Update Helm release redis to v19.1.2 (#39)

* Update Helm release redis to v19.1.2

* update chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>

charts/home-assistant/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: home-assistant
-version: 0.1.9
+version: 0.1.10
 description: Chart for Home Assistant
 keywords:
   - home-automation

charts/home-assistant/values.yaml

@@ -56,7 +56,7 @@ codeserver:
   enabled: false
   image:
     repository: linuxserver/code-server
-    tag: 4.23.0
+    tag: 4.23.1
     imagePullPolicy: IfNotPresent
   env:
     TZ: UTC

charts/homepage/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: homepage
-version: 0.0.10
+version: 0.0.11
 description: Chart for benphelps homepage
 keywords:
   - dashboard
@@ -9,4 +9,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.11
+appVersion: v0.8.12

charts/homepage/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.11
+    tag: v0.8.12
     imagePullPolicy: IfNotPresent
   env:
   envFrom:

charts/matrix-hookshot/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: matrix-hookshot
-version: 0.1.0
+version: 0.1.1
 description: Chart for Matrix Hookshot
 keywords:
   - matrix
@@ -11,4 +11,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4
-appVersion: "5.2.1"
+appVersion: "5.3.0"

charts/matrix-hookshot/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: halfshot/matrix-hookshot
-    tag: "5.2.1"
+    tag: "5.3.0"
     imagePullPolicy: IfNotPresent
   env: {}
   envFrom: []
@@ -81,7 +81,7 @@ hookshot:
         resources:
           - widgets
 
-    #github:
+    # github:
     #  # (Optional) Configure this to enable GitHub support
     #  auth:
     #    # Authentication for the GitHub App.
@@ -104,7 +104,7 @@ hookshot:
     #    # (Optional) Prefix used when creating ghost users for GitHub accounts.
     #    _github_
 
-    #gitlab:
+    # gitlab:
     #  # (Optional) Configure this to enable GitLab support
     #  instances:
     #    gitlab.com:
@@ -119,7 +119,7 @@ hookshot:
     #    # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds)
     #    5000
 
-    #figma:
+    # figma:
     #  # (Optional) Configure this to enable Figma support
     #  publicUrl: https://example.com/hookshot/
     #  instances:
@@ -128,7 +128,7 @@ hookshot:
     #      accessToken: your-personal-access-token
     #      passcode: your-webhook-passcode
 
-    #jira:
+    # jira:
     #  # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
     #  webhook:
     #    # Webhook settings for JIRA
@@ -139,7 +139,7 @@ hookshot:
     #    client_secret: bar
     #    redirect_uri: https://example.com/oauth/
 
-    #generic:
+    # generic:
     #  # (Optional) Support for generic webhook events.
     #  #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
 
@@ -150,23 +150,23 @@ hookshot:
     #  allowJsTransformationFunctions: false
     #  waitForComplete: false
 
-    #feeds:
+    # feeds:
     #  # (Optional) Configure this to enable RSS/Atom feed support
     #  enabled: false
     #  pollConcurrency: 4
     #  pollIntervalSeconds: 600
     #  pollTimeoutSeconds: 30
 
-    #provisioning:
+    # provisioning:
     #  # (Optional) Provisioning API for integration managers
     #  secret: "!secretToken"
 
-    #bot:
+    # bot:
     #  # (Optional) Define profile information for the bot user
     #  displayname: Hookshot Bot
     #  avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
 
-    #serviceBots:
+    # serviceBots:
     #  # (Optional) Define additional bot users for specific services
     #  - localpart: feeds
     #    displayname: Feeds
@@ -174,21 +174,21 @@ hookshot:
     #    prefix: "!feeds"
     #    service: feeds
 
-    #metrics:
+    # metrics:
     #  # (Optional) Prometheus metrics support
     #  enabled: true
 
-    #cache:
+    # cache:
     #  # (Optional) Cache options for large scale deployments.
     #  # For encryption to work, this must be configured.
     #  redisUri: redis://localhost:6379
 
-    #queue:
+    # queue:
     #  # (Optional) Message queue configuration options for large scale deployments.
     #  # For encryption to work, this must not be configured.
     #  redisUri: redis://localhost:6379
 
-    #widgets:
+    # widgets:
     #  # (Optional) EXPERIMENTAL support for complimentary widgets
     #  addToAdminRooms: false
     #  disallowedIpRanges:
@@ -217,12 +217,12 @@ hookshot:
     #  branding:
     #    widgetTitle: Hookshot Configuration
 
-    #sentry:
+    # sentry:
     #  # (Optional) Configure Sentry error reporting
     #  dsn: https://examplePublicKey@o0.ingest.sentry.io/0
     #  environment: production
 
-    #permissions:
+    # permissions:
     #  # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
     #  - actor: example.com
     #    services:

charts/mautrix-whatsapp/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: mautrix-whatsapp
-version: 0.0.2
+version: 0.0.3
 description: Chart for Matrix Whatsapp Bridge
 keywords:
   - matrix
@@ -12,4 +12,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4
-appVersion: v0.10.6
+appVersion: v0.10.7

charts/mautrix-whatsapp/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: dock.mau.dev/mautrix/whatsapp
-    tag: v0.10.6
+    tag: v0.10.7
     imagePullPolicy: IfNotPresent
   env: {}
   envFrom: []
@@ -45,11 +45,9 @@ persistence:
   accessMode: ReadWriteOnce
   size: 500Mi
 
-
 # Reference the following for examples
 # https://github.com/mautrix/whatsapp/blob/main/example-config.yaml
 mautrixWhatsapp:
-
   # config.yml contents
   existingSecret: ""
   config:

charts/outline/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: outline
-version: 0.4.0
+version: 0.5.2
 description: Chart for Outline wiki
 keywords:
   - wiki
@@ -14,5 +14,5 @@ icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
 dependencies:
   - name: redis
     repository: https://charts.bitnami.com/bitnami
-    version: 19.1.0
+    version: 19.1.2
 appVersion: v0.75.2

charts/outline/templates/deployment.yaml

@@ -102,41 +102,14 @@ spec:
                 secretKeyRef:
                   name: "{{ .Values.persistence.s3.credentialsSecret }}"
                   key: AWS_SECRET_ACCESS_KEY
-          {{- if .Values.persistence.s3.endpointConfigMap.enabled }}
-            - name: AWS_REGION
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_REGION
-            - name: AWS_S3_UPLOAD_BUCKET_NAME
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_NAME
-            - name: AWS_S3_UPLOAD_BUCKET_HOST
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_HOST
-            - name: AWS_S3_UPLOAD_BUCKET_PORT
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_PORT
-            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
-            - name: AWS_S3_ACCELERATE_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"         
-          {{- else }}
             - name: AWS_REGION
               value: "{{ .Values.persistence.s3.region }}"
             - name: AWS_S3_UPLOAD_BUCKET_NAME
               value: "{{ .Values.persistence.s3.bucketName }}"
             - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
+              value: "{{ .Values.persistence.s3.bucketUrl }}"
             - name: AWS_S3_ACCELERATE_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"              
-          {{- end }}
+              value: "{{ .Values.persistence.s3.bucketUrl }}"
             - name: AWS_S3_FORCE_PATH_STYLE
               value: "{{ .Values.persistence.s3.forcePathStyle }}"
             - name: AWS_S3_ACL

