fix http service value

fix events app port to service and port
fix events health endpoint
2024-04-13 23:32:48 -06:00 · 2024-04-13 23:28:03 -06:00 · 2024-04-13 23:19:59 -06:00 · 2024-04-13 23:14:21 -06:00 · 2024-04-13 23:13:44 -06:00 · 2024-04-13 23:11:44 -06:00
30 changed files with 2238 additions and 240 deletions
--- a/charts/outline/Chart.yaml
+++ b/charts/outline/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: outline
-version: 0.4.0
+version: 0.5.0
 description: Chart for Outline wiki
 keywords:
  - wiki
--- a/charts/outline/templates/deployment.yaml
+++ b/charts/outline/templates/deployment.yaml
@@ -55,7 +55,7 @@ spec:
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.outline.database.usernameSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.database.usernameSecret.existingSecretKey }}"                  
+                  key: "{{ .Values.outline.database.usernameSecret.existingSecretKey }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
@@ -75,7 +75,7 @@ spec:
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.outline.database.databasePort.existingSecretName }}"
-                  key: "{{ .Values.outline.database.databasePort.existingSecretKey }}"                  
+                  key: "{{ .Values.outline.database.databasePort.existingSecretKey }}"
            - name: DATABASE_URL
              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)"
            - name: DATABASE_URL_TEST
@@ -102,41 +102,14 @@ spec:
                secretKeyRef:
                  name: "{{ .Values.persistence.s3.credentialsSecret }}"
                  key: AWS_SECRET_ACCESS_KEY
          {{- if .Values.persistence.s3.endpointConfigMap.enabled }}
            - name: AWS_REGION
              valueFrom:
                configMapKeyRef:
                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                  key: BUCKET_REGION
            - name: AWS_S3_UPLOAD_BUCKET_NAME
              valueFrom:
                configMapKeyRef:
                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                  key: BUCKET_NAME
            - name: AWS_S3_UPLOAD_BUCKET_HOST
              valueFrom:
                configMapKeyRef:
                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                  key: BUCKET_HOST
            - name: AWS_S3_UPLOAD_BUCKET_PORT
              valueFrom:
                configMapKeyRef:
                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
                  key: BUCKET_PORT
            - name: AWS_S3_UPLOAD_BUCKET_URL
              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
            - name: AWS_S3_ACCELERATE_URL
              value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"         
          {{- else }}
            - name: AWS_REGION
              value: "{{ .Values.persistence.s3.region }}"
            - name: AWS_S3_UPLOAD_BUCKET_NAME
              value: "{{ .Values.persistence.s3.bucketName }}"
            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
+              value: "{{ .Values.persistence.s3.bucketUrl }}"
            - name: AWS_S3_ACCELERATE_URL
-              value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"              
+              value: "{{ .Values.persistence.s3.bucketUrl }}"
          {{- end }}
            - name: AWS_S3_FORCE_PATH_STYLE
              value: "{{ .Values.persistence.s3.forcePathStyle }}"
            - name: AWS_S3_ACL
--- a/charts/outline/values.yaml
+++ b/charts/outline/values.yaml
@@ -24,13 +24,9 @@ persistence:
  type: s3
  s3:
    credentialsSecret:
    endpointConfigMap:
      enabled: false
      name:
    region:
    bucketName:
-    host:
+    bucketUrl:
    urlProtocol: http
    uploadMaxSize: "26214400"
    forcePathStyle: false
    acl: private
--- a/charts/postgres-cluster-upgrade/Chart.yaml
+++ b/charts/postgres-cluster-upgrade/Chart.yaml
@@ -1,14 +0,0 @@
 apiVersion: v2
 name: postgres-cluster-upgrade
 version: 0.1.2
 description: Chart for upgrading a cloudnative-pg cluster in the same namespace
 keywords:
  - database
  - postgres
  - upgrade
 sources:
  - https://github.com/cloudnative-pg/cloudnative-pg
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
 appVersion: v1.22.2
--- a/charts/postgres-cluster-upgrade/README.md
+++ b/charts/postgres-cluster-upgrade/README.md
@@ -1,19 +0,0 @@
 ## Introduction
 [CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
 CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
 This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster upgraade on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 The process is designed to be used in conjunction with the [postgres-cluster](https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster) chart. The cluster in this chart connects to the orignal cluster, peforms an upgrade, then backups to the objectStore endpoint. Afterwards the upgrade cluster is removed and the orignal cluster bootstraps from the upgrade's backup.
 ## Prerequisites
 - Kubernetes
 - Helm
 - CloudNative PG Operator
 ## Parameters
 See the [values files](values.yaml).
