add cloudflared

* Update homeassistant/home-assistant Docker tag to v2024.4.4

* update chart

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>

.github/renovate.json

@@ -5,7 +5,7 @@
         "mergeConfidence:all-badges",
         ":rebaseStalePrs"
     ],
-    "timezone": "US/Mountain",
+    "timezone": "US/Central",
     "schedule": [
         "every weekday"
     ],
@@ -39,74 +39,26 @@
             "automerge": false
         },
         {
-            "description": "Label service images",
+            "description": "Label images",
-            "matchPackageNames": [
-                "ghcr.io/alex1989hu/kubelet-serving-cert-approver",
-                "ghcr.io/cloudnative-pg/postgresql",
-                "redis/redis-stack-server"
-            ],
             "matchDatasources": [
                 "docker"
             ],
             "addLabels": [
-                "service",
                 "image"
             ],
             "automerge": false,
             "minimumReleaseAge": "3 days"
         },
         {
-            "description": "Label service charts",
+            "description": "Label charts",
-            "matchPackageNames": [
-                "elasticsearch",
-                "redis"
-            ],
             "matchDatasources": [
                 "helm"
             ],
             "addLabels": [
-                "serivce",
-                "chart"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        },
-        {
-            "description": "Label application images",
-            "matchPackageNames": [
-                "bbilly1/tubearchivist-jf",
-                "bbilly1/tubearchivist",
-                "freshrss/freshrss",
-                "ghcr.io/gethomepage/homepage",
-                "homeassistant/home-assistant",
-                "linuxserver/calibre",
-                "linuxserver/code-server",
-                "linuxserver/cops",
-                "outlinewiki/outline",
-                "rmcrackan/libation"
-            ],
-            "matchDatasources": [
-                "docker"
-            ],
-            "addLabels": [
-                "application",
-                "image"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        },
-        {
-            "description": "Label application charts",
-            "matchPackageNames": [],
-            "matchDatasources": [
-                "helm"
-            ],
-            "addLabels": [
-                "application",
                 "chart"
             ],
             "automerge": false,
             "minimumReleaseAge": "3 days"
         }
     ]
-}
+}

.gitignore

@@ -1,3 +1,6 @@
+# Archived
+charts/**/archive
+
 # Compiled Helm chart dependencies
 charts/**/Chart.lock
 charts/**/charts/

charts/calibre-server/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: calibre-server
-version: 0.0.6
-description: Chart for Calibre content database
-keywords:
-  - media
-  - books
-sources:
-  - https://github.com/kovidgoyal/calibre
-maintainers:
-  - name: alexlebens
-icon: https://raw.githubusercontent.com/kovidgoyal/calibre/master/resources/images/lt.png
-appVersion: 7.5.1

charts/calibre-server/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Calibre](https://calibre-ebook.com/)
-
-calibre is an e-book manager. It can view, convert, edit and catalog e-books in all of the major e-book formats. It can also talk to e-book reader devices. It can go out to the internet and fetch metadata for your books. It can download newspapers and convert them into e-books for convenient reading.
-
-This chart bootstraps a [Calibre](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/calibre-server/templates/deployment.yaml

@@ -1,83 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: calibre-server
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: calibre-server
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: calibre-server
-      automountServiceAccountToken: true
-      containers:
-        - name: calibre-server
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-            - name: content
-              containerPort: {{ .Values.service.content.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - mountPath: /config
-              name: calibre-server-config
-            - mountPath: /books
-              name: calibre-server-books
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-      volumes:
-        - name: calibre-server-config
-          persistentVolumeClaim:
-            claimName: calibre-server-config
-        - name: calibre-server-books
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.books.claimName }}

charts/calibre-server/templates/ingress-route.yaml

@@ -1,34 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: calibre-server
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.http.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: calibre-server
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.http.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}
-{{- end }}

charts/calibre-server/templates/middleware.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-{{- end }}

charts/calibre-server/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: calibre-server-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/calibre-server/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: calibre-server

charts/calibre-server/templates/service.yaml

@@ -1,44 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: calibre-server-content
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.content.port }}
-      targetPort: content
-      protocol: TCP
-      name: content
-  selector:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/calibre-server/values.yaml

@@ -1,42 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: linuxserver/calibre
-    tag: v7.5.1-ls269
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "1001"
-    PUID: "1001"
-    TZ: UTC
-    UMASK_SET: "022"
-    CUSTOM_USER: calibre
-    TITLE: Calibre Server
-    NO_DECOR: true
-  envFrom:
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  http:
-    port: 8080
-  content:
-    port: 8081
-ingressRoute:
-  enabled: true
-  http:
-    host:
-  authentik:
-    outpost:
-    port: 9000
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/cloudflared/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: cloudflared
+version: 1.0.0
+description: Cloudflared Tunnel
+keywords:
+  - cloudflare
+  - tunnel
+sources:
+  - https://github.com/cloudflare/cloudflared
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.2.1
+icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
+appVersion: "2024.5.0"

charts/cloudflared/README.md

@@ -0,0 +1,16 @@
+## Introduction
+
+[Cloudflared](https://github.com/cloudflare/cloudflared)
+
+Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins.
+
+This chart bootstraps a [Cloudflared](https://github.com/cloudflare/cloudflared) tunnel on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+
+## Parameters
+
+See the [values files](values.yaml).

charts/cloudflared/templates/common.yaml

@@ -0,0 +1,38 @@
+{{- include "bjw-s.common.loader.init" . }}
+
+{{- define "cloudflared.hardcodedValues" -}}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}  
+controllers:
+  main:
+    type: deployment
+    strategy: Recreate
+    containers:
+      main:
+        image:
+          repository: cloudflare/cloudflared
+          tag: "2024.5.0"
+          pullPolicy: IfNotPresent
+        args:
+          - tunnel
+          - --no-autoupdate
+          - run
+          - --token
+          - $(CF_MANAGED_TUNNEL_TOKEN)
+        env:
+          - name: CF_MANAGED_TUNNEL_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.existingSecretName }}
+                key: {{ .Values.existingSecretKey }}
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/cloudflared/values.yaml

@@ -0,0 +1,3 @@
+name: cloudflared
+existingSecretName: cloudflared-secret
+existingSecretKey: cf-tunnel-token

charts/cops/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: cops
-version: 0.0.3
-description: Chart for Calibre OPDS (and HTML) PHP Server
-keywords:
-  - calibre
-  - OPDS
-sources:
-  - https://github.com/seblucas/cops
-maintainers:
-  - name: alexlebens
-appVersion: 1.1.3

charts/cops/README.md

@@ -1,22 +0,0 @@
-## Introduction
-
-[Calibre OPDS (and HTML) PHP Server](https://github.com/seblucas/cops)
-
-COPS's main advantages are :
-
- - No need for many dependencies.
- - No need for a lot of CPU or RAM.
- - Not much code.
- - Search is available.
- - It was fun to code.
-
-This chart bootstraps a [COPS](https://github.com/seblucas/cops) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/cops/templates/deployment.yaml