charts/outline/values.yaml

@@ -24,13 +24,9 @@ persistence:
   type: s3
   s3:
     credentialsSecret:
-    endpointConfigMap:
-      enabled: false
-      name:
     region:
     bucketName:
-    host:
-    urlProtocol: http
+    bucketUrl:
     uploadMaxSize: "26214400"
     forcePathStyle: false
     acl: private

charts/postgres-cluster-upgrade/Chart.yaml

@@ -1,14 +0,0 @@
-apiVersion: v2
-name: postgres-cluster-upgrade
-version: 0.1.2
-description: Chart for upgrading a cloudnative-pg cluster in the same namespace
-keywords:
-  - database
-  - postgres
-  - upgrade
-sources:
-  - https://github.com/cloudnative-pg/cloudnative-pg
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.22.2

charts/postgres-cluster-upgrade/README.md

@@ -1,19 +0,0 @@
-## Introduction
-
-[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
-
-CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
-
-This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster upgraade on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-The process is designed to be used in conjunction with the [postgres-cluster](https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster) chart. The cluster in this chart connects to the orignal cluster, peforms an upgrade, then backups to the objectStore endpoint. Afterwards the upgrade cluster is removed and the orignal cluster bootstraps from the upgrade's backup.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- CloudNative PG Operator
-
-## Parameters
-
-See the [values files](values.yaml).

charts/postgres-cluster-upgrade/templates/backup.yaml

@@ -1,17 +0,0 @@
-{{- if .Values.backup.inititeBackup }}
-apiVersion: postgresql.cnpg.io/v1
-kind: Backup
-metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  method: barmanObjectStore
-  cluster:
-    name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
-{{- end }}

charts/postgres-cluster-upgrade/templates/postgresql-cluster.yaml

@@ -1,68 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  instances: {{ .Values.cluster.instances }}
-  affinity:
-    enablePodAntiAffinity: true
-    topologyKey: kubernetes.io/hostname
-  postgresql:
-    parameters:
-      {{- toYaml .Values.cluster.parameters | nindent 6 }}
-  resources:
-    {{- toYaml .Values.cluster.resources | nindent 4 }}
-  storage:
-    storageClass: {{ .Values.cluster.storage.data.storageClass }}
-    size: {{ .Values.cluster.storage.data.size }}
-  walStorage:
-    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
-    size: {{ .Values.cluster.storage.wal.size }}
-  monitoring:
-    enablePodMonitor: true
-
-  bootstrap:
-    initdb:
-      import:
-        type: {{ .Values.upgrade.importType }}
-        databases:
-          {{- toYaml .Values.upgrade.importDatabases | nindent 10 }}
-        source:
-          externalCluster: "postgresql-{{ .Release.Name }}-cluster"
-  externalClusters:
-    - name: "postgresql-{{ .Release.Name }}-cluster"
-      connectionParameters:
-        host: "postgresql-{{ .Release.Name }}-cluster-rw"
-        user: app
-        dbname: app
-      password:
-        name: "postgresql-{{ .Release.Name }}-cluster-app"
-        key: password
-
-  {{- if .Values.backup.backupEnabled }}
-  backup:
-    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
-    barmanObjectStore:
-      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
-      endpointURL: {{ .Values.backup.endpointURL }}
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
-      s3Credentials:
-        accessKeyId:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_KEY_ID
-        secretAccessKey:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_SECRET_KEY
-      data:
-        compression: {{ .Values.cluster.compression }}
-      wal:
-        compression: {{ .Values.cluster.compression }}
-  {{- end }}

charts/postgres-cluster-upgrade/values.yaml

@@ -1,37 +0,0 @@
-cluster:
-  name:
-  image:
-    repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 16.2
-  instances: 1
-  parameters:
-    shared_buffers: 128MB
-    max_slot_wal_keep_size: 2000MB
-    hot_standby_feedback: "on"
-  compression: snappy
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 100m
-    limits:
-      memory: 2Gi
-      cpu: 1500m
-      hugepages-2Mi: 512Mi
-  storage:
-    data:
-      storageClass:
-      size: 10Gi
-    wal:
-      storageClass:
-      size: 2Gi
-upgrade:
-  importType: microservice
-  importDatabases:
-    - app
-backup:
-  backupEnabled: false
-  inititeBackup: false  
-  retentionPolicy: 3d  
-  backupIndex: 1
-  endpointURL:
-  bucket:

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 1.1.0
+version: 2.4.2
 description: Chart for cloudnative-pg cluster
 keywords:
   - database

charts/postgres-cluster/templates/_backup.tpl

@@ -3,20 +3,20 @@
 backup:
   retentionPolicy: {{ .Values.backup.retentionPolicy }}
   barmanObjectStore:
-    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Release.Name }}"
+    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.backupName" . }}"
     endpointURL: {{ .Values.backup.endpointURL }}
     {{- if .Values.backup.endpointCA }}
     endpointCA:
       name: {{ .Values.backup.endpointCA }}
       key: ca-bundle.crt
     {{- end }}
-    serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
+    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
     s3Credentials:
       accessKeyId:
-        name: {{ include "cluster.backup.credentials" . }}
+        name: {{ include "cluster.backupCredentials" . }}
         key: ACCESS_KEY_ID
       secretAccessKey:
-        name: {{ include "cluster.backup.credentials" . }}
+        name: {{ include "cluster.backupCredentials" . }}
         key: ACCESS_SECRET_KEY
     wal:
       compression: {{ .Values.backup.wal.compression }}