--- a/charts/postgres-cluster-upgrade/templates/backup.yaml
+++ b/charts/postgres-cluster-upgrade/templates/backup.yaml
@@ -1,17 +0,0 @@
 {{- if .Values.backup.inititeBackup }}
 apiVersion: postgresql.cnpg.io/v1
 kind: Backup
 metadata:
  name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  method: barmanObjectStore
  cluster:
    name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
 {{- end }}
--- a/charts/postgres-cluster-upgrade/templates/postgresql-cluster.yaml
+++ b/charts/postgres-cluster-upgrade/templates/postgresql-cluster.yaml
@@ -1,68 +0,0 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
  instances: {{ .Values.cluster.instances }}
  affinity:
    enablePodAntiAffinity: true
    topologyKey: kubernetes.io/hostname
  postgresql:
    parameters:
      {{- toYaml .Values.cluster.parameters | nindent 6 }}
  resources:
    {{- toYaml .Values.cluster.resources | nindent 4 }}
  storage:
    storageClass: {{ .Values.cluster.storage.data.storageClass }}
    size: {{ .Values.cluster.storage.data.size }}
  walStorage:
    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
    size: {{ .Values.cluster.storage.wal.size }}
  monitoring:
    enablePodMonitor: true
  bootstrap:
    initdb:
      import:
        type: {{ .Values.upgrade.importType }}
        databases:
          {{- toYaml .Values.upgrade.importDatabases | nindent 10 }}
        source:
          externalCluster: "postgresql-{{ .Release.Name }}-cluster"
  externalClusters:
    - name: "postgresql-{{ .Release.Name }}-cluster"
      connectionParameters:
        host: "postgresql-{{ .Release.Name }}-cluster-rw"
        user: app
        dbname: app
      password:
        name: "postgresql-{{ .Release.Name }}-cluster-app"
        key: password
  {{- if .Values.backup.backupEnabled }}
  backup:
    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
    barmanObjectStore:
      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
      endpointURL: {{ .Values.backup.endpointURL }}
      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
      s3Credentials:
        accessKeyId:
          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
          key: ACCESS_KEY_ID
        secretAccessKey:
          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
          key: ACCESS_SECRET_KEY
      data:
        compression: {{ .Values.cluster.compression }}
      wal:
        compression: {{ .Values.cluster.compression }}
  {{- end }}
--- a/charts/postgres-cluster-upgrade/values.yaml
+++ b/charts/postgres-cluster-upgrade/values.yaml
@@ -1,37 +0,0 @@
 cluster:
  name:
  image:
    repository: ghcr.io/cloudnative-pg/postgresql
    tag: 16.2
  instances: 1
  parameters:
    shared_buffers: 128MB
    max_slot_wal_keep_size: 2000MB
    hot_standby_feedback: "on"
  compression: snappy
  resources:
    requests:
      memory: 512Mi
      cpu: 100m
    limits:
      memory: 2Gi
      cpu: 1500m
      hugepages-2Mi: 512Mi
  storage:
    data:
      storageClass:
      size: 10Gi
    wal:
      storageClass:
      size: 2Gi
 upgrade:
  importType: microservice
  importDatabases:
    - app
 backup:
  backupEnabled: false
  inititeBackup: false  
  retentionPolicy: 3d  
  backupIndex: 1
  endpointURL:
  bucket:
--- a/charts/postgres-cluster/Chart.yaml
+++ b/charts/postgres-cluster/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 1.1.0
+version: 2.2.0
 description: Chart for cloudnative-pg cluster
 keywords:
  - database
--- a/charts/postgres-cluster/templates/_backup.tpl
+++ b/charts/postgres-cluster/templates/_backup.tpl
@@ -3,20 +3,20 @@
 backup:
  retentionPolicy: {{ .Values.backup.retentionPolicy }}
  barmanObjectStore:
-    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Release.Name }}"
+    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.name" . }}"
    endpointURL: {{ .Values.backup.endpointURL }}
    {{- if .Values.backup.endpointCA }}
    endpointCA:
      name: {{ .Values.backup.endpointCA }}
      key: ca-bundle.crt
    {{- end }}
-    serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
+    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
    s3Credentials:
      accessKeyId:
-        name: {{ include "cluster.backup.credentials" . }}
+        name: {{ include "cluster.backupCredentials" . }}
        key: ACCESS_KEY_ID
      secretAccessKey:
-        name: {{ include "cluster.backup.credentials" . }}
+        name: {{ include "cluster.backupCredentials" . }}
        key: ACCESS_SECRET_KEY
    wal:
      compression: {{ .Values.backup.wal.compression }}
--- a/charts/postgres-cluster/templates/_bootstrap.tpl
+++ b/charts/postgres-cluster/templates/_bootstrap.tpl
@@ -46,9 +46,9 @@ bootstrap:
        {{- end }}      
      {{- end }}
      source:
-        externalCluster: "postgresql-{{ .Release.Name }}-cluster"
+        externalCluster: "{{ include "cluster.name" . }}-cluster"
 externalClusters:
-  - name: "postgresql-{{ .Release.Name }}-cluster"
+  - name: "{{ include "cluster.name" . }}-cluster"
    {{- with .Values.replica.externalCluster }}
    {{- . | toYaml | nindent 4 }}
    {{- end }}    
@@ -58,25 +58,25 @@ externalClusters:
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
-    source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+    source: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
 externalClusters:
-  - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+  - name: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
    barmanObjectStore:
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+      serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
-      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Release.Name }}"
+      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Values.recovery.recoveryName }}"
      endpointURL: {{ .Values.recovery.endpointURL }}
      {{- with .Values.recovery.endpointCA }}
      endpointCA:
        name: {{ . }}
        key: ca-bundle.crt
      {{- end }}
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+      serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
      s3Credentials:
        accessKeyId:
-          name: {{ include "cluster.recovery.credentials" . }}
+          name: {{ include "cluster.recoveryCredentials" . }}
          key: ACCESS_KEY_ID
        secretAccessKey:
-          name: {{ include "cluster.recovery.credentials" . }}
+          name: {{ include "cluster.recoveryCredentials" . }}
          key: ACCESS_SECRET_KEY
      wal:
        compression: {{ .Values.recovery.wal.compression }}
--- a/charts/postgres-cluster/templates/_helpers.tpl
+++ b/charts/postgres-cluster/templates/_helpers.tpl
@@ -2,26 +2,12 @@
 Expand the name of the chart.
