}"
          {{ end }}
            - name: ENABLE_GITHUB_AUTH
              value: "false"
            - name: ENABLE_GITLAB_AUTH
              value: "false"
            - name: ENABLE_SLACK
              value: "{{ .Values.enableSlack }}"
          {{ if .Values.githubImporter.enabled }}
            - name: ENABLE_GITHUB_IMPORTER
              value: "True"
            - name: GITHUB_API_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.githubImporter.existingSecretName }}"
                  key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
            - name: GITHUB_API_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.githubImporter.existingSecretName }}"
                  key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
          {{ else }}
            - name: ENABLE_GITHUB_IMPORTER
              value: "False"
          {{ end }}
          {{ if .Values.jiraImporter.enabled }}
            - name: ENABLE_JIRA_IMPORTER
              value: "True"
            - name: JIRA_IMPORTER_CONSUMER_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
            - name: JIRA_IMPORTER_CERT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
            - name: JIRA_IMPORTER_PUB_CERT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
          {{ else }}
            - name: ENABLE_JIRA_IMPORTER
              value: "False"
          {{ end }}
          {{ if .Values.trelloImporter.enabled }}
            - name: ENABLE_TRELLO_IMPORTER
              value: "True"
            - name: TRELLO_IMPORTER_API_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.trelloImporter.existingSecretName }}"
                  key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
            - name: TRELLO_IMPORTER_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.trelloImporter.existingSecretName }}"
                  key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
          {{ else }}
            - name: ENABLE_JIRA_IMPORTER
              value: "False"
          {{ end }}
            - name: RABBITMQ_USER
              value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
                  name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
                  key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
          {{ if .Values.ingress.enabled }}
            - name: TAIGA_SITES_DOMAIN
              value: "{{ .Values.ingress.host }}"
            - name: TAIGA_SITES_SCHEME
              value: "https"
            - name: SESSION_COOKIE_SECURE
              value: "True"
            - name: CSRF_COOKIE_SECURE
              value: "True"
          {{- end }}
          {{- if .Values.back.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.back.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
          {{- end }}
      volumes:
        - name: taiga-static
      {{- if .Values.persistence.static.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "taiga.staticVolumeName" . }}
      {{- else }}
          emptyDir: {}
      {{- end }}
        - name: taiga-media
      {{- if .Values.persistence.media.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "taiga.mediaVolumeName" . }}
      {{- else }}
          emptyDir: {}
      {{- end }}
--- a/charts/taiga/templates/deployment-events.yaml
+++ b/charts/taiga/templates/deployment-events.yaml
@@ -0,0 +1,101 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "taiga.fullname" . }}-events
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.events.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.events.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "taiga.events.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "taiga.events.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "taiga.name" . }}-events
      annotations:
        {{- with .Values.events.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.events.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.events.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.events.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
      securityContext:
        {{- with .Values.events.securityContext }}
        {{ toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: {{ template "taiga.fullname" . }}-events
          image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}"
          imagePullPolicy: {{ .Values.events.image.pullPolicy }}
          resources:
            {{ toYaml .Values.events.resources | nindent 12 }}
          ports:
            - name: taiga-events
              containerPort: {{ .Values.events.service.http.port }}
              protocol: TCP
            - name: taiga-app
              containerPort: {{ .Values.events.service.app.port }}
              protocol: TCP
          env:
            - name: TAIGA_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: RABBITMQ_USER
              value: "{{ index .Values "events-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
                  name: {{ index .Values "events-rabbitmq" "auth" "existingPasswordSecret" }}
                  key: {{ index .Values "events-rabbitmq" "auth" "existingSecretPasswordKey" }}
            - name: APP_PORT
              value: "{{ .Values.events.service.app.port }}"
          {{- if .Values.events.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.events.service.app.port }}
            initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.events.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.events.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.events.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.events.service.app.port }}
            initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.events.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.events.readinessProbe.failureThreshold }}
          {{- end }}
--- a/charts/taiga/templates/deployment-front.yaml
+++ b/charts/taiga/templates/deployment-front.yaml
@@ -0,0 +1,108 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "taiga.fullname" . }}-front
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.front.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.front.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "taiga.front.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "taiga.front.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "taiga.name" . }}-front