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -26,29 +26,29 @@ bootstrap:
     import:
       type: {{ .Values.replica.importType }}
       databases:
-        {{- if and (len .Values.replica.importDatabases gt 1) (.Values.replica.importType eq "microservice") }}
+        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
           {{ fail "Too many databases in import type of microservice!" }}
         {{- else}}
         {{- with .Values.replica.importDatabases }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
         {{- end }}        
-      {{- if .Values.replica.importType eq "monolith" }}
+      {{- if eq .Values.replica.importType "monolith" }}
       roles:
         {{- with .Values.replica.importRoles }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
       {{- end }}
-      {{- if and (.Values.replica.postImportApplicationSQL) (.Values.replica.importType eq "microservice") }}
+      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
       postImportApplicationSQL:
         {{- with .Values.replica.postImportApplicationSQL }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}      
       {{- end }}
       source:
-        externalCluster: "postgresql-{{ .Release.Name }}-cluster"
+        externalCluster: "{{ include "cluster.name" . }}-cluster"
 externalClusters:
-  - name: "postgresql-{{ .Release.Name }}-cluster"
+  - name: "{{ include "cluster.name" . }}-cluster"
     {{- with .Values.replica.externalCluster }}
     {{- . | toYaml | nindent 4 }}
     {{- end }}    
@@ -58,25 +58,24 @@ externalClusters:
     recoveryTarget:
       targetTime: {{ . }}
     {{- end }}
-    source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+    source: {{ include "cluster.recoveryServerName" . }}
 externalClusters:
-  - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+  - name: {{ include "cluster.recoveryServerName" . }}
     barmanObjectStore:
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
-      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Release.Name }}"
+      serverName: {{ include "cluster.recoveryServerName" . }}
+      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.recoveryInstanceName" . }}"
       endpointURL: {{ .Values.recovery.endpointURL }}
       {{- with .Values.recovery.endpointCA }}
       endpointCA:
         name: {{ . }}
         key: ca-bundle.crt
       {{- end }}
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
       s3Credentials:
         accessKeyId:
-          name: {{ include "cluster.recovery.credentials" . }}
+          name: {{ include "cluster.recoveryCredentials" . }}
           key: ACCESS_KEY_ID
         secretAccessKey:
-          name: {{ include "cluster.recovery.credentials" . }}
+          name: {{ include "cluster.recoveryCredentials" . }}
           key: ACCESS_SECRET_KEY
       wal:
         compression: {{ .Values.recovery.wal.compression }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -2,26 +2,12 @@
 Expand the name of the chart.
 */}}
 {{- define "cluster.name" -}}
-  {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "cluster.fullname" -}}
-{{- if .Values.fullnameOverride }}
-  {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-  {{- $name := default .Chart.Name .Values.nameOverride }}
-  {{- if contains $name .Release.Name }}
-    {{- .Release.Name | trunc 63 | trimSuffix "-" }}
+  {{- if .Values.nameOverride }}
+    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
   {{- else }}
-    {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+    {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
 {{- end }}
-{{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.
@@ -54,18 +40,52 @@ app.kubernetes.io/part-of: cloudnative-pg
 {{/*
 Generate name for object store credentials
 */}}
-{{- define "cluster.recovery.credentials" -}}
+{{- define "cluster.recoveryCredentials" -}}
   {{- if .Values.recovery.endpointCredentials -}}
     {{- .Values.recovery.endpointCredentials -}}
   {{- else -}}
-    {{- printf "postgresql-%s-cluster-backup-secret" .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
-{{- end -}}
+{{- end }}
 
-{{- define "cluster.backup.credentials" -}}
+{{- define "cluster.backupCredentials" -}}
   {{- if .Values.backup.endpointCredentials -}}
     {{- .Values.backup.endpointCredentials -}}
   {{- else -}}
-    {{- printf "postgresql-%s-cluster-backup-secret" .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
-{{- end -}}
+{{- end }}
+
+{{/*
+Generate backup server name
+*/}}
+{{- define "cluster.backupName" -}}
+  {{- if .Values.backup.backupName -}}
+    {{- .Values.backup.backupName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}
+
+
+{{/*
+Generate recovery server name
+*/}}
+{{- define "cluster.recoveryServerName" -}}
+  {{- if .Values.recovery.recoveryServerName -}}
+    {{- .Values.recovery.recoveryServerName -}}
+  {{- else -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate recovery instance name
+*/}}
+{{- define "cluster.recoveryInstanceName" -}}
+  {{- if .Values.recovery.recoveryInstanceName -}}
+    {{- .Values.recovery.recoveryInstanceName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -1,7 +1,7 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: "postgresql-{{ include "cluster.fullname" . }}-cluster"
+  name: {{ include "cluster.name" . }}-cluster
   namespace: {{ .Release.Namespace }}
   {{- with .Values.cluster.annotations }}
   annotations:

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -2,7 +2,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: "postgresql-{{ include "cluster.fullname" . }}-alert-rules"
+  name: {{ include "cluster.name" . }}-alert-rules
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "cluster.labels" . | nindent 4 }}
@@ -11,14 +11,14 @@ metadata:
   {{- end }}
 spec:
   groups:
-    - name: cloudnative-pg/{{ include "cluster.fullname" . }}
+    - name: cloudnative-pg/{{ include "cluster.name" . }}
       rules:
         {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
         {{- $_ := set $dict "value"       "{{ $value }}" -}}
         {{- $_ := set $dict "namespace"   .Release.Namespace -}}
-        {{- $_ := set $dict "cluster"     (include "cluster.fullname" .) -}}
+        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
         {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
-        {{- $_ := set $dict "podSelector" (printf "%s-([1-9][0-9]*)$" (include "cluster.fullname" .)) -}}
+        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
         {{- $_ := set $dict "Values"      .Values -}}
         {{- $_ := set $dict "Template"    .Template -}}
         {{- range $path, $_ := .Files.Glob  "prometheus_rules/**.yaml" }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -2,7 +2,7 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: "postgresql-{{ include "cluster.fullname" . }}-cluster-scheduled-backup"
+  name: {{ include "cluster.name" . }}-scheduled-backup
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "cluster.labels" . | nindent 4 }}
@@ -14,5 +14,5 @@ spec:
   schedule: {{ .Values.backup.schedule }}
   backupOwnerReference: self
   cluster:
-    name: "postgresql-{{ include "cluster.fullname" . }}-cluster"
+    name: {{ include "cluster.name" . }}-cluster
 {{ end }}

charts/postgres-cluster/values.yaml

@@ -1,7 +1,5 @@
-# -- Override the name of the chart
+# -- Override the name of the cluster
 nameOverride: ""
-# -- Override the full name of the chart
-fullnameOverride: ""
 
 ###
 # -- Type of the CNPG database. Available types:
@@ -25,7 +23,7 @@ cluster:
 
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 16.2
+    tag: "16.2"
     pullPolicy: IfNotPresent
 
   # The UID and GID of the postgres user inside the image
@@ -45,7 +43,7 @@ cluster:
       cpu: 10m
     limits:
       memory: 1Gi
-      cpu: 100m
+      cpu: 800m
       hugepages-2Mi: 256Mi
 
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
@@ -109,9 +107,15 @@ recovery:
   # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
   endpointCredentials: ""
 
-  # Generate external cluster name, uses: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
   recoveryIndex: 1
 
+  # Name of the recovery cluster in the object store, defaults to "cluster.name"
+  recoveryServerName: ""
+
+  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
+  recoveryInstanceName: ""
+
   wal:
     # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
@@ -169,6 +173,9 @@ backup:
   # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
   backupIndex: 1
 
