alexlebens/helm-charts
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 368 Wiki Activity

Compare commits

base: alexlebens:postgres-cluster-2.0.0
Branches Tags
alexlebens:main alexlebens:renovate/ghcr.io-cloudnative-pg-postgresql-17.x alexlebens:gh-pages
alexlebens:generic-device-plugin-0.4.0 alexlebens:cloudflared-1.18.0 alexlebens:generic-device-plugin-0.3.2 alexlebens:cloudflared-1.17.3 alexlebens:cloudflared-1.17.2 alexlebens:cloudflared-1.17.1 alexlebens:generic-device-plugin-0.3.1 alexlebens:cloudflared-1.17.0 alexlebens:generic-device-plugin-0.3.0 alexlebens:cloudflared-1.16.0 alexlebens:gitea-actions-0.2.1 alexlebens:gitea-actions-0.2.0 alexlebens:gitea-actions-0.1.2 alexlebens:gitea-actions-0.1.1 alexlebens:gitea-actions-0.1.0 alexlebens:generic-device-plugin-0.2.0 alexlebens:postgres-cluster-6.4.4 alexlebens:postgres-cluster-6.4.3 alexlebens:postgres-cluster-6.4.2 alexlebens:postgres-cluster-6.4.1 alexlebens:postgres-cluster-6.4.0 alexlebens:barman-cloud-0.2.5 alexlebens:barman-cloud-0.2.4 alexlebens:barman-cloud-0.2.3 alexlebens:barman-cloud-0.2.2 alexlebens:barman-cloud-0.2.1 alexlebens:barman-cloud-0.2.0 alexlebens:barman-cloud-0.1.0 alexlebens:postgres-cluster-6.3.2 alexlebens:postgres-cluster-6.3.1 alexlebens:postgres-cluster-6.3.0 alexlebens:postgres-cluster-6.2.1 alexlebens:postgres-cluster-6.2.0 alexlebens:postgres-cluster-6.1.1 alexlebens:postgres-cluster-6.1.0 alexlebens:postgres-cluster-6.0.9 alexlebens:postgres-cluster-6.0.8 alexlebens:postgres-cluster-6.0.7 alexlebens:postgres-cluster-6.0.6 alexlebens:postgres-cluster-6.0.5 alexlebens:postgres-cluster-6.0.4 alexlebens:postgres-cluster-6.0.3 alexlebens:postgres-cluster-6.0.2 alexlebens:postgres-cluster-6.0.1 alexlebens:cloudflared-1.15.0 alexlebens:cloudflared-1.14.8 alexlebens:postgres-cluster-5.1.0 alexlebens:postgres-cluster-5.0.7 alexlebens:postgres-cluster-5.0.6 alexlebens:postgres-cluster-5.0.5 alexlebens:postgres-cluster-5.0.4 alexlebens:postgres-cluster-5.0.3 alexlebens:postgres-cluster-5.0.2 alexlebens:postgres-cluster-5.0.1 alexlebens:postgres-cluster-5.0.0 alexlebens:cloudflared-1.14.7 alexlebens:cloudflared-1.14.5 alexlebens:cloudflared-1.14.4 alexlebens:cloudflared-1.14.3 alexlebens:generic-device-plugin-0.1.10 alexlebens:cloudflared-1.14.2 alexlebens:generic-device-plugin-0.1.8 alexlebens:postgres-cluster-4.2.1 alexlebens:cloudflared-1.14.1 alexlebens:postgres-cluster-4.2.0 alexlebens:postgres-cluster-4.1.5 alexlebens:generic-device-plugin-0.1.7 alexlebens:cloudflared-1.14.0 alexlebens:postgres-cluster-4.1.4 alexlebens:cloudflared-1.13.0 alexlebens:generic-device-plugin-0.1.6 alexlebens:postgres-cluster-4.1.3 alexlebens:cloudflared-1.12.4 alexlebens:postgres-cluster-4.1.2 alexlebens:postgres-cluster-4.1.1 alexlebens:postgres-cluster-4.1.0 alexlebens:postgres-cluster-4.0.3 alexlebens:postgres-cluster-4.0.2 alexlebens:generic-device-plugin-0.1.5 alexlebens:cloudflared-1.12.3 alexlebens:cloudflared-1.12.1 alexlebens:generic-device-plugin-0.1.3 alexlebens:postgres-cluster-4.0.1 alexlebens:postgres-cluster-4.0.0 alexlebens:postgres-cluster-3.21.0 alexlebens:postgres-cluster-3.20.10 alexlebens:postgres-cluster-3.20.9 alexlebens:postgres-cluster-3.20.8 alexlebens:postgres-cluster-3.20.7 alexlebens:postgres-cluster-3.20.6 alexlebens:postgres-cluster-3.20.5 alexlebens:postgres-cluster-3.20.4 alexlebens:postgres-cluster-3.20.3 alexlebens:postgres-cluster-3.20.2 alexlebens:postgres-cluster-3.20.1 alexlebens:postgres-cluster-3.20.0 alexlebens:postgres-cluster-3.19.0 alexlebens:cloudflared-1.12.0 alexlebens:postgres-cluster-3.18.0 alexlebens:postgres-cluster-3.17.0 alexlebens:postgres-cluster-3.16.0 alexlebens:cloudflared-1.11.0 alexlebens:postgres-cluster-3.15.0 alexlebens:postgres-cluster-3.14.0 alexlebens:cloudflared-1.10.0 alexlebens:postgres-cluster-3.13.0 alexlebens:cloudflared-1.9.0 alexlebens:generic-device-plugin-0.1.2 alexlebens:generic-device-plugin-0.1.1 alexlebens:generic-device-plugin-0.1.0 alexlebens:cloudflared-1.8.1 alexlebens:postgres-cluster-3.12.1 alexlebens:postgres-cluster-3.12.0 alexlebens:cloudflared-1.8.0 alexlebens:postgres-cluster-3.10.0 alexlebens:cloudflared-1.7.0 alexlebens:postgres-cluster-3.9.0 alexlebens:cloudflared-1.6.0 alexlebens:cloudflared-1.5.1 alexlebens:postgres-cluster-3.8.4 alexlebens:postgres-cluster-3.8.3 alexlebens:postgres-cluster-3.8.2 alexlebens:postgres-cluster-3.8.1 alexlebens:postgres-cluster-3.8.0 alexlebens:cloudflared-1.4.1 alexlebens:mysql-cluster-0.2.4 alexlebens:mysql-cluster-0.2.3 alexlebens:mysql-cluster-0.2.2 alexlebens:postgres-cluster-3.6.0 alexlebens:postgres-cluster-3.5.0 alexlebens:postgres-cluster-3.4.0 alexlebens:postgres-cluster-3.3.0 alexlebens:postgres-cluster-3.2.0 alexlebens:cloudflared-1.4.0 alexlebens:cloudflared-1.3.0 alexlebens:cloudflared-1.2.0 alexlebens:cloudflared-1.1.0 alexlebens:cloudflared-1.0.0 alexlebens:mautrix-discord-0.1.1 alexlebens:mautrix-whatsapp-0.1.1 alexlebens:mautrix-whatsapp-0.1.0 alexlebens:mautrix-discord-0.1.0 alexlebens:mysql-cluster-0.2.1 alexlebens:mysql-cluster-0.2.0 alexlebens:outline-0.6.3 alexlebens:tubearchivist-0.2.9 alexlebens:taiga-0.2.3 alexlebens:outline-0.6.2 alexlebens:tubearchivist-0.2.8 alexlebens:home-assistant-0.1.16 alexlebens:postgres-cluster-3.1.0 alexlebens:postgres-cluster-3.0.0 alexlebens:libation-0.0.7 alexlebens:calibre-server-0.0.8 alexlebens:home-assistant-0.1.15 alexlebens:homepage-0.0.15 alexlebens:mysql-cluster-0.1.2 alexlebens:outline-0.6.1 alexlebens:tubearchivist-0.2.7 alexlebens:tdarr-0.0.6 alexlebens:home-assistant-0.1.14 alexlebens:homepage-0.0.14 alexlebens:home-assistant-0.1.13 alexlebens:taiga-0.2.2 alexlebens:outline-0.6.0 alexlebens:tubearchivist-0.2.6 alexlebens:calibre-server-0.0.7 alexlebens:home-assistant-0.1.12 alexlebens:homepage-0.0.13 alexlebens:mysql-cluster-0.1.1 alexlebens:mysql-cluster-0.1.0 alexlebens:postgres-cluster-2.5.0 alexlebens:home-assistant-0.1.11 alexlebens:outline-0.5.3 alexlebens:tubearchivist-0.2.5 alexlebens:kyoo-0.1.10 alexlebens:taiga-0.2.1 alexlebens:tubearchivist-to-jellyfin-0.1.0 alexlebens:tubearchivist-0.2.4 alexlebens:homepage-0.0.12 alexlebens:lazy-librarian-0.1.1 alexlebens:lazy-librarian-0.1.0 alexlebens:penpot-0.1.0 alexlebens:kyoo-0.1.9 alexlebens:kyoo-0.1.8 alexlebens:kyoo-0.1.7 alexlebens:kyoo-0.1.6 alexlebens:kyoo-0.1.5 alexlebens:kyoo-0.1.4 alexlebens:kyoo-0.1.3 alexlebens:kyoo-0.1.2 alexlebens:kyoo-0.1.1 alexlebens:kyoo-0.1.0 alexlebens:outline-0.5.2 alexlebens:tubearchivist-0.2.3 alexlebens:postgres-cluster-2.4.2 alexlebens:postgres-cluster-2.4.1 alexlebens:postgres-cluster-2.4.0 alexlebens:postgres-cluster-2.3.8 alexlebens:postgres-cluster-2.3.7 alexlebens:postgres-cluster-2.3.6 alexlebens:postgres-cluster-2.3.5 alexlebens:postgres-cluster-2.3.4 alexlebens:postgres-cluster-2.3.3 alexlebens:postgres-cluster-2.3.2 alexlebens:postgres-cluster-2.3.1 alexlebens:postgres-cluster-2.3.0 alexlebens:postgres-cluster-2.2.2 alexlebens:tubearchivist-0.2.2 alexlebens:taiga-0.2.0 alexlebens:outline-0.5.1 alexlebens:tubearchivist-0.2.1 alexlebens:mautrix-whatsapp-0.0.3 alexlebens:home-assistant-0.1.10 alexlebens:matrix-hookshot-0.1.1 alexlebens:homepage-0.0.11 alexlebens:taiga-0.1.14 alexlebens:taiga-0.1.13 alexlebens:taiga-0.1.12 alexlebens:taiga-0.1.11 alexlebens:taiga-0.1.10 alexlebens:taiga-0.1.9 alexlebens:taiga-0.1.8 alexlebens:taiga-0.1.7 alexlebens:taiga-0.1.6 alexlebens:taiga-0.1.5 alexlebens:taiga-0.1.4 alexlebens:taiga-0.1.3 alexlebens:postgres-cluster-2.2.0 alexlebens:taiga-0.1.2 alexlebens:taiga-0.1.1 alexlebens:taiga-0.1.0 alexlebens:outline-0.5.0 alexlebens:postgres-cluster-2.1.0 alexlebens:postgres-cluster-2.0.0 alexlebens:postgres-cluster-1.1.0 alexlebens:postgres-cluster-1.0.0 alexlebens:outline-0.4.0 alexlebens:home-assistant-0.1.9 alexlebens:postgres-cluster-upgrade-0.1.2 alexlebens:postgres-cluster-0.3.0 alexlebens:postgres-cluster-0.2.5 alexlebens:postgres-cluster-0.2.4 alexlebens:postgres-cluster-upgrade-0.1.1 alexlebens:postgres-cluster-upgrade-0.1.0 alexlebens:tubearchivist-0.2.0 alexlebens:outline-0.3.0 alexlebens:tubearchivist-0.1.0 alexlebens:tubearchivist-0.0.8 alexlebens:outline-0.1.2 alexlebens:outline-0.1.1 alexlebens:home-assistant-0.1.8 alexlebens:homepage-0.0.10 alexlebens:home-assistant-0.1.7 alexlebens:home-assistant-0.1.6 alexlebens:tubearchivist-to-jellyfin-0.0.4 alexlebens:mautrix-discord-0.0.2 alexlebens:mautrix-whatsapp-0.0.2 alexlebens:mautrix-whatsapp-0.0.1 alexlebens:mautrix-discord-0.0.1 alexlebens:outline-0.1.0 alexlebens:home-assistant-0.1.5 alexlebens:matrix-hookshot-0.1.0 alexlebens:matrix-hookshot-0.0.9 alexlebens:matrix-hookshot-0.0.8 alexlebens:matrix-hookshot-0.0.7 alexlebens:matrix-hookshot-0.0.6 alexlebens:matrix-hookshot-0.0.5 alexlebens:matrix-hookshot-0.0.4 alexlebens:matrix-hookshot-0.0.3 alexlebens:matrix-hookshot-0.0.2 alexlebens:hookshot-0.0.1 alexlebens:tdarr-0.0.5 alexlebens:qbittorrent-0.0.8 alexlebens:outline-0.0.9 alexlebens:tubearchivist-0.0.7 alexlebens:homepage-0.0.9 alexlebens:tdarr-0.0.4 alexlebens:home-assistant-0.1.4 alexlebens:home-assistant-0.1.3 alexlebens:home-assistant-0.1.2 alexlebens:unpackerr-0.0.2 alexlebens:qbittorrent-0.0.7 alexlebens:qbittorrent-0.0.6 alexlebens:qbittorrent-0.0.5 alexlebens:qbittorrent-0.0.4 alexlebens:qbittorrent-0.0.3 alexlebens:tdarr-0.0.3 alexlebens:tdarr-0.0.2 alexlebens:qbittorrent-0.0.2 alexlebens:qbittorrent-0.0.1 alexlebens:tdarr-0.0.1 alexlebens:unpackerr-0.0.1 alexlebens:tubearchivist-0.0.6 alexlebens:calibre-server-0.0.6 alexlebens:freshrss-0.0.3 alexlebens:homepage-0.0.8 alexlebens:libation-0.0.6 alexlebens:outline-0.0.8 alexlebens:freshrss-0.0.2 alexlebens:cops-0.0.3 alexlebens:freshrss-0.0.1 alexlebens:tubearchivist-to-jellyfin-0.0.3 alexlebens:tubearchivist-to-jellyfin-0.0.2 alexlebens:home-assistant-0.1.1 alexlebens:cops-0.0.2 alexlebens:outline-0.0.7 alexlebens:tubearchivist-0.0.5 alexlebens:home-assistant-0.1.0 alexlebens:tubearchivist-to-jellyfin-0.0.1 alexlebens:tubearchivist-0.0.4 alexlebens:tubearchivist-0.0.3 alexlebens:tubearchivist-0.0.2 alexlebens:tubearchivist-0.0.1 alexlebens:outline-0.0.6 alexlebens:cops-0.0.1 alexlebens:home-assistant-0.0.16 alexlebens:outline-0.0.5 alexlebens:outline-0.0.4 alexlebens:outline-0.0.3 alexlebens:postgres-cluster-0.2.3 alexlebens:libation-0.0.5 alexlebens:homepage-0.0.7 alexlebens:postgres-cluster-0.2.2 alexlebens:outline-0.0.2 alexlebens:kubelet-serving-cert-approver-0.0.4 alexlebens:homepage-0.0.6 alexlebens:home-assistant-0.0.15 alexlebens:calibre-server-0.0.5 alexlebens:outline-0.0.1 alexlebens:libation-0.0.4 alexlebens:libation-0.0.3 alexlebens:libation-0.0.2 alexlebens:libation-0.0.1 alexlebens:postgres-cluster-0.2.1 alexlebens:kubelet-serving-cert-approver-0.0.3 alexlebens:kubelet-serving-cert-approver-0.0.2 alexlebens:kubelet-serving-cert-approver-0.0.1 alexlebens:home-assistant-0.0.14 alexlebens:home-assistant-0.0.13 alexlebens:postgres-cluster-0.1.1 alexlebens:postgres-cluster-0.1.0 alexlebens:home-assistant-0.0.12 alexlebens:home-assistant-0.0.11 alexlebens:home-assistant-0.0.10 alexlebens:calibre-server-0.0.4 alexlebens:calibre-server-0.0.3 alexlebens:calibre-server-0.0.2 alexlebens:postgres-cluster-0.0.5 alexlebens:calibre-server-0.0.1 alexlebens:home-assistant-0.0.9 alexlebens:homepage-0.0.5 alexlebens:home-assistant-0.0.8 alexlebens:home-assistant-0.0.7 alexlebens:home-assistant-0.0.6 alexlebens:home-assistant-0.0.5 alexlebens:home-assistant-0.0.4 alexlebens:home-assistant-0.0.3 alexlebens:home-assistant-0.0.2 alexlebens:home-assistant-0.0.1 alexlebens:homepage-0.0.4 alexlebens:homepage-0.0.3 alexlebens:postgres-cluster-0.0.4 alexlebens:postgres-cluster-0.0.3 alexlebens:postgres-cluster-0.0.2 alexlebens:postgres-cluster-0.0.1 alexlebens:homepage-0.0.2 alexlebens:homepage-0.0.1