@@ -1,82 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          volumeMounts:
-            - mountPath: /config
-              name: cops-config
-            - mountPath: /books
-              name: cops-books
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}            
-          livenessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 5
-            failureThreshold: 30
-            periodSeconds: 10
-            timeoutSeconds: 1
-      volumes:
-        - name: cops-config
-          persistentVolumeClaim:
-            claimName: cops-config
-        - name: cops-books
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.books.claimName }}

charts/cops/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Release.Name }}-secret-tls
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: http
-{{- end }}

charts/cops/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: cops-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/cops/templates/pod.yaml

@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ .Release.Name }}-test-connection"
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  restartPolicy: Never
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ .Release.Name }}:{{ .Values.service.http.port }}']
-      resources:
-        limits:
-          cpu: 500m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 256Mi

charts/cops/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/cops/templates/service.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  externalTrafficPolicy:
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/cops/values.yaml

@@ -1,36 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: linuxserver/cops
-    tag: 2.3.1-ls185
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "1000"
-    PUID: "1000"
-    TZ: UTC
-  envFrom:        
-  resources:    
-    limits:
-      cpu: 500m
-      memory: 1Gi
-    requests:
-      cpu: 50m
-      memory: 256Mi
-serviceAccount:
-  create: true
-service:
-  http:
-    port: 80
-ingress:
-  enabled: false
-  annotations:
-  className:
-  host:
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/freshrss/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: freshrss
-version: 0.0.3
-description: Chart for Freshrss
-keywords:
-  - rss
-sources:
-  - https://github.com/FreshRSS/FreshRSS
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/9414285?s=48&v=4
-appVersion: "1.23.1"

charts/freshrss/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[FreshRSS](https://github.com/FreshRSS/FreshRSS)
-
-FreshRSS is a self-hosted RSS feed aggregator.
-
-It is lightweight, easy to work with, powerful, and customizable.
-
-This chart bootstraps a [FreshRSS](https://github.com/FreshRSS/FreshRSS) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/freshrss/templates/deployment.yaml

@@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          volumeMounts:
-            - name: {{ .Release.Name }}-config
-              mountPath: /config
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          env:
-            - name: LISTEN
-              value: "0.0.0.0:{{ .Values.service.http.port }}"
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-      volumes:
-        - name: {{ .Release.Name }}-config
-          persistentVolumeClaim:
-            claimName: {{ .Release.Name }}-config

charts/freshrss/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Release.Name }}-secret-tls
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: http
-{{- end }}

charts/freshrss/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Release.Name }}-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/freshrss/templates/pod.yaml

@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ .Release.Name }}-test-connection"
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  restartPolicy: Never
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ .Release.Name }}:{{ .Values.service.http.port }}']
-      resources:
-        limits:
-          cpu: 500m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 256Mi

charts/freshrss/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/freshrss/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/freshrss/values.yaml

@@ -1,33 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: freshrss/freshrss
-    tag: 1.23.1
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "568"
-    PUID: "568"
-    TZ: UTC
-    FRESHRSS_ENV: production
-  envFrom:
-  resources:
-    limits:
-      cpu: 500m
-      memory: 1Gi
-    requests:
-      cpu: 50m
-      memory: 256Mi
-service:
-  http:
-    port: 80
-ingress:
-  enabled: true
-  className:
-  annotations:
-  host:
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem

charts/home-assistant/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: home-assistant
-version: 0.1.10
-description: Chart for Home Assistant
-keywords:
-  - home-automation
-sources:
-  - https://github.com/home-assistant
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
-appVersion: v2024.4.3

charts/home-assistant/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Home Assistant](https://www.home-assistant.io/)
-
-Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. 
-
-This chart bootstraps a [Home-Assistant](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/home-assistant/templates/deployment.yaml

@@ -1,98 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - mountPath: /config
-              name: home-assistant-config
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-        {{- if .Values.codeserver.enabled }}
-        - name: codeserver
-          image: "{{ .Values.codeserver.image.repository }}:{{ .Values.codeserver.image.tag }}"
-          imagePullPolicy: {{ .Values.codeserver.image.imagePullPolicy }}
-          ports:
-            - containerPort: {{ .Values.codeserver.service.http.port }}
-              name: codeserver-http
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.codeserver.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.codeserver.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          securityContext:
-            {{- toYaml .Values.codeserver.securityContext | nindent 12 }}
-          volumeMounts:
-            - mountPath: /config/home-assistant
-              name: home-assistant-config
-        {{- end }}
-      volumes:
-        - name: home-assistant-config
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-config"

charts/home-assistant/templates/ingress-route.yaml

@@ -1,70 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}           
-      priority: 10
-      services:
-        - kind: Service
-          name: {{ .Release.Name }}
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}    
-{{- end }}
-
----
-{{- if and .Values.codeserver.ingressRoute.enabled .Values.codeserver.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: "{{ .Release.Name }}-codeserver"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.codeserver.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}      
-      priority: 10
-      services:
-        - kind: Service
-          name: "{{ .Release.Name }}-codeserver"
-          port: {{ .Values.codeserver.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}          
-{{- end }}

charts/home-assistant/templates/middleware.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-{{- end }}

charts/home-assistant/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: "{{ .Release.Name }}-config"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/home-assistant/templates/prometheus-rule.yaml

@@ -1,18 +0,0 @@
-{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  groups:
-    - name: {{ .Release.Name }}
-      rules:
-        {{- toYaml .Values.metrics.prometheusRule.rules | nindent 8 }}
-{{- end }}

charts/home-assistant/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/home-assistant/templates/service-monitor.yaml

@@ -1,26 +0,0 @@
-{{- if .Values.metrics.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: http
-      interval: {{ .Values.metrics.serviceMonitor.interval }}
-      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
-      path: /api/prometheus
-      bearerTokenSecret:
-        name: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.name }}
-        key: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.key }}
-{{- end }}

charts/home-assistant/templates/service.yaml

@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-
----
-{{- if .Values.codeserver.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}-codeserver"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.codeserver.service.http.port }}
-      targetPort: codeserver-http
-      protocol: TCP
-      name: codeserver-http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}