+  # Name of the backup cluster in the object store, defaults to "cluster.name"
+  backupName: ""
+
   wal:
     # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy

charts/taiga/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: taiga
+version: 0.2.0
+description: Chart for Taiga
+keywords:
+  - kanban
+  - project management
+sources:
+  - https://github.com/taigaio
+  - https://github.com/rabbitmq/rabbitmq-server
+  - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
+dependencies:
+  - name: rabbitmq
+    version: 14.0.1
+    repository: https://charts.bitnami.com/bitnami
+    alias: async-rabbitmq
+  - name: rabbitmq
+    version: 14.0.1
+    repository: https://charts.bitnami.com/bitnami
+    alias: events-rabbitmq
+appVersion: 6.7.7

charts/taiga/README.md

@@ -0,0 +1,17 @@
+## Introduction
+
+[Taiga 6](https://github.com/taigaio)
+
+Intuitive and simple, yet feature complete Kanban board
+
+This chart bootstraps a [Taiga](https://github.com/taigaio) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+
+## Parameters
+
+See the [values files](values.yaml).

charts/taiga/templates/_helpers.tpl

@@ -0,0 +1,135 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "taiga.name" -}}
+  {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "taiga.fullname" -}}
+  {{- if .Values.global.fullnameOverride -}}
+    {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+  {{- else -}}
+    {{- $name := default .Chart.Name .Values.global.nameOverride -}}
+    {{- if contains $name .Release.Name -}}
+      {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- else -}}
+      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label
+*/}}
+{{- define "taiga.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "taiga.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Common labels for specific components
+*/}}
+{{- define "taiga.back.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-back
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- define "taiga.async.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-async
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- define "taiga.front.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-front
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- define "taiga.events.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-events
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- define "taiga.protected.labels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
+helm.sh/chart: {{ template "taiga.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+*/}}
+{{- define "taiga.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.back.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-back
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.async.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-async
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.front.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-front
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.events.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-events
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "taiga.protected.matchLabels" -}}
+app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "taiga.serviceAccountName" -}}
+  {{- if .Values.serviceAccount.create -}}
+    {{ default (include "taiga.fullname" .) .Values.serviceAccount.name }}
+  {{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the static persistent volume
+*/}}
+{{- define "taiga.staticVolumeName" -}}
+  {{- if .Values.persistence.static.existingClaim -}}
+    {{ .Values.persistence.static.existingClaim }}
+  {{- else -}}
+    {{ printf "%s-static" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the media persistent volume
+*/}}
+{{- define "taiga.mediaVolumeName" -}}
+  {{- if .Values.persistence.media.existingClaim -}}
+    {{ .Values.persistence.media.existingClaim }}
+  {{- else -}}
+    {{ printf "%s-media" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
+  {{- end -}}
+{{- end -}}

charts/taiga/templates/config-map.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.createInitialUser }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "taiga.fullname" . }}-create-initial-user
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+data:
+  createinitialuser.sh: |
+    #!/bin/sh
+    echo """
+    import time
+    import requests
+    import subprocess
+
+    print('Waiting for backend ...')
+    while requests.get('http://{{ template "taiga.fullname" . }}-back/api/v1/').status_code != 200:
+        print('...')
+        time.sleep(2)
+
+    if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
+        print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
+    else:
+        print('Admin user yet created.')
+        """ > /tmp/create_superuser.py
+        python /tmp/create_superuser.py
+{{- end }}