...
compare: alexlebens:outline-0.6.0
Branches Tags
alexlebens:renovate/ghcr.io-cloudnative-pg-postgresql-17.x alexlebens:main alexlebens:gh-pages
alexlebens:generic-device-plugin-0.4.0 alexlebens:cloudflared-1.18.0 alexlebens:generic-device-plugin-0.3.2 alexlebens:cloudflared-1.17.3 alexlebens:cloudflared-1.17.2 alexlebens:cloudflared-1.17.1 alexlebens:generic-device-plugin-0.3.1 alexlebens:cloudflared-1.17.0 alexlebens:generic-device-plugin-0.3.0 alexlebens:cloudflared-1.16.0 alexlebens:gitea-actions-0.2.1 alexlebens:gitea-actions-0.2.0 alexlebens:gitea-actions-0.1.2 alexlebens:gitea-actions-0.1.1 alexlebens:gitea-actions-0.1.0 alexlebens:generic-device-plugin-0.2.0 alexlebens:postgres-cluster-6.4.4 alexlebens:postgres-cluster-6.4.3 alexlebens:postgres-cluster-6.4.2 alexlebens:postgres-cluster-6.4.1 alexlebens:postgres-cluster-6.4.0 alexlebens:barman-cloud-0.2.5 alexlebens:barman-cloud-0.2.4 alexlebens:barman-cloud-0.2.3 alexlebens:barman-cloud-0.2.2 alexlebens:barman-cloud-0.2.1 alexlebens:barman-cloud-0.2.0 alexlebens:barman-cloud-0.1.0 alexlebens:postgres-cluster-6.3.2 alexlebens:postgres-cluster-6.3.1 alexlebens:postgres-cluster-6.3.0 alexlebens:postgres-cluster-6.2.1 alexlebens:postgres-cluster-6.2.0 alexlebens:postgres-cluster-6.1.1 alexlebens:postgres-cluster-6.1.0 alexlebens:postgres-cluster-6.0.9 alexlebens:postgres-cluster-6.0.8 alexlebens:postgres-cluster-6.0.7 alexlebens:postgres-cluster-6.0.6 alexlebens:postgres-cluster-6.0.5 alexlebens:postgres-cluster-6.0.4 alexlebens:postgres-cluster-6.0.3 alexlebens:postgres-cluster-6.0.2 alexlebens:postgres-cluster-6.0.1 alexlebens:cloudflared-1.15.0 alexlebens:cloudflared-1.14.8 alexlebens:postgres-cluster-5.1.0 alexlebens:postgres-cluster-5.0.7 alexlebens:postgres-cluster-5.0.6 alexlebens:postgres-cluster-5.0.5 alexlebens:postgres-cluster-5.0.4 alexlebens:postgres-cluster-5.0.3 alexlebens:postgres-cluster-5.0.2 alexlebens:postgres-cluster-5.0.1 alexlebens:postgres-cluster-5.0.0 alexlebens:cloudflared-1.14.7 alexlebens:cloudflared-1.14.5 alexlebens:cloudflared-1.14.4 alexlebens:cloudflared-1.14.3 alexlebens:generic-device-plugin-0.1.10 alexlebens:cloudflared-1.14.2 alexlebens:generic-device-plugin-0.1.8 alexlebens:postgres-cluster-4.2.1 alexlebens:cloudflared-1.14.1 alexlebens:postgres-cluster-4.2.0 alexlebens:postgres-cluster-4.1.5 alexlebens:generic-device-plugin-0.1.7 alexlebens:cloudflared-1.14.0 alexlebens:postgres-cluster-4.1.4 alexlebens:cloudflared-1.13.0 alexlebens:generic-device-plugin-0.1.6 alexlebens:postgres-cluster-4.1.3 alexlebens:cloudflared-1.12.4 alexlebens:postgres-cluster-4.1.2 alexlebens:postgres-cluster-4.1.1 alexlebens:postgres-cluster-4.1.0 alexlebens:postgres-cluster-4.0.3 alexlebens:postgres-cluster-4.0.2 alexlebens:generic-device-plugin-0.1.5 alexlebens:cloudflared-1.12.3 alexlebens:cloudflared-1.12.1 alexlebens:generic-device-plugin-0.1.3 alexlebens:postgres-cluster-4.0.1 alexlebens:postgres-cluster-4.0.0 alexlebens:postgres-cluster-3.21.0 alexlebens:postgres-cluster-3.20.10 alexlebens:postgres-cluster-3.20.9 alexlebens:postgres-cluster-3.20.8 alexlebens:postgres-cluster-3.20.7 alexlebens:postgres-cluster-3.20.6 alexlebens:postgres-cluster-3.20.5 alexlebens:postgres-cluster-3.20.4 alexlebens:postgres-cluster-3.20.3 alexlebens:postgres-cluster-3.20.2 alexlebens:postgres-cluster-3.20.1 alexlebens:postgres-cluster-3.20.0 alexlebens:postgres-cluster-3.19.0 alexlebens:cloudflared-1.12.0 alexlebens:postgres-cluster-3.18.0 alexlebens:postgres-cluster-3.17.0 alexlebens:postgres-cluster-3.16.0 alexlebens:cloudflared-1.11.0 alexlebens:postgres-cluster-3.15.0 alexlebens:postgres-cluster-3.14.0 alexlebens:cloudflared-1.10.0 alexlebens:postgres-cluster-3.13.0 alexlebens:cloudflared-1.9.0 alexlebens:generic-device-plugin-0.1.2 alexlebens:generic-device-plugin-0.1.1 alexlebens:generic-device-plugin-0.1.0 alexlebens:cloudflared-1.8.1 alexlebens:postgres-cluster-3.12.1 alexlebens:postgres-cluster-3.12.0 alexlebens:cloudflared-1.8.0 alexlebens:postgres-cluster-3.10.0 alexlebens:cloudflared-1.7.0 alexlebens:postgres-cluster-3.9.0 alexlebens:cloudflared-1.6.0 alexlebens:cloudflared-1.5.1 alexlebens:postgres-cluster-3.8.4 alexlebens:postgres-cluster-3.8.3 alexlebens:postgres-cluster-3.8.2 alexlebens:postgres-cluster-3.8.1 alexlebens:postgres-cluster-3.8.0 alexlebens:cloudflared-1.4.1 alexlebens:mysql-cluster-0.2.4 alexlebens:mysql-cluster-0.2.3 alexlebens:mysql-cluster-0.2.2 alexlebens:postgres-cluster-3.6.0 alexlebens:postgres-cluster-3.5.0 alexlebens:postgres-cluster-3.4.0 alexlebens:postgres-cluster-3.3.0 alexlebens:postgres-cluster-3.2.0 alexlebens:cloudflared-1.4.0 alexlebens:cloudflared-1.3.0 alexlebens:cloudflared-1.2.0 alexlebens:cloudflared-1.1.0 alexlebens:cloudflared-1.0.0 alexlebens:mautrix-discord-0.1.1 alexlebens:mautrix-whatsapp-0.1.1 alexlebens:mautrix-whatsapp-0.1.0 alexlebens:mautrix-discord-0.1.0 alexlebens:mysql-cluster-0.2.1 alexlebens:mysql-cluster-0.2.0 alexlebens:outline-0.6.3 alexlebens:tubearchivist-0.2.9 alexlebens:taiga-0.2.3 alexlebens:outline-0.6.2 alexlebens:tubearchivist-0.2.8 alexlebens:home-assistant-0.1.16 alexlebens:postgres-cluster-3.1.0 alexlebens:postgres-cluster-3.0.0 alexlebens:libation-0.0.7 alexlebens:calibre-server-0.0.8 alexlebens:home-assistant-0.1.15 alexlebens:homepage-0.0.15 alexlebens:mysql-cluster-0.1.2 alexlebens:outline-0.6.1 alexlebens:tubearchivist-0.2.7 alexlebens:tdarr-0.0.6 alexlebens:home-assistant-0.1.14 alexlebens:homepage-0.0.14 alexlebens:home-assistant-0.1.13 alexlebens:taiga-0.2.2 alexlebens:outline-0.6.0 alexlebens:tubearchivist-0.2.6 alexlebens:calibre-server-0.0.7 alexlebens:home-assistant-0.1.12 alexlebens:homepage-0.0.13 alexlebens:mysql-cluster-0.1.1 alexlebens:mysql-cluster-0.1.0 alexlebens:postgres-cluster-2.5.0 alexlebens:home-assistant-0.1.11 alexlebens:outline-0.5.3 alexlebens:tubearchivist-0.2.5 alexlebens:kyoo-0.1.10 alexlebens:taiga-0.2.1 alexlebens:tubearchivist-to-jellyfin-0.1.0 alexlebens:tubearchivist-0.2.4 alexlebens:homepage-0.0.12 alexlebens:lazy-librarian-0.1.1 alexlebens:lazy-librarian-0.1.0 alexlebens:penpot-0.1.0 alexlebens:kyoo-0.1.9 alexlebens:kyoo-0.1.8 alexlebens:kyoo-0.1.7 alexlebens:kyoo-0.1.6 alexlebens:kyoo-0.1.5 alexlebens:kyoo-0.1.4 alexlebens:kyoo-0.1.3 alexlebens:kyoo-0.1.2 alexlebens:kyoo-0.1.1 alexlebens:kyoo-0.1.0 alexlebens:outline-0.5.2 alexlebens:tubearchivist-0.2.3 alexlebens:postgres-cluster-2.4.2 alexlebens:postgres-cluster-2.4.1 alexlebens:postgres-cluster-2.4.0 alexlebens:postgres-cluster-2.3.8 alexlebens:postgres-cluster-2.3.7 alexlebens:postgres-cluster-2.3.6 alexlebens:postgres-cluster-2.3.5 alexlebens:postgres-cluster-2.3.4 alexlebens:postgres-cluster-2.3.3 alexlebens:postgres-cluster-2.3.2 alexlebens:postgres-cluster-2.3.1 alexlebens:postgres-cluster-2.3.0 alexlebens:postgres-cluster-2.2.2 alexlebens:tubearchivist-0.2.2 alexlebens:taiga-0.2.0 alexlebens:outline-0.5.1 alexlebens:tubearchivist-0.2.1 alexlebens:mautrix-whatsapp-0.0.3 alexlebens:home-assistant-0.1.10 alexlebens:matrix-hookshot-0.1.1 alexlebens:homepage-0.0.11 alexlebens:taiga-0.1.14 alexlebens:taiga-0.1.13 alexlebens:taiga-0.1.12 alexlebens:taiga-0.1.11 alexlebens:taiga-0.1.10 alexlebens:taiga-0.1.9 alexlebens:taiga-0.1.8 alexlebens:taiga-0.1.7 alexlebens:taiga-0.1.6 alexlebens:taiga-0.1.5 alexlebens:taiga-0.1.4 alexlebens:taiga-0.1.3 alexlebens:postgres-cluster-2.2.0 alexlebens:taiga-0.1.2 alexlebens:taiga-0.1.1 alexlebens:taiga-0.1.0 alexlebens:outline-0.5.0 alexlebens:postgres-cluster-2.1.0 alexlebens:postgres-cluster-2.0.0 alexlebens:postgres-cluster-1.1.0 alexlebens:postgres-cluster-1.0.0 alexlebens:outline-0.4.0 alexlebens:home-assistant-0.1.9 alexlebens:postgres-cluster-upgrade-0.1.2 alexlebens:postgres-cluster-0.3.0 alexlebens:postgres-cluster-0.2.5 alexlebens:postgres-cluster-0.2.4 alexlebens:postgres-cluster-upgrade-0.1.1 alexlebens:postgres-cluster-upgrade-0.1.0 alexlebens:tubearchivist-0.2.0 alexlebens:outline-0.3.0 alexlebens:tubearchivist-0.1.0 alexlebens:tubearchivist-0.0.8 alexlebens:outline-0.1.2 alexlebens:outline-0.1.1 alexlebens:home-assistant-0.1.8 alexlebens:homepage-0.0.10 alexlebens:home-assistant-0.1.7 alexlebens:home-assistant-0.1.6 alexlebens:tubearchivist-to-jellyfin-0.0.4 alexlebens:mautrix-discord-0.0.2 alexlebens:mautrix-whatsapp-0.0.2 alexlebens:mautrix-whatsapp-0.0.1 alexlebens:mautrix-discord-0.0.1 alexlebens:outline-0.1.0 alexlebens:home-assistant-0.1.5 alexlebens:matrix-hookshot-0.1.0 alexlebens:matrix-hookshot-0.0.9 alexlebens:matrix-hookshot-0.0.8 alexlebens:matrix-hookshot-0.0.7 alexlebens:matrix-hookshot-0.0.6 alexlebens:matrix-hookshot-0.0.5 alexlebens:matrix-hookshot-0.0.4 alexlebens:matrix-hookshot-0.0.3 alexlebens:matrix-hookshot-0.0.2 alexlebens:hookshot-0.0.1 alexlebens:tdarr-0.0.5 alexlebens:qbittorrent-0.0.8 alexlebens:outline-0.0.9 alexlebens:tubearchivist-0.0.7 alexlebens:homepage-0.0.9 alexlebens:tdarr-0.0.4 alexlebens:home-assistant-0.1.4 alexlebens:home-assistant-0.1.3 alexlebens:home-assistant-0.1.2 alexlebens:unpackerr-0.0.2 alexlebens:qbittorrent-0.0.7 alexlebens:qbittorrent-0.0.6 alexlebens:qbittorrent-0.0.5 alexlebens:qbittorrent-0.0.4 alexlebens:qbittorrent-0.0.3 alexlebens:tdarr-0.0.3 alexlebens:tdarr-0.0.2 alexlebens:qbittorrent-0.0.2 alexlebens:qbittorrent-0.0.1 alexlebens:tdarr-0.0.1 alexlebens:unpackerr-0.0.1 alexlebens:tubearchivist-0.0.6 alexlebens:calibre-server-0.0.6 alexlebens:freshrss-0.0.3 alexlebens:homepage-0.0.8 alexlebens:libation-0.0.6 alexlebens:outline-0.0.8 alexlebens:freshrss-0.0.2 alexlebens:cops-0.0.3 alexlebens:freshrss-0.0.1 alexlebens:tubearchivist-to-jellyfin-0.0.3 alexlebens:tubearchivist-to-jellyfin-0.0.2 alexlebens:home-assistant-0.1.1 alexlebens:cops-0.0.2 alexlebens:outline-0.0.7 alexlebens:tubearchivist-0.0.5 alexlebens:home-assistant-0.1.0 alexlebens:tubearchivist-to-jellyfin-0.0.1 alexlebens:tubearchivist-0.0.4 alexlebens:tubearchivist-0.0.3 alexlebens:tubearchivist-0.0.2 alexlebens:tubearchivist-0.0.1 alexlebens:outline-0.0.6 alexlebens:cops-0.0.1 alexlebens:home-assistant-0.0.16 alexlebens:outline-0.0.5 alexlebens:outline-0.0.4 alexlebens:outline-0.0.3 alexlebens:postgres-cluster-0.2.3 alexlebens:libation-0.0.5 alexlebens:homepage-0.0.7 alexlebens:postgres-cluster-0.2.2 alexlebens:outline-0.0.2 alexlebens:kubelet-serving-cert-approver-0.0.4 alexlebens:homepage-0.0.6 alexlebens:home-assistant-0.0.15 alexlebens:calibre-server-0.0.5 alexlebens:outline-0.0.1 alexlebens:libation-0.0.4 alexlebens:libation-0.0.3 alexlebens:libation-0.0.2 alexlebens:libation-0.0.1 alexlebens:postgres-cluster-0.2.1 alexlebens:kubelet-serving-cert-approver-0.0.3 alexlebens:kubelet-serving-cert-approver-0.0.2 alexlebens:kubelet-serving-cert-approver-0.0.1 alexlebens:home-assistant-0.0.14 alexlebens:home-assistant-0.0.13 alexlebens:postgres-cluster-0.1.1 alexlebens:postgres-cluster-0.1.0 alexlebens:home-assistant-0.0.12 alexlebens:home-assistant-0.0.11 alexlebens:home-assistant-0.0.10 alexlebens:calibre-server-0.0.4 alexlebens:calibre-server-0.0.3 alexlebens:calibre-server-0.0.2 alexlebens:postgres-cluster-0.0.5 alexlebens:calibre-server-0.0.1 alexlebens:home-assistant-0.0.9 alexlebens:homepage-0.0.5 alexlebens:home-assistant-0.0.8 alexlebens:home-assistant-0.0.7 alexlebens:home-assistant-0.0.6 alexlebens:home-assistant-0.0.5 alexlebens:home-assistant-0.0.4 alexlebens:home-assistant-0.0.3 alexlebens:home-assistant-0.0.2 alexlebens:home-assistant-0.0.1 alexlebens:homepage-0.0.4 alexlebens:homepage-0.0.3 alexlebens:postgres-cluster-0.0.4 alexlebens:postgres-cluster-0.0.3 alexlebens:postgres-cluster-0.0.2 alexlebens:postgres-cluster-0.0.1 alexlebens:homepage-0.0.2 alexlebens:homepage-0.0.1