charts/home-assistant/values.yaml

@@ -1,74 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: homeassistant/home-assistant
-    tag: 2024.4.3
-    imagePullPolicy: IfNotPresent
-  env:
-    TZ: UTC
-  envFrom:
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  http:
-    port: 8123
-ingressRoute:
-  enabled: true
-  host:
-  authentik:
-    outpost:
-    port: 9000
-metrics:
-  enabled: false
-  serviceMonitor:
-    interval: 1m
-    scrapeTimeout: 30s
-    ## See https://www.home-assistant.io/docs/authentication/ for where to find
-    ## long lived access token creation under your account profile, which is
-    ## needed to monitor Home Assistant
-    bearerTokenSecret:
-      name: ""
-      key: ""
-  prometheusRule:
-    enabled: false
-    rules:
-      - alert: HomeAssistantAbsent
-        annotations:
-          description: Home Assistant has disappeared from Prometheus service discovery.
-          summary: Home Assistant is down.
-        expr: |
-          absent(up{job=~".*home-assistant.*"} == 1)
-        for: 5m
-        labels:
-          severity: critical
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 1Gi
-    volumeMode: Filesystem
-codeserver:
-  enabled: false
-  image:
-    repository: linuxserver/code-server
-    tag: 4.23.1
-    imagePullPolicy: IfNotPresent
-  env:
-    TZ: UTC
-    PUID: 1000
-    PGID: 1000
-    DEFAULT_WORKSPACE: /config
-  envFrom:
-  securityContext:
-    runAsUser: 0
-  service:
-    http:
-      port: 8443
-  ingressRoute:
-    enabled: false
-    host:

charts/homepage/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: homepage
-version: 0.0.11
-description: Chart for benphelps homepage
-keywords:
-  - dashboard
-sources:
-  - https://github.com/gethomepage/homepage
-maintainers:
-  - name: alexlebens
-icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.12

charts/homepage/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Homepage](https://github.com/benphelps/homepage)
-
-A modern (fully static, fast), secure (fully proxied), highly customizable application dashboard with integrations for more than 25 services and translations for over 15 languages. Easily configured via YAML files (or discovery via docker labels).
-
-This chart bootstraps a [Homepage](https://github.com/benphelps/homepage) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/homepage/templates/cluster-role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Release.Name }}
-subjects:
-  - kind: ServiceAccount
-    name: homepage
-    namespace: {{ .Release.Namespace }}

charts/homepage/templates/cluster-role.yaml

@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - pods
-      - nodes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - traefik.containo.us
-      - traefik.io
-    resources:
-      - ingressroutes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - metrics.k8s.io
-    resources:
-      - nodes
-      - pods
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - apiextensions.k8s.io
-    resources:
-      - customresourcedefinitions/status
-    verbs:
-      - get

charts/homepage/templates/config-map.yaml

@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: homepage-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-data:
-  bookmarks.yaml: {{- if .Values.config.bookmarks }} |
-{{- .Values.config.bookmarks | toYaml | nindent 4}}
-{{- else }} ""
-{{- end }}
-  docker.yaml: {{- if .Values.config.docker }} |
-{{- .Values.config.docker | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  kubernetes.yaml: {{- if .Values.config.kubernetes }} |
-{{- .Values.config.kubernetes | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  services.yaml: {{- if .Values.config.services }} |
-{{- .Values.config.services | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  settings.yaml: {{- if .Values.config.settings }} |
-{{- .Values.config.settings | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  widgets.yaml: {{- if .Values.config.widgets }} |
-{{- .Values.config.widgets | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}

charts/homepage/templates/deployment.yaml

@@ -1,95 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: homepage
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: homepage
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: homepage
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - name: homepage-config
-              subPath: bookmarks.yaml
-              mountPath: /app/config/bookmarks.yaml
-            - name: homepage-config
-              subPath: docker.yaml
-              mountPath: /app/config/docker.yaml
-            - name: homepage-config
-              subPath: kubernetes.yaml
-              mountPath: /app/config/kubernetes.yaml
-            - name: homepage-config
-              subPath: services.yaml
-              mountPath: /app/config/services.yaml
-            - name: homepage-config
-              subPath: settings.yaml
-              mountPath: /app/config/settings.yaml
-            - name: homepage-config
-              subPath: widgets.yaml
-              mountPath: /app/config/widgets.yaml
-            - name: logs
-              mountPath: /app/config/logs
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-          readinessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-          startupProbe:
-            failureThreshold: 30
-            initialDelaySeconds: 0
-            periodSeconds: 5
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-      volumes:
-        - name: homepage-config
-          configMap:
-            name: homepage-config
-        - name: logs
-          emptyDir: {}

charts/homepage/templates/ingress-route.yaml

@@ -1,32 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: homepage
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}

charts/homepage/templates/middleware.yaml

@@ -1,27 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version

charts/homepage/templates/secret.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: "{{ .Release.Name }}-sa-token"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-  annotations:
-    kubernetes.io/service-account.name: homepage

charts/homepage/templates/service-account.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-secrets:
-  - name: "{{ .Release.Name }}-sa-token"

charts/homepage/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/homepage/values.yaml

@@ -1,32 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.12
-    imagePullPolicy: IfNotPresent
-  env:
-  envFrom:
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 512Mi
-      cpu: 500m
-service:
-  http:
-    port: 3000
-ingressRoute:
-  host:
-  authentik:
-    outpost:
-    port: 9000
-config:
-  bookmarks:
-  services:
-  widgets:
-  kubernetes:
-    mode: cluster
-  docker:
-  settings:

charts/libation/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: libation
-version: 0.0.6
-description: Import library from audible
-keywords:
-  - audiobooks
-  - job
-sources:
-  - https://github.com/rmcrackan/Libation
-maintainers:
-  - name: alexlebens
-icon: https://getlibation.com/images/libation-logo.png
-appVersion: "11.1.0"

charts/libation/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Libation](https://github.com/rmcrackan/Libation)
-
-Libation: Liberate your Library. Import library from audible, including cover art
-
-
-This chart bootstraps a [Libation](https://github.com/benphelps/homepage) CronJob on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- CronJob
-
-## Parameters
-
-See the [values files](values.yaml).

charts/libation/templates/job.yaml

@@ -1,39 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: libation
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: job
-    app.kubernetes.io/part-of: libation
-spec:
-  schedule: {{ .Values.job.schedule }}
-  successfulJobsHistoryLimit: 3
-  failedJobsHistoryLimit: 3
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          restartPolicy: Never
-          containers:
-            - name: libation
-              image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-              imagePullPolicy: {{ .Values.image.pullPolicy }}
-              env:
-                - name: SLEEP_TIME
-                  value: "-1"
-              volumeMounts:
-                - name: libation-config
-                  mountPath: /config
-                - name: libation-books
-                  mountPath: /data
-          volumes:
-            - name: libation-config
-              persistentVolumeClaim:
-                claimName: libation-config
-            - name: libation-books
-              persistentVolumeClaim:
-                claimName: {{ .Values.persistence.books.claimName }}

charts/libation/templates/persistent-volume-claim.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: libation-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: libation
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/libation/values.yaml