charts/taiga/templates/deployment-back.yaml

@@ -0,0 +1,515 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "taiga.fullname" . }}-back
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.back.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.back.replicas }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "taiga.back.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "taiga.back.labels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ template "taiga.name" . }}-back
+      annotations:
+        {{- with .Values.back.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        {{- with .Values.back.affinity }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.back.nodeSelector }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.back.tolerations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
+      securityContext:
+        {{- with .Values.back.securityContext }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: {{ template "taiga.fullname" . }}-back
+          image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
+          imagePullPolicy: {{ .Values.back.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.back.resources | nindent 12 }}
+          ports:
+            - name: taiga-back
+              containerPort: {{ .Values.back.service.port }}
+              protocol: TCP
+          volumeMounts:
+            - name: taiga-static
+              mountPath: /taiga-back/static
+            - name: taiga-media
+              mountPath: /taiga-back/media
+          env:
+            - name: TAIGA_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.secretKey.existingSecretName }}"
+                  key: "{{ .Values.secretKey.existingSecretKey }}"
+            - name: ENABLE_TELEMETRY
+              value: "{{ .Values.enableTelemetry }}"
+            - name: PUBLIC_REGISTER_ENABLED
+              value: "{{ .Values.publicRegisterEnabled }}"
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.usernameKey }}"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.passwordKey }}"
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.databaseNameKey }}"
+            - name: POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.hostKey }}"
+
+          {{ if .Values.oidc.enabled }}
+            - name: OIDC_ENABLED
+              value: "True"
+            - name: OIDC_SCOPES
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.scopesKey }}"
+            - name: OIDC_SIGN_ALGO
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.signatureAlgorithmKey }}"
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.clientIdKey }}"
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.clientSecretKey }}"
+            - name: OIDC_BASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.baseUrlKey }}"
+            - name: OIDC_JWKS_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.jwksEndpointKey }}"
+            - name: OIDC_AUTHORIZATION_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.authorizationEndpointKey }}"
+            - name: OIDC_TOKEN_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.tokenEndpointKey }}"
+            - name: OIDC_USER_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.userEndpointKey }}"
+          {{ end }}
+
+          {{ if .Values.email.enabled }}
+            - name: EMAIL_BACKEND
+              value: "django.core.mail.backends.smtp.EmailBackend"
+            - name: DEFAULT_FROM_EMAIL
+              value: "{{ .Values.email.from }}"
+            - name: EMAIL_HOST
+              value: "{{ .Values.email.host }}"
+            - name: EMAIL_PORT
+              value: "{{ .Values.email.port }}"
+            - name: EMAIL_USE_TLS
+              value: "{{ .Values.email.tls }}"
+            - name: EMAIL_USE_SSL
+              value: "{{ .Values.email.ssl }}"
+            - name: EMAIL_HOST_USER
+              value: "{{ .Values.email.user }}"
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.email.existingPasswordSecret }}"
+                  key: "{{ .Values.email.existingSecretPasswordKey }}"
+          {{ end }}
+
+            - name: ENABLE_GITHUB_AUTH
+              value: "false"
+            - name: ENABLE_GITLAB_AUTH
+              value: "false"
+            - name: ENABLE_SLACK
+              value: "{{ .Values.enableSlack }}"
+
+          {{ if .Values.githubImporter.enabled }}
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "True"
+            - name: GITHUB_API_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.githubImporter.existingSecretName }}"
+                  key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
+            - name: GITHUB_API_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.githubImporter.existingSecretName }}"
+                  key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
+          {{ else }}
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "False"
+          {{ end }}
+
+          {{ if .Values.jiraImporter.enabled }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "True"
+            - name: JIRA_IMPORTER_CONSUMER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
+            - name: JIRA_IMPORTER_CERT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
+            - name: JIRA_IMPORTER_PUB_CERT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
+          {{ else }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "False"
+          {{ end }}
+
+          {{ if .Values.trelloImporter.enabled }}
+            - name: ENABLE_TRELLO_IMPORTER
+              value: "True"
+            - name: TRELLO_IMPORTER_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.trelloImporter.existingSecretName }}"
+                  key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
+            - name: TRELLO_IMPORTER_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.trelloImporter.existingSecretName }}"
+                  key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
+          {{ else }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "False"
+          {{ end }}
+
+            - name: RABBITMQ_USER
+              value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
+            - name: RABBITMQ_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
+                  key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
+
+          {{ if .Values.ingress.enabled }}
+            - name: TAIGA_SITES_DOMAIN
+              value: "{{ .Values.ingress.host }}"
+            - name: TAIGA_SITES_SCHEME
+              value: "https"
+            - name: SESSION_COOKIE_SECURE
+              value: "True"
+            - name: CSRF_COOKIE_SECURE
+              value: "True"
+          {{- end }}
+
+          {{- if .Values.back.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.back.service.port }}
+            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.back.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.back.service.port }}
+            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
+          {{- end }}
+
+        - name: {{ template "taiga.fullname" . }}-async
+          image: "{{ .Values.async.image.repository }}:{{ .Values.async.image.tag }}"
+          imagePullPolicy: {{ .Values.async.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.async.resources | nindent 12 }}
+          command:
+            - /taiga-back/docker/async_entrypoint.sh
+          volumeMounts:
+            - name: taiga-static
+              mountPath: /taiga-back/static
+            - name: taiga-media
+              mountPath: /taiga-back/media
+          env:
+            - name: TAIGA_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.secretKey.existingSecretName }}"
+                  key: "{{ .Values.secretKey.existingSecretKey }}"
+            - name: ENABLE_TELEMETRY
+              value: "{{ .Values.enableTelemetry }}"
+            - name: PUBLIC_REGISTER_ENABLED
+              value: "{{ .Values.publicRegisterEnabled }}"
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.usernameKey }}"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.passwordKey }}"
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.databaseNameKey }}"
+            - name: POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.postgresql.existingSecretName }}"
+                  key: "{{ .Values.postgresql.hostKey }}"
+
+          {{ if .Values.oidc.enabled }}
+            - name: OIDC_ENABLED
+              value: "True"
+            - name: OIDC_SCOPES
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.scopesKey }}"
+            - name: OIDC_SIGN_ALGO
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.signatureAlgorithmKey }}"
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.clientIdKey }}"
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.clientSecretKey }}"
+            - name: OIDC_BASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.baseUrlKey }}"
+            - name: OIDC_JWKS_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.jwksEndpointKey }}"
+            - name: OIDC_AUTHORIZATION_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.authorizationEndpointKey }}"
+            - name: OIDC_TOKEN_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.tokenEndpointKey }}"
+            - name: OIDC_USER_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.oidc.existingSecretName }}"
+                  key: "{{ .Values.oidc.userEndpointKey }}"
+          {{ end }}
+
+          {{ if .Values.email.enabled }}
+            - name: EMAIL_BACKEND
+              value: "django.core.mail.backends.smtp.EmailBackend"
+            - name: DEFAULT_FROM_EMAIL
+              value: "{{ .Values.email.from }}"
+            - name: EMAIL_HOST
+              value: "{{ .Values.email.host }}"
+            - name: EMAIL_PORT
+              value: "{{ .Values.email.port }}"
+            - name: EMAIL_USE_TLS
+              value: "{{ .Values.email.tls }}"
+            - name: EMAIL_USE_SSL
+              value: "{{ .Values.email.ssl }}"
+            - name: EMAIL_HOST_USER
+              value: "{{ .Values.email.user }}"
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.email.existingPasswordSecret }}"
+                  key: "{{ .Values.email.existingSecretPasswordKey }}"
+          {{ end }}
+
+            - name: ENABLE_GITHUB_AUTH
+              value: "false"
+            - name: ENABLE_GITLAB_AUTH
+              value: "false"
+            - name: ENABLE_SLACK
+              value: "{{ .Values.enableSlack }}"
+
+          {{ if .Values.githubImporter.enabled }}
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "True"
+            - name: GITHUB_API_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.githubImporter.existingSecretName }}"
+                  key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
+            - name: GITHUB_API_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.githubImporter.existingSecretName }}"
+                  key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
+          {{ else }}
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "False"
+          {{ end }}
+
+          {{ if .Values.jiraImporter.enabled }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "True"
+            - name: JIRA_IMPORTER_CONSUMER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
+            - name: JIRA_IMPORTER_CERT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
+            - name: JIRA_IMPORTER_PUB_CERT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.jiraImporter.existingSecretName }}"
+                  key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
+          {{ else }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "False"
+          {{ end }}
+
+          {{ if .Values.trelloImporter.enabled }}
+            - name: ENABLE_TRELLO_IMPORTER
+              value: "True"
+            - name: TRELLO_IMPORTER_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.trelloImporter.existingSecretName }}"
+                  key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
+            - name: TRELLO_IMPORTER_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.trelloImporter.existingSecretName }}"
+                  key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
+          {{ else }}
+            - name: ENABLE_JIRA_IMPORTER
+              value: "False"
+          {{ end }}
+
+            - name: RABBITMQ_USER
+              value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
+            - name: RABBITMQ_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
+                  key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
+
+          {{ if .Values.ingress.enabled }}
+            - name: TAIGA_SITES_DOMAIN
+              value: "{{ .Values.ingress.host }}"
+            - name: TAIGA_SITES_SCHEME
+              value: "https"
+            - name: SESSION_COOKIE_SECURE
+              value: "True"
+            - name: CSRF_COOKIE_SECURE
+              value: "True"
+          {{- end }}
+
+          {{- if .Values.back.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.back.service.port }}
+            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.back.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.back.service.port }}
+            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
+          {{- end }}
+
+      volumes:
+        - name: taiga-static
+      {{- if .Values.persistence.static.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "taiga.staticVolumeName" . }}
+      {{- else }}
+          emptyDir: {}
+      {{- end }}
+        - name: taiga-media
+      {{- if .Values.persistence.media.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "taiga.mediaVolumeName" . }}
+      {{- else }}
+          emptyDir: {}
+      {{- end }}

charts/taiga/templates/deployment-events.yaml

@@ -0,0 +1,101 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "taiga.fullname" . }}-events
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.events.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.events.replicas }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "taiga.events.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "taiga.events.labels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ template "taiga.name" . }}-events
+      annotations:
+        {{- with .Values.events.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        {{- with .Values.events.affinity }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.events.nodeSelector }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.events.tolerations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
+      securityContext:
+        {{- with .Values.events.securityContext }}
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "taiga.fullname" . }}-events
+          image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}"
+          imagePullPolicy: {{ .Values.events.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.events.resources | nindent 12 }}
+          ports:
+            - name: taiga-events
+              containerPort: {{ .Values.events.service.http.port }}
+              protocol: TCP
+            - name: taiga-app
+              containerPort: {{ .Values.events.service.app.port }}
+              protocol: TCP
+          env:
+            - name: TAIGA_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.secretKey.existingSecretName }}"
+                  key: "{{ .Values.secretKey.existingSecretKey }}"
+            - name: RABBITMQ_USER
+              value: "{{ index .Values "events-rabbitmq" "auth" "username" }}"
+            - name: RABBITMQ_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ index .Values "events-rabbitmq" "auth" "existingPasswordSecret" }}
+                  key: {{ index .Values "events-rabbitmq" "auth" "existingSecretPasswordKey" }}
+            - name: APP_PORT
+              value: "{{ .Values.events.service.app.port }}"
+
+          {{- if .Values.events.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.events.service.app.port }}
+            initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.events.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.events.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.events.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.events.service.app.port }}
+            initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.events.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.events.readinessProbe.failureThreshold }}
+          {{- end }}