72 Commits
postgres-c ... outline-0.

Author SHA1 Message Date
alexlebens
220e9e011b update image version 2024-05-16 12:42:57 -05:00
alexlebens
9483523eb8 update dependencies 2024-05-16 12:42:04 -05:00
alexlebens
ca205a8802 update dependencies 2024-05-16 12:41:41 -05:00
alexlebens
36267ada6f update middleware api 2024-05-16 12:35:39 -05:00
alexlebens
153b7a1ad2 update middleware api 2024-05-16 12:35:27 -05:00
alexlebens
9b30408661 update middleware api 2024-05-16 12:35:04 -05:00
alexlebens
947120d73c fix backup schedule 2024-04-26 14:35:54 -06:00
alexlebens
a62e24142c add mysql cluster 2024-04-26 14:05:21 -06:00
alexlebens
03c825e816 change s3 path 2024-04-26 10:00:10 -06:00
alexlebens
38c2be01f9 remove kyoo 2024-04-25 12:45:25 -06:00
renovate[bot]
5ac88f9aa8 Update homeassistant/home-assistant Docker tag to v2024.4.4 (#44) 
* Update homeassistant/home-assistant Docker tag to v2024.4.4

* update chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-23 16:43:29 -06:00
renovate[bot]
3c3f1bdb76 Update Helm release redis to v19.1.3 (#43) 
* Update Helm release redis to v19.1.3

* update chart versions

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-23 15:57:32 -06:00
renovate[bot]
718acdc607 Update Helm release rabbitmq to v14.0.2 (#42) 
* Update Helm release rabbitmq to v14.0.2

* update chart

* remove tailing whitespace

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-23 03:34:32 -06:00
renovate[bot]
71a5d81c09 Update bbilly1/tubearchivist-jf Docker tag to v0.2.0 (#41) 
* Update bbilly1/tubearchivist-jf Docker tag to v0.2.0

* update chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-23 03:32:57 -06:00
renovate[bot]
e2d4c395e5 Update Helm release elasticsearch to v21 (#40) 
* Update Helm release elasticsearch to v21

* update elastic search chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-22 06:43:28 -06:00
alexlebens
fd611813b7 add annotations to deployment 2024-04-21 06:40:46 -06:00
alexlebens
ab5da15b10 remove lazy-librarian 2024-04-21 04:59:41 -06:00
alexlebens
e584566dde fix app version 2024-04-21 04:03:32 -06:00
alexlebens
f06aa3a175 add lazy-librarian 2024-04-21 03:59:25 -06:00
alexlebens
9abeba8f9d add penpot 2024-04-19 21:34:56 -06:00
alexlebens
1f498323a4 change postgres settings to import only password from secret 2024-04-19 05:41:38 -06:00
alexlebens
646e3a2c36 grant read to unlogged users 2024-04-19 05:32:28 -06:00
alexlebens
197ca6ef81 add quotes around default vhost of / 2024-04-19 05:22:14 -06:00
alexlebens
b8780a7339 add default vhost 2024-04-19 05:05:10 -06:00
alexlebens
b90968ea85 fix scanner image name 2024-04-19 05:01:23 -06:00
alexlebens
d3275f8067 create switch if various api keys are provided 2024-04-19 04:58:46 -06:00
alexlebens
649f362824 remove extra configuration from rabbitmq 2024-04-19 04:54:03 -06:00
alexlebens
732761d73b fix default vhost 2024-04-19 04:50:49 -06:00
alexlebens
0e7627cb7d fix oidc values path 2024-04-19 04:41:22 -06:00
alexlebens
d81c246b35 add kyoo 2024-04-19 04:08:55 -06:00
renovate[bot]
b97dd1f892 Update Helm release redis to v19.1.2 (#39) 
* Update Helm release redis to v19.1.2

* update chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-18 22:02:37 -06:00
alexlebens
0b8374753d change default cpu limit 2024-04-18 05:49:15 -06:00
alexlebens
cb29afdcb2 fix source server naming 2024-04-18 05:35:06 -06:00
alexlebens
4f366535c3 change default cpu limit 2024-04-18 04:35:42 -06:00
alexlebens
f32ef77551 add additional options for recovery 2024-04-18 03:43:52 -06:00
alexlebens
d02f649164 remove default option in bootstrap helper 2024-04-18 03:27:00 -06:00
alexlebens
3b50ca2bfe fix comparision operator position 2024-04-18 01:51:06 -06:00
alexlebens
17796a1183 increment chart version 2024-04-18 01:48:03 -06:00
alexlebens
512b1d4243 set default value for comparision 2024-04-18 01:47:46 -06:00
alexlebens
a2b0cdd5b6 fix ordering of comparision operator 2024-04-18 01:39:33 -06:00
alexlebens
e79af169b9 calculate length of array separately 2024-04-18 01:35:19 -06:00
alexlebens
661f9342b9 fix length measurement of database 2024-04-18 01:17:16 -06:00
alexlebens
9d1244c7a1 remove patch from image tag 2024-04-18 01:07:36 -06:00
alexlebens
0dc50bf88f change default cluster name to start with release 2024-04-17 20:01:47 -06:00
alexlebens
75accbbf87 use semver function to pull major version into cluster name 2024-04-17 20:00:06 -06:00
alexlebens
19fbd95a79 change templating for cluster naming 2024-04-17 19:45:08 -06:00
alexlebens
d73c42fd42 change default values 2024-04-17 19:15:54 -06:00
renovate[bot]
6399a8ca97 Update Helm release rabbitmq to v14 (#34) 
* Update Helm release rabbitmq to v14

* update chart

* align comments for readability

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-17 19:13:57 -06:00
renovate[bot]
580c7da73a Update Helm release redis to v19.1.1 (#18) 
* Update Helm release redis to v19.1.1

* update charts

* fix indentation

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-17 19:09:36 -06:00
renovate[bot]
11d47799f1 Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.10.7 (#36) 
* Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.10.7

* update helm chart

* fix indentation

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-17 19:05:30 -06:00
renovate[bot]
7d825da72d Update linuxserver/code-server Docker tag to v4.23.1 (#35) 
* Update linuxserver/code-server Docker tag to v4.23.1

* update helm chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-17 19:05:16 -06:00
renovate[bot]
adf49292bd Update halfshot/matrix-hookshot Docker tag to v5.3.0 (#38) 
* Update halfshot/matrix-hookshot Docker tag to v5.3.0

* update chart

* fix linting errors

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>
 2024-04-17 19:03:21 -06:00
renovate[bot]
63e69df14a Update ghcr.io/gethomepage/homepage Docker tag to v0.8.12 (#37) 
* Update ghcr.io/gethomepage/homepage Docker tag to v0.8.12

* update chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Lebens <alexanderlebens@gmail.com>
 2024-04-17 18:55:36 -06:00
alexlebens
7bd8a4525a if oidc is enabled add an ingress path to the backend 2024-04-17 04:42:51 -06:00
alexlebens
a860789056 add env to front deployment about oidc enablement 2024-04-15 03:31:49 -06:00
alexlebens
58f89640a8 fix naming of changed rabbitmq charts 2024-04-15 02:47:45 -06:00
alexlebens
132e086d6d change rabbitmq chart naming to generate proper dns and app names 2024-04-15 02:44:10 -06:00
alexlebens
617505ee99 fix length of app port 2024-04-13 23:37:58 -06:00
alexlebens
34a21702ab fix http service value 2024-04-13 23:32:48 -06:00
alexlebens
15d3253af9 fix events app port to service and port 2024-04-13 23:28:03 -06:00
alexlebens
90970ef172 fix events health endpoint 2024-04-13 23:19:59 -06:00
alexlebens
0d6f789ffd increment chart version 2024-04-13 23:14:21 -06:00
alexlebens
f968776cd0 fix trello importer switch for async container 2024-04-13 23:13:44 -06:00
alexlebens
0b2beb08b7 fix indentation of events deployment 2024-04-13 23:11:44 -06:00
alexlebens
8fae31a679 properly enable/disable trello importer 2024-04-13 23:07:20 -06:00
alexlebens
f67ac05610 fix indentation 2024-04-13 23:05:03 -06:00
alexlebens
7803519d04 add major version value 2024-04-13 22:58:01 -06:00
alexlebens
55e63c2c72 fix minor formatting and remove uneeded values 2024-04-13 22:31:07 -06:00
alexlebens
6e083293bb fix minor formatting and remove uneeded values 2024-04-13 22:29:33 -06:00
alexlebens
60e427826c add taiga 2024-04-13 22:17:45 -06:00
alexlebens
f905b4ccfe change s3 env keys 2024-04-13 14:58:20 -06:00
alexlebens
487786455c change default credential secret name 2024-04-13 03:28:27 -06:00
59 changed files with 5138 additions and 539 deletions
Expand all files Collapse all files

2
charts/calibre-server/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: calibre-server
version: 0.0.6
version: 0.0.7
description: Chart for Calibre content database
keywords:
- media

2
charts/calibre-server/templates/middleware.yaml
View File

@@ -1,5 +1,5 @@
{{- if .Values.ingressRoute.enabled }}
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: "authentik-{{ .Release.Name }}"

4
charts/home-assistant/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: home-assistant
version: 0.1.9
version: 0.1.12
description: Chart for Home Assistant
keywords:
- home-automation
@@ -9,4 +9,4 @@ sources:
maintainers:
- name: alexlebens
icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
appVersion: v2024.4.3
appVersion: v2024.4.4

2
charts/home-assistant/templates/middleware.yaml
View File

@@ -1,5 +1,5 @@
{{- if .Values.ingressRoute.enabled }}
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: "authentik-{{ .Release.Name }}"

4
charts/home-assistant/values.yaml
View File

@@ -3,7 +3,7 @@ deployment:
strategy: Recreate
image:
repository: homeassistant/home-assistant
tag: 2024.4.3
tag: 2024.4.4
imagePullPolicy: IfNotPresent
env:
TZ: UTC
@@ -56,7 +56,7 @@ codeserver:
enabled: false
image:
repository: linuxserver/code-server
tag: 4.23.0
tag: 4.23.1
imagePullPolicy: IfNotPresent
env:
TZ: UTC

4
charts/homepage/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: homepage
version: 0.0.10
version: 0.0.13
description: Chart for benphelps homepage
keywords:
- dashboard
@@ -9,4 +9,4 @@ sources:
maintainers:
- name: alexlebens
icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
appVersion: v0.8.11
appVersion: v0.8.12

4
charts/homepage/templates/deployment.yaml
View File

@@ -9,6 +9,10 @@ metadata:
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: homepage
annotations:
{{- with .Values.deployment.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.deployment.replicas }}

2
charts/homepage/templates/middleware.yaml
View File

@@ -1,4 +1,4 @@
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: "authentik-{{ .Release.Name }}"

3
charts/homepage/values.yaml
View File

@@ -1,9 +1,10 @@
deployment:
annotations: {}
replicas: 1
strategy: Recreate
image:
repository: ghcr.io/gethomepage/homepage
tag: v0.8.11
tag: v0.8.12
imagePullPolicy: IfNotPresent
env:
envFrom:

4
charts/matrix-hookshot/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: matrix-hookshot
version: 0.1.0
version: 0.1.1
description: Chart for Matrix Hookshot
keywords:
- matrix
@@ -11,4 +11,4 @@ sources:
maintainers:
- name: alexlebens
icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4
appVersion: "5.2.1"
appVersion: "5.3.0"

32
charts/matrix-hookshot/values.yaml
View File

@@ -3,7 +3,7 @@ deployment:
strategy: Recreate
image:
repository: halfshot/matrix-hookshot
tag: "5.2.1"
tag: "5.3.0"
imagePullPolicy: IfNotPresent
env: {}
envFrom: []
@@ -81,7 +81,7 @@ hookshot:
resources:
- widgets
#github:
# github:
# # (Optional) Configure this to enable GitHub support
# auth:
# # Authentication for the GitHub App.
@@ -104,7 +104,7 @@ hookshot:
# # (Optional) Prefix used when creating ghost users for GitHub accounts.
# _github_
#gitlab:
# gitlab:
# # (Optional) Configure this to enable GitLab support
# instances:
# gitlab.com:
@@ -119,7 +119,7 @@ hookshot:
# # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds)
# 5000
#figma:
# figma:
# # (Optional) Configure this to enable Figma support
# publicUrl: https://example.com/hookshot/
# instances:
@@ -128,7 +128,7 @@ hookshot:
# accessToken: your-personal-access-token
# passcode: your-webhook-passcode
#jira:
# jira:
# # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
# webhook:
# # Webhook settings for JIRA
@@ -139,7 +139,7 @@ hookshot:
# client_secret: bar
# redirect_uri: https://example.com/oauth/
#generic:
# generic:
# # (Optional) Support for generic webhook events.
# #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
@@ -150,23 +150,23 @@ hookshot:
# allowJsTransformationFunctions: false
# waitForComplete: false
#feeds:
# feeds:
# # (Optional) Configure this to enable RSS/Atom feed support
# enabled: false
# pollConcurrency: 4
# pollIntervalSeconds: 600
# pollTimeoutSeconds: 30
#provisioning:
# provisioning:
# # (Optional) Provisioning API for integration managers
# secret: "!secretToken"
#bot:
# bot:
# # (Optional) Define profile information for the bot user
# displayname: Hookshot Bot
# avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
#serviceBots:
# serviceBots:
# # (Optional) Define additional bot users for specific services
# - localpart: feeds
# displayname: Feeds
@@ -174,21 +174,21 @@ hookshot:
# prefix: "!feeds"
# service: feeds
#metrics:
# metrics:
# # (Optional) Prometheus metrics support
# enabled: true
#cache:
# cache:
# # (Optional) Cache options for large scale deployments.
# # For encryption to work, this must be configured.
# redisUri: redis://localhost:6379
#queue:
# queue:
# # (Optional) Message queue configuration options for large scale deployments.
# # For encryption to work, this must not be configured.
# redisUri: redis://localhost:6379
#widgets:
# widgets:
# # (Optional) EXPERIMENTAL support for complimentary widgets
# addToAdminRooms: false
# disallowedIpRanges:
@@ -217,12 +217,12 @@ hookshot:
# branding:
# widgetTitle: Hookshot Configuration
#sentry:
# sentry:
# # (Optional) Configure Sentry error reporting
# dsn: https://examplePublicKey@o0.ingest.sentry.io/0
# environment: production
#permissions:
# permissions:
# # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
# - actor: example.com
# services:

4
charts/mautrix-whatsapp/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: mautrix-whatsapp
version: 0.0.2
version: 0.0.3
description: Chart for Matrix Whatsapp Bridge
keywords:
- matrix
@@ -12,4 +12,4 @@ sources:
maintainers:
- name: alexlebens
icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4
appVersion: v0.10.6
appVersion: v0.10.7

4
charts/mautrix-whatsapp/values.yaml
View File

@@ -3,7 +3,7 @@ deployment:
strategy: Recreate
image:
repository: dock.mau.dev/mautrix/whatsapp
tag: v0.10.6
tag: v0.10.7
imagePullPolicy: IfNotPresent
env: {}
envFrom: []
@@ -45,11 +45,9 @@ persistence:
accessMode: ReadWriteOnce
size: 500Mi
# Reference the following for examples
# https://github.com/mautrix/whatsapp/blob/main/example-config.yaml
mautrixWhatsapp:
# config.yml contents
existingSecret: ""
config:

15
charts/mysql-cluster/Chart.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v2
name: mysql-cluster
version: 0.1.1
description: Chart for a mysql cluster
keywords:
- database
- mysql
sources:
- https://dev.mysql.com/
- https://github.com/mysql/mysql-operator
- https://github.com/mysql/mysql-operator/tree/trunk/helm/mysql-innodbcluster
maintainers:
- name: alexlebens
icon: https://avatars.githubusercontent.com/u/2452804?s=48&v=4
appVersion: 8.3.0-2.1.2

17
charts/mysql-cluster/README.md Normal file
View File

@@ -0,0 +1,17 @@
## Introduction
[MySQL Operator](https://dev.mysql.com/doc/mysql-operator/en/)
MySQL Operator for Kubernetes manages MySQL InnoDB Cluster setups inside a Kubernetes Cluster. MySQL Operator for Kubernetes manages the full lifecycle with setup and maintenance including automating upgrades and backups.
This chart bootstraps a [MySQL InnoDB](https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-innodbcluster.html) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes
- Helm
- MySQL Operator
## Parameters
See the [values files](values.yaml).