      annotations:
        {{- with .Values.front.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.front.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.front.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.front.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
      securityContext:
        {{- with .Values.front.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "taiga.fullname" . }}-front
          image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
          imagePullPolicy: {{ .Values.front.image.pullPolicy }}
          resources:
            {{ toYaml .Values.front.resources | nindent 12 }}
          ports:
            - name: taiga-front
              containerPort: {{ .Values.front.service.port }}
              protocol: TCP
          env:
          {{ if .Values.ingress.enabled }}
            - name: TAIGA_URL
              value: "https://{{ .Values.ingress.host }}"
          {{ else }}
            - name: TAIGA_URL
              value: "http://localhost:{{ .Values.front.service.port }}"
          {{ end }}
            - name: PUBLIC_REGISTER_ENABLED
              value: "{{ .Values.publicRegisterEnabled }}"
            - name: ENABLE_GITHUB_AUTH
              value: "false"
            - name: ENABLE_GITLAB_AUTH
              value: "false"
            - name: ENABLE_OIDC
              value: "{{ .Values.oidc.enabled }}"              
            - name: ENABLE_SLACK
              value: "{{ .Values.enableSlack }}"
            - name: ENABLE_GITHUB_IMPORTER
              value: "{{ .Values.githubImporter.enabled }}"
            - name: ENABLE_JIRA_IMPORTER
              value: "{{ .Values.jiraImporter.enabled }}"
            - name: ENABLE_TRELLO_IMPORTER
              value: "{{ .Values.trelloImporter.enabled }}"
          {{- if .Values.front.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.front.service.port }}
            initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.front.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.front.service.port }}
            initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
          {{- end }}
--- a/charts/taiga/templates/deployment-protected.yaml
+++ b/charts/taiga/templates/deployment-protected.yaml
@@ -0,0 +1,91 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "taiga.fullname" . }}-protected
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.protected.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.protected.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "taiga.protected.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "taiga.protected.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "taiga.name" . }}-protected
      annotations:
        {{- with .Values.protected.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.protected.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.protected.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.protected.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
      securityContext:
        {{- with .Values.protected.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "taiga.fullname" . }}-protected
          image: "{{ .Values.protected.image.repository }}:{{ .Values.protected.image.tag }}"
          imagePullPolicy: {{ .Values.protected.image.pullPolicy }}
          resources:
            {{ toYaml .Values.protected.resources | nindent 12 }}
          ports:
            - name: taiga-protected
              containerPort: {{ .Values.protected.service.port }}
              protocol: TCP
          env:
            - name: SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: MAX_AGE
              value: "{{ .Values.maxAge }}"
          {{- if .Values.protected.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.protected.service.port }}
            initialDelaySeconds: {{ .Values.protected.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.protected.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.protected.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.protected.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.protected.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.protected.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.protected.service.port }}
            initialDelaySeconds: {{ .Values.protected.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.protected.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.protected.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.protected.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.protected.readinessProbe.failureThreshold }}
          {{- end }}
--- a/charts/taiga/templates/ingress.yaml
+++ b/charts/taiga/templates/ingress.yaml
@@ -0,0 +1,74 @@
 {{- if .Values.ingress.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ template "taiga.fullname" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- toYaml .Values.ingress.annotations | nindent 4 }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.ingress.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  ingressClassName: {{ .Values.ingress.className }}
  tls:
    - hosts:
      - {{ .Values.ingress.host }}
      secretName: {{ template "taiga.fullname" . }}-secret-tls
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: /
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-front"
                port:
                  name: taiga-front
            pathType: ImplementationSpecific
          - path: /api
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-back"
                port:
                  name: taiga-back
            pathType: ImplementationSpecific     
          - path: /admin
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-back"
                port:
                  name: taiga-back
            pathType: ImplementationSpecific
        {{ if .Values.oidc.enabled }}
          - path: /oidc
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-back"
                port:
                  name: taiga-back
            pathType: ImplementationSpecific
        {{- end }}                  
          - path: /events
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-events"
                port:
                  name: taiga-events
            pathType: ImplementationSpecific