 */}}
 {{- define "cluster.name" -}}
-  {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- if .Values.nameOverride }}
-{{- end }}
+    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "cluster.fullname" -}}
 {{- if .Values.fullnameOverride }}
  {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
  {{- $name := default .Chart.Name .Values.nameOverride }}
  {{- if contains $name .Release.Name }}
    {{- .Release.Name | trunc 63 | trimSuffix "-" }}
  {{- else }}
-    {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+    {{- printf "postgresql-%s-%s" .Values.cluster.image.majorVersion .Release.Name | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
@@ -54,18 +40,29 @@ app.kubernetes.io/part-of: cloudnative-pg
 {{/*
 Generate name for object store credentials
 */}}
-{{- define "cluster.recovery.credentials" -}}
+{{- define "cluster.recoveryCredentials" -}}
  {{- if .Values.recovery.endpointCredentials -}}
    {{- .Values.recovery.endpointCredentials -}}
  {{- else -}}
-    {{- printf "postgresql-%s-cluster-backup-secret" .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
-{{- end -}}
+{{- end }}
-{{- define "cluster.backup.credentials" -}}
+{{- define "cluster.backupCredentials" -}}
  {{- if .Values.backup.endpointCredentials -}}
    {{- .Values.backup.endpointCredentials -}}
  {{- else -}}
-    {{- printf "postgresql-%s-cluster-backup-secret" .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
-{{- end -}}
+{{- end }}
 {{/*
 Generate recovery server name
 */}}
 {{- define "cluster.recoveryName" -}}
  {{- if .Values.recovery.recoveryName -}}
    {{- .Values.recovery.recoveryName -}}
  {{- else -}}
    {{ include "cluster.name" . }}
  {{- end }}
 {{- end }}
--- a/charts/postgres-cluster/templates/cluster.yaml
+++ b/charts/postgres-cluster/templates/cluster.yaml
@@ -1,7 +1,7 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: "postgresql-{{ include "cluster.fullname" . }}-cluster"
+  name: {{ include "cluster.name" . }}-cluster
  namespace: {{ .Release.Namespace }}
  {{- with .Values.cluster.annotations }}
  annotations:
--- a/charts/postgres-cluster/templates/prometheus-rule.yaml
+++ b/charts/postgres-cluster/templates/prometheus-rule.yaml
@@ -2,7 +2,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: "postgresql-{{ include "cluster.fullname" . }}-alert-rules"
+  name: {{ include "cluster.name" . }}-alert-rules
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
@@ -11,14 +11,14 @@ metadata:
  {{- end }}
 spec:
  groups:
-    - name: cloudnative-pg/{{ include "cluster.fullname" . }}
+    - name: cloudnative-pg/{{ include "cluster.name" . }}
      rules:
        {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
        {{- $_ := set $dict "value"       "{{ $value }}" -}}
        {{- $_ := set $dict "namespace"   .Release.Namespace -}}
-        {{- $_ := set $dict "cluster"     (include "cluster.fullname" .) -}}
+        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
-        {{- $_ := set $dict "podSelector" (printf "%s-([1-9][0-9]*)$" (include "cluster.fullname" .)) -}}
+        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
        {{- $_ := set $dict "Values"      .Values -}}
        {{- $_ := set $dict "Template"    .Template -}}
        {{- range $path, $_ := .Files.Glob  "prometheus_rules/**.yaml" }}
--- a/charts/postgres-cluster/templates/scheduled-backup.yaml
+++ b/charts/postgres-cluster/templates/scheduled-backup.yaml
@@ -2,7 +2,7 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: "postgresql-{{ include "cluster.fullname" . }}-cluster-scheduled-backup"
+  name: {{ include "cluster.name" . }}-scheduled-backup
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
@@ -14,5 +14,5 @@ spec:
  schedule: {{ .Values.backup.schedule }}
  backupOwnerReference: self
  cluster:
-    name: "postgresql-{{ include "cluster.fullname" . }}-cluster"
+    name: {{ include "cluster.name" . }}-cluster
 {{ end }}
--- a/charts/postgres-cluster/values.yaml
+++ b/charts/postgres-cluster/values.yaml
@@ -1,7 +1,5 @@
-# -- Override the name of the chart
+# -- Override the name of the cluster
 nameOverride: ""
 # -- Override the full name of the chart
 fullnameOverride: ""
 ###
 # -- Type of the CNPG database. Available types:
@@ -25,7 +23,8 @@ cluster:
  image:
    repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 16.2
+    tag: "16.2"
    majorVersion: "16"
    pullPolicy: IfNotPresent
  # The UID and GID of the postgres user inside the image
@@ -112,6 +111,9 @@ recovery:
  # Generate external cluster name, uses: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
  recoveryIndex: 1
  # Name of the recovery cluster in the object store, defaults to "cluster.name"
  recoveryName: ""
  wal:
    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    compression: snappy
--- a/charts/taiga/Chart.yaml
+++ b/charts/taiga/Chart.yaml
@@ -0,0 +1,24 @@
 apiVersion: v2
 name: taiga
 version: 0.1.9
 description: Chart for Taiga
 keywords:
  - kanban
  - project management
 sources:
  - https://github.com/taigaio
  - https://github.com/rabbitmq/rabbitmq-server
  - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
 dependencies:
  - name: rabbitmq
    version: 13.0.3
    repository: https://charts.bitnami.com/bitnami
    alias: taiga-async-rabbitmq
  - name: rabbitmq
    version: 13.0.3
    repository: https://charts.bitnami.com/bitnami
    alias: taiga-events-rabbitmq
 appVersion: 6.7.7
--- a/charts/taiga/README.md
+++ b/charts/taiga/README.md
@@ -0,0 +1,17 @@
 ## Introduction
 [Taiga 6](https://github.com/taigaio)
 Intuitive and simple, yet feature complete Kanban board
 This chart bootstraps a [Taiga](https://github.com/taigaio) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 ## Parameters
 See the [values files](values.yaml).
--- a/charts/taiga/templates/_helpers.tpl
+++ b/charts/taiga/templates/_helpers.tpl
@@ -0,0 +1,135 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "taiga.name" -}}
  {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "taiga.fullname" -}}
  {{- if .Values.global.fullnameOverride -}}
    {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
  {{- else -}}
    {{- $name := default .Chart.Name .Values.global.nameOverride -}}
    {{- if contains $name .Release.Name -}}
      {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
    {{- else -}}
      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label
 */}}
 {{- define "taiga.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "taiga.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Common labels for specific components
 */}}
 {{- define "taiga.back.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-back
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "taiga.async.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-async
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "taiga.front.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-front
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "taiga.events.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-events
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "taiga.protected.labels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
 helm.sh/chart: {{ template "taiga.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
 */}}
 {{- define "taiga.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.back.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-back
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.async.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-async
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.front.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-front
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.events.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-events
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "taiga.protected.matchLabels" -}}
 app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "taiga.serviceAccountName" -}}
  {{- if .Values.serviceAccount.create -}}
    {{ default (include "taiga.fullname" .) .Values.serviceAccount.name }}
  {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
  {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the static persistent volume
 */}}
 {{- define "taiga.staticVolumeName" -}}
  {{- if .Values.persistence.static.existingClaim -}}
    {{ .Values.persistence.static.existingClaim }}
  {{- else -}}
    {{ printf "%s-static" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
  {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the media persistent volume
 */}}
 {{- define "taiga.mediaVolumeName" -}}
  {{- if .Values.persistence.media.existingClaim -}}
    {{ .Values.persistence.media.existingClaim }}
  {{- else -}}
    {{ printf "%s-media" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
  {{- end -}}
 {{- end -}}
--- a/charts/taiga/templates/config-map.yaml
+++ b/charts/taiga/templates/config-map.yaml
@@ -0,0 +1,36 @@
 {{- if .Values.createInitialUser }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "taiga.fullname" . }}-create-initial-user
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 data:
  createinitialuser.sh: |
    #!/bin/sh
    echo """
    import time
    import requests
    import subprocess
    print('Waiting for backend ...')
    while requests.get('http://{{ template "taiga.fullname" . }}-back/api/v1/').status_code != 200:
        print('...')
        time.sleep(2)
    if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
        print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
    else:
        print('Admin user yet created.')