72
charts/mysql-cluster/templates/_backup.tpl Normal file
View File

@@ -0,0 +1,72 @@
{{- define "cluster.backup" -}}
{{- if and .Values.backup.enabled .Values.backup.profiles }}
backupProfiles:
{{- $isDumpInstance := false }}
{{- $isSnapshot := false }}
{{- range $_, $profile := .Values.backup.profiles }}
- name: {{ $profile.name | quote }}
{{- if hasKey $profile "podAnnotations" }}
podAnnotations:
{{ toYaml $profile.podAnnotations | nindent 6 }}
{{- end }}
{{- if hasKey $profile "podLabels" }}
podLabels:
{{ toYaml $profile.podLabels | nindent 6 }}
{{- end }}
{{- $isDumpInstance = hasKey $profile "dumpInstance" }}
{{- $isSnapshot = hasKey $profile "snapshot" }}
{{- if or $isDumpInstance $isSnapshot }}
{{- $backupProfile := ternary $profile.dumpInstance $profile.snapshot $isDumpInstance }}
{{- if $isDumpInstance }}
dumpInstance:
{{- else if $isSnapshot }}
snapshot:
{{- else }}
{{- fail "Unsupported or unspecified backup type, must be either snapshot or dumpInstance" }}
{{ end }}
{{- if not (hasKey $backupProfile "storage") }}
{{- fail "backup profile $profile.name has no storage section" }}
{{- else if hasKey $backupProfile.storage "s3" }}
storage:
s3:
{{- if $backupProfile.storage.s3.prefix }}
prefix: {{ $backupProfile.storage.s3.prefix }}
{{- end }}
bucketName: {{ required "bucketName is required" $backupProfile.storage.s3.bucketName }}
config: {{ required "config is required" $backupProfile.storage.s3.config }}
{{- if $backupProfile.storage.s3.profile }}
profile: {{ $backupProfile.storage.s3.profile }}
{{- end }}
{{- if $backupProfile.storage.s3.endpoint }}
endpoint: {{ $backupProfile.storage.s3.endpoint }}
{{- end }}
{{- else if hasKey $backupProfile.storage "persistentVolumeClaim" }}
storage:
persistentVolumeClaim: {{ toYaml $backupProfile.storage.persistentVolumeClaim | nindent 12}}
{{- else -}}
{{- fail "Backup profile $profile.name has empty storage section - neither s3 nor persistentVolumeClaim defined" }}
{{- end -}}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.backup.schedules }}
backupSchedules:
{{- range $_, $schedule := .Values.backup.schedules }}
- name: {{ $schedule.name | quote }}
enabled: {{ $schedule.enabled }}
schedule: {{ quote $schedule.schedule }}
{{- if ($schedule).timeZone }}
timeZone: {{ quote $schedule.timeZone }}
{{- end }}
deleteBackupData: {{ $schedule.deleteBackupData }}
backupProfileName: {{ $schedule.backupProfileName }}
{{- end }}
{{- end }}
{{- end }}

64
charts/mysql-cluster/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,64 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cluster.name" -}}
{{- if .Values.global.nameOverride }}
{{- .Values.global.nameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-mysql-%s" .Release.Name ((semver .Values.cluster.image.version).Major | toString) | trunc 63 | trimSuffix "-" -}}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cluster.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Check for invalid versions
*/}}
{{- $minimalVersion := "8.0.27" }}
{{- $forbiddenVersions := list "8.0.29" }}
{{- $serverVersion := .Values.serverVersion | default .Chart.AppVersion }}
{{- if lt $serverVersion $minimalVersion }}
{{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above" $serverVersion $minimalVersion }}
{{- fail $err }}
{{- end }}
{{- if has $serverVersion $forbiddenVersions }}
{{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above except %v" $serverVersion $minimalVersion $forbiddenVersions }}
{{- fail $err }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cluster.labels" -}}
helm.sh/chart: {{ include "cluster.chart" . }}
{{ include "cluster.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cluster.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cluster.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: cloudnative-pg
{{- end }}
{{/*
Create the name of the service account to use.
*/}}
{{- define "mysql.serviceAccountName" -}}
{{- if .Values.serviceAccount.enabled -}}
{{ default (include "cluster.name" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

47
charts/mysql-cluster/templates/_init.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{- define "cluster.init" -}}
{{- if eq .Values.mode "clone" }}
{{- with .Values.clone }}
initDB:
clone:
donorUrl: {{ required "clone donorUrl is required" .donorUrl }}
rootUser: {{ .rootUser | default "root" }}
secretKeyRef:
name: {{ required "clone credentials is required" .exisitingCredentialsSecret }}
{{- end }}
{{- end }}
{{- if eq .Values.mode "recovery" }}
{{- with .Values.recovery }}
initDB:
dump:
{{- if .name }}
name: {{ .name | quote }}
{{- end }}
{{- if .path }}
path: {{ .path | quote }}
{{- end }}
{{- if .options }}
options: {{ toYaml .options | nindent 8 }}
{{- end }}
storage:
{{- if eq .type "s3" }}
s3:
prefix: {{ required "s3 prefix is required" .s3.prefix }}
bucketName: {{ required "s3 bucketName is required" .s3.bucketName }}
config: {{ required "s3 config is required" .s3.config }}
{{- if .s3.profile }}
profile: {{ .s3.profile }}
{{- end }}
{{- if .s3.endpoint }}
endpoint: {{ .s3.endpoint }}
{{- end }}
{{- end }}
{{- if eq .type "pvc" }}
persistentVolumeClaim:
{{ toYaml .persistentVolumeClaim | nindent 10}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

75
charts/mysql-cluster/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,75 @@
apiVersion: mysql.oracle.com/v2
kind: InnoDBCluster
metadata:
name: {{ include "cluster.name" . }}-cluster
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "cluster.labels" . | nindent 4 }}
{{- include "cluster.selectorLabels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
instances: {{ required "serverInstances is required" .Values.cluster.serverInstances }}
baseServerId: {{ required "baseServerId is required" .Values.cluster.baseServerId }}
serviceAccountName: {{ include "mysql.serviceAccountName" . }}
imagePullPolicy : {{ .Values.cluster.image.pullPolicy }}
version: {{ .Values.cluster.image.version }}
tlsUseSelfSigned: true
secretName: {{ .Values.cluster.exisitingCredentialsSecret }}
podSpec:
{{- with .Values.cluster.podSpec }}
{{ toYaml . | nindent 4 }}
{{- end }}
podAnnotations:
{{- with .Values.cluster.podAnnotations }}
{{ toYaml . | nindent 4 }}
{{- end }}
podLabels:
{{- with .Values.cluster.podLabels }}
{{ toYaml . | nindent 4 }}
{{- end }}
router:
instances: {{ required "router.instances is required" .Values.cluster.router.instances }}
podSpec:
{{- with .Values.cluster.router.podSpec }}
{{- toYaml . | nindent 6 }}
{{- end }}
podAnnotations:
{{- with .Values.cluster.router.podAnnotations }}
{{- toYaml . | nindent 6 }}
{{- end }}
podLabels:
{{- with .Values.cluster.router.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
tlsSecretName: {{ include "cluster.name" . }}-router-tls
logs:
{{- with .Values.cluster.logs }}
{{ toYaml . | nindent 4 }}
{{- end }}
mycnf: |
{{ .Values.cluster.serverConfig.mycnf | indent 4 }}
{{- if .Values.cluster.datadirVolumeClaimTemplate }}
{{- with .Values.cluster.datadirVolumeClaimTemplate }}
datadirVolumeClaimTemplate:
{{- if .storageClassName }}
storageClassName: {{ .storageClassName | quote }}
{{- end}}
{{- if .accessModes }}
accessModes: [ "{{ .accessModes }}" ]
{{- end }}
{{- if .size }}
resources:
requests:
storage: "{{ .size }}"
{{- end }}
{{- end }}
{{- end }}
{{ include "cluster.init" . | nindent 2 }}
{{ include "cluster.backup" . | nindent 2 }}

21
charts/mysql-cluster/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "mysql.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cluster.labels" . | nindent 4 }}
{{- include "cluster.selectorLabels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}

147
charts/mysql-cluster/values.yaml Normal file
View File

@@ -0,0 +1,147 @@
global:
nameOverride:
labels: {}
annotations: {}
serviceAccount:
enabled: true
labels: {}
annotations: {}
name: ""
###
# Cluster mode of operation. Available modes:
# * `standalone` - Default mode. Creates new or updates an existing cluster.
# * `recovery` - Same as standalone but creates a cluster from a backup
# * `clone` - Create database as a replica from another cluster
mode: standalone
##
# Cluster spec
#
# Reference: https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-properties.html#mysql-operator-spec-innodbclusterspecinitdbdumpstorages3
#
cluster:
serverInstances: 1
baseServerId: 1000
# Existing secret that contains the keys "rootUser", "rootHost", and "rootPassword"
exisitingCredentialsSecret: ""
image:
version: 8.3.0-2.1.2
pullPolicy: IfNotPresent
router:
instances: 1
podSpec: {}
podAnnotations: {}
podLabels: {}
logs:
error:
enabled: true
collect: false
general:
enabled: false
collect: false
slowQuery:
enabled: false
longQueryTime: 2.5
serverConfig:
mycnf: |
[mysqld]
core_file
local_infile=off
datadirVolumeClaimTemplate:
storageClassName: ""
accessModes: ""
size: ""
podSpec:
containers:
- name: mysql
resources:
limits:
memory: 1024Mi
cpu: 1000m
requests:
memory: 512Mi
cpu: 100m
podAnnotations: {}
podLabels: {}
##
# Recovery database from storage
#
recovery:
# * `s3` - Restores from s3 object store
# * `pvc` - Restores from persistent volume claim
type:
# -- Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator
name: ""
# -- Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage, S3, or azure.
path: ""
# -- A dictionary of key-value pairs passed directly to MySQL Shell's loadDump()
options: {}
s3:
# -- Path in the bucket where the dump files are stored
prefix: ""
# -- Name of a Secret with S3 configuration and credentials as contained in ~/.aws/config
config: ""
# -- Name of the S3 bucket where the dump is stored
bucketName: ""
# -- Override endpoint URL
endpoint: ""
persistentVolumeClaim: {}
##
# Clone database from another instance
#
clone:
donorUrl: ""
rootUser: root
exisitingCredentialsSecret: ""
##
# Backup database to pvc or s3
#
backup:
enabled: false
profiles:
## -- Example profile that back ups to local pvc
# - name: pvc-backup
# dumpInstance:
# storage:
# persistentVolumeClaim:
# claimName: backup-volume-claim
## -- Example profile that back ups to s3 endpoint
# - name: s3-backup
# snapshot:
# storage:
# s3:
# prefix: ""
# config: ""
# bucketName: ""
# endpoint: ""
schedules:
## -- Example schedule that backups daily
# - name: schedule-daily
# enabled: true
# schedule: "0 0 0 * * *"
# timeZone: "US/Mountain"
# deleteBackupData: false
# backupProfileName:

6
charts/outline/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: outline
version: 0.4.0
version: 0.6.0
description: Chart for Outline wiki
keywords:
- wiki
@@ -14,5 +14,5 @@ icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
dependencies:
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 19.1.0
appVersion: v0.75.2
version: 19.3.1
appVersion: v0.76.1

31
charts/outline/templates/deployment.yaml
View File

@@ -102,41 +102,14 @@ spec:
secretKeyRef:
name: "{{ .Values.persistence.s3.credentialsSecret }}"
key: AWS_SECRET_ACCESS_KEY
{{- if .Values.persistence.s3.endpointConfigMap.enabled }}
- name: AWS_REGION
valueFrom:
configMapKeyRef:
name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
key: BUCKET_REGION
- name: AWS_S3_UPLOAD_BUCKET_NAME
valueFrom:
configMapKeyRef:
name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
key: BUCKET_NAME
- name: AWS_S3_UPLOAD_BUCKET_HOST
valueFrom:
configMapKeyRef:
name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
key: BUCKET_HOST
- name: AWS_S3_UPLOAD_BUCKET_PORT
valueFrom:
configMapKeyRef:
name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
key: BUCKET_PORT
- name: AWS_S3_UPLOAD_BUCKET_URL
value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
- name: AWS_S3_ACCELERATE_URL
value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
{{- else }}
- name: AWS_REGION
value: "{{ .Values.persistence.s3.region }}"
- name: AWS_S3_UPLOAD_BUCKET_NAME
value: "{{ .Values.persistence.s3.bucketName }}"
- name: AWS_S3_UPLOAD_BUCKET_URL
value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
value: "{{ .Values.persistence.s3.bucketUrl }}"
- name: AWS_S3_ACCELERATE_URL
value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
{{- end }}
value: "{{ .Values.persistence.s3.bucketUrl }}"
- name: AWS_S3_FORCE_PATH_STYLE
value: "{{ .Values.persistence.s3.forcePathStyle }}"
- name: AWS_S3_ACL

8
charts/outline/values.yaml
View File

@@ -3,7 +3,7 @@ deployment:
strategy: Recreate
image:
repository: outlinewiki/outline
tag: "0.75.2"
tag: "0.76.1"
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -24,13 +24,9 @@ persistence:
type: s3
s3:
credentialsSecret:
endpointConfigMap:
enabled: false
name:
region:
bucketName:
host:
urlProtocol: http
bucketUrl:
uploadMaxSize: "26214400"
forcePathStyle: false
acl: private

13
charts/penpot/Chart.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v2
name: penpot
version: 0.1.0
description: Chart for Penpot
keywords:
- penpot
- design
sources:
- https://github.com/penpot/penpot
maintainers:
- name: alexlebens
icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4
appVersion: 2.0.1

16
charts/penpot/README.md Normal file
View File

@@ -0,0 +1,16 @@
## Introduction
[Penpot](https://github.com/penpot/penpot)
Penpot is the first Open Source design and prototyping platform meant for cross-domain teams. Non dependent on operating systems, Penpot is web based and works with open standards (SVG). Penpot invites designers all over the world to fall in love with open source while getting developers excited about the design process in return.
This chart bootstraps a [Penpot](https://github.com/penpot/penpot) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes
- Helm
## Parameters
See the [values files](values.yaml).

72
charts/penpot/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,72 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "penpot.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "penpot.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "penpot.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels.
*/}}
{{- define "penpot.labels" -}}
helm.sh/chart: {{ include "penpot.chart" . }}
app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels.
*/}}
{{- define "penpot.frontendSelectorLabels" -}}
app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "penpot.backendSelectorLabels" -}}
app.kubernetes.io/name: {{ include "penpot.name" . }}-backend
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "penpot.exporterSelectorLabels" -}}
app.kubernetes.io/name: {{ include "penpot.name" . }}-exporter
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use.
*/}}
{{- define "penpot.serviceAccountName" -}}
{{- if .Values.serviceAccount.enabled -}}
{{ default (include "penpot.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

129
charts/penpot/templates/config-map.yaml Normal file
View File

@@ -0,0 +1,129 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ include "penpot.fullname" . }}-frontend-nginx"
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
data:
nginx.conf: |
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 2048;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_requests 30;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
reset_timedout_connection on;
client_body_timeout 30s;
client_header_timeout 30s;
include /etc/nginx/mime.types;
default_type application/octet-stream;
error_log /dev/stdout;
access_log /dev/stdout;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_static on;
gzip_comp_level 4;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json;
resolver 127.0.0.11;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
server_name _;
client_max_body_size 100M;
charset utf-8;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
etag off;
root /var/www/app/;
location ~* \.(js|css).*$ {
add_header Cache-Control "max-age=86400" always; # 24 hours
}
location ~* \.(html).*$ {
add_header Cache-Control "no-cache, max-age=0" always;
}
location /api/export {
proxy_pass http://{{ include "penpot.fullname" . }}-exporter:6061;
}
location /api {
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/api;
}
location /ws/notifications {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/ws/notifications;
}
location @handle_redirect {
set $redirect_uri "$upstream_http_location";
set $redirect_host "$upstream_http_x_host";
set $redirect_cache_control "$upstream_http_cache_control";
proxy_buffering off;
proxy_set_header Host "$redirect_host";
proxy_hide_header etag;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_pass $redirect_uri;
add_header x-internal-redirect "$redirect_uri";
add_header x-cache-control "$redirect_cache_control";
add_header cache-control "$redirect_cache_control";
}
location /assets {
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/assets;
recursive_error_pages on;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
location /internal/assets {
internal;
alias /opt/data/assets;
add_header x-internal-redirect "$upstream_http_x_accel_redirect";
}
}
}