          - path: /media
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-protected"
                port:
                  name: taiga-protected
            pathType: ImplementationSpecific
 {{- end }}
--- a/charts/taiga/templates/job.yaml
+++ b/charts/taiga/templates/job.yaml
@@ -0,0 +1,66 @@
 {{- if .Values.createInitialUser }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ template "taiga.fullname" . }}-create-initial-user
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  backoffLimit: 4
  template:
    spec:
      {{- if .Values.back.nodeSelector }}
      nodeSelector:
        {{ toYaml .Values.back.nodeSelector | nindent 8 }}
      {{- end }}
      restartPolicy: Never
      containers:
      - name: {{ template "taiga.fullname" . }}-create-initial-user
        image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
        imagePullPolicy: {{ .Values.back.image.pullPolicy }}
        command:
          - sh
          - /scripts/createinitialuser.sh
        volumeMounts:
          - name: create-initial-user
            mountPath: /scripts
        env:
          - name: TAIGA_SECRET_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.secretKey.existingSecretName }}"
                key: "{{ .Values.secretKey.existingSecretKey }}"
          - name: POSTGRES_USERNAME
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.postgresql.existingSecretName }}"
                key: "{{ .Values.postgresql.usernameKey }}"
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.postgresql.existingSecretName }}"
                key: "{{ .Values.postgresql.passwordKey }}"
          - name: POSTGRES_DATABASE_NAME
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.postgresql.existingSecretName }}"
                key: "{{ .Values.postgresql.databaseNameKey }}"
          - name: POSTGRES_DATABASE_HOST
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.postgresql.existingSecretName }}"
                key: "{{ .Values.postgresql.hostKey }}"
      volumes:
        - name: create-initial-user
          configMap:
            name: {{ template "taiga.fullname" . }}-create-initial-user
            defaultMode: 0744
 {{- end }}
--- a/charts/taiga/templates/persistent-volume-claim.yaml
+++ b/charts/taiga/templates/persistent-volume-claim.yaml
@@ -0,0 +1,54 @@
 {{- if and .Values.persistence.static.enabled (not .Values.persistence.static.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "taiga.staticVolumeName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if .Values.persistence.static.retain }}
    helm.sh/resource-policy: keep
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  storageClassName: {{ .Values.persistence.static.storageClass }}
  accessModes:
    - {{ .Values.persistence.static.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.static.size }}
 {{- end }}
 ---
 {{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "taiga.mediaVolumeName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if .Values.persistence.media.retain }}
    "helm.sh/resource-policy": keep
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  storageClassName: {{ .Values.persistence.media.storageClass }}
  accessModes:
    - {{ .Values.persistence.media.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.media.size }}
 {{- end }}
--- a/charts/taiga/templates/service-account.yaml
+++ b/charts/taiga/templates/service-account.yaml
@@ -0,0 +1,20 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "taiga.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/taiga/templates/service.yaml
+++ b/charts/taiga/templates/service.yaml
@@ -0,0 +1,138 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "taiga.fullname" . }}-back
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.back.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.back.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.back.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.back.service.type }}
  ports:
    - port: {{ .Values.back.service.port }}
      targetPort: taiga-back
      protocol: TCP
      name: taiga-back
  selector:
    {{- include "taiga.back.matchLabels" . | nindent 4 }}
    {{- with .Values.back.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "taiga.fullname" . }}-events
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.events.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.events.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.events.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.events.service.type }}
  ports:
    - port: {{ .Values.events.service.http.port }}
      targetPort: taiga-events
      protocol: TCP
      name: taiga-events
    - port: {{ .Values.events.service.app.port }}
      targetPort: taiga-app
      protocol: TCP
      name: taiga-app
  selector:
    {{- include "taiga.events.matchLabels" . | nindent 4 }}
    {{- with .Values.events.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "taiga.fullname" . }}-front
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.front.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.front.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.front.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.front.service.type }}
  ports:
    - port: {{ .Values.front.service.port }}
      targetPort: taiga-front
      protocol: TCP
      name: taiga-front
  selector:
    {{- include "taiga.front.matchLabels" . | nindent 4 }}
    {{- with .Values.front.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "taiga.fullname" . }}-protected
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.protected.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.protected.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.protected.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.protected.service.type }}
  ports:
    - port: {{ .Values.protected.service.port }}
      targetPort: taiga-protected
      protocol: TCP
      name: taiga-protected
  selector:
    {{- include "taiga.protected.matchLabels" . | nindent 4 }}
    {{- with .Values.protected.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/taiga/values.yaml
+++ b/charts/taiga/values.yaml
@@ -0,0 +1,817 @@
 ## Global
 ##
 global:
  # -- Set an override for the prefix of the fullname
  nameOverride:
  # -- Set the entire name definition
  fullnameOverride:
  # -- Set additional global labels. Helm templates can be used.
  labels: {}
  # -- Set additional global annotations. Helm templates can be used.
  annotations: {}
 ## Service Account
 ##
 serviceAccount:
  # -- Specifies whether a service account should be created
  create: false
  # -- Annotations to add to the service account
  annotations: {}
  # -- Labels to add to the service account
  labels: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 ## Secret key
 ## Specificy the secret name and the key containg a strong secret key
 ##
 secretKey:
  existingSecretName: ""
  existingSecretKey: ""
 ## Create initial user with credentials admin/123123
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
 ##
 # TODO: set to false by default or create with a random password which is stored in a secret
 # or allow to pass in the data for username and secret
 createInitialUser: true
 ## Max age
 ##
 maxAge: 360
 ## Create initial templates
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
 ##
 # TODO: This values seems to be unused
 createInitialTemplates: false
 ## Telemetry settings
 ##
 enableTelemetry: true
 ## Public registration
 ##
 publicRegisterEnabled: true
 ## Enable debug
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
 debug: false
 ## Postgresql
 ## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
 ##
 postgresql:
  existingSecretName: ""
  usernameKey: ""
  passwordKey: ""
  databaseNameKey: ""
  hostKey: ""
  portKey: ""
 ## OIDC authentication
 ## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
 ##
 oidc:
  enabled: false
  existingSecretName: ""
  scopesKey: ""                  # "openid profile email"
  signatureAlgorithmKey: ""      # "RS256"
  clientIdKey: ""                # <generate from auth provider>
  clientSecretKey: ""            # <generate from auth provider>
  baseUrlKey: ""                 # "https://id.fedoraproject.org/openidc"
  jwksEndpointKey: ""            # "https://id.fedoraproject.org/openidc/Jwks"
  authorizationEndpointKey: ""   # "https://id.fedoraproject.org/openidc/Authorization"
  tokenEndpointKey: ""           # "https://id.fedoraproject.org/openidc/Token"
  userEndpointKey: ""            # "https://id.fedoraproject.org/openidc/UserInfo"
 ## SMTP mail delivery configuration
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
 ##
 email:
  enabled: false
  from: no-reply@example.com
  host: localhost
  port: 587
  tls: false
  ssl: false
  user: ""
  ## Specificy an existing secret containg the password for the smtp user
  ##
  existingPasswordSecret: ""
  existingSecretPasswordKey: ""
 ## Slack
 ##
 enableSlack: false
 ## Importers
 ##
 # Github importer
 githubImporter:
  enabled: false
  existingSecretName: ""
  existingSecretClientIdKey: ""
  existingSecretClientSecretKey: ""
 # Jira importer
 jiraImporter:
  enabled: false
  existingSecretName: ""
  existingSecretConsumerKeyKey: ""
  existingSecretCertKey: ""
  existingSecretPubCertKey: ""
 # Trello importer
 trelloImporter:
  enabled: false
  existingSecretName: ""
  existingSecretApiKeyKey: ""
  existingSecretSecretKeyKey: ""
 ## taiga-back
 ##
 back:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-back
    tag: "6.7.3"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 8000
 ## Async
 ##
 async:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-back
    tag: "6.7.3"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 8000
 ## Async Rabbitmq
 ## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
 ##
 async-rabbitmq:
  auth:
    ## @param auth.username RabbitMQ application username
    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
    ##
    username: taiga
    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
    ## e.g:
    ## existingPasswordSecret: name-of-existing-secret
    ##
    existingPasswordSecret: ""
    existingSecretPasswordKey: ""
    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
    ## e.g:
    ## existingErlangSecret: name-of-existing-secret
    ##
    existingErlangSecret: ""
    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
    ##
    existingSecretErlangKey: ""
  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
  ## Must contain the key "rabbitmq.conf"
  ## Takes precedence over `configuration`, so do not use both simultaneously
  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