        """ > /tmp/create_superuser.py
        python /tmp/create_superuser.py
 {{- end }}
--- a/charts/taiga/templates/deployment-back.yaml
+++ b/charts/taiga/templates/deployment-back.yaml
@@ -0,0 +1,515 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "taiga.fullname" . }}-back
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.back.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.back.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "taiga.back.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "taiga.back.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "taiga.name" . }}-back
      annotations:
        {{- with .Values.back.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.back.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.back.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.back.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
      securityContext:
        {{- with .Values.back.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "taiga.fullname" . }}-back
          image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
          imagePullPolicy: {{ .Values.back.image.pullPolicy }}
          resources:
            {{ toYaml .Values.back.resources | nindent 12 }}
          ports:
            - name: taiga-back
              containerPort: {{ .Values.back.service.port }}
              protocol: TCP
          volumeMounts:
            - name: taiga-static
              mountPath: /taiga-back/static
            - name: taiga-media
              mountPath: /taiga-back/media
          env:
            - name: TAIGA_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: ENABLE_TELEMETRY
              value: "{{ .Values.enableTelemetry }}"
            - name: PUBLIC_REGISTER_ENABLED
              value: "{{ .Values.publicRegisterEnabled }}"
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.usernameKey }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.passwordKey }}"
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.databaseNameKey }}"
            - name: POSTGRES_HOST
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.hostKey }}"
          {{ if .Values.oidc.enabled }}
            - name: OIDC_ENABLED
              value: "True"
            - name: OIDC_SCOPES
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.scopesKey }}"
            - name: OIDC_SIGN_ALGO
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.signatureAlgorithmKey }}"
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientIdKey }}"
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientSecretKey }}"
            - name: OIDC_BASE_URL
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.baseUrlKey }}"
            - name: OIDC_JWKS_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.jwksEndpointKey }}"
            - name: OIDC_AUTHORIZATION_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.authorizationEndpointKey }}"
            - name: OIDC_TOKEN_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.tokenEndpointKey }}"
            - name: OIDC_USER_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.userEndpointKey }}"
          {{ end }}
          {{ if .Values.email.enabled }}
            - name: EMAIL_BACKEND
              value: "django.core.mail.backends.smtp.EmailBackend"
            - name: DEFAULT_FROM_EMAIL
              value: "{{ .Values.email.from }}"
            - name: EMAIL_HOST
              value: "{{ .Values.email.host }}"
            - name: EMAIL_PORT
              value: "{{ .Values.email.port }}"
            - name: EMAIL_USE_TLS
              value: "{{ .Values.email.tls }}"
            - name: EMAIL_USE_SSL
              value: "{{ .Values.email.ssl }}"
            - name: EMAIL_HOST_USER
              value: "{{ .Values.email.user }}"
            - name: EMAIL_HOST_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.email.existingPasswordSecret }}"
                  key: "{{ .Values.email.existingSecretPasswordKey }}"
          {{ end }}
            - name: ENABLE_GITHUB_AUTH
              value: "false"
            - name: ENABLE_GITLAB_AUTH
              value: "false"
            - name: ENABLE_SLACK
              value: "{{ .Values.enableSlack }}"
          {{ if .Values.githubImporter.enabled }}
            - name: ENABLE_GITHUB_IMPORTER
              value: "True"
            - name: GITHUB_API_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.githubImporter.existingSecretName }}"
                  key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
            - name: GITHUB_API_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.githubImporter.existingSecretName }}"
                  key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
          {{ else }}
            - name: ENABLE_GITHUB_IMPORTER
              value: "False"
          {{ end }}
          {{ if .Values.jiraImporter.enabled }}
            - name: ENABLE_JIRA_IMPORTER
              value: "True"
            - name: JIRA_IMPORTER_CONSUMER_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
            - name: JIRA_IMPORTER_CERT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
            - name: JIRA_IMPORTER_PUB_CERT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
          {{ else }}
            - name: ENABLE_JIRA_IMPORTER
              value: "False"
          {{ end }}
          {{ if .Values.trelloImporter.enabled }}
            - name: ENABLE_TRELLO_IMPORTER
              value: "True"
            - name: TRELLO_IMPORTER_API_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.trelloImporter.existingSecretName }}"
                  key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
            - name: TRELLO_IMPORTER_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.trelloImporter.existingSecretName }}"
                  key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
          {{ else }}
            - name: ENABLE_JIRA_IMPORTER
              value: "False"
          {{ end }}
            - name: RABBITMQ_USER
              value: "{{ index .Values "taiga-async-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
                  name: {{ index .Values "taiga-async-rabbitmq" "auth" "existingPasswordSecret" }}
                  key: {{ index .Values "taiga-async-rabbitmq" "auth" "existingSecretPasswordKey" }}
          {{ if .Values.ingress.enabled }}
            - name: TAIGA_SITES_DOMAIN
              value: "{{ .Values.ingress.host }}"
            - name: TAIGA_SITES_SCHEME
              value: "https"
            - name: SESSION_COOKIE_SECURE
              value: "True"
            - name: CSRF_COOKIE_SECURE
              value: "True"
          {{- end }}
          {{- if .Values.back.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.back.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
          {{- end }}
        - name: {{ template "taiga.fullname" . }}-async
          image: "{{ .Values.async.image.repository }}:{{ .Values.async.image.tag }}"
          imagePullPolicy: {{ .Values.async.image.pullPolicy }}
          resources:
            {{ toYaml .Values.async.resources | nindent 12 }}
          command:
            - /taiga-back/docker/async_entrypoint.sh
          volumeMounts:
            - name: taiga-static
              mountPath: /taiga-back/static
            - name: taiga-media
              mountPath: /taiga-back/media
          env:
            - name: TAIGA_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: ENABLE_TELEMETRY
              value: "{{ .Values.enableTelemetry }}"
            - name: PUBLIC_REGISTER_ENABLED
              value: "{{ .Values.publicRegisterEnabled }}"
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.usernameKey }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.passwordKey }}"
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.databaseNameKey }}"