@@ -1,13 +0,0 @@
-job:
-  schedule: "0 * * * *"
-image:
-  repository: rmcrackan/libation
-  tag: "11.1.0"
-  pullPolicy: IfNotPresent
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 1Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/mautrix-discord/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: mautrix-discord
-version: 0.0.2
+version: 0.1.1
 description: Chart for Matrix Discord Bridge
 keywords:
   - matrix

charts/mautrix-discord/templates/_helpers.tpl

@@ -8,34 +8,3 @@ Helper for secret name
 {{- printf "mautrix-discord-config-secret" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
-
-{{/*
-Helper for registration secret name
-*/}}
-{{- define "mautrix-discord.registrationSecretName" -}}
-{{- if .Values.mautrixDiscord.existingRegistrationSecret }}
-{{- printf "%s" .Values.mautrixDiscord.existingRegistrationSecret -}}
-{{- else }}
-{{- printf "mautrix-discord-registration-secret" }}
-{{- end }}
-{{- end }}
-
-{{/*
-Generate registration.yaml if not from existing secret
-*/}}
-{{- define "mautrix-discord.registration-yaml" -}}
-id: {{ .Values.mautrixDiscord.config.appservice.id | quote }}
-as_token: {{ .Values.mautrixDiscord.config.appservice.as_token | quote }}
-hs_token: {{ .Values.mautrixDiscord.config.appservice.hs_token | quote }}
-namespaces:
-  users:
-    - regex: {{ printf "^@discordbot:%s$" (replace "." "\\." .Values.mautrixDiscord.config.homeserver.domain) }}
-      exclusive: true
-    - regex: {{ printf "^@%s:%s$" (replace "{{.}}" ".*" (tpl .Values.mautrixDiscord.config.bridge.username_template .)) (replace "." "\\." .Values.mautrixDiscord.config.homeserver.domain) }}
-      exclusive: true
-url: {{ .Values.mautrixDiscord.config.appservice.address | quote }}
-sender_localpart: {{ .Values.mautrixDiscord.registration.sender_localpart | quote }}
-rate_limited: {{ .Values.mautrixDiscord.registration.rate_limited }}
-de.sorunome.msc2409.push_ephemeral: true
-push_ephemeral: true
-{{- end -}}

charts/mautrix-discord/templates/deployment.yaml

@@ -62,19 +62,12 @@ spec:
               mountPath: /data/config.yaml
               subPath: config.yaml
               readOnly: true
-            - name: registration
-              mountPath: /data/registration.yaml
-              subPath: registration.yaml
-              readOnly: true
             - name: data
               mountPath: /data
       volumes:
         - name: config
           secret:
             secretName: {{ template "mautrix-discord.secretName" . }}
-        - name: registration
-          secret:
-            secretName: {{ template "mautrix-discord.registrationSecretName" . }}
         - name: data
           {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

charts/mautrix-discord/templates/secret.yaml

@@ -14,20 +14,3 @@ data:
   config.yaml: |
 {{ toYaml .Values.mautrixDiscord.config | indent 4 }}
 {{- end }}
-
----
-{{- if not .Values.mautrixDiscord.existingRegistrationSecret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mautrix-discord-registration-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: mautrix-discord-registration
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-data:
-  registration.yaml: {{ include "mautrix-discord.registration-yaml" . | b64enc | quote }}
-{{- end }}

charts/mautrix-discord/values.yaml

@@ -419,9 +419,3 @@ mautrixDiscord:
           max_size: 100
           max_backups: 10
           compress: true
-
-  # registration.yml contents
-  existingRegistrationSecret: ""
-  registration:
-    rate_limited: false
-    sender_localpart: discordbridgebot

charts/mautrix-whatsapp/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: mautrix-whatsapp
-version: 0.0.3
+version: 0.1.1
 description: Chart for Matrix Whatsapp Bridge
 keywords:
   - matrix

charts/mautrix-whatsapp/templates/_helpers.tpl

@@ -8,34 +8,3 @@ Helper for secret name
 {{- printf "mautrix-whatsapp-config-secret" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
-
-{{/*
-Helper for registration secret name
-*/}}
-{{- define "mautrix-whatsapp.registrationSecretName" -}}
-{{- if .Values.mautrixWhatsapp.existingRegistrationSecret }}
-{{- printf "%s" .Values.mautrixWhatsapp.existingRegistrationSecret -}}
-{{- else }}
-{{- printf "mautrix-whatsapp-registration-secret" }}
-{{- end }}
-{{- end }}
-
-{{/*
-Generate registration.yaml if not from existing secret
-*/}}
-{{- define "mautrix-whatsapp.registration-yaml" -}}
-id: {{ .Values.mautrixWhatsapp.config.appservice.id | quote }}
-as_token: {{ .Values.mautrixWhatsapp.config.appservice.as_token | quote }}
-hs_token: {{ .Values.mautrixWhatsapp.config.appservice.hs_token | quote }}
-namespaces:
-  users:
-    - regex: {{ printf "^@whatsappbot:%s$" (replace "." "\\." .Values.mautrixWhatsapp.config.homeserver.domain) }}
-      exclusive: true
-    - regex: {{ printf "^@%s:%s$" (replace "{{.}}" ".*" (tpl .Values.mautrixWhatsapp.config.bridge.username_template .)) (replace "." "\\." .Values.mautrixWhatsapp.config.homeserver.domain) }}
-      exclusive: true
-url: {{ .Values.mautrixWhatsapp.config.appservice.address | quote }}
-sender_localpart: {{ .Values.mautrixWhatsapp.registration.sender_localpart | quote }}
-rate_limited: {{ .Values.mautrixWhatsapp.registration.rate_limited }}
-de.sorunome.msc2409.push_ephemeral: true
-push_ephemeral: true
-{{- end -}}

charts/mautrix-whatsapp/templates/deployment.yaml

@@ -62,19 +62,12 @@ spec:
               mountPath: /data/config.yaml
               subPath: config.yaml
               readOnly: true
-            - name: registration
-              mountPath: /data/registration.yaml
-              subPath: registration.yaml
-              readOnly: true
             - name: data
               mountPath: /data
       volumes:
         - name: config
           secret:
             secretName: {{ template "mautrix-whatsapp.secretName" . }}
-        - name: registration
-          secret:
-            secretName: {{ template "mautrix-whatsapp.registrationSecretName" . }}
         - name: data
           {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

charts/mautrix-whatsapp/templates/secret.yaml

@@ -14,20 +14,3 @@ data:
   config.yaml: |
 {{ toYaml .Values.mautrixWhatsapp.config | indent 4 }}
 {{- end }}
-
----
-{{- if not .Values.mautrixWhatsapp.existingRegistrationSecret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mautrix-whatsapp-registration-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: mautrix-whatsapp-registration
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-data:
-  registration.yaml: {{ include "mautrix-whatsapp.registration-yaml" . | b64enc | quote }}
-{{- end }}

charts/mautrix-whatsapp/values.yaml

@@ -524,9 +524,3 @@ mautrixWhatsapp:
           max_size: 100
           max_backups: 10
           compress: true
-
-  # registration.yml contents
-  existingRegistrationSecret: ""
-  registration:
-    rate_limited: false
-    sender_localpart: whatsappbridgebot

charts/mysql-cluster/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: mysql-cluster
+version: 0.2.1
+description: Chart for a mysql cluster
+keywords:
+  - database
+  - mysql
+sources:
+  - https://dev.mysql.com/
+  - https://github.com/mysql/mysql-operator
+  - https://github.com/mysql/mysql-operator/tree/trunk/helm/mysql-innodbcluster
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/2452804?s=48&v=4
+appVersion: 8.4.0

charts/mysql-cluster/README.md

@@ -0,0 +1,17 @@
+## Introduction
+
+[MySQL Operator](https://dev.mysql.com/doc/mysql-operator/en/)
+
+MySQL Operator for Kubernetes manages MySQL InnoDB Cluster setups inside a Kubernetes Cluster. MySQL Operator for Kubernetes manages the full lifecycle with setup and maintenance including automating upgrades and backups.
+
+This chart bootstraps a [MySQL InnoDB](https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-innodbcluster.html) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+- MySQL Operator
+
+## Parameters
+
+See the [values files](values.yaml).