  ##
  configurationExistingSecret: ""
  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
  ## Use this instead of `configuration` to add more configuration
  ## Do not use simultaneously with `extraConfigurationExistingSecret`
  ##
  extraConfiguration: |-
    default_vhost = taiga
    default_permissions.configure = .*
    default_permissions.read = .*
    default_permissions.write = .*
 ## Events
 ##
 events:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-events
    tag: "6.7.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    http:
      # -- HTTP port number
      port: 8888
    app:
      # -- HTTP port number
      port: 3023
 ## Events Rabbitmq
 ## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
 ##
 events-rabbitmq:
  auth:
    ## @param auth.username RabbitMQ application username
    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
    ##
    username: taiga
    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
    ## e.g:
    ## existingPasswordSecret: name-of-existing-secret
    ##
    existingPasswordSecret: ""
    existingSecretPasswordKey: ""
    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
    ## e.g:
    ## existingErlangSecret: name-of-existing-secret
    ##
    existingErlangSecret: ""
    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
    ##
    existingSecretErlangKey: ""
  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
  ## Must contain the key "rabbitmq.conf"
  ## Takes precedence over `configuration`, so do not use both simultaneously
  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
  ##
  configurationExistingSecret: ""
  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
  ## Use this instead of `configuration` to add more configuration
  ## Do not use simultaneously with `extraConfigurationExistingSecret`
  ##
  extraConfiguration: |-
    default_vhost = taiga
    default_permissions.configure = .*
    default_permissions.read = .*
    default_permissions.write = .*
 ## Protected
 ##
 protected:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-protected
    tag: "6.7.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 8003
 ## Front
 ##
 front:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-front
    tag: "6.7.7"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 80
 ## Configure the ingress resource that allows you to access the
 ## taiga installation. Set up the URL
 ## ref: http://kubernetes.io/docs/user-guide/ingress/
 ##
 ingress:
  # -- Enables or disables the ingress
  enabled: false
  # -- Provide additional annotations which may be required.
  annotations: {}
  # -- Provide additional labels which may be required.
  labels: {}
  # -- Set the ingressClass that is used for this ingress.
  className: ""
  ## Configure the hosts for the ingress
  host: chart-example.local
 ## Enable persistence using Persistent Volume Claims
 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
 ##
 persistence:
  static:
    # -- Enables or disables the persistence item. Defaults to true
    enabled: true
    # -- Storage Class for the config volume.
    # If set to `-`, dynamic provisioning is disabled.
    # If set to something else, the given storageClass is used.
    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
    storageClass: ""
    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
    existingClaim: ""
    # -- AccessMode for the persistent volume.
    # Make sure to select an access mode that is supported by your storage provider!
    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
    accessMode: ReadWriteOnce
    # -- The amount of storage that is requested for the persistent volume.
    size: 5Gi
    # -- Set to true to retain the PVC upon `helm uninstall`
    retain: false
  media:
    # -- Enables or disables the persistence item. Defaults to true
    enabled: true
    # -- Storage Class for the config volume.
    # If set to `-`, dynamic provisioning is disabled.
    # If set to something else, the given storageClass is used.
    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
    storageClass: ""
    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
    existingClaim: ""