charts/taiga/templates/deployment-front.yaml

@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "taiga.fullname" . }}-front
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.front.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.front.replicas }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "taiga.front.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "taiga.front.labels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ template "taiga.name" . }}-front
+      annotations:
+        {{- with .Values.front.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        {{- with .Values.front.affinity }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.front.nodeSelector }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.front.tolerations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
+      securityContext:
+        {{- with .Values.front.securityContext }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: {{ template "taiga.fullname" . }}-front
+          image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
+          imagePullPolicy: {{ .Values.front.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.front.resources | nindent 12 }}
+          ports:
+            - name: taiga-front
+              containerPort: {{ .Values.front.service.port }}
+              protocol: TCP
+          env:
+          {{ if .Values.ingress.enabled }}
+            - name: TAIGA_URL
+              value: "https://{{ .Values.ingress.host }}"
+          {{ else }}
+            - name: TAIGA_URL
+              value: "http://localhost:{{ .Values.front.service.port }}"
+          {{ end }}
+
+            - name: PUBLIC_REGISTER_ENABLED
+              value: "{{ .Values.publicRegisterEnabled }}"
+            - name: ENABLE_GITHUB_AUTH
+              value: "false"
+            - name: ENABLE_GITLAB_AUTH
+              value: "false"
+            - name: ENABLE_OIDC
+              value: "{{ .Values.oidc.enabled }}"              
+            - name: ENABLE_SLACK
+              value: "{{ .Values.enableSlack }}"
+            - name: ENABLE_GITHUB_IMPORTER
+              value: "{{ .Values.githubImporter.enabled }}"
+            - name: ENABLE_JIRA_IMPORTER
+              value: "{{ .Values.jiraImporter.enabled }}"
+            - name: ENABLE_TRELLO_IMPORTER
+              value: "{{ .Values.trelloImporter.enabled }}"
+
+          {{- if .Values.front.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.front.service.port }}
+            initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.front.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.front.service.port }}
+            initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
+          {{- end }}

charts/taiga/templates/deployment-protected.yaml

@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "taiga.fullname" . }}-protected
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.protected.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.protected.replicas }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "taiga.protected.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "taiga.protected.labels" . | nindent 8 }}
+        app.kubernetes.io/component: {{ template "taiga.name" . }}-protected
+      annotations:
+        {{- with .Values.protected.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        {{- with .Values.protected.affinity }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.protected.nodeSelector }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.protected.tolerations }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
+      securityContext:
+        {{- with .Values.protected.securityContext }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: {{ template "taiga.fullname" . }}-protected
+          image: "{{ .Values.protected.image.repository }}:{{ .Values.protected.image.tag }}"
+          imagePullPolicy: {{ .Values.protected.image.pullPolicy }}
+          resources:
+            {{ toYaml .Values.protected.resources | nindent 12 }}
+          ports:
+            - name: taiga-protected
+              containerPort: {{ .Values.protected.service.port }}
+              protocol: TCP
+          env:
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.secretKey.existingSecretName }}"
+                  key: "{{ .Values.secretKey.existingSecretKey }}"
+            - name: MAX_AGE
+              value: "{{ .Values.maxAge }}"
+
+          {{- if .Values.protected.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.protected.service.port }}
+            initialDelaySeconds: {{ .Values.protected.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.protected.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.protected.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.protected.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.protected.livenessProbe.failureThreshold }}
+          {{- end }}
+
+          {{- if .Values.protected.readinessProbe.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /admin/login/
+              port: {{ .Values.protected.service.port }}
+            initialDelaySeconds: {{ .Values.protected.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.protected.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.protected.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.protected.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.protected.readinessProbe.failureThreshold }}
+          {{- end }}

charts/taiga/templates/ingress.yaml

@@ -0,0 +1,74 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "taiga.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.ingress.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.host }}
+      secretName: {{ template "taiga.fullname" . }}-secret-tls
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-front"
+                port:
+                  name: taiga-front
+            pathType: ImplementationSpecific
+          - path: /api
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-back"
+                port:
+                  name: taiga-back
+            pathType: ImplementationSpecific     
+          - path: /admin
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-back"
+                port:
+                  name: taiga-back
+            pathType: ImplementationSpecific
+        {{ if .Values.oidc.enabled }}
+          - path: /oidc
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-back"
+                port:
+                  name: taiga-back
+            pathType: ImplementationSpecific
+        {{- end }}                  
+          - path: /events
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-events"
+                port:
+                  name: taiga-events
+            pathType: ImplementationSpecific
+          - path: /media
+            backend:
+              service:
+                name: "{{ template "taiga.fullname" . }}-protected"
+                port:
+                  name: taiga-protected
+            pathType: ImplementationSpecific
+{{- end }}

charts/taiga/templates/job.yaml

@@ -0,0 +1,66 @@
+{{- if .Values.createInitialUser }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "taiga.fullname" . }}-create-initial-user
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  backoffLimit: 4
+  template:
+    spec:
+      {{- if .Values.back.nodeSelector }}
+      nodeSelector:
+        {{ toYaml .Values.back.nodeSelector | nindent 8 }}
+      {{- end }}
+      restartPolicy: Never
+      containers:
+      - name: {{ template "taiga.fullname" . }}-create-initial-user
+        image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
+        imagePullPolicy: {{ .Values.back.image.pullPolicy }}
+        command:
+          - sh
+          - /scripts/createinitialuser.sh
+        volumeMounts:
+          - name: create-initial-user
+            mountPath: /scripts
+        env:
+          - name: TAIGA_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.secretKey.existingSecretName }}"
+                key: "{{ .Values.secretKey.existingSecretKey }}"
+          - name: POSTGRES_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.postgresql.existingSecretName }}"
+                key: "{{ .Values.postgresql.usernameKey }}"
+          - name: POSTGRES_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.postgresql.existingSecretName }}"
+                key: "{{ .Values.postgresql.passwordKey }}"
+          - name: POSTGRES_DATABASE_NAME
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.postgresql.existingSecretName }}"
+                key: "{{ .Values.postgresql.databaseNameKey }}"
+          - name: POSTGRES_DATABASE_HOST
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.postgresql.existingSecretName }}"
+                key: "{{ .Values.postgresql.hostKey }}"
+      volumes:
+        - name: create-initial-user
+          configMap:
+            name: {{ template "taiga.fullname" . }}-create-initial-user
+            defaultMode: 0744
+{{- end }}