charts/mysql-cluster/templates/_backup.tpl

@@ -0,0 +1,72 @@
+{{- define "cluster.backup" -}}
+
+{{- if and .Values.backup.enabled .Values.backup.profiles }}
+backupProfiles:
+{{- $isDumpInstance := false }}
+{{- $isSnapshot := false }}
+{{- range $_, $profile := .Values.backup.profiles }}
+  - name: {{ $profile.name | quote }}
+      {{- if hasKey $profile "podAnnotations" }}
+    podAnnotations:
+      {{ toYaml $profile.podAnnotations | nindent 6 }}
+      {{- end }}
+      {{- if hasKey $profile "podLabels" }}
+    podLabels:
+      {{ toYaml $profile.podLabels | nindent 6 }}
+      {{- end }}
+
+    {{- $isDumpInstance = hasKey $profile "dumpInstance" }}
+    {{- $isSnapshot = hasKey $profile "snapshot" }}
+    {{- if or $isDumpInstance $isSnapshot }}
+
+      {{- $backupProfile := ternary $profile.dumpInstance $profile.snapshot $isDumpInstance }}
+      {{- if $isDumpInstance }}
+    dumpInstance:
+      {{- else if $isSnapshot }}
+    snapshot:
+      {{- else }}
+      {{- fail "Unsupported or unspecified backup type, must be either snapshot or dumpInstance" }}
+      {{ end }}
+
+      {{- if not (hasKey $backupProfile "storage") }}
+      {{- fail "backup profile $profile.name has no storage section" }}
+      {{- else if hasKey $backupProfile.storage "s3" }}
+      storage:
+        s3:
+            {{- if $backupProfile.storage.s3.prefix }}
+          prefix: {{ $backupProfile.storage.s3.prefix }}
+            {{- end }}
+          bucketName: {{ required "bucketName is required" $backupProfile.storage.s3.bucketName }}
+          config: {{ required "config is required" $backupProfile.storage.s3.config }}
+            {{- if $backupProfile.storage.s3.profile }}
+          profile: {{ $backupProfile.storage.s3.profile }}
+            {{- end }}
+            {{- if $backupProfile.storage.s3.endpoint }}
+          endpoint: {{ $backupProfile.storage.s3.endpoint }}
+            {{- end }}
+      {{- else if hasKey $backupProfile.storage "persistentVolumeClaim" }}
+      storage:
+        persistentVolumeClaim: {{ toYaml $backupProfile.storage.persistentVolumeClaim | nindent 12}}
+      {{- else -}}
+      {{- fail "Backup profile $profile.name has empty storage section - neither s3 nor persistentVolumeClaim defined" }}
+      {{- end -}}
+
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.backup.schedules }}
+backupSchedules:
+{{- range $_, $schedule := .Values.backup.schedules }}
+  - name: {{ $schedule.name | quote }}
+    enabled: {{ $schedule.enabled }}
+    schedule: {{ quote $schedule.schedule }}
+      {{- if ($schedule).timeZone }}
+    timeZone: {{ quote $schedule.timeZone }}
+      {{- end }}
+    deleteBackupData: {{ $schedule.deleteBackupData }}
+    backupProfileName: {{ $schedule.backupProfileName }}
+{{- end }}
+{{- end }}
+
+{{- end }}

charts/mysql-cluster/templates/_helpers.tpl

@@ -0,0 +1,64 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster.name" -}}
+  {{- if .Values.global.nameOverride }}
+    {{- .Values.global.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-mysql-%s" .Release.Name ((semver .Values.cluster.image.version).Major | toString) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Check for invalid versions
+*/}}
+{{- $minimalVersion := "8.0.27" }}
+{{- $forbiddenVersions := list "8.0.29" }}
+{{- $serverVersion := .Values.serverVersion | default .Chart.AppVersion }}
+{{- if lt $serverVersion $minimalVersion }}
+  {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above" $serverVersion $minimalVersion }}
+  {{- fail $err }}
+{{- end }}
+{{- if has $serverVersion $forbiddenVersions }}
+  {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above except %v" $serverVersion $minimalVersion $forbiddenVersions }}
+  {{- fail $err }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster.labels" -}}
+helm.sh/chart: {{ include "cluster.chart" . }}
+{{ include "cluster.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: cloudnative-pg
+{{- end }}
+
+{{/*
+Create the name of the service account to use.
+*/}}
+{{- define "mysql.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+    {{ default (include "cluster.name" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/mysql-cluster/templates/_init.tpl

@@ -0,0 +1,47 @@
+{{- define "cluster.init" -}}
+
+{{- if eq .Values.mode "clone" }}
+{{- with .Values.clone }}
+initDB:
+  clone:
+    donorUrl: {{ required "clone donorUrl is required" .donorUrl }}
+    rootUser: {{ .rootUser | default "root" }}
+    secretKeyRef:
+      name: {{ required "clone credentials is required" .exisitingCredentialsSecret }}
+{{- end }}
+{{- end }}
+
+{{- if eq .Values.mode "recovery" }}
+{{- with .Values.recovery }}
+initDB:
+  dump:
+      {{- if .name }}
+    name: {{ .name | quote }}
+      {{- end }}
+      {{- if .path }}
+    path: {{ .path | quote }}
+      {{- end }}
+      {{- if .options }}
+    options: {{ toYaml .options | nindent 8 }}
+      {{- end }}
+    storage:
+      {{- if eq .type "s3" }}
+      s3:
+        prefix: {{ required "s3 prefix is required" .s3.prefix }}
+        bucketName: {{ required "s3 bucketName is required" .s3.bucketName }}
+        config: {{ required "s3 config is required" .s3.config }}
+          {{- if .s3.profile }}
+        profile: {{ .s3.profile }}
+          {{- end }}
+          {{- if .s3.endpoint }}
+        endpoint: {{ .s3.endpoint }}
+          {{- end }}
+      {{- end }}
+      {{- if eq .type "pvc" }}
+      persistentVolumeClaim:
+        {{ toYaml .persistentVolumeClaim | nindent 10}}
+      {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}