378
charts/penpot/templates/deployment-backend.yaml Normal file
View File

@@ -0,0 +1,378 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-backend
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.backend.replicaCount }}
selector:
matchLabels:
{{- include "penpot.backendSelectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "penpot.backendSelectorLabels" . | nindent 8 }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if .Values.backend.podSecurityContext.enabled }}
securityContext:
{{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
topologyKey: "kubernetes.io/hostname"
containers:
- name: {{ .Chart.Name }}-backend
{{ if .Values.backend.containerSecurityContext.enabled }}
securityContext:
{{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
imagePullPolicy: {{ .Values.backend.image.imagePullPolicy }}
volumeMounts:
- mountPath: /opt/data
name: app-data
readOnly: false
env:
- name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }}
- name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
- name: PENPOT_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.config.apiSecretKey.existingSecretName }}
key: {{ .Values.config.apiSecretKey.existingSecretKey }}
- name: PENPOT_DATABASE_URI
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
- name: PENPOT_DATABASE_USERNAME
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
value: {{ .Values.config.postgresql.username | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
{{- end }}
- name: PENPOT_DATABASE_PASSWORD
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
value: {{ .Values.config.postgresql.password | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
{{- end }}
- name: PENPOT_REDIS_URI
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
- name: PENPOT_ASSETS_STORAGE_BACKEND
value: {{ .Values.config.assets.storageBackend | quote }}
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
value: {{ .Values.config.assets.filesystem.directory | quote }}
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
- name: PENPOT_STORAGE_ASSETS_S3_REGION
value: {{ .Values.config.assets.s3.region | quote }}
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: {{ .Values.config.assets.s3.bucket | quote }}
- name: AWS_ACCESS_KEY_ID
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
{{- end }}
- name: AWS_SECRET_ACCESS_KEY
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
{{- end }}
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
value: {{ .Values.config.assets.s3.endpointURI | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
{{- end }}
{{- end }}
- name: PENPOT_TELEMETRY_ENABLED
value: {{ .Values.config.telemetryEnabled | quote }}
{{- if .Values.config.smtp.enabled }}
{{- if .Values.config.smtp.defaultFrom }}
- name: PENPOT_SMTP_DEFAULT_FROM
value: {{ .Values.config.smtp.defaultFrom | quote }}
{{- end }}
{{- if .Values.config.smtp.defaultReplyTo }}
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
{{- end }}
{{- if .Values.config.smtp.host }}
- name: PENPOT_SMTP_HOST
value: {{ .Values.config.smtp.host | quote }}
{{- end }}
{{- if .Values.config.smtp.port }}
- name: PENPOT_SMTP_PORT
value: {{ .Values.config.smtp.port | quote }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
- name: PENPOT_SMTP_USERNAME
value: {{ .Values.config.smtp.username | quote }}
{{- else }}
- name: PENPOT_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
- name: PENPOT_SMTP_PASSWORD
value: {{ .Values.config.smtp.password | quote }}
{{- else }}
- name: PENPOT_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
{{- end }}
{{- if .Values.config.smtp.tls }}
- name: PENPOT_SMTP_TLS
value: {{ .Values.config.smtp.tls | quote }}
{{- end }}
{{- if .Values.config.smtp.ssl }}
- name: PENPOT_SMTP_SSL
value: {{ .Values.config.smtp.ssl | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.registrationDomainWhitelist }}
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.config.registrationDomainWhitelist | quote }}
{{- end }}
{{- if .Values.config.providers.google.enabled }}
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
- name: PENPOT_GOOGLE_CLIENT_ID
value: {{ .Values.config.providers.google.clientID | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
- name: PENPOT_GOOGLE_CLIENT_SECRET
value: {{ .Values.config.providers.google.clientSecret | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.github.enabled }}
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
- name: PENPOT_GITHUB_CLIENT_ID
value: {{ .Values.config.providers.github.clientID | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
- name: PENPOT_GITHUB_CLIENT_SECRET
value: {{ .Values.config.providers.github.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.gitlab.enabled }}
{{- if .Values.config.providers.gitlab.baseURI }}
- name: PENPOT_GITLAB_BASE_URI
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
- name: PENPOT_GITLAB_CLIENT_ID
value: {{ .Values.config.providers.gitlab.clientID | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
- name: PENPOT_GITLAB_CLIENT_SECRET
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.oidc.enabled }}
{{- if .Values.config.providers.oidc.baseURI }}
- name: PENPOT_OIDC_BASE_URI
value: {{ .Values.config.providers.oidc.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
- name: PENPOT_OIDC_CLIENT_ID
value: {{ .Values.config.providers.oidc.clientID | quote}}
{{- else }}
- name: PENPOT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
- name: PENPOT_OIDC_CLIENT_SECRET
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
{{- else }}
- name: PENPOT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
{{- end }}
{{- if .Values.config.providers.oidc.authURI }}
- name: PENPOT_OIDC_AUTH_URI
value: {{ .Values.config.providers.oidc.authURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.tokenURI }}
- name: PENPOT_OIDC_TOKEN_URI
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.userURI }}
- name: PENPOT_OIDC_USER_URI
value: {{ .Values.config.providers.oidc.userURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.roles }}
- name: PENPOT_OIDC_ROLES
value: {{ .Values.config.providers.oidc.roles | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.rolesAttribute }}
- name: PENPOT_OIDC_ROLES_ATTR
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.scopes }}
- name: PENPOT_OIDC_SCOPES
value: {{ .Values.config.providers.oidc.scopes | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.nameAttribute }}
- name: PENPOT_OIDC_NAME_ATTR
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.emailAttribute }}
- name: PENPOT_OIDC_EMAIL_ATTR
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.ldap.enabled }}
{{- if .Values.config.providers.ldap.host }}
- name: PENPOT_LDAP_HOST
value: {{ .Values.config.providers.ldap.host | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.port }}
- name: PENPOT_LDAP_PORT
value: {{ .Values.config.providers.ldap.port | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.ssl }}
- name: PENPOT_LDAP_SSL
value: {{ .Values.config.providers.ldap.ssl | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.startTLS }}
- name: PENPOT_LDAP_STARTTLS
value: {{ .Values.config.providers.ldap.startTLS | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.baseDN }}
- name: PENPOT_LDAP_BASE_DN
value: {{ .Values.config.providers.ldap.baseDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindDN }}
- name: PENPOT_LDAP_BIND_DN
value: {{ .Values.config.providers.ldap.bindDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindPassword }}
- name: PENPOT_LDAP_BIND_PASSWORD
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesUsername }}
- name: PENPOT_LDAP_ATTRS_USERNAME
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesEmail }}
- name: PENPOT_LDAP_ATTRS_EMAIL
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesFullname }}
- name: PENPOT_LDAP_ATTRS_FULLNAME
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesPhoto }}
- name: PENPOT_LDAP_ATTRS_PHOTO
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.backend.service.port }}
protocol: TCP
resources:
{{- toYaml .Values.backend.resources | nindent 12 }}
{{- with .Values.backend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: app-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
{{- else }}
emptyDir: {}
{{- end }}

353
charts/penpot/templates/deployment-exporter.yaml Normal file
View File

@@ -0,0 +1,353 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-exporter
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.exporter.replicaCount }}
selector:
matchLabels:
{{- include "penpot.exporterSelectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "penpot.exporterSelectorLabels" . | nindent 8 }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
{{ if .Values.exporter.podSecurityContext.enabled }}
securityContext:
{{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-exporter
{{ if .Values.exporter.containerSecurityContext.enabled }}
securityContext:
{{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}"
imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }}
env:
- name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }}
- name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
- name: PENPOT_SECRET_KEY
value: {{ .Values.config.apiSecretKey | quote }}
- name: PENPOT_DATABASE_URI
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
- name: PENPOT_DATABASE_USERNAME
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
value: {{ .Values.config.postgresql.username | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
{{- end }}
- name: PENPOT_DATABASE_PASSWORD
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
value: {{ .Values.config.postgresql.password | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
{{- end }}
- name: PENPOT_REDIS_URI
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
- name: PENPOT_ASSETS_STORAGE_BACKEND
value: {{ .Values.config.assets.storageBackend | quote }}
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
value: {{ .Values.config.assets.filesystem.directory | quote }}
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
- name: PENPOT_STORAGE_ASSETS_S3_REGION
value: {{ .Values.config.assets.s3.region | quote }}
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: {{ .Values.config.assets.s3.bucket | quote }}
- name: AWS_ACCESS_KEY_ID
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
{{- end }}
- name: AWS_SECRET_ACCESS_KEY
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
{{- end }}
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
value: {{ .Values.config.assets.s3.endpointURI | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
{{- end }}
{{- end }}
- name: PENPOT_TELEMETRY_ENABLED
value: {{ .Values.config.telemetryEnabled | quote }}
{{- if .Values.config.smtp.enabled }}
{{- if .Values.config.smtp.defaultFrom }}
- name: PENPOT_SMTP_DEFAULT_FROM
value: {{ .Values.config.smtp.defaultFrom | quote }}
{{- end }}
{{- if .Values.config.smtp.defaultReplyTo }}
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
{{- end }}
{{- if .Values.config.smtp.host }}
- name: PENPOT_SMTP_HOST
value: {{ .Values.config.smtp.host | quote }}
{{- end }}
{{- if .Values.config.smtp.port }}
- name: PENPOT_SMTP_PORT
value: {{ .Values.config.smtp.port | quote }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
- name: PENPOT_SMTP_USERNAME
value: {{ .Values.config.smtp.username | quote }}
{{- else }}
- name: PENPOT_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
- name: PENPOT_SMTP_PASSWORD
value: {{ .Values.config.smtp.password | quote }}
{{- else }}
- name: PENPOT_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
{{- end }}
{{- if .Values.config.smtp.tls }}
- name: PENPOT_SMTP_TLS
value: {{ .Values.config.smtp.tls | quote }}
{{- end }}
{{- if .Values.config.smtp.ssl }}
- name: PENPOT_SMTP_SSL
value: {{ .Values.config.smtp.ssl | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.registrationDomainWhitelist }}
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.config.registrationDomainWhitelist | quote }}
{{- end }}
{{- if .Values.config.providers.google.enabled }}
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
- name: PENPOT_GOOGLE_CLIENT_ID
value: {{ .Values.config.providers.google.clientID | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
- name: PENPOT_GOOGLE_CLIENT_SECRET
value: {{ .Values.config.providers.google.clientSecret | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.github.enabled }}
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
- name: PENPOT_GITHUB_CLIENT_ID
value: {{ .Values.config.providers.github.clientID | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
- name: PENPOT_GITHUB_CLIENT_SECRET
value: {{ .Values.config.providers.github.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.gitlab.enabled }}
{{- if .Values.config.providers.gitlab.baseURI }}
- name: PENPOT_GITLAB_BASE_URI
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
- name: PENPOT_GITLAB_CLIENT_ID
value: {{ .Values.config.providers.gitlab.clientID | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
- name: PENPOT_GITLAB_CLIENT_SECRET
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.oidc.enabled }}
{{- if .Values.config.providers.oidc.baseURI }}
- name: PENPOT_OIDC_BASE_URI
value: {{ .Values.config.providers.oidc.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
- name: PENPOT_OIDC_CLIENT_ID
value: {{ .Values.config.providers.oidc.clientID | quote}}
{{- else }}
- name: PENPOT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
- name: PENPOT_OIDC_CLIENT_SECRET
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
{{- else }}
- name: PENPOT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
{{- end }}
{{- if .Values.config.providers.oidc.authURI }}
- name: PENPOT_OIDC_AUTH_URI
value: {{ .Values.config.providers.oidc.authURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.tokenURI }}
- name: PENPOT_OIDC_TOKEN_URI
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.userURI }}
- name: PENPOT_OIDC_USER_URI
value: {{ .Values.config.providers.oidc.userURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.roles }}
- name: PENPOT_OIDC_ROLES
value: {{ .Values.config.providers.oidc.roles | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.rolesAttribute }}
- name: PENPOT_OIDC_ROLES_ATTR
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.scopes }}
- name: PENPOT_OIDC_SCOPES
value: {{ .Values.config.providers.oidc.scopes | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.nameAttribute }}
- name: PENPOT_OIDC_NAME_ATTR
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.emailAttribute }}
- name: PENPOT_OIDC_EMAIL_ATTR
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.ldap.enabled }}
{{- if .Values.config.providers.ldap.host }}
- name: PENPOT_LDAP_HOST
value: {{ .Values.config.providers.ldap.host | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.port }}
- name: PENPOT_LDAP_PORT
value: {{ .Values.config.providers.ldap.port | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.ssl }}
- name: PENPOT_LDAP_SSL
value: {{ .Values.config.providers.ldap.ssl | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.startTLS }}
- name: PENPOT_LDAP_STARTTLS
value: {{ .Values.config.providers.ldap.startTLS | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.baseDN }}
- name: PENPOT_LDAP_BASE_DN
value: {{ .Values.config.providers.ldap.baseDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindDN }}
- name: PENPOT_LDAP_BIND_DN
value: {{ .Values.config.providers.ldap.bindDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindPassword }}
- name: PENPOT_LDAP_BIND_PASSWORD
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesUsername }}
- name: PENPOT_LDAP_ATTRS_USERNAME
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesEmail }}
- name: PENPOT_LDAP_ATTRS_EMAIL
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesFullname }}
- name: PENPOT_LDAP_ATTRS_FULLNAME
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesPhoto }}
- name: PENPOT_LDAP_ATTRS_PHOTO
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.exporter.service.port }}
protocol: TCP
resources:
{{- toYaml .Values.exporter.resources | nindent 12 }}
{{- with .Values.exporter.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.exporter.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.exporter.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

375
charts/penpot/templates/deployment-frontend.yaml Normal file
View File

@@ -0,0 +1,375 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-frontend
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.frontend.replicaCount }}
selector:
matchLabels:
{{- include "penpot.frontendSelectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "penpot.frontendSelectorLabels" . | nindent 8 }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
topologyKey: "kubernetes.io/hostname"
containers:
- name: {{ .Chart.Name }}-frontend
image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
imagePullPolicy: {{ .Values.frontend.image.imagePullPolicy }}
env:
- name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }}
- name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
- name: PENPOT_SECRET_KEY
value: {{ .Values.config.apiSecretKey | quote }}
- name: PENPOT_DATABASE_URI
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
- name: PENPOT_DATABASE_USERNAME
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
value: {{ .Values.config.postgresql.username | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
{{- end }}
- name: PENPOT_DATABASE_PASSWORD
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
value: {{ .Values.config.postgresql.password | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
{{- end }}
- name: PENPOT_REDIS_URI
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
- name: PENPOT_ASSETS_STORAGE_BACKEND
value: {{ .Values.config.assets.storageBackend | quote }}
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
value: {{ .Values.config.assets.filesystem.directory | quote }}
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
- name: PENPOT_STORAGE_ASSETS_S3_REGION
value: {{ .Values.config.assets.s3.region | quote }}
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: {{ .Values.config.assets.s3.bucket | quote }}
- name: AWS_ACCESS_KEY_ID
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
{{- end }}
- name: AWS_SECRET_ACCESS_KEY
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
{{- end }}
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
value: {{ .Values.config.assets.s3.endpointURI | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
{{- end }}
{{- end }}
- name: PENPOT_TELEMETRY_ENABLED
value: {{ .Values.config.telemetryEnabled | quote }}
{{- if .Values.config.smtp.enabled }}
{{- if .Values.config.smtp.defaultFrom }}
- name: PENPOT_SMTP_DEFAULT_FROM
value: {{ .Values.config.smtp.defaultFrom | quote }}
{{- end }}
{{- if .Values.config.smtp.defaultReplyTo }}
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
{{- end }}
{{- if .Values.config.smtp.host }}
- name: PENPOT_SMTP_HOST
value: {{ .Values.config.smtp.host | quote }}
{{- end }}
{{- if .Values.config.smtp.port }}
- name: PENPOT_SMTP_PORT
value: {{ .Values.config.smtp.port | quote }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
- name: PENPOT_SMTP_USERNAME
value: {{ .Values.config.smtp.username | quote }}
{{- else }}
- name: PENPOT_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
- name: PENPOT_SMTP_PASSWORD
value: {{ .Values.config.smtp.password | quote }}
{{- else }}
- name: PENPOT_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
{{- end }}
{{- if .Values.config.smtp.tls }}
- name: PENPOT_SMTP_TLS
value: {{ .Values.config.smtp.tls | quote }}
{{- end }}
{{- if .Values.config.smtp.ssl }}
- name: PENPOT_SMTP_SSL
value: {{ .Values.config.smtp.ssl | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.registrationDomainWhitelist }}
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.config.registrationDomainWhitelist | quote }}
{{- end }}
{{- if .Values.config.providers.google.enabled }}
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
- name: PENPOT_GOOGLE_CLIENT_ID
value: {{ .Values.config.providers.google.clientID | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
- name: PENPOT_GOOGLE_CLIENT_SECRET
value: {{ .Values.config.providers.google.clientSecret | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.github.enabled }}
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
- name: PENPOT_GITHUB_CLIENT_ID
value: {{ .Values.config.providers.github.clientID | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
- name: PENPOT_GITHUB_CLIENT_SECRET
value: {{ .Values.config.providers.github.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.gitlab.enabled }}
{{- if .Values.config.providers.gitlab.baseURI }}
- name: PENPOT_GITLAB_BASE_URI
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
- name: PENPOT_GITLAB_CLIENT_ID
value: {{ .Values.config.providers.gitlab.clientID | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
- name: PENPOT_GITLAB_CLIENT_SECRET
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.oidc.enabled }}
{{- if .Values.config.providers.oidc.baseURI }}
- name: PENPOT_OIDC_BASE_URI
value: {{ .Values.config.providers.oidc.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
- name: PENPOT_OIDC_CLIENT_ID
value: {{ .Values.config.providers.oidc.clientID | quote}}
{{- else }}
- name: PENPOT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
- name: PENPOT_OIDC_CLIENT_SECRET
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
{{- else }}
- name: PENPOT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
{{- end }}
{{- if .Values.config.providers.oidc.authURI }}
- name: PENPOT_OIDC_AUTH_URI
value: {{ .Values.config.providers.oidc.authURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.tokenURI }}
- name: PENPOT_OIDC_TOKEN_URI
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.userURI }}
- name: PENPOT_OIDC_USER_URI
value: {{ .Values.config.providers.oidc.userURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.roles }}
- name: PENPOT_OIDC_ROLES
value: {{ .Values.config.providers.oidc.roles | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.rolesAttribute }}
- name: PENPOT_OIDC_ROLES_ATTR
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.scopes }}
- name: PENPOT_OIDC_SCOPES
value: {{ .Values.config.providers.oidc.scopes | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.nameAttribute }}
- name: PENPOT_OIDC_NAME_ATTR
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.emailAttribute }}
- name: PENPOT_OIDC_EMAIL_ATTR
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.ldap.enabled }}
{{- if .Values.config.providers.ldap.host }}
- name: PENPOT_LDAP_HOST
value: {{ .Values.config.providers.ldap.host | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.port }}
- name: PENPOT_LDAP_PORT
value: {{ .Values.config.providers.ldap.port | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.ssl }}
- name: PENPOT_LDAP_SSL
value: {{ .Values.config.providers.ldap.ssl | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.startTLS }}
- name: PENPOT_LDAP_STARTTLS
value: {{ .Values.config.providers.ldap.startTLS | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.baseDN }}
- name: PENPOT_LDAP_BASE_DN
value: {{ .Values.config.providers.ldap.baseDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindDN }}
- name: PENPOT_LDAP_BIND_DN
value: {{ .Values.config.providers.ldap.bindDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindPassword }}
- name: PENPOT_LDAP_BIND_PASSWORD
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesUsername }}
- name: PENPOT_LDAP_ATTRS_USERNAME
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesEmail }}
- name: PENPOT_LDAP_ATTRS_EMAIL
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesFullname }}
- name: PENPOT_LDAP_ATTRS_FULLNAME
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesPhoto }}
- name: PENPOT_LDAP_ATTRS_PHOTO
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
{{- end }}
{{- end }}
volumeMounts:
- mountPath: /opt/data
name: app-data
readOnly: false
- mountPath: /etc/nginx/nginx.conf
name: "{{ include "penpot.fullname" . }}-frontend-nginx"
readOnly: true
subPath: nginx.conf
ports:
- name: http
containerPort: {{ .Values.frontend.service.port }}
protocol: TCP
resources:
{{- toYaml .Values.frontend.resources | nindent 12 }}
{{- with .Values.frontend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.frontend.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.frontend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: app-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
{{- else }}
emptyDir: {}
{{- end }}
- configMap:
defaultMode: 420
name: "{{ include "penpot.fullname" . }}-frontend-nginx"
name: "{{ include "penpot.fullname" . }}-frontend-nginx"