charts/taiga/templates/persistent-volume-claim.yaml

@@ -0,0 +1,54 @@
+{{- if and .Values.persistence.static.enabled (not .Values.persistence.static.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "taiga.staticVolumeName" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- if .Values.persistence.static.retain }}
+    helm.sh/resource-policy: keep
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  storageClassName: {{ .Values.persistence.static.storageClass }}
+  accessModes:
+    - {{ .Values.persistence.static.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.static.size }}
+{{- end }}
+
+---
+{{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "taiga.mediaVolumeName" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- if .Values.persistence.media.retain }}
+    "helm.sh/resource-policy": keep
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  storageClassName: {{ .Values.persistence.media.storageClass }}
+  accessModes:
+    - {{ .Values.persistence.media.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.media.size }}
+{{- end }}

charts/taiga/templates/service-account.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "taiga.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccount.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccount.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}

charts/taiga/templates/service.yaml

@@ -0,0 +1,138 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "taiga.fullname" . }}-back
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.back.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.back.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.back.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.back.service.type }}
+  ports:
+    - port: {{ .Values.back.service.port }}
+      targetPort: taiga-back
+      protocol: TCP
+      name: taiga-back
+  selector:
+    {{- include "taiga.back.matchLabels" . | nindent 4 }}
+    {{- with .Values.back.service.extraSelectorLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "taiga.fullname" . }}-events
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.events.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.events.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.events.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.events.service.type }}
+  ports:
+    - port: {{ .Values.events.service.http.port }}
+      targetPort: taiga-events
+      protocol: TCP
+      name: taiga-events
+    - port: {{ .Values.events.service.app.port }}
+      targetPort: taiga-app
+      protocol: TCP
+      name: taiga-app
+  selector:
+    {{- include "taiga.events.matchLabels" . | nindent 4 }}
+    {{- with .Values.events.service.extraSelectorLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "taiga.fullname" . }}-front
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.front.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.front.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.front.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.front.service.type }}
+  ports:
+    - port: {{ .Values.front.service.port }}
+      targetPort: taiga-front
+      protocol: TCP
+      name: taiga-front
+  selector:
+    {{- include "taiga.front.matchLabels" . | nindent 4 }}
+    {{- with .Values.front.service.extraSelectorLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "taiga.fullname" . }}-protected
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.protected.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "taiga.protected.labels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.protected.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.protected.service.type }}
+  ports:
+    - port: {{ .Values.protected.service.port }}
+      targetPort: taiga-protected
+      protocol: TCP
+      name: taiga-protected
+  selector:
+    {{- include "taiga.protected.matchLabels" . | nindent 4 }}
+    {{- with .Values.protected.service.extraSelectorLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}