    # -- AccessMode for the persistent volume.
    # Make sure to select an access mode that is supported by your storage provider!
    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
    accessMode: ReadWriteOnce
    # -- The amount of storage that is requested for the persistent volume.
    size: 5Gi
    # -- Set to true to retain the PVC upon `helm uninstall`
    retain: false
--- a/charts/tubearchivist/Chart.yaml
+++ b/charts/tubearchivist/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: tubearchivist
-version: 0.2.0
+version: 0.2.3
 description: Chart for Tube Archivist
 keywords:
  - download
@@ -14,7 +14,7 @@ maintainers:
 icon: https://avatars.githubusercontent.com/u/102734415?s=48&v=4
 dependencies:
  - name: redis
-    version: 19.1.0
+    version: 19.1.2
    repository: https://charts.bitnami.com/bitnami
  - name: elasticsearch
    version: 20.0.4
--- a/charts/tubearchivist/values.yaml
+++ b/charts/tubearchivist/values.yaml
@@ -20,18 +20,18 @@ service:
    port: 8000
 ingress:
  enabled: false
-  className:
+  className: ""
-  annotations:
+  annotations: ""
-  host:
+  host: ""
 persistence:
  cache:
    enabled: false
-    storageClassName: default
+    storageClassName: ""
    storageSize: 5Gi
    accessMode: ReadWriteOnce
    volumeMode: Filesystem
  youtube:
-    claimName:
+    claimName: ""
 redis:
  image:
    repository: redis/redis-stack-server
@@ -48,17 +48,17 @@ redis:
    loadmodule /opt/redis-stack/lib/rejson.so
 elasticsearch:
  global:
-    storageClass: default
+    storageClass: ""
  extraEnvVars:
    - name: "discovery.type"
      value: "single-node"
    - name: xpack.security.enabled
      value: "true"
-  extraEnvVarsSecret:
+  extraEnvVarsSecret: []
  extraConfig:
    path:
      repo: /usr/share/elasticsearch/data/snapshot
-  extraVolumes:
+  extraVolumes: []
  extraVolumeMounts:
    - name: snapshot
      mountPath: /usr/share/elasticsearch/data/snapshot
Author	SHA1	Message	Date
alexlebens	d81c246b35	add kyoo	2024-04-19 04:08:55 -06:00
renovate[bot]	b97dd1f892	Update Helm release redis to v19.1.2 (#39 ) * Update Helm release redis to v19.1.2 * update chart --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-18 22:02:37 -06:00
alexlebens	0b8374753d	change default cpu limit	2024-04-18 05:49:15 -06:00
alexlebens	cb29afdcb2	fix source server naming	2024-04-18 05:35:06 -06:00
alexlebens	4f366535c3	change default cpu limit	2024-04-18 04:35:42 -06:00
alexlebens	f32ef77551	add additional options for recovery	2024-04-18 03:43:52 -06:00
alexlebens	d02f649164	remove default option in bootstrap helper	2024-04-18 03:27:00 -06:00
alexlebens	3b50ca2bfe	fix comparision operator position	2024-04-18 01:51:06 -06:00
alexlebens	17796a1183	increment chart version	2024-04-18 01:48:03 -06:00
alexlebens	512b1d4243	set default value for comparision	2024-04-18 01:47:46 -06:00
alexlebens	a2b0cdd5b6	fix ordering of comparision operator	2024-04-18 01:39:33 -06:00
alexlebens	e79af169b9	calculate length of array separately	2024-04-18 01:35:19 -06:00
alexlebens	661f9342b9	fix length measurement of database	2024-04-18 01:17:16 -06:00
alexlebens	9d1244c7a1	remove patch from image tag	2024-04-18 01:07:36 -06:00
alexlebens	0dc50bf88f	change default cluster name to start with release	2024-04-17 20:01:47 -06:00
alexlebens	75accbbf87	use semver function to pull major version into cluster name	2024-04-17 20:00:06 -06:00
alexlebens	19fbd95a79	change templating for cluster naming	2024-04-17 19:45:08 -06:00
alexlebens	d73c42fd42	change default values	2024-04-17 19:15:54 -06:00
renovate[bot]	6399a8ca97	Update Helm release rabbitmq to v14 (#34 ) * Update Helm release rabbitmq to v14 * update chart * align comments for readability --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:13:57 -06:00