53
charts/penpot/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if .Values.ingress.enabled -}}
{{- $gitVersion := .Capabilities.KubeVersion.GitVersion -}}
{{- $fullName := include "penpot.fullname" . -}}
{{- $svcPort := .Values.frontend.service.port -}}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{ if semverCompare ">=1.19-0" $gitVersion }}
- path: /
pathType: Prefix
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{ else }}
- path: /
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

24
charts/penpot/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "penpot.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end -}}

13
charts/penpot/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.enabled -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "penpot.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

52
charts/penpot/templates/service.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}-backend
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
type: {{ .Values.backend.service.type }}
ports:
- port: {{ .Values.backend.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "penpot.backendSelectorLabels" . | nindent 4 }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}-exporter
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
type: {{ .Values.exporter.service.type }}
ports:
- port: {{ .Values.exporter.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "penpot.exporterSelectorLabels" . | nindent 4 }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
type: {{ .Values.frontend.service.type }}
ports:
- port: {{ .Values.frontend.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "penpot.frontendSelectorLabels" . | nindent 4 }}

468
charts/penpot/values.yaml Normal file
View File

@@ -0,0 +1,468 @@
## Default values for Penpot
## @section Global parameters
## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
## @param global.imagePullSecrets Global Docker registry secret names as an array.
##
global:
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
## @section Common parameters
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created.
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
##
serviceAccount:
enabled: true
annotations: {}
name: ""
## @section Backend parameters
## Penpot Backend
##
backend:
## @param backend.image.repository The Docker repository to pull the image from.
## @param backend.image.tag The image tag to use.
## @param backend.image.imagePullPolicy The image pull policy to use.
##
image:
repository: penpotapp/backend
tag: 2.0.1
imagePullPolicy: IfNotPresent
## @param backend.replicaCount The number of replicas to deploy.
##
replicaCount: 1
## @param backend.service.type The service type to create.
## @param backend.service.port The service port to use.
##
service:
type: ClusterIP
port: 6060
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context
## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context
## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
## @param backend.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param backend.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param backend.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot backend resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param backend.resources.limits The resources limits for the Penpot backend containers
## @param backend.resources.requests The requested resources for the Penpot backend containers
##
resources:
limits: {}
requests: {}
## @section Frontend parameters
## Penpot Frontend
##
frontend:
## @param frontend.image.repository The Docker repository to pull the image from.
## @param frontend.image.tag The image tag to use.
## @param frontend.image.imagePullPolicy The image pull policy to use.
##
image:
repository: penpotapp/frontend
tag: 2.0.1
imagePullPolicy: IfNotPresent
## @param frontend.replicaCount The number of replicas to deploy.
##
replicaCount: 1
## @param frontend.service.type The service type to create.
## @param frontend.service.port The service port to use.
##
service:
type: ClusterIP
port: 80
## @param frontend.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param frontend.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param frontend.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot frontend resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param frontend.resources.limits The resources limits for the Penpot frontend containers
## @param frontend.resources.requests The requested resources for the Penpot frontend containers
##
resources:
limits: {}
requests: {}
## @section Exporter parameters
## Penpot Exporter
##
exporter:
## @param exporter.image.repository The Docker repository to pull the image from.
## @param exporter.image.tag The image tag to use.
## @param exporter.image.imagePullPolicy The image pull policy to use.
##
image:
repository: penpotapp/exporter
tag: 2.0.1
imagePullPolicy: IfNotPresent
## @param exporter.replicaCount The number of replicas to deploy.
##
replicaCount: 1
## @param exporter.service.type The service type to create.
## @param exporter.service.port The service port to use.
##
service:
type: ClusterIP
port: 6061
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context
## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context
## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
## @param exporter.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param exporter.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param exporter.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param exporter.resources.limits The resources limits for the Penpot exporter containers
## @param exporter.resources.requests The requested resources for the Penpot exporter containers
##
resources:
limits: {}
requests: {}
## @section Ingress parameters
## @param frontend.ingress.enabled Enable ingress record generation for Penpot frontend.
## @param frontend.ingress.annotations Mapped annotations for the frontend ingress.
## @param frontend.ingress.hosts Array style hosts for the frontend ingress.
## @param frontend.ingress.tls Array style TLS secrets for the frontend ingress.
##
ingress:
enabled: false
## E.g.
## annotations:
## kubernetes.io/ingress.class: nginx
## kubernetes.io/tls-acme: "true"
##
annotations:
{}
## E.g.
## hosts:
## - host: penpot-example.local
hosts: []
## E.g.
## - secretName: chart-example-tls
## hosts:
## - chart-example.local
tls: []
## @section Persistence parameters
## Penpot persistence
##
persistence:
## @param persistence.enabled Enable persistence using Persistent Volume Claims.
##
enabled: false
## @param persistence.storageClass Persistent Volume storage class.
## If defined, storageClassName: <storageClass>.
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
##
storageClass: ""
## @param persistence.size Persistent Volume size.
##
size: 8Gi
## @param persistence.existingClaim The name of an existing PVC to use for persistence.
##
existingClaim: ""
## @param persistence.accessModes Persistent Volume access modes.
##
accessModes:
- ReadWriteOnce
## @param persistence.annotations Persistent Volume Claim annotations.
##
annotations: {}
## @section Configuration parameters
## Penpot configuration
##
config:
## @param config.publicURI The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `openssl rand -hex 16` for example.
##
publicURI: "http://localhost:8080"
flags: "enable-registration enable-login disable-demo-users disable-demo-warning"
apiSecretKey:
existingSecretName: ""
existingSecretKey: ""
## @param config.postgresql.host The PostgreSQL host to connect to.
## @param config.postgresql.port The PostgreSQL host port to use.
## @param config.postgresql.database The PostgreSQL database to use.
## @param config.postgresql.username The database username to use.
## @param config.postgresql.password The database username to use.
## @param config.postgresql.existingSecret The name of an existing secret.
## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret.
## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret.
##
postgresql:
host: "postgresql.penpot.svc.cluster.local"
port: 5432
username: ""
password: ""
database: ""
existingSecret: ""
secretKeys:
usernameKey: ""
passwordKey: ""
## @param config.redis.host The Redis host to connect to.
## @param config.redis.port The Redis host port to use.
## @param config.redis.database The Redis database to connect to.
##
redis:
host: "redis-headless.penpot.svc.cluster.local"
port: 6379
database: "0"
## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend.
## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend.
## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend.
## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend.
## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend.
## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend.
## @param config.assets.s3.existingSecret The name of an existing secret.
## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret.
## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret.
## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret.
##
assets:
storageBackend: "assets-fs"
filesystem:
directory: "/opt/data/assets"
s3:
accessKeyID: ""
secretAccessKey: ""
region: ""
bucket: ""
endpointURI: ""
existingSecret: ""
secretKeys:
accessKeyIDKey: ""
secretAccessKey: ""
endpointURIKey: ""
## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data.
##
telemetryEnabled: true
## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
## @param config.smtp.defaultFrom The SMTP default email to send from.
## @param config.smtp.defaultReplyTo The SMTP default email to reply to.
## @param config.smtp.host The SMTP host to use.
## @param config.smtp.port The SMTP host port to use.
## @param config.smtp.username The SMTP username to use.
## @param config.smtp.password The SMTP password to use.
## @param config.smtp.tls Whether to use TLS for the SMTP connection.
## @param config.smtp.ssl Whether to use SSL for the SMTP connection.
## @param config.smtp.existingSecret The name of an existing secret.
## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret.
## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret.
##
smtp:
enabled: false
defaultFrom: ""
defaultReplyTo: ""
host: ""
port: ""
username: ""
password: ""
tls: true
ssl: false
existingSecret: ""
secretKeys:
usernameKey: ""
passwordKey: ""
## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains.
##
registrationDomainWhitelist: ""
## Penpot Authentication providers parameters
##
providers:
## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
##
google:
enabled: false
clientID: ""
clientSecret: ""
## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
## @param config.providers.github.clientID The GitHub client ID to use.
## @param config.providers.github.clientSecret The GitHub client secret to use.
##
github:
enabled: false
clientID: ""
clientSecret: ""
## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
## @param config.providers.gitlab.baseURI The GitLab base URI to use.
## @param config.providers.gitlab.clientID The GitLab client ID to use.
## @param config.providers.gitlab.clientSecret The GitLab client secret to use.
##
gitlab:
enabled: false
baseURI: "https://gitlab.com"
clientID: ""
clientSecret: ""
## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
## @param config.providers.oidc.baseURI The OpenID Connect base URI to use.
## @param config.providers.oidc.clientID The OpenID Connect client ID to use.
## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use.
## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided.
## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided.
## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided.
## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
##
oidc:
enabled: false
baseURI: ""
clientID: ""
clientSecret: ""
authURI: ""
tokenURI: ""
userURI: ""
roles: "role1 role2"
rolesAttribute: ""
scopes: "scope1 scope2"
nameAttribute: ""
emailAttribute: ""
## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
## @param config.providers.ldap.host The LDAP host to use.
## @param config.providers.ldap.port The LDAP port to use.
## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection.
## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection.
## @param config.providers.ldap.baseDN The LDAP base DN to use.
## @param config.providers.ldap.bindDN The LDAP bind DN to use.
## @param config.providers.ldap.bindPassword The LDAP bind password to use.
## @param config.providers.ldap.attributesUsername The LDAP attributes username to use.
## @param config.providers.ldap.attributesEmail The LDAP attributes email to use.
## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use.
## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use.
##
ldap:
enabled: false
host: "ldap"
port: 10389
ssl: false
startTLS: false
baseDN: "ou=people,dc=planetexpress,dc=com"
bindDN: "cn=admin,dc=planetexpress,dc=com"
bindPassword: "GoodNewsEveryone"
attributesUsername: "uid"
attributesEmail: "mail"
attributesFullname: "cn"
attributesPhoto: "jpegPhoto"
## @param config.providers.existingSecret The name of an existing secret to use.
## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret.
## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret.
## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret.
## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret.
## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret.
## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret.
## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret.
## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret.
##
existingSecret: ""
secretKeys:
googleClientIDKey: ""
googleClientSecretKey: ""
githubClientIDKey: ""
githubClientSecretKey: ""
gitlabClientIDKey: ""
gitlabClientSecretKey: ""
oidcClientIDKey: ""
oidcClientSecretKey: ""

2
charts/postgres-cluster/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: postgres-cluster
version: 2.0.0
version: 2.5.0
description: Chart for cloudnative-pg cluster
keywords:
- database

2
charts/postgres-cluster/templates/_backup.tpl
View File

@@ -3,7 +3,7 @@
backup:
retentionPolicy: {{ .Values.backup.retentionPolicy }}
barmanObjectStore:
destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.name" . }}"
destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/{{ include "cluster.backupName" . }}"
endpointURL: {{ .Values.backup.endpointURL }}
{{- if .Values.backup.endpointCA }}
endpointCA:

15
charts/postgres-cluster/templates/_bootstrap.tpl
View File

@@ -26,20 +26,20 @@ bootstrap:
import:
type: {{ .Values.replica.importType }}
databases:
{{- if and (len .Values.replica.importDatabases gt 1) (.Values.replica.importType eq "microservice") }}
{{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
{{ fail "Too many databases in import type of microservice!" }}
{{- else}}
{{- with .Values.replica.importDatabases }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.replica.importType eq "monolith" }}
{{- if eq .Values.replica.importType "monolith" }}
roles:
{{- with .Values.replica.importRoles }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- if and (.Values.replica.postImportApplicationSQL) (.Values.replica.importType eq "microservice") }}
{{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
postImportApplicationSQL:
{{- with .Values.replica.postImportApplicationSQL }}
{{- . | toYaml | nindent 8 }}
@@ -58,19 +58,18 @@ externalClusters:
recoveryTarget:
targetTime: {{ . }}
{{- end }}
source: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
source: {{ include "cluster.recoveryServerName" . }}
externalClusters:
- name: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
- name: {{ include "cluster.recoveryServerName" . }}
barmanObjectStore:
serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Values.recovery.recoveryName }}"
serverName: {{ include "cluster.recoveryServerName" . }}
destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.recoveryInstanceName" . }}"
endpointURL: {{ .Values.recovery.endpointURL }}
{{- with .Values.recovery.endpointCA }}
endpointCA:
name: {{ . }}
key: ca-bundle.crt
{{- end }}
serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
s3Credentials:
accessKeyId:
name: {{ include "cluster.recoveryCredentials" . }}

38
charts/postgres-cluster/templates/_helpers.tpl
View File

@@ -5,8 +5,7 @@ Expand the name of the chart.
{{- if .Values.nameOverride }}
{{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{ $version := split "." .Values.cluster.image.tag }}
{{- printf "postgresql-%s-%s" $version._0 .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
{{- end }}
{{- end }}
@@ -45,7 +44,7 @@ Generate name for object store credentials
{{- if .Values.recovery.endpointCredentials -}}
{{- .Values.recovery.endpointCredentials -}}
{{- else -}}
{{- printf "postgresql-%s-cluster-backup-secret" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
{{- end }}
{{- end }}
@@ -53,16 +52,39 @@ Generate name for object store credentials
{{- if .Values.backup.endpointCredentials -}}
{{- .Values.backup.endpointCredentials -}}
{{- else -}}
{{- printf "postgresql-%s-cluster-backup-secret" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
{{- end }}
{{- end }}
{{/*
Generate recovery server name
Generate backup server name
*/}}
{{- define "cluster.recoveryName" -}}
{{- if .Values.recovery.recoveryName -}}
{{- .Values.recovery.recoveryName -}}
{{- define "cluster.backupName" -}}
{{- if .Values.backup.backupName -}}
{{- .Values.backup.backupName -}}
{{- else -}}
{{ include "cluster.name" . }}
{{- end }}
{{- end }}
{{/*
Generate recovery server name
*/}}
{{- define "cluster.recoveryServerName" -}}
{{- if .Values.recovery.recoveryServerName -}}
{{- .Values.recovery.recoveryServerName -}}
{{- else -}}
{{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
{{- end }}
{{- end }}
{{/*
Generate recovery instance name
*/}}
{{- define "cluster.recoveryInstanceName" -}}
{{- if .Values.recovery.recoveryInstanceName -}}
{{- .Values.recovery.recoveryInstanceName -}}
{{- else -}}
{{ include "cluster.name" . }}
{{- end }}