charts/mysql-cluster/templates/deployment.yaml

@@ -0,0 +1,75 @@
+apiVersion: mysql.oracle.com/v2
+kind: InnoDBCluster
+metadata:
+  name: {{ include "cluster.name" . }}-cluster
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.selectorLabels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  instances: {{ required "serverInstances is required" .Values.cluster.serverInstances }}
+  baseServerId: {{ required "baseServerId is required" .Values.cluster.baseServerId }}  
+  serviceAccountName: {{ include "mysql.serviceAccountName" . }}  
+  imagePullPolicy : {{ .Values.cluster.image.pullPolicy }}
+  version: {{ .Values.cluster.image.version }}
+  tlsUseSelfSigned: true
+  secretName: {{ .Values.cluster.exisitingCredentialsSecret }}
+  podSpec:
+    {{- with .Values.cluster.podSpec }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  podAnnotations:
+    {{- with .Values.cluster.podAnnotations }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  podLabels:
+    {{- with .Values.cluster.podLabels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  router:
+    instances: {{ required "router.instances is required" .Values.cluster.router.instances }}
+    podSpec:
+      {{- with .Values.cluster.router.podSpec }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    podAnnotations:
+      {{- with .Values.cluster.router.podAnnotations }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    podLabels:
+      {{- with .Values.cluster.router.podLabels }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    tlsSecretName: {{ include "cluster.name" . }}-router-tls
+  logs:
+    {{- with .Values.cluster.logs }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}      
+  mycnf: |
+{{ .Values.cluster.serverConfig.mycnf | indent 4 }}
+  {{- if .Values.cluster.datadirVolumeClaimTemplate }}
+  {{- with .Values.cluster.datadirVolumeClaimTemplate }}
+  datadirVolumeClaimTemplate:
+    {{- if .storageClassName }}
+    storageClassName: {{ .storageClassName | quote }}
+    {{- end}}
+    {{- if .accessModes }}
+    accessModes: [ "{{ .accessModes }}" ]
+    {{- end }}
+    {{- if .size }}
+    resources:
+      requests:
+        storage: "{{ .size }}"
+    {{- end }}
+  {{- end }}
+  {{- end }}
+
+  {{ include "cluster.init" . | nindent 2 }}
+  {{ include "cluster.backup" . | nindent 2 }}

charts/mysql-cluster/templates/service-account.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "mysql.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.selectorLabels" . | nindent 4 }}    
+    {{- with .Values.global.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccount.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}    
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccount.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}

charts/mysql-cluster/values.yaml

@@ -0,0 +1,148 @@
+global:
+  nameOverride:
+  labels: {}
+  annotations: {}
+
+serviceAccount:
+  enabled: true
+  labels: {}
+  annotations: {}
+  name: ""
+
+###
+# Cluster mode of operation. Available modes:
+# * `standalone` - Default mode. Creates new or updates an existing cluster.
+# * `recovery` - Same as standalone but creates a cluster from a backup
+# * `clone` - Create database as a replica from another cluster
+mode: standalone
+
+##
+# Cluster spec
+#
+# Reference: https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-properties.html#mysql-operator-spec-innodbclusterspecinitdbdumpstorages3
+#
+cluster:
+  serverInstances: 1
+  baseServerId: 1000
+
+  # Existing secret that contains the keys "rootUser", "rootHost", and "rootPassword"
+  exisitingCredentialsSecret: ""
+
+  image:
+    version: 8.4.0
+    pullPolicy: IfNotPresent
+
+  router:
+    instances: 1
+    podSpec: {}
+    podAnnotations: {}
+    podLabels: {}
+
+  logs:
+    error:
+      enabled: true
+      collect: false
+    general:
+      enabled: false
+      collect: false
+    slowQuery:
+      enabled: false
+      longQueryTime: 2.5
+
+  serverConfig:
+    mycnf: |
+      [mysqld]
+      core_file
+      local_infile=off
+      mysql_native_password=ON
+
+  datadirVolumeClaimTemplate:
+    storageClassName: ""
+    accessModes: ""
+    size: ""
+
+  podSpec:
+    containers:
+      - name: mysql
+        resources:
+          limits:
+            memory: 1024Mi
+            cpu: 1000m
+          requests:
+            memory: 512Mi
+            cpu: 100m
+  podAnnotations: {}
+  podLabels: {}
+
+##
+# Recovery database from storage
+#
+recovery:
+
+  # * `s3` - Restores from s3 object store
+  # * `pvc` - Restores from persistent volume claim
+  type:
+
+  # -- Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator
+  name: ""
+  # -- Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage, S3, or azure.
+  path: ""
+  # -- A dictionary of key-value pairs passed directly to MySQL Shell's loadDump()
+  options: {}
+
+  s3:
+    # -- Path in the bucket where the dump files are stored
+    prefix: ""
+    # -- Name of a Secret with S3 configuration and credentials as contained in ~/.aws/config
+    config: ""
+    # -- Name of the S3 bucket where the dump is stored
+    bucketName: ""
+    # -- Override endpoint URL
+    endpoint: ""
+
+  persistentVolumeClaim: {}
+
+##
+# Clone database from another instance
+#
+clone:
+  donorUrl: ""
+  rootUser: root
+  exisitingCredentialsSecret: ""
+
+##
+# Backup database to pvc or s3
+#
+backup:
+  enabled: false
+  profiles:
+
+## -- Example profile that back ups to local pvc
+
+#    - name: pvc-backup
+#      dumpInstance:
+#        storage:
+#          persistentVolumeClaim:
+#            claimName: backup-volume-claim
+
+## -- Example profile that back ups to s3 endpoint
+
+#    - name: s3-backup
+#      snapshot:
+#        storage:
+#          s3:
+#            prefix: ""
+#            config: ""
+#            bucketName: ""
+#            endpoint: ""
+
+  schedules:
+
+## -- Example schedule that backups daily
+
+#    - name: schedule-daily
+#      enabled: true
+#      schedule: "0 0 0 * * *"
+#      timeZone: "US/Central"
+#      deleteBackupData: false
+#      backupProfileName:

charts/outline/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: outline
-version: 0.5.1
+version: 0.6.3
 description: Chart for Outline wiki
 keywords:
   - wiki
@@ -14,5 +14,5 @@ icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
 dependencies:
   - name: redis
     repository: https://charts.bitnami.com/bitnami
-    version: 19.1.1
+    version: 19.3.4
-appVersion: v0.75.2
+appVersion: v0.76.1

charts/outline/values.yaml

@@ -3,7 +3,7 @@ deployment:
   strategy: Recreate
   image:
     repository: outlinewiki/outline
-    tag: "0.75.2"
+    tag: "0.76.1"
     imagePullPolicy: IfNotPresent
   resources:
     requests:

charts/penpot/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+name: penpot
+version: 0.1.0
+description: Chart for Penpot
+keywords:
+  - penpot
+  - design
+sources:
+  - https://github.com/penpot/penpot
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4
+appVersion: 2.0.1

charts/penpot/README.md

@@ -0,0 +1,16 @@
+## Introduction
+
+[Penpot](https://github.com/penpot/penpot)
+
+Penpot is the first Open Source design and prototyping platform meant for cross-domain teams. Non dependent on operating systems, Penpot is web based and works with open standards (SVG). Penpot invites designers all over the world to fall in love with open source while getting developers excited about the design process in return.
+
+This chart bootstraps a [Penpot](https://github.com/penpot/penpot) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+
+## Parameters
+
+See the [values files](values.yaml).