charts/taiga/values.yaml

@@ -0,0 +1,817 @@
+## Global
+##
+global:
+  # -- Set an override for the prefix of the fullname
+  nameOverride:
+
+  # -- Set the entire name definition
+  fullnameOverride:
+
+  # -- Set additional global labels. Helm templates can be used.
+  labels: {}
+
+  # -- Set additional global annotations. Helm templates can be used.
+  annotations: {}
+
+## Service Account
+##
+serviceAccount:
+  # -- Specifies whether a service account should be created
+  create: false
+
+  # -- Annotations to add to the service account
+  annotations: {}
+
+  # -- Labels to add to the service account
+  labels: {}
+
+  # -- The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+## Secret key
+## Specificy the secret name and the key containg a strong secret key
+##
+secretKey:
+  existingSecretName: ""
+  existingSecretKey: ""
+
+## Create initial user with credentials admin/123123
+## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
+##
+# TODO: set to false by default or create with a random password which is stored in a secret
+# or allow to pass in the data for username and secret
+createInitialUser: true
+
+## Max age
+##
+maxAge: 360
+
+## Create initial templates
+## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
+##
+# TODO: This values seems to be unused
+createInitialTemplates: false
+
+## Telemetry settings
+##
+enableTelemetry: true
+
+## Public registration
+##
+publicRegisterEnabled: true
+
+## Enable debug
+## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
+debug: false
+
+## Postgresql
+## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
+##
+postgresql:
+  existingSecretName: ""
+  usernameKey: ""
+  passwordKey: ""
+  databaseNameKey: ""
+  hostKey: ""
+  portKey: ""
+
+## OIDC authentication
+## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
+##
+oidc:
+  enabled: false
+  existingSecretName: ""
+  scopesKey: ""                  # "openid profile email"
+  signatureAlgorithmKey: ""      # "RS256"
+  clientIdKey: ""                # <generate from auth provider>
+  clientSecretKey: ""            # <generate from auth provider>
+  baseUrlKey: ""                 # "https://id.fedoraproject.org/openidc"
+  jwksEndpointKey: ""            # "https://id.fedoraproject.org/openidc/Jwks"
+  authorizationEndpointKey: ""   # "https://id.fedoraproject.org/openidc/Authorization"
+  tokenEndpointKey: ""           # "https://id.fedoraproject.org/openidc/Token"
+  userEndpointKey: ""            # "https://id.fedoraproject.org/openidc/UserInfo"
+
+## SMTP mail delivery configuration
+## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
+##
+email:
+  enabled: false
+  from: no-reply@example.com
+  host: localhost
+  port: 587
+  tls: false
+  ssl: false
+  user: ""
+
+  ## Specificy an existing secret containg the password for the smtp user
+  ##
+  existingPasswordSecret: ""
+  existingSecretPasswordKey: ""
+
+## Slack
+##
+enableSlack: false
+
+## Importers
+##
+# Github importer
+githubImporter:
+  enabled: false
+  existingSecretName: ""
+  existingSecretClientIdKey: ""
+  existingSecretClientSecretKey: ""
+
+# Jira importer
+jiraImporter:
+  enabled: false
+  existingSecretName: ""
+  existingSecretConsumerKeyKey: ""
+  existingSecretCertKey: ""
+  existingSecretPubCertKey: ""
+
+# Trello importer
+trelloImporter:
+  enabled: false
+  existingSecretName: ""
+  existingSecretApiKeyKey: ""
+  existingSecretSecretKeyKey: ""
+
+## taiga-back
+##
+back:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-back
+    tag: "6.7.3"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    # -- HTTP port number
+    port: 8000
+
+## Async
+##
+async:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-back
+    tag: "6.7.3"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    # -- HTTP port number
+    port: 8000
+
+## Async Rabbitmq
+## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
+##
+async-rabbitmq:
+  auth:
+    ## @param auth.username RabbitMQ application username
+    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
+    ##
+    username: taiga
+
+    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
+    ## e.g:
+    ## existingPasswordSecret: name-of-existing-secret
+    ##
+    existingPasswordSecret: ""
+    existingSecretPasswordKey: ""
+
+    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
+    ## e.g:
+    ## existingErlangSecret: name-of-existing-secret
+    ##
+    existingErlangSecret: ""
+    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
+    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
+    ##
+    existingSecretErlangKey: ""
+
+  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
+  ## Must contain the key "rabbitmq.conf"
+  ## Takes precedence over `configuration`, so do not use both simultaneously
+  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
+  ##
+  configurationExistingSecret: ""
+  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
+  ## Use this instead of `configuration` to add more configuration
+  ## Do not use simultaneously with `extraConfigurationExistingSecret`
+  ##
+  extraConfiguration: |-
+    default_vhost = taiga
+    default_permissions.configure = .*
+    default_permissions.read = .*
+    default_permissions.write = .*
+
+## Events
+##
+events:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-events
+    tag: "6.7.0"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    http:
+      # -- HTTP port number
+      port: 8888
+
+    app:
+      # -- HTTP port number
+      port: 3023
+
+## Events Rabbitmq
+## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
+##
+events-rabbitmq:
+  auth:
+    ## @param auth.username RabbitMQ application username
+    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
+    ##
+    username: taiga
+
+    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
+    ## e.g:
+    ## existingPasswordSecret: name-of-existing-secret
+    ##
+    existingPasswordSecret: ""
+    existingSecretPasswordKey: ""
+
+    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
+    ## e.g:
+    ## existingErlangSecret: name-of-existing-secret
+    ##
+    existingErlangSecret: ""
+    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
+    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
+    ##
+    existingSecretErlangKey: ""
+
+  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
+  ## Must contain the key "rabbitmq.conf"
+  ## Takes precedence over `configuration`, so do not use both simultaneously
+  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
+  ##
+  configurationExistingSecret: ""
+  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
+  ## Use this instead of `configuration` to add more configuration
+  ## Do not use simultaneously with `extraConfigurationExistingSecret`
+  ##
+  extraConfiguration: |-
+    default_vhost = taiga
+    default_permissions.configure = .*
+    default_permissions.read = .*
+    default_permissions.write = .*
+
+## Protected
+##
+protected:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-protected
+    tag: "6.7.0"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    # -- HTTP port number
+    port: 8003
+
+## Front
+##
+front:
+  ## Taiga image version
+  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
+  ##
+  image:
+    repository: taigaio/taiga-front
+    tag: "6.7.7"
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+
+  ## Define the number of pods the deployment will create
+  ## Do not change unless your persistent volume allows more than one writer, ie NFS
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ##
+  replicas: 1
+
+  ## Pod Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  securityContext: {}
+
+  ## Pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+
+  ## Affinity for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+
+  ## Node labels for pod assignment. Evaluated as a template.
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+
+  ## Tolerations for pod assignment
+  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
+  ## taiga containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #  cpu: 2
+    #  memory: 1Gi
+    requests: {}
+    #  cpu: 1
+    #  memory: 1Gi
+
+  ## Configure extra options for liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+  ##
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 20
+    periodSeconds: 10
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+
+  ## Environment variables, to pass to the entry point
+  ##
+  # extraVars:
+  #   - name: NAMI_DEBUG
+  #     value: --log-level trace
+
+  ## Service
+  ##
+  service:
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Allow adding additional match labels
+    extraSelectorLabels: {}
+
+    # -- HTTP port number
+    port: 80
+
+## Configure the ingress resource that allows you to access the
+## taiga installation. Set up the URL
+## ref: http://kubernetes.io/docs/user-guide/ingress/
+##
+ingress:
+  # -- Enables or disables the ingress
+  enabled: false
+
+  # -- Provide additional annotations which may be required.
+  annotations: {}
+
+  # -- Provide additional labels which may be required.
+  labels: {}
+
+  # -- Set the ingressClass that is used for this ingress.
+  className: ""
+
+  ## Configure the hosts for the ingress
+  host: chart-example.local
+
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+  static:
+    # -- Enables or disables the persistence item. Defaults to true
+    enabled: true
+
+    # -- Storage Class for the config volume.
+    # If set to `-`, dynamic provisioning is disabled.
+    # If set to something else, the given storageClass is used.
+    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
+    storageClass: ""
+
+    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
+    existingClaim: ""
+
+    # -- AccessMode for the persistent volume.
+    # Make sure to select an access mode that is supported by your storage provider!
+    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
+    accessMode: ReadWriteOnce
+
+    # -- The amount of storage that is requested for the persistent volume.
+    size: 5Gi
+
+    # -- Set to true to retain the PVC upon `helm uninstall`
+    retain: false
+
+  media:
+    # -- Enables or disables the persistence item. Defaults to true
+    enabled: true
+
+    # -- Storage Class for the config volume.
+    # If set to `-`, dynamic provisioning is disabled.
+    # If set to something else, the given storageClass is used.
+    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
+    storageClass: ""
+
+    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
+    existingClaim: ""
+
+    # -- AccessMode for the persistent volume.
+    # Make sure to select an access mode that is supported by your storage provider!
+    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
+    accessMode: ReadWriteOnce
+
+    # -- The amount of storage that is requested for the persistent volume.
+    size: 5Gi
+
+    # -- Set to true to retain the PVC upon `helm uninstall`
+    retain: false

charts/tubearchivist/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: tubearchivist
-version: 0.2.0
+version: 0.2.3
 description: Chart for Tube Archivist
 keywords:
   - download
@@ -14,7 +14,7 @@ maintainers:
 icon: https://avatars.githubusercontent.com/u/102734415?s=48&v=4
 dependencies:
   - name: redis
-    version: 19.1.0
+    version: 19.1.2
     repository: https://charts.bitnami.com/bitnami
   - name: elasticsearch
     version: 20.0.4

charts/tubearchivist/values.yaml

@@ -20,18 +20,18 @@ service:
     port: 8000
 ingress:
   enabled: false
-  className:
-  annotations:
-  host:
+  className: ""
+  annotations: ""
+  host: ""
 persistence:
   cache:
     enabled: false
-    storageClassName: default
+    storageClassName: ""
     storageSize: 5Gi
     accessMode: ReadWriteOnce
     volumeMode: Filesystem
   youtube:
-    claimName:
+    claimName: ""
 redis:
   image:
     repository: redis/redis-stack-server
@@ -48,17 +48,17 @@ redis:
     loadmodule /opt/redis-stack/lib/rejson.so
 elasticsearch:
   global:
-    storageClass: default
+    storageClass: ""
   extraEnvVars:
     - name: "discovery.type"
       value: "single-node"
     - name: xpack.security.enabled
       value: "true"
-  extraEnvVarsSecret:
+  extraEnvVarsSecret: []
   extraConfig:
     path:
       repo: /usr/share/elasticsearch/data/snapshot
-  extraVolumes:
+  extraVolumes: []
   extraVolumeMounts:
     - name: snapshot
       mountPath: /usr/share/elasticsearch/data/snapshot