12
charts/postgres-cluster/values.yaml
View File

@@ -43,7 +43,7 @@ cluster:
cpu: 10m
limits:
memory: 1Gi
cpu: 100m
cpu: 800m
hugepages-2Mi: 256Mi
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
@@ -107,11 +107,14 @@ recovery:
# Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
endpointCredentials: ""
# Generate external cluster name, uses: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
# Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
recoveryIndex: 1
# Name of the recovery cluster in the object store, defaults to "cluster.name"
recoveryName: ""
recoveryServerName: ""
# Name of the recovery cluster in the object store, defaults to ".Release.Name"
recoveryInstanceName: ""
wal:
# WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
@@ -170,6 +173,9 @@ backup:
# Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
backupIndex: 1
# Name of the backup cluster in the object store, defaults to "cluster.name"
backupName: ""
wal:
# WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
compression: snappy

24
charts/taiga/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: taiga
version: 0.2.1
description: Chart for Taiga
keywords:
- kanban
- project management
sources:
- https://github.com/taigaio
- https://github.com/rabbitmq/rabbitmq-server
- https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
maintainers:
- name: alexlebens
icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
dependencies:
- name: rabbitmq
version: 14.0.2
repository: https://charts.bitnami.com/bitnami
alias: async-rabbitmq
- name: rabbitmq
version: 14.0.2
repository: https://charts.bitnami.com/bitnami
alias: events-rabbitmq
appVersion: 6.7.7

17
charts/taiga/README.md Normal file
View File

@@ -0,0 +1,17 @@
## Introduction
[Taiga 6](https://github.com/taigaio)
Intuitive and simple, yet feature complete Kanban board
This chart bootstraps a [Taiga](https://github.com/taigaio) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes
- Helm
## Parameters
See the [values files](values.yaml).

135
charts/taiga/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,135 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "taiga.name" -}}
{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "taiga.fullname" -}}
{{- if .Values.global.fullnameOverride -}}
{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.global.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label
*/}}
{{- define "taiga.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "taiga.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Common labels for specific components
*/}}
{{- define "taiga.back.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-back
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "taiga.async.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-async
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "taiga.front.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-front
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "taiga.events.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-events
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "taiga.protected.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "taiga.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.back.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-back
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.async.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-async
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.front.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-front
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.events.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-events
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.protected.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "taiga.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "taiga.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the static persistent volume
*/}}
{{- define "taiga.staticVolumeName" -}}
{{- if .Values.persistence.static.existingClaim -}}
{{ .Values.persistence.static.existingClaim }}
{{- else -}}
{{ printf "%s-static" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the media persistent volume
*/}}
{{- define "taiga.mediaVolumeName" -}}
{{- if .Values.persistence.media.existingClaim -}}
{{ .Values.persistence.media.existingClaim }}
{{- else -}}
{{ printf "%s-media" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{- end -}}

36
charts/taiga/templates/config-map.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if .Values.createInitialUser }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "taiga.fullname" . }}-create-initial-user
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
data:
createinitialuser.sh: |
#!/bin/sh
echo """
import time
import requests
import subprocess
print('Waiting for backend ...')
while requests.get('http://{{ template "taiga.fullname" . }}-back/api/v1/').status_code != 200:
print('...')
time.sleep(2)
if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
else:
print('Admin user yet created.')
""" > /tmp/create_superuser.py
python /tmp/create_superuser.py
{{- end }}

515
charts/taiga/templates/deployment-back.yaml Normal file
View File

@@ -0,0 +1,515 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "taiga.fullname" . }}-back
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.back.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.back.replicas }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "taiga.back.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taiga.back.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ template "taiga.name" . }}-back
annotations:
{{- with .Values.back.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
affinity:
{{- with .Values.back.affinity }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- with .Values.back.nodeSelector }}
{{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.back.tolerations }}
{{ toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
securityContext:
{{- with .Values.back.securityContext }}
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ template "taiga.fullname" . }}-back
image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
imagePullPolicy: {{ .Values.back.image.pullPolicy }}
resources:
{{ toYaml .Values.back.resources | nindent 12 }}
ports:
- name: taiga-back
containerPort: {{ .Values.back.service.port }}
protocol: TCP
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: ENABLE_TELEMETRY
value: "{{ .Values.enableTelemetry }}"
- name: PUBLIC_REGISTER_ENABLED
value: "{{ .Values.publicRegisterEnabled }}"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.usernameKey }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.passwordKey }}"
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.databaseNameKey }}"
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.hostKey }}"
{{ if .Values.oidc.enabled }}
- name: OIDC_ENABLED
value: "True"
- name: OIDC_SCOPES
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.scopesKey }}"
- name: OIDC_SIGN_ALGO
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.signatureAlgorithmKey }}"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.clientIdKey }}"
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.clientSecretKey }}"
- name: OIDC_BASE_URL
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.baseUrlKey }}"
- name: OIDC_JWKS_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.jwksEndpointKey }}"
- name: OIDC_AUTHORIZATION_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.authorizationEndpointKey }}"
- name: OIDC_TOKEN_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.tokenEndpointKey }}"
- name: OIDC_USER_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.userEndpointKey }}"
{{ end }}
{{ if .Values.email.enabled }}
- name: EMAIL_BACKEND
value: "django.core.mail.backends.smtp.EmailBackend"
- name: DEFAULT_FROM_EMAIL
value: "{{ .Values.email.from }}"
- name: EMAIL_HOST
value: "{{ .Values.email.host }}"
- name: EMAIL_PORT
value: "{{ .Values.email.port }}"
- name: EMAIL_USE_TLS
value: "{{ .Values.email.tls }}"
- name: EMAIL_USE_SSL
value: "{{ .Values.email.ssl }}"
- name: EMAIL_HOST_USER
value: "{{ .Values.email.user }}"
- name: EMAIL_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.email.existingPasswordSecret }}"
key: "{{ .Values.email.existingSecretPasswordKey }}"
{{ end }}
- name: ENABLE_GITHUB_AUTH
value: "false"
- name: ENABLE_GITLAB_AUTH
value: "false"
- name: ENABLE_SLACK
value: "{{ .Values.enableSlack }}"
{{ if .Values.githubImporter.enabled }}
- name: ENABLE_GITHUB_IMPORTER
value: "True"
- name: GITHUB_API_CLIENT_ID
valueFrom:
secretKeyRef:
name: "{{ .Values.githubImporter.existingSecretName }}"
key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
- name: GITHUB_API_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.githubImporter.existingSecretName }}"
key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
{{ else }}
- name: ENABLE_GITHUB_IMPORTER
value: "False"
{{ end }}
{{ if .Values.jiraImporter.enabled }}
- name: ENABLE_JIRA_IMPORTER
value: "True"
- name: JIRA_IMPORTER_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
- name: JIRA_IMPORTER_CERT
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
- name: JIRA_IMPORTER_PUB_CERT
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
{{ else }}
- name: ENABLE_JIRA_IMPORTER
value: "False"
{{ end }}
{{ if .Values.trelloImporter.enabled }}
- name: ENABLE_TRELLO_IMPORTER
value: "True"
- name: TRELLO_IMPORTER_API_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.trelloImporter.existingSecretName }}"
key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
- name: TRELLO_IMPORTER_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.trelloImporter.existingSecretName }}"
key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
{{ else }}
- name: ENABLE_JIRA_IMPORTER
value: "False"
{{ end }}
- name: RABBITMQ_USER
value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
{{ if .Values.ingress.enabled }}
- name: TAIGA_SITES_DOMAIN
value: "{{ .Values.ingress.host }}"
- name: TAIGA_SITES_SCHEME
value: "https"
- name: SESSION_COOKIE_SECURE
value: "True"
- name: CSRF_COOKIE_SECURE
value: "True"
{{- end }}
{{- if .Values.back.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.back.service.port }}
initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.back.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.back.service.port }}
initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
{{- end }}
- name: {{ template "taiga.fullname" . }}-async
image: "{{ .Values.async.image.repository }}:{{ .Values.async.image.tag }}"
imagePullPolicy: {{ .Values.async.image.pullPolicy }}
resources:
{{ toYaml .Values.async.resources | nindent 12 }}
command:
- /taiga-back/docker/async_entrypoint.sh
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: ENABLE_TELEMETRY
value: "{{ .Values.enableTelemetry }}"
- name: PUBLIC_REGISTER_ENABLED
value: "{{ .Values.publicRegisterEnabled }}"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.usernameKey }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.passwordKey }}"
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.databaseNameKey }}"
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.hostKey }}"
{{ if .Values.oidc.enabled }}
- name: OIDC_ENABLED
value: "True"
- name: OIDC_SCOPES
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.scopesKey }}"
- name: OIDC_SIGN_ALGO
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.signatureAlgorithmKey }}"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.clientIdKey }}"
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.clientSecretKey }}"
- name: OIDC_BASE_URL
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.baseUrlKey }}"
- name: OIDC_JWKS_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.jwksEndpointKey }}"
- name: OIDC_AUTHORIZATION_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.authorizationEndpointKey }}"
- name: OIDC_TOKEN_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.tokenEndpointKey }}"
- name: OIDC_USER_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.userEndpointKey }}"
{{ end }}
{{ if .Values.email.enabled }}
- name: EMAIL_BACKEND
value: "django.core.mail.backends.smtp.EmailBackend"
- name: DEFAULT_FROM_EMAIL
value: "{{ .Values.email.from }}"
- name: EMAIL_HOST
value: "{{ .Values.email.host }}"
- name: EMAIL_PORT
value: "{{ .Values.email.port }}"
- name: EMAIL_USE_TLS
value: "{{ .Values.email.tls }}"
- name: EMAIL_USE_SSL
value: "{{ .Values.email.ssl }}"
- name: EMAIL_HOST_USER
value: "{{ .Values.email.user }}"
- name: EMAIL_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.email.existingPasswordSecret }}"
key: "{{ .Values.email.existingSecretPasswordKey }}"
{{ end }}
- name: ENABLE_GITHUB_AUTH
value: "false"
- name: ENABLE_GITLAB_AUTH
value: "false"
- name: ENABLE_SLACK
value: "{{ .Values.enableSlack }}"
{{ if .Values.githubImporter.enabled }}
- name: ENABLE_GITHUB_IMPORTER
value: "True"
- name: GITHUB_API_CLIENT_ID
valueFrom:
secretKeyRef:
name: "{{ .Values.githubImporter.existingSecretName }}"
key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
- name: GITHUB_API_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.githubImporter.existingSecretName }}"
key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
{{ else }}
- name: ENABLE_GITHUB_IMPORTER
value: "False"
{{ end }}
{{ if .Values.jiraImporter.enabled }}
- name: ENABLE_JIRA_IMPORTER
value: "True"
- name: JIRA_IMPORTER_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
- name: JIRA_IMPORTER_CERT
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
- name: JIRA_IMPORTER_PUB_CERT
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
{{ else }}
- name: ENABLE_JIRA_IMPORTER
value: "False"
{{ end }}
{{ if .Values.trelloImporter.enabled }}
- name: ENABLE_TRELLO_IMPORTER
value: "True"
- name: TRELLO_IMPORTER_API_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.trelloImporter.existingSecretName }}"
key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
- name: TRELLO_IMPORTER_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.trelloImporter.existingSecretName }}"
key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
{{ else }}
- name: ENABLE_JIRA_IMPORTER
value: "False"
{{ end }}
- name: RABBITMQ_USER
value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
{{ if .Values.ingress.enabled }}
- name: TAIGA_SITES_DOMAIN
value: "{{ .Values.ingress.host }}"
- name: TAIGA_SITES_SCHEME
value: "https"
- name: SESSION_COOKIE_SECURE
value: "True"
- name: CSRF_COOKIE_SECURE
value: "True"
{{- end }}
{{- if .Values.back.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.back.service.port }}
initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.back.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.back.service.port }}
initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
{{- end }}
volumes:
- name: taiga-static
{{- if .Values.persistence.static.enabled }}
persistentVolumeClaim:
claimName: {{ include "taiga.staticVolumeName" . }}
{{- else }}
emptyDir: {}
{{- end }}
- name: taiga-media
{{- if .Values.persistence.media.enabled }}
persistentVolumeClaim:
claimName: {{ include "taiga.mediaVolumeName" . }}
{{- else }}
emptyDir: {}
{{- end }}

101
charts/taiga/templates/deployment-events.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "taiga.fullname" . }}-events
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.events.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.events.replicas }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "taiga.events.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taiga.events.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ template "taiga.name" . }}-events
annotations:
{{- with .Values.events.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
affinity:
{{- with .Values.events.affinity }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- with .Values.events.nodeSelector }}
{{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.events.tolerations }}
{{ toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
securityContext:
{{- with .Values.events.securityContext }}
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ template "taiga.fullname" . }}-events
image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}"
imagePullPolicy: {{ .Values.events.image.pullPolicy }}
resources:
{{ toYaml .Values.events.resources | nindent 12 }}
ports:
- name: taiga-events
containerPort: {{ .Values.events.service.http.port }}
protocol: TCP
- name: taiga-app
containerPort: {{ .Values.events.service.app.port }}
protocol: TCP
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: RABBITMQ_USER
value: "{{ index .Values "events-rabbitmq" "auth" "username" }}"
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: {{ index .Values "events-rabbitmq" "auth" "existingPasswordSecret" }}
key: {{ index .Values "events-rabbitmq" "auth" "existingSecretPasswordKey" }}
- name: APP_PORT
value: "{{ .Values.events.service.app.port }}"
{{- if .Values.events.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.events.service.app.port }}
initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.events.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.events.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.events.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.events.service.app.port }}
initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.events.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.events.readinessProbe.failureThreshold }}
{{- end }}

108
charts/taiga/templates/deployment-front.yaml Normal file
View File

@@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "taiga.fullname" . }}-front
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.front.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.front.replicas }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "taiga.front.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taiga.front.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ template "taiga.name" . }}-front
annotations:
{{- with .Values.front.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
affinity:
{{- with .Values.front.affinity }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- with .Values.front.nodeSelector }}
{{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.front.tolerations }}
{{ toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
securityContext:
{{- with .Values.front.securityContext }}
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ template "taiga.fullname" . }}-front
image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
imagePullPolicy: {{ .Values.front.image.pullPolicy }}
resources:
{{ toYaml .Values.front.resources | nindent 12 }}
ports:
- name: taiga-front
containerPort: {{ .Values.front.service.port }}
protocol: TCP
env:
{{ if .Values.ingress.enabled }}
- name: TAIGA_URL
value: "https://{{ .Values.ingress.host }}"
{{ else }}
- name: TAIGA_URL
value: "http://localhost:{{ .Values.front.service.port }}"
{{ end }}
- name: PUBLIC_REGISTER_ENABLED
value: "{{ .Values.publicRegisterEnabled }}"
- name: ENABLE_GITHUB_AUTH
value: "false"
- name: ENABLE_GITLAB_AUTH
value: "false"
- name: ENABLE_OIDC
value: "{{ .Values.oidc.enabled }}"
- name: ENABLE_SLACK
value: "{{ .Values.enableSlack }}"
- name: ENABLE_GITHUB_IMPORTER
value: "{{ .Values.githubImporter.enabled }}"
- name: ENABLE_JIRA_IMPORTER
value: "{{ .Values.jiraImporter.enabled }}"
- name: ENABLE_TRELLO_IMPORTER
value: "{{ .Values.trelloImporter.enabled }}"
{{- if .Values.front.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.front.service.port }}
initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.front.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.front.service.port }}
initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
{{- end }}