charts/penpot/templates/_helpers.tpl

@@ -0,0 +1,72 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "penpot.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "penpot.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "penpot.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels.
+*/}}
+{{- define "penpot.labels" -}}
+helm.sh/chart: {{ include "penpot.chart" . }}
+app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels.
+*/}}
+{{- define "penpot.frontendSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "penpot.backendSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "penpot.name" . }}-backend
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- define "penpot.exporterSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "penpot.name" . }}-exporter
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use.
+*/}}
+{{- define "penpot.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+    {{ default (include "penpot.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/penpot/templates/config-map.yaml

@@ -0,0 +1,129 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ include "penpot.fullname" . }}-frontend-nginx"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+data:
+  nginx.conf: |
+    user www-data;
+    worker_processes auto;
+    pid /run/nginx.pid;
+    include /etc/nginx/modules-enabled/*.conf;
+
+    events {
+        worker_connections 2048;
+        # multi_accept on;
+    }
+
+    http {
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_requests 30;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+
+        server_tokens off;
+
+        reset_timedout_connection on;
+        client_body_timeout 30s;
+        client_header_timeout 30s;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        error_log /dev/stdout;
+        access_log /dev/stdout;
+
+        gzip on;
+        gzip_vary on;
+        gzip_proxied any;
+        gzip_static on;
+        gzip_comp_level 4;
+        gzip_buffers 16 8k;
+        gzip_http_version 1.1;
+
+        gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json;
+
+        resolver 127.0.0.11;
+
+        map $http_upgrade $connection_upgrade {
+            default upgrade;
+            ''      close;
+        }
+
+        server {
+            listen 80 default_server;
+            server_name _;
+
+            client_max_body_size 100M;
+            charset utf-8;
+
+            proxy_http_version 1.1;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Scheme $scheme;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            etag off;
+            root /var/www/app/;
+
+            location ~* \.(js|css).*$ {
+                add_header Cache-Control "max-age=86400" always; # 24 hours
+            }
+
+            location ~* \.(html).*$ {
+                add_header Cache-Control "no-cache, max-age=0" always;
+            }
+
+            location /api/export {
+                proxy_pass http://{{ include "penpot.fullname" . }}-exporter:6061;
+            }
+
+            location /api {
+                proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/api;
+            }
+
+            location /ws/notifications {
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection 'upgrade';
+                proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/ws/notifications;
+            }
+
+            location @handle_redirect {
+                set $redirect_uri "$upstream_http_location";
+                set $redirect_host "$upstream_http_x_host";
+                set $redirect_cache_control "$upstream_http_cache_control";
+
+                proxy_buffering off;
+
+                proxy_set_header Host "$redirect_host";
+                proxy_hide_header etag;
+                proxy_hide_header x-amz-id-2;
+                proxy_hide_header x-amz-request-id;
+                proxy_hide_header x-amz-meta-server-side-encryption;
+                proxy_hide_header x-amz-server-side-encryption;
+                proxy_pass $redirect_uri;
+
+                add_header x-internal-redirect "$redirect_uri";
+                add_header x-cache-control "$redirect_cache_control";
+                add_header cache-control "$redirect_cache_control";
+            }
+
+            location /assets {
+                proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/assets;
+                recursive_error_pages on;
+                proxy_intercept_errors on;
+                error_page 301 302 307 = @handle_redirect;
+            }
+
+            location /internal/assets {
+                internal;
+                alias /opt/data/assets;
+                add_header x-internal-redirect "$upstream_http_x_accel_redirect";
+            }
+        }
+    }