            - name: POSTGRES_HOST
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.postgresql.existingSecretName }}"
                  key: "{{ .Values.postgresql.hostKey }}"
          {{ if .Values.oidc.enabled }}
            - name: OIDC_ENABLED
              value: "True"
            - name: OIDC_SCOPES
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.scopesKey }}"
            - name: OIDC_SIGN_ALGO
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.signatureAlgorithmKey }}"
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientIdKey }}"
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.clientSecretKey }}"
            - name: OIDC_BASE_URL
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.baseUrlKey }}"
            - name: OIDC_JWKS_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.jwksEndpointKey }}"
            - name: OIDC_AUTHORIZATION_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.authorizationEndpointKey }}"
            - name: OIDC_TOKEN_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.tokenEndpointKey }}"
            - name: OIDC_USER_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.oidc.existingSecretName }}"
                  key: "{{ .Values.oidc.userEndpointKey }}"
          {{ end }}
          {{ if .Values.email.enabled }}
            - name: EMAIL_BACKEND
              value: "django.core.mail.backends.smtp.EmailBackend"
            - name: DEFAULT_FROM_EMAIL
              value: "{{ .Values.email.from }}"
            - name: EMAIL_HOST
              value: "{{ .Values.email.host }}"
            - name: EMAIL_PORT
              value: "{{ .Values.email.port }}"
            - name: EMAIL_USE_TLS
              value: "{{ .Values.email.tls }}"
            - name: EMAIL_USE_SSL
              value: "{{ .Values.email.ssl }}"
            - name: EMAIL_HOST_USER
              value: "{{ .Values.email.user }}"
            - name: EMAIL_HOST_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.email.existingPasswordSecret }}"
                  key: "{{ .Values.email.existingSecretPasswordKey }}"
          {{ end }}
            - name: ENABLE_GITHUB_AUTH
              value: "false"
            - name: ENABLE_GITLAB_AUTH
              value: "false"
            - name: ENABLE_SLACK
              value: "{{ .Values.enableSlack }}"
          {{ if .Values.githubImporter.enabled }}
            - name: ENABLE_GITHUB_IMPORTER
              value: "True"
            - name: GITHUB_API_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.githubImporter.existingSecretName }}"
                  key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
            - name: GITHUB_API_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.githubImporter.existingSecretName }}"
                  key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
          {{ else }}
            - name: ENABLE_GITHUB_IMPORTER
              value: "False"
          {{ end }}
          {{ if .Values.jiraImporter.enabled }}
            - name: ENABLE_JIRA_IMPORTER
              value: "True"
            - name: JIRA_IMPORTER_CONSUMER_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
            - name: JIRA_IMPORTER_CERT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
            - name: JIRA_IMPORTER_PUB_CERT
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.jiraImporter.existingSecretName }}"
                  key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
          {{ else }}
            - name: ENABLE_JIRA_IMPORTER
              value: "False"
          {{ end }}
          {{ if .Values.trelloImporter.enabled }}
            - name: ENABLE_TRELLO_IMPORTER
              value: "True"
            - name: TRELLO_IMPORTER_API_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.trelloImporter.existingSecretName }}"
                  key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
            - name: TRELLO_IMPORTER_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.trelloImporter.existingSecretName }}"
                  key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
          {{ else }}
            - name: ENABLE_JIRA_IMPORTER
              value: "False"
          {{ end }}
            - name: RABBITMQ_USER
              value: "{{ index .Values "taiga-async-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
                  name: {{ index .Values "taiga-async-rabbitmq" "auth" "existingPasswordSecret" }}
                  key: {{ index .Values "taiga-async-rabbitmq" "auth" "existingSecretPasswordKey" }}
          {{ if .Values.ingress.enabled }}
            - name: TAIGA_SITES_DOMAIN
              value: "{{ .Values.ingress.host }}"
            - name: TAIGA_SITES_SCHEME
              value: "https"
            - name: SESSION_COOKIE_SECURE
              value: "True"
            - name: CSRF_COOKIE_SECURE
              value: "True"
          {{- end }}
          {{- if .Values.back.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.back.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
          {{- end }}
      volumes:
        - name: taiga-static
      {{- if .Values.persistence.static.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "taiga.staticVolumeName" . }}
      {{- else }}
          emptyDir: {}
      {{- end }}
        - name: taiga-media
      {{- if .Values.persistence.media.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "taiga.mediaVolumeName" . }}
      {{- else }}
          emptyDir: {}
      {{- end }}
--- a/charts/taiga/templates/deployment-events.yaml
+++ b/charts/taiga/templates/deployment-events.yaml
@@ -0,0 +1,101 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "taiga.fullname" . }}-events
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.events.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.events.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "taiga.events.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "taiga.events.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "taiga.name" . }}-events
      annotations:
        {{- with .Values.events.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.events.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.events.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.events.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
      securityContext:
        {{- with .Values.events.securityContext }}
        {{ toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: {{ template "taiga.fullname" . }}-events
          image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}"
          imagePullPolicy: {{ .Values.events.image.pullPolicy }}
          resources:
            {{ toYaml .Values.events.resources | nindent 12 }}
          ports:
            - name: taiga-events
              containerPort: {{ .Values.events.service.http.port }}
              protocol: TCP
            - name: taiga-events-app
              containerPort: {{ .Values.events.service.app.port }}
              protocol: TCP
          env:
            - name: TAIGA_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: RABBITMQ_USER
              value: "{{ index .Values "taiga-events-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
                  name: {{ index .Values "taiga-events-rabbitmq" "auth" "existingPasswordSecret" }}
                  key: {{ index .Values "taiga-events-rabbitmq" "auth" "existingSecretPasswordKey" }}
            - name: APP_PORT
              value: "{{ .Values.events.service.app.port }}"
          {{- if .Values.events.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.events.service.app.port }}
            initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.events.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.events.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.events.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.events.service.app.port }}
            initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.events.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.events.readinessProbe.failureThreshold }}
          {{- end }}
--- a/charts/taiga/templates/deployment-front.yaml
+++ b/charts/taiga/templates/deployment-front.yaml
@@ -0,0 +1,106 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "taiga.fullname" . }}-front
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.front.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.front.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "taiga.front.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "taiga.front.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "taiga.name" . }}-front
      annotations:
        {{- with .Values.front.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.front.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.front.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.front.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
      securityContext:
        {{- with .Values.front.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "taiga.fullname" . }}-front
          image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
          imagePullPolicy: {{ .Values.front.image.pullPolicy }}
          resources:
            {{ toYaml .Values.front.resources | nindent 12 }}
          ports:
            - name: taiga-front
              containerPort: {{ .Values.front.service.port }}
              protocol: TCP
          env:
          {{ if .Values.ingress.enabled }}
            - name: TAIGA_URL
              value: "https://{{ .Values.ingress.host }}"
          {{ else }}
            - name: TAIGA_URL
              value: "http://localhost:{{ .Values.front.service.port }}"
          {{ end }}
            - name: PUBLIC_REGISTER_ENABLED
              value: "{{ .Values.publicRegisterEnabled }}"
            - name: ENABLE_GITHUB_AUTH
              value: "false"
            - name: ENABLE_GITLAB_AUTH
              value: "false"
            - name: ENABLE_SLACK
              value: "{{ .Values.enableSlack }}"
            - name: ENABLE_GITHUB_IMPORTER
              value: "{{ .Values.githubImporter.enabled }}"
            - name: ENABLE_JIRA_IMPORTER
              value: "{{ .Values.jiraImporter.enabled }}"
            - name: ENABLE_TRELLO_IMPORTER
              value: "{{ .Values.trelloImporter.enabled }}"
          {{- if .Values.front.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.front.service.port }}
            initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.front.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.front.service.port }}
            initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
          {{- end }}
--- a/charts/taiga/templates/deployment-protected.yaml
+++ b/charts/taiga/templates/deployment-protected.yaml
@@ -0,0 +1,91 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "taiga.fullname" . }}-protected
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.protected.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.protected.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "taiga.protected.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "taiga.protected.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "taiga.name" . }}-protected
      annotations:
        {{- with .Values.protected.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.protected.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.protected.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.protected.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "taiga.serviceAccountName" . }}
      securityContext:
        {{- with .Values.protected.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "taiga.fullname" . }}-protected
          image: "{{ .Values.protected.image.repository }}:{{ .Values.protected.image.tag }}"
          imagePullPolicy: {{ .Values.protected.image.pullPolicy }}
          resources:
            {{ toYaml .Values.protected.resources | nindent 12 }}
          ports:
            - name: taiga-protected
              containerPort: {{ .Values.protected.service.port }}
              protocol: TCP
          env:
            - name: SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: MAX_AGE
              value: "{{ .Values.maxAge }}"
          {{- if .Values.protected.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.protected.service.port }}
            initialDelaySeconds: {{ .Values.protected.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.protected.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.protected.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.protected.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.protected.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.protected.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: /admin/login/
              port: {{ .Values.protected.service.port }}
            initialDelaySeconds: {{ .Values.protected.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.protected.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.protected.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.protected.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.protected.readinessProbe.failureThreshold }}
          {{- end }}
--- a/charts/taiga/templates/ingress.yaml
+++ b/charts/taiga/templates/ingress.yaml
@@ -0,0 +1,65 @@
 {{- if .Values.ingress.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ template "taiga.fullname" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- toYaml .Values.ingress.annotations | nindent 4 }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.ingress.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  ingressClassName: {{ .Values.ingress.className }}
  tls:
    - hosts:
      - {{ .Values.ingress.host }}
      secretName: {{ template "taiga.fullname" . }}-secret-tls
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: /
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-front"
                port:
                  name: taiga-front
            pathType: ImplementationSpecific
          - path: /api
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-back"
                port:
                  name: taiga-back
            pathType: ImplementationSpecific
          - path: /admin
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-back"
                port:
                  name: taiga-back
            pathType: ImplementationSpecific
          - path: /events
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-events"
                port:
                  name: taiga-events
            pathType: ImplementationSpecific
          - path: /media
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-protected"
                port:
                  name: taiga-protected
            pathType: ImplementationSpecific
 {{- end }}
--- a/charts/taiga/templates/job.yaml
+++ b/charts/taiga/templates/job.yaml
@@ -0,0 +1,66 @@
 {{- if .Values.createInitialUser }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ template "taiga.fullname" . }}-create-initial-user
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  backoffLimit: 4
  template:
    spec:
      {{- if .Values.back.nodeSelector }}
      nodeSelector:
        {{ toYaml .Values.back.nodeSelector | nindent 8 }}
      {{- end }}
      restartPolicy: Never
      containers:
      - name: {{ template "taiga.fullname" . }}-create-initial-user
        image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
        imagePullPolicy: {{ .Values.back.image.pullPolicy }}
        command:
          - sh
          - /scripts/createinitialuser.sh
        volumeMounts:
          - name: create-initial-user
            mountPath: /scripts
        env:
          - name: TAIGA_SECRET_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.secretKey.existingSecretName }}"
                key: "{{ .Values.secretKey.existingSecretKey }}"
          - name: POSTGRES_USERNAME
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.postgresql.existingSecretName }}"
                key: "{{ .Values.postgresql.usernameKey }}"
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.postgresql.existingSecretName }}"
                key: "{{ .Values.postgresql.passwordKey }}"
          - name: POSTGRES_DATABASE_NAME
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.postgresql.existingSecretName }}"
                key: "{{ .Values.postgresql.databaseNameKey }}"
          - name: POSTGRES_DATABASE_HOST
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.postgresql.existingSecretName }}"
                key: "{{ .Values.postgresql.hostKey }}"
      volumes:
        - name: create-initial-user
          configMap:
            name: {{ template "taiga.fullname" . }}-create-initial-user
            defaultMode: 0744
 {{- end }}
--- a/charts/taiga/templates/persistent-volume-claim.yaml
+++ b/charts/taiga/templates/persistent-volume-claim.yaml
@@ -0,0 +1,54 @@
 {{- if and .Values.persistence.static.enabled (not .Values.persistence.static.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "taiga.staticVolumeName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if .Values.persistence.static.retain }}
    helm.sh/resource-policy: keep
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  storageClassName: {{ .Values.persistence.static.storageClass }}
  accessModes:
    - {{ .Values.persistence.static.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.static.size }}
 {{- end }}
 ---
 {{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "taiga.mediaVolumeName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if .Values.persistence.media.retain }}
    "helm.sh/resource-policy": keep
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  storageClassName: {{ .Values.persistence.media.storageClass }}
  accessModes:
    - {{ .Values.persistence.media.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.media.size }}
 {{- end }}
--- a/charts/taiga/templates/service-account.yaml
+++ b/charts/taiga/templates/service-account.yaml
@@ -0,0 +1,20 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "taiga.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/taiga/templates/service.yaml
+++ b/charts/taiga/templates/service.yaml
@@ -0,0 +1,138 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "taiga.fullname" . }}-back
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.back.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.back.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.back.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.back.service.type }}
  ports:
    - port: {{ .Values.back.service.port }}
      targetPort: taiga-back
      protocol: TCP
      name: taiga-back
  selector:
    {{- include "taiga.back.matchLabels" . | nindent 4 }}
    {{- with .Values.back.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "taiga.fullname" . }}-events
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.events.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.events.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.events.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.events.service.type }}
  ports:
    - port: {{ .Values.events.service.http.port }}
      targetPort: taiga-events
      protocol: TCP
      name: taiga-events
    - port: {{ .Values.events.service.app.port }}
      targetPort: taiga-events-app
      protocol: TCP
      name: taiga-events-app
  selector:
    {{- include "taiga.events.matchLabels" . | nindent 4 }}
    {{- with .Values.events.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "taiga.fullname" . }}-front
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.front.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.front.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.front.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.front.service.type }}
  ports:
    - port: {{ .Values.front.service.port }}
      targetPort: taiga-front
      protocol: TCP
      name: taiga-front
  selector:
    {{- include "taiga.front.matchLabels" . | nindent 4 }}
    {{- with .Values.front.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "taiga.fullname" . }}-protected
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.protected.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "taiga.protected.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.protected.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.protected.service.type }}
  ports:
    - port: {{ .Values.protected.service.port }}
      targetPort: taiga-protected
      protocol: TCP
      name: taiga-protected
  selector:
    {{- include "taiga.protected.matchLabels" . | nindent 4 }}
    {{- with .Values.protected.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/taiga/values.yaml
+++ b/charts/taiga/values.yaml
@@ -0,0 +1,817 @@
 ## Global
 ##
 global:
  # -- Set an override for the prefix of the fullname
  nameOverride:
  # -- Set the entire name definition
  fullnameOverride:
  # -- Set additional global labels. Helm templates can be used.
  labels: {}
  # -- Set additional global annotations. Helm templates can be used.
  annotations: {}
 ## Service Account
 ##
 serviceAccount:
  # -- Specifies whether a service account should be created
  create: false
  # -- Annotations to add to the service account
  annotations: {}
  # -- Labels to add to the service account
  labels: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 ## Secret key
 ## Specificy the secret name and the key containg a strong secret key
 ##
 secretKey:
  existingSecretName: ""
  existingSecretKey: ""
 ## Create initial user with credentials admin/123123
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
 ##
 # TODO: set to false by default or create with a random password which is stored in a secret
 # or allow to pass in the data for username and secret
 createInitialUser: true
 ## Max age
 ##
 maxAge: 360
 ## Create initial templates
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
 ##
 # TODO: This values seems to be unused
 createInitialTemplates: false
 ## Telemetry settings
 ##
 enableTelemetry: true
 ## Public registration
 ##
 publicRegisterEnabled: true
 ## Enable debug
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
 debug: false
 ## Postgresql
 ## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
 ##
 postgresql:
  existingSecretName: ""
  usernameKey: ""
  passwordKey: ""
  databaseNameKey: ""
  hostKey: ""
  portKey: ""
 ## OIDC authentication
 ## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
 ##
 oidc:
  enabled: false
  existingSecretName: ""
  scopesKey: "" # "openid profile email"
  signatureAlgorithmKey: "" # "RS256"
  clientIdKey: "" # <generate from auth provider>
  clientSecretKey: "" # <generate from auth provider>
  baseUrlKey: "" # "https://id.fedoraproject.org/openidc"
  jwksEndpointKey: "" # "https://id.fedoraproject.org/openidc/Jwks"
  authorizationEndpointKey: "" # "https://id.fedoraproject.org/openidc/Authorization"
  tokenEndpointKey: "" # "https://id.fedoraproject.org/openidc/Token"
  userEndpointKey: "" # "https://id.fedoraproject.org/openidc/UserInfo"
 ## SMTP mail delivery configuration
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
 ##
 email:
  enabled: false
  from: no-reply@example.com
  host: localhost
  port: 587
  tls: false
  ssl: false
  user: ""
  ## Specificy an existing secret containg the password for the smtp user
  ##
  existingPasswordSecret: ""
  existingSecretPasswordKey: ""
 ## Slack
 ##
 enableSlack: false
 ## Importers
 ##
 # Github importer
 githubImporter:
  enabled: false
  existingSecretName: ""
  existingSecretClientIdKey: ""