91
charts/taiga/templates/deployment-protected.yaml Normal file
View File

@@ -0,0 +1,91 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "taiga.fullname" . }}-protected
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.protected.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.protected.replicas }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "taiga.protected.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taiga.protected.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ template "taiga.name" . }}-protected
annotations:
{{- with .Values.protected.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
affinity:
{{- with .Values.protected.affinity }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- with .Values.protected.nodeSelector }}
{{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.protected.tolerations }}
{{ toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
securityContext:
{{- with .Values.protected.securityContext }}
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ template "taiga.fullname" . }}-protected
image: "{{ .Values.protected.image.repository }}:{{ .Values.protected.image.tag }}"
imagePullPolicy: {{ .Values.protected.image.pullPolicy }}
resources:
{{ toYaml .Values.protected.resources | nindent 12 }}
ports:
- name: taiga-protected
containerPort: {{ .Values.protected.service.port }}
protocol: TCP
env:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: MAX_AGE
value: "{{ .Values.maxAge }}"
{{- if .Values.protected.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.protected.service.port }}
initialDelaySeconds: {{ .Values.protected.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.protected.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.protected.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.protected.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.protected.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.protected.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.protected.service.port }}
initialDelaySeconds: {{ .Values.protected.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.protected.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.protected.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.protected.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.protected.readinessProbe.failureThreshold }}
{{- end }}

74
charts/taiga/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,74 @@
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "taiga.fullname" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- toYaml .Values.ingress.annotations | nindent 4 }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingress.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ template "taiga.fullname" . }}-secret-tls
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: /
backend:
service:
name: "{{ template "taiga.fullname" . }}-front"
port:
name: taiga-front
pathType: ImplementationSpecific
- path: /api
backend:
service:
name: "{{ template "taiga.fullname" . }}-back"
port:
name: taiga-back
pathType: ImplementationSpecific
- path: /admin
backend:
service:
name: "{{ template "taiga.fullname" . }}-back"
port:
name: taiga-back
pathType: ImplementationSpecific
{{ if .Values.oidc.enabled }}
- path: /oidc
backend:
service:
name: "{{ template "taiga.fullname" . }}-back"
port:
name: taiga-back
pathType: ImplementationSpecific
{{- end }}
- path: /events
backend:
service:
name: "{{ template "taiga.fullname" . }}-events"
port:
name: taiga-events
pathType: ImplementationSpecific
- path: /media
backend:
service:
name: "{{ template "taiga.fullname" . }}-protected"
port:
name: taiga-protected
pathType: ImplementationSpecific
{{- end }}

66
charts/taiga/templates/job.yaml Normal file
View File

@@ -0,0 +1,66 @@
{{- if .Values.createInitialUser }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "taiga.fullname" . }}-create-initial-user
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
backoffLimit: 4
template:
spec:
{{- if .Values.back.nodeSelector }}
nodeSelector:
{{ toYaml .Values.back.nodeSelector | nindent 8 }}
{{- end }}
restartPolicy: Never
containers:
- name: {{ template "taiga.fullname" . }}-create-initial-user
image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
imagePullPolicy: {{ .Values.back.image.pullPolicy }}
command:
- sh
- /scripts/createinitialuser.sh
volumeMounts:
- name: create-initial-user
mountPath: /scripts
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: POSTGRES_USERNAME
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.usernameKey }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.passwordKey }}"
- name: POSTGRES_DATABASE_NAME
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.databaseNameKey }}"
- name: POSTGRES_DATABASE_HOST
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.hostKey }}"
volumes:
- name: create-initial-user
configMap:
name: {{ template "taiga.fullname" . }}-create-initial-user
defaultMode: 0744
{{- end }}

54
charts/taiga/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,54 @@
{{- if and .Values.persistence.static.enabled (not .Values.persistence.static.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "taiga.staticVolumeName" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.persistence.static.retain }}
helm.sh/resource-policy: keep
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
storageClassName: {{ .Values.persistence.static.storageClass }}
accessModes:
- {{ .Values.persistence.static.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.static.size }}
{{- end }}
---
{{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "taiga.mediaVolumeName" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.persistence.media.retain }}
"helm.sh/resource-policy": keep
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
storageClassName: {{ .Values.persistence.media.storageClass }}
accessModes:
- {{ .Values.persistence.media.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.media.size }}
{{- end }}

20
charts/taiga/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "taiga.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}

138
charts/taiga/templates/service.yaml Normal file
View File

@@ -0,0 +1,138 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "taiga.fullname" . }}-back
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.back.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.back.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.back.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.back.service.type }}
ports:
- port: {{ .Values.back.service.port }}
targetPort: taiga-back
protocol: TCP
name: taiga-back
selector:
{{- include "taiga.back.matchLabels" . | nindent 4 }}
{{- with .Values.back.service.extraSelectorLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "taiga.fullname" . }}-events
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.events.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.events.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.events.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.events.service.type }}
ports:
- port: {{ .Values.events.service.http.port }}
targetPort: taiga-events
protocol: TCP
name: taiga-events
- port: {{ .Values.events.service.app.port }}
targetPort: taiga-app
protocol: TCP
name: taiga-app
selector:
{{- include "taiga.events.matchLabels" . | nindent 4 }}
{{- with .Values.events.service.extraSelectorLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "taiga.fullname" . }}-front
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.front.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.front.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.front.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.front.service.type }}
ports:
- port: {{ .Values.front.service.port }}
targetPort: taiga-front
protocol: TCP
name: taiga-front
selector:
{{- include "taiga.front.matchLabels" . | nindent 4 }}
{{- with .Values.front.service.extraSelectorLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "taiga.fullname" . }}-protected
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.protected.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.protected.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.protected.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.protected.service.type }}
ports:
- port: {{ .Values.protected.service.port }}
targetPort: taiga-protected
protocol: TCP
name: taiga-protected
selector:
{{- include "taiga.protected.matchLabels" . | nindent 4 }}
{{- with .Values.protected.service.extraSelectorLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}

817
charts/taiga/values.yaml Normal file
View File

@@ -0,0 +1,817 @@
## Global
##
global:
# -- Set an override for the prefix of the fullname
nameOverride:
# -- Set the entire name definition
fullnameOverride:
# -- Set additional global labels. Helm templates can be used.
labels: {}
# -- Set additional global annotations. Helm templates can be used.
annotations: {}
## Service Account
##
serviceAccount:
# -- Specifies whether a service account should be created
create: false
# -- Annotations to add to the service account
annotations: {}
# -- Labels to add to the service account
labels: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
## Secret key
## Specificy the secret name and the key containg a strong secret key
##
secretKey:
existingSecretName: ""
existingSecretKey: ""
## Create initial user with credentials admin/123123
## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
##
# TODO: set to false by default or create with a random password which is stored in a secret
# or allow to pass in the data for username and secret
createInitialUser: true
## Max age
##
maxAge: 360
## Create initial templates
## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
##
# TODO: This values seems to be unused
createInitialTemplates: false
## Telemetry settings
##
enableTelemetry: true
## Public registration
##
publicRegisterEnabled: true
## Enable debug
## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
debug: false
## Postgresql
## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
##
postgresql:
existingSecretName: ""
usernameKey: ""
passwordKey: ""
databaseNameKey: ""
hostKey: ""
portKey: ""
## OIDC authentication
## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
##
oidc:
enabled: false
existingSecretName: ""
scopesKey: "" # "openid profile email"
signatureAlgorithmKey: "" # "RS256"
clientIdKey: "" # <generate from auth provider>
clientSecretKey: "" # <generate from auth provider>
baseUrlKey: "" # "https://id.fedoraproject.org/openidc"
jwksEndpointKey: "" # "https://id.fedoraproject.org/openidc/Jwks"
authorizationEndpointKey: "" # "https://id.fedoraproject.org/openidc/Authorization"
tokenEndpointKey: "" # "https://id.fedoraproject.org/openidc/Token"
userEndpointKey: "" # "https://id.fedoraproject.org/openidc/UserInfo"
## SMTP mail delivery configuration
## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
##
email:
enabled: false
from: no-reply@example.com
host: localhost
port: 587
tls: false
ssl: false
user: ""
## Specificy an existing secret containg the password for the smtp user
##
existingPasswordSecret: ""
existingSecretPasswordKey: ""
## Slack
##
enableSlack: false
## Importers
##
# Github importer
githubImporter:
enabled: false
existingSecretName: ""
existingSecretClientIdKey: ""
existingSecretClientSecretKey: ""
# Jira importer
jiraImporter:
enabled: false
existingSecretName: ""
existingSecretConsumerKeyKey: ""
existingSecretCertKey: ""
existingSecretPubCertKey: ""
# Trello importer
trelloImporter:
enabled: false
existingSecretName: ""
existingSecretApiKeyKey: ""
existingSecretSecretKeyKey: ""
## taiga-back
##
back:
## Taiga image version
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
##
image:
repository: taigaio/taiga-back
tag: "6.7.3"
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Define the number of pods the deployment will create
## Do not change unless your persistent volume allows more than one writer, ie NFS
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
##
replicas: 1
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext: {}
## taiga containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
# memory: 1Gi
requests: {}
# cpu: 1
# memory: 1Gi
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: false
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
## Environment variables, to pass to the entry point
##
# extraVars:
# - name: NAMI_DEBUG
# value: --log-level trace
## Service
##
service:
# -- Set the service type
type: ClusterIP
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Allow adding additional match labels
extraSelectorLabels: {}
# -- HTTP port number
port: 8000
## Async
##
async:
## Taiga image version
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
##
image:
repository: taigaio/taiga-back
tag: "6.7.3"
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Define the number of pods the deployment will create
## Do not change unless your persistent volume allows more than one writer, ie NFS
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
##
replicas: 1
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext: {}
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## taiga containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
# memory: 1Gi
requests: {}
# cpu: 1
# memory: 1Gi
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: false
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
## Environment variables, to pass to the entry point
##
# extraVars:
# - name: NAMI_DEBUG
# value: --log-level trace
## Service
##
service:
# -- Set the service type
type: ClusterIP
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Allow adding additional match labels
extraSelectorLabels: {}
# -- HTTP port number
port: 8000
## Async Rabbitmq
## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
##
async-rabbitmq:
auth:
## @param auth.username RabbitMQ application username
## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
##
username: taiga
## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
## e.g:
## existingPasswordSecret: name-of-existing-secret
##
existingPasswordSecret: ""
existingSecretPasswordKey: ""
## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
## e.g:
## existingErlangSecret: name-of-existing-secret
##
existingErlangSecret: ""
## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
##
existingSecretErlangKey: ""
## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
## Must contain the key "rabbitmq.conf"
## Takes precedence over `configuration`, so do not use both simultaneously
## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
##
configurationExistingSecret: ""
## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
## Use this instead of `configuration` to add more configuration
## Do not use simultaneously with `extraConfigurationExistingSecret`
##
extraConfiguration: |-
default_vhost = taiga
default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*
## Events
##
events:
## Taiga image version
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
##
image:
repository: taigaio/taiga-events
tag: "6.7.0"
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext: {}
## Define the number of pods the deployment will create
## Do not change unless your persistent volume allows more than one writer, ie NFS
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
##
replicas: 1
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## taiga containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
# memory: 1Gi
requests: {}
# cpu: 1
# memory: 1Gi
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: false
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
## Environment variables, to pass to the entry point
##
# extraVars:
# - name: NAMI_DEBUG
# value: --log-level trace
## Service
##
service:
# -- Set the service type
type: ClusterIP
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Allow adding additional match labels
extraSelectorLabels: {}
http:
# -- HTTP port number
port: 8888
app:
# -- HTTP port number
port: 3023
## Events Rabbitmq
## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
##
events-rabbitmq:
auth:
## @param auth.username RabbitMQ application username
## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
##
username: taiga
## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
## e.g:
## existingPasswordSecret: name-of-existing-secret
##
existingPasswordSecret: ""
existingSecretPasswordKey: ""
## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
## e.g:
## existingErlangSecret: name-of-existing-secret
##
existingErlangSecret: ""
## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
##
existingSecretErlangKey: ""
## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
## Must contain the key "rabbitmq.conf"
## Takes precedence over `configuration`, so do not use both simultaneously
## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
##
configurationExistingSecret: ""
## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
## Use this instead of `configuration` to add more configuration
## Do not use simultaneously with `extraConfigurationExistingSecret`
##
extraConfiguration: |-
default_vhost = taiga
default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*
## Protected
##
protected:
## Taiga image version
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
##
image:
repository: taigaio/taiga-protected
tag: "6.7.0"
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext: {}
## Define the number of pods the deployment will create
## Do not change unless your persistent volume allows more than one writer, ie NFS
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
##
replicas: 1
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## taiga containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
# memory: 1Gi
requests: {}
# cpu: 1
# memory: 1Gi
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: false
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
## Environment variables, to pass to the entry point
##
# extraVars:
# - name: NAMI_DEBUG
# value: --log-level trace
## Service
##
service:
# -- Set the service type
type: ClusterIP
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Allow adding additional match labels
extraSelectorLabels: {}
# -- HTTP port number
port: 8003
## Front
##
front:
## Taiga image version
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
##
image:
repository: taigaio/taiga-front
tag: "6.7.7"
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Define the number of pods the deployment will create
## Do not change unless your persistent volume allows more than one writer, ie NFS
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
##
replicas: 1
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext: {}
## Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## taiga containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
# memory: 1Gi
requests: {}
# cpu: 1
# memory: 1Gi
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: false
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
## Environment variables, to pass to the entry point
##
# extraVars:
# - name: NAMI_DEBUG
# value: --log-level trace
## Service
##
service:
# -- Set the service type
type: ClusterIP
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Allow adding additional match labels
extraSelectorLabels: {}
# -- HTTP port number
port: 80
## Configure the ingress resource that allows you to access the
## taiga installation. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
# -- Enables or disables the ingress
enabled: false
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Set the ingressClass that is used for this ingress.
className: ""
## Configure the hosts for the ingress
host: chart-example.local
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
static:
# -- Enables or disables the persistence item. Defaults to true
enabled: true
# -- Storage Class for the config volume.
# If set to `-`, dynamic provisioning is disabled.
# If set to something else, the given storageClass is used.
# If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
storageClass: ""
# -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
existingClaim: ""
# -- AccessMode for the persistent volume.
# Make sure to select an access mode that is supported by your storage provider!
# [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
accessMode: ReadWriteOnce
# -- The amount of storage that is requested for the persistent volume.
size: 5Gi
# -- Set to true to retain the PVC upon `helm uninstall`
retain: false
media:
# -- Enables or disables the persistence item. Defaults to true
enabled: true
# -- Storage Class for the config volume.
# If set to `-`, dynamic provisioning is disabled.
# If set to something else, the given storageClass is used.
# If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
storageClass: ""
# -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
existingClaim: ""
# -- AccessMode for the persistent volume.
# Make sure to select an access mode that is supported by your storage provider!
# [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
accessMode: ReadWriteOnce
# -- The amount of storage that is requested for the persistent volume.
size: 5Gi
# -- Set to true to retain the PVC upon `helm uninstall`
retain: false

4
charts/tubearchivist-to-jellyfin/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: tubearchivist-to-jellyfin
version: 0.0.4
version: 0.1.0
description: Import library from tubearchivist to jellyfin
keywords:
- tubearchivist
@@ -11,4 +11,4 @@ sources:
maintainers:
- name: alexlebens
icon: https://avatars.githubusercontent.com/u/102734415?s=48&v=4
appVersion: "v0.1.2"
appVersion: "v0.2.0"

2
charts/tubearchivist-to-jellyfin/values.yaml
View File

@@ -2,7 +2,7 @@ job:
schedule: "0 * * * *"
image:
repository: bbilly1/tubearchivist-jf
tag: v0.1.2
tag: v0.2.0
pullPolicy: IfNotPresent
persistence:
youtube:

6
charts/tubearchivist/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: tubearchivist
version: 0.2.0
version: 0.2.6
description: Chart for Tube Archivist
keywords:
- download
@@ -14,9 +14,9 @@ maintainers:
icon: https://avatars.githubusercontent.com/u/102734415?s=48&v=4
dependencies:
- name: redis
version: 19.1.0
version: 19.3.1
repository: https://charts.bitnami.com/bitnami
- name: elasticsearch
version: 20.0.4
version: 21.0.2
repository: https://charts.bitnami.com/bitnami
appVersion: v0.4.7

16
charts/tubearchivist/values.yaml
View File

@@ -20,18 +20,18 @@ service:
port: 8000
ingress:
enabled: false
className:
annotations:
host:
className: ""
annotations: ""
host: ""
persistence:
cache:
enabled: false
storageClassName: default
storageClassName: ""
storageSize: 5Gi
accessMode: ReadWriteOnce
volumeMode: Filesystem
youtube:
claimName:
claimName: ""
redis:
image:
repository: redis/redis-stack-server
@@ -48,17 +48,17 @@ redis:
loadmodule /opt/redis-stack/lib/rejson.so
elasticsearch:
global:
storageClass: default
storageClass: ""
extraEnvVars:
- name: "discovery.type"
value: "single-node"
- name: xpack.security.enabled
value: "true"
extraEnvVarsSecret:
extraEnvVarsSecret: []
extraConfig:
path:
repo: /usr/share/elasticsearch/data/snapshot
extraVolumes:
extraVolumes: []
extraVolumeMounts:
- name: snapshot
mountPath: /usr/share/elasticsearch/data/snapshot