renovate[bot]	580c7da73a	Update Helm release redis to v19.1.1 (#18 ) * Update Helm release redis to v19.1.1 * update charts * fix indentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:09:36 -06:00
renovate[bot]	11d47799f1	Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.10.7 (#36 ) * Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.10.7 * update helm chart * fix indentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:05:30 -06:00
renovate[bot]	7d825da72d	Update linuxserver/code-server Docker tag to v4.23.1 (#35 ) * Update linuxserver/code-server Docker tag to v4.23.1 * update helm chart --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:05:16 -06:00
renovate[bot]	adf49292bd	Update halfshot/matrix-hookshot Docker tag to v5.3.0 (#38 ) * Update halfshot/matrix-hookshot Docker tag to v5.3.0 * update chart * fix linting errors --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:03:21 -06:00
renovate[bot]	63e69df14a	Update ghcr.io/gethomepage/homepage Docker tag to v0.8.12 (#37 ) * Update ghcr.io/gethomepage/homepage Docker tag to v0.8.12 * update chart --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Alex Lebens <alexanderlebens@gmail.com>	2024-04-17 18:55:36 -06:00
alexlebens	7bd8a4525a	if oidc is enabled add an ingress path to the backend	2024-04-17 04:42:51 -06:00
alexlebens	a860789056	add env to front deployment about oidc enablement	2024-04-15 03:31:49 -06:00
alexlebens	58f89640a8	fix naming of changed rabbitmq charts	2024-04-15 02:47:45 -06:00
alexlebens	132e086d6d	change rabbitmq chart naming to generate proper dns and app names	2024-04-15 02:44:10 -06:00
alexlebens	617505ee99	fix length of app port	2024-04-13 23:37:58 -06:00
alexlebens	34a21702ab	fix http service value	2024-04-13 23:32:48 -06:00
alexlebens	15d3253af9	fix events app port to service and port	2024-04-13 23:28:03 -06:00
alexlebens	90970ef172	fix events health endpoint	2024-04-13 23:19:59 -06:00
alexlebens	0d6f789ffd	increment chart version	2024-04-13 23:14:21 -06:00
alexlebens	f968776cd0	fix trello importer switch for async container	2024-04-13 23:13:44 -06:00
alexlebens	0b2beb08b7	fix indentation of events deployment	2024-04-13 23:11:44 -06:00
alexlebens	8fae31a679	properly enable/disable trello importer	2024-04-13 23:07:20 -06:00
alexlebens	f67ac05610	fix indentation	2024-04-13 23:05:03 -06:00
alexlebens	7803519d04	add major version value	2024-04-13 22:58:01 -06:00
alexlebens	55e63c2c72	fix minor formatting and remove uneeded values	2024-04-13 22:31:07 -06:00
alexlebens	6e083293bb	fix minor formatting and remove uneeded values	2024-04-13 22:29:33 -06:00
alexlebens	60e427826c	add taiga	2024-04-13 22:17:45 -06:00
alexlebens	f905b4ccfe	change s3 env keys	2024-04-13 14:58:20 -06:00
alexlebens	487786455c	change default credential secret name	2024-04-13 03:28:27 -06:00
alexlebens	585d39657a	change how the cluster name is generated and used	2024-04-13 03:24:58 -06:00
alexlebens	e5e2812ed5	remove chart as functionality is now included in postgres-cluster chart	2024-04-13 02:46:38 -06:00
alexlebens	506218210e	add replica import type	2024-04-13 02:41:46 -06:00
alexlebens	a7a08ef9f3	change chart to align with cnpg's chart	2024-04-13 02:06:02 -06:00
alexlebens	0fe94afd2a	revert to redis image	2024-04-12 20:11:10 -06:00
renovate[bot]	73262aa60a	Update homeassistant/home-assistant Docker tag to v2024.4.3 (#31 ) * Update homeassistant/home-assistant Docker tag to v2024.4.3 * update chart --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Alex Lebens <alexanderlebens@gmail.com>	2024-04-12 17:42:37 -06:00
alexlebens	a322553210	update readme	2024-04-11 19:37:45 -06:00
alexlebens	09aae9e79d	change default cluster size to 3	2024-04-11 19:35:05 -06:00