  existingSecretClientSecretKey: ""
 # Jira importer
 jiraImporter:
  enabled: false
  existingSecretName: ""
  existingSecretConsumerKeyKey: ""
  existingSecretCertKey: ""
  existingSecretPubCertKey: ""
 # Trello importer
 trelloImporter:
  enabled: false
  existingSecretName: ""
  existingSecretApiKeyKey: ""
  existingSecretSecretKeyKey: ""
 ## taiga-back
 ##
 back:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-back
    tag: "6.7.3"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 8000
 ## Async
 ##
 async:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-back
    tag: "6.7.3"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 8000
 ## Async Rabbitmq
 ## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
 ##
 taiga-async-rabbitmq:
  auth:
    ## @param auth.username RabbitMQ application username
    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
    ##
    username: taiga
    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
    ## e.g:
    ## existingPasswordSecret: name-of-existing-secret
    ##
    existingPasswordSecret: ""
    existingSecretPasswordKey: ""
    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
    ## e.g:
    ## existingErlangSecret: name-of-existing-secret
    ##
    existingErlangSecret: ""
    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
    ##
    existingSecretErlangKey: ""
  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
  ## Must contain the key "rabbitmq.conf"
  ## Takes precedence over `configuration`, so do not use both simultaneously
  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
  ##
  configurationExistingSecret: ""
  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
  ## Use this instead of `configuration` to add more configuration
  ## Do not use simultaneously with `extraConfigurationExistingSecret`
  ##
  extraConfiguration: |-
    default_vhost = taiga
    default_permissions.configure = .*
    default_permissions.read = .*
    default_permissions.write = .*
 ## Events
 ##
 events:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-events
    tag: "6.7.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    http:
      # -- HTTP port number
      port: 8888
    app:
      # -- HTTP port number
      port: 3023
 ## Events Rabbitmq
 ## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
 ##
 taiga-events-rabbitmq:
  auth:
    ## @param auth.username RabbitMQ application username
    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
    ##
    username: taiga
    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
    ## e.g:
    ## existingPasswordSecret: name-of-existing-secret
    ##
    existingPasswordSecret: ""
    existingSecretPasswordKey: ""
    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
    ## e.g:
    ## existingErlangSecret: name-of-existing-secret
    ##
    existingErlangSecret: ""
    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
    ##
    existingSecretErlangKey: ""
  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
  ## Must contain the key "rabbitmq.conf"
  ## Takes precedence over `configuration`, so do not use both simultaneously
  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
  ##
  configurationExistingSecret: ""
  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
  ## Use this instead of `configuration` to add more configuration
  ## Do not use simultaneously with `extraConfigurationExistingSecret`
  ##
  extraConfiguration: |-
    default_vhost = taiga
    default_permissions.configure = .*
    default_permissions.read = .*
    default_permissions.write = .*
 ## Protected
 ##
 protected:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-protected
    tag: "6.7.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 8003
 ## Front
 ##
 front:
  ## Taiga image version
  ## ref: https://hub.docker.com/r/taigaio/taiga5/tags
  ##
  image:
    repository: taigaio/taiga-front
    tag: "6.7.7"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## taiga containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Environment variables, to pass to the entry point
  ##
  # extraVars:
  #   - name: NAMI_DEBUG
  #     value: --log-level trace
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 80
 ## Configure the ingress resource that allows you to access the
 ## taiga installation. Set up the URL
 ## ref: http://kubernetes.io/docs/user-guide/ingress/
 ##
 ingress:
  # -- Enables or disables the ingress
  enabled: false
  # -- Provide additional annotations which may be required.
  annotations: {}
  # -- Provide additional labels which may be required.
  labels: {}
  # -- Set the ingressClass that is used for this ingress.
  className: ""
  ## Configure the hosts for the ingress
  host: chart-example.local
 ## Enable persistence using Persistent Volume Claims
 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
 ##
 persistence:
  static:
    # -- Enables or disables the persistence item. Defaults to true
    enabled: true
    # -- Storage Class for the config volume.
    # If set to `-`, dynamic provisioning is disabled.
    # If set to something else, the given storageClass is used.
    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
    storageClass: ""
    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
    existingClaim: ""
    # -- AccessMode for the persistent volume.
    # Make sure to select an access mode that is supported by your storage provider!
    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
    accessMode: ReadWriteOnce
    # -- The amount of storage that is requested for the persistent volume.
    size: 5Gi
    # -- Set to true to retain the PVC upon `helm uninstall`
    retain: false
  media:
    # -- Enables or disables the persistence item. Defaults to true
    enabled: true
    # -- Storage Class for the config volume.
    # If set to `-`, dynamic provisioning is disabled.
    # If set to something else, the given storageClass is used.
    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
    storageClass: ""
    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
    existingClaim: ""
    # -- AccessMode for the persistent volume.
    # Make sure to select an access mode that is supported by your storage provider!
    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
    accessMode: ReadWriteOnce
    # -- The amount of storage that is requested for the persistent volume.
    size: 5Gi
    # -- Set to true to retain the PVC upon `helm uninstall`
    retain: false
Author	SHA1	Message	Date
alexlebens	34a21702ab	fix http service value	2024-04-13 23:32:48 -06:00
alexlebens	15d3253af9	fix events app port to service and port	2024-04-13 23:28:03 -06:00
alexlebens	90970ef172	fix events health endpoint	2024-04-13 23:19:59 -06:00
alexlebens	0d6f789ffd	increment chart version	2024-04-13 23:14:21 -06:00
alexlebens	f968776cd0	fix trello importer switch for async container	2024-04-13 23:13:44 -06:00
alexlebens	0b2beb08b7	fix indentation of events deployment	2024-04-13 23:11:44 -06:00
alexlebens	8fae31a679	properly enable/disable trello importer	2024-04-13 23:07:20 -06:00
alexlebens	f67ac05610	fix indentation	2024-04-13 23:05:03 -06:00
alexlebens	7803519d04	add major version value	2024-04-13 22:58:01 -06:00
alexlebens	55e63c2c72	fix minor formatting and remove uneeded values	2024-04-13 22:31:07 -06:00
alexlebens	6e083293bb	fix minor formatting and remove uneeded values	2024-04-13 22:29:33 -06:00
alexlebens	60e427826c	add taiga	2024-04-13 22:17:45 -06:00
alexlebens	f905b4ccfe	change s3 env keys	2024-04-13 14:58:20 -06:00
alexlebens	487786455c	change default credential secret name	2024-04-13 03:28:27 -06:00
alexlebens	585d39657a	change how the cluster name is generated and used	2024-04-13 03:24:58 -06:00
alexlebens	e5e2812ed5	remove chart as functionality is now included in postgres-cluster chart	2024-04-13 02:46:38 -06:00