charts/penpot/templates/deployment-backend.yaml

@@ -0,0 +1,378 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "penpot.fullname" . }}-backend
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.backend.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "penpot.backendSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "penpot.backendSelectorLabels" . | nindent 8 }}
+    spec:
+    {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{ if .Values.backend.podSecurityContext.enabled }}
+      securityContext:
+        {{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "penpot.serviceAccountName" . }}
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app.kubernetes.io/instance
+                operator: In
+                values:
+                - {{ .Release.Name }}
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+        - name: {{ .Chart.Name }}-backend
+        {{ if .Values.backend.containerSecurityContext.enabled }}
+          securityContext:
+            {{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+        {{- end }}
+          image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
+          imagePullPolicy: {{ .Values.backend.image.imagePullPolicy }}
+          volumeMounts:
+            - mountPath: /opt/data
+              name: app-data
+              readOnly: false
+          env:
+            - name: PENPOT_PUBLIC_URI
+              value: {{ .Values.config.publicURI | quote }}
+            - name: PENPOT_FLAGS
+              value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
+            - name: PENPOT_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.apiSecretKey.existingSecretName }}
+                  key: {{ .Values.config.apiSecretKey.existingSecretKey }}
+            - name: PENPOT_DATABASE_URI
+              value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
+            - name: PENPOT_DATABASE_USERNAME
+            {{- if not .Values.config.postgresql.secretKeys.usernameKey }}
+              value: {{ .Values.config.postgresql.username | quote }}
+            {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgresql.existingSecret }}
+                  key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
+            {{- end }}
+            - name: PENPOT_DATABASE_PASSWORD
+            {{- if not .Values.config.postgresql.secretKeys.passwordKey }}
+              value: {{ .Values.config.postgresql.password | quote }}
+            {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgresql.existingSecret }}
+                  key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
+            {{- end }}
+            - name: PENPOT_REDIS_URI
+              value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
+            - name: PENPOT_ASSETS_STORAGE_BACKEND
+              value: {{ .Values.config.assets.storageBackend | quote }}
+          {{- if eq .Values.config.assets.storageBackend "assets-fs" }}
+            - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
+              value: {{ .Values.config.assets.filesystem.directory | quote }}
+          {{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
+            - name: PENPOT_STORAGE_ASSETS_S3_REGION
+              value: {{ .Values.config.assets.s3.region | quote }}
+            - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
+              value: {{ .Values.config.assets.s3.bucket | quote }}
+            - name: AWS_ACCESS_KEY_ID
+          {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
+              value: {{ .Values.config.assets.s3.accessKeyID | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
+          {{- end }}
+            - name: AWS_SECRET_ACCESS_KEY
+          {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
+              value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
+          {{- end }}
+            - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
+          {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
+              value: {{ .Values.config.assets.s3.endpointURI | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
+          {{- end }}
+          {{- end }}
+            - name: PENPOT_TELEMETRY_ENABLED
+              value: {{ .Values.config.telemetryEnabled | quote }}
+
+          {{- if .Values.config.smtp.enabled }}
+          {{- if .Values.config.smtp.defaultFrom }}
+            - name: PENPOT_SMTP_DEFAULT_FROM
+              value: {{ .Values.config.smtp.defaultFrom | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.defaultReplyTo }}
+            - name: PENPOT_SMTP_DEFAULT_REPLY_TO
+              value: {{ .Values.config.smtp.defaultReplyTo | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.host }}
+            - name: PENPOT_SMTP_HOST
+              value: {{ .Values.config.smtp.host | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.port }}
+            - name: PENPOT_SMTP_PORT
+              value: {{ .Values.config.smtp.port | quote }}
+          {{- end }}
+          {{- if not .Values.config.smtp.secretKeys.usernameKey }}
+            - name: PENPOT_SMTP_USERNAME
+              value: {{ .Values.config.smtp.username | quote }}
+          {{- else }}
+            - name: PENPOT_SMTP_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.smtp.existingSecret }}
+                  key: {{ .Values.config.smtp.secretKeys.usernameKey }}
+          {{- end }}
+          {{- if not .Values.config.smtp.secretKeys.passwordKey }}
+            - name: PENPOT_SMTP_PASSWORD
+              value: {{ .Values.config.smtp.password | quote }}
+          {{- else }}
+            - name: PENPOT_SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.smtp.existingSecret }}
+                  key: {{ .Values.config.smtp.secretKeys.passwordKey }}
+          {{- end }}
+          {{- if .Values.config.smtp.tls }}
+            - name: PENPOT_SMTP_TLS
+              value: {{ .Values.config.smtp.tls | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.ssl }}
+            - name: PENPOT_SMTP_SSL
+              value: {{ .Values.config.smtp.ssl | quote }}
+          {{- end }}
+          {{- end }}
+
+
+          {{- if .Values.config.registrationDomainWhitelist }}
+            - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
+              value: {{ .Values.config.registrationDomainWhitelist | quote }}
+          {{- end }}
+
+          {{- if .Values.config.providers.google.enabled }}
+          {{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
+            - name: PENPOT_GOOGLE_CLIENT_ID
+              value: {{ .Values.config.providers.google.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GOOGLE_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
+            - name: PENPOT_GOOGLE_CLIENT_SECRET
+              value: {{ .Values.config.providers.google.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GOOGLE_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.github.enabled }}
+          {{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
+            - name: PENPOT_GITHUB_CLIENT_ID
+              value: {{ .Values.config.providers.github.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GITHUB_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.githubClientSecretKey  }}
+            - name: PENPOT_GITHUB_CLIENT_SECRET
+              value: {{ .Values.config.providers.github.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GITHUB_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.gitlab.enabled }}
+          {{- if .Values.config.providers.gitlab.baseURI }}
+            - name: PENPOT_GITLAB_BASE_URI
+              value: {{ .Values.config.providers.gitlab.baseURI | quote }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
+            - name: PENPOT_GITLAB_CLIENT_ID
+              value: {{ .Values.config.providers.gitlab.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GITLAB_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
+            - name: PENPOT_GITLAB_CLIENT_SECRET
+              value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GITLAB_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.oidc.enabled }}
+          {{- if .Values.config.providers.oidc.baseURI }}
+            - name: PENPOT_OIDC_BASE_URI
+              value: {{ .Values.config.providers.oidc.baseURI | quote }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
+            - name: PENPOT_OIDC_CLIENT_ID
+              value: {{ .Values.config.providers.oidc.clientID | quote}}
+          {{- else }}
+            - name: PENPOT_OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
+            - name: PENPOT_OIDC_CLIENT_SECRET
+              value: {{ .Values.config.providers.oidc.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.authURI }}
+            - name: PENPOT_OIDC_AUTH_URI
+              value: {{ .Values.config.providers.oidc.authURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.tokenURI }}
+            - name: PENPOT_OIDC_TOKEN_URI
+              value: {{ .Values.config.providers.oidc.tokenURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.userURI }}
+            - name: PENPOT_OIDC_USER_URI
+              value: {{ .Values.config.providers.oidc.userURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.roles }}
+            - name: PENPOT_OIDC_ROLES
+              value: {{ .Values.config.providers.oidc.roles | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.rolesAttribute }}
+            - name: PENPOT_OIDC_ROLES_ATTR
+              value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.scopes }}
+            - name: PENPOT_OIDC_SCOPES
+              value: {{ .Values.config.providers.oidc.scopes | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.nameAttribute }}
+            - name: PENPOT_OIDC_NAME_ATTR
+              value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.emailAttribute }}
+            - name: PENPOT_OIDC_EMAIL_ATTR
+              value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.ldap.enabled }}
+          {{- if .Values.config.providers.ldap.host }}
+            - name: PENPOT_LDAP_HOST
+              value: {{ .Values.config.providers.ldap.host | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.port }}
+            - name: PENPOT_LDAP_PORT
+              value: {{ .Values.config.providers.ldap.port | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.ssl }}
+            - name: PENPOT_LDAP_SSL
+              value: {{ .Values.config.providers.ldap.ssl | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.startTLS }}
+            - name: PENPOT_LDAP_STARTTLS
+              value: {{ .Values.config.providers.ldap.startTLS | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.baseDN }}
+            - name: PENPOT_LDAP_BASE_DN
+              value: {{ .Values.config.providers.ldap.baseDN | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.bindDN }}
+            - name: PENPOT_LDAP_BIND_DN
+              value: {{ .Values.config.providers.ldap.bindDN | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.bindPassword }}
+            - name: PENPOT_LDAP_BIND_PASSWORD
+              value: {{ .Values.config.providers.ldap.bindPassword | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesUsername }}
+            - name: PENPOT_LDAP_ATTRS_USERNAME
+              value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesEmail }}
+            - name: PENPOT_LDAP_ATTRS_EMAIL
+              value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesFullname }}
+            - name: PENPOT_LDAP_ATTRS_FULLNAME
+              value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesPhoto }}
+            - name: PENPOT_LDAP_ATTRS_PHOTO
+              value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
+          {{- end }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.backend.service.port }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.backend.resources | nindent 12 }}
+      {{- with .Values.backend.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.backend.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.backend.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      volumes:
+      - name: app-data
+      {{- if .Values.persistence.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
+      {{- else }}
+        emptyDir: {}
+      {{- end }}

charts/penpot/templates/deployment-exporter.yaml

@@ -0,0 +1,353 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "penpot.fullname" . }}-exporter
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.exporter.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "penpot.exporterSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "penpot.exporterSelectorLabels" . | nindent 8 }}
+    spec:
+    {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "penpot.serviceAccountName" . }}
+    {{ if .Values.exporter.podSecurityContext.enabled }}
+      securityContext:
+        {{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }}
+    {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}-exporter
+        {{ if .Values.exporter.containerSecurityContext.enabled }}
+          securityContext:
+            {{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+        {{- end }}
+          image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}"
+          imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }}
+          env:
+            - name: PENPOT_PUBLIC_URI
+              value: {{ .Values.config.publicURI | quote }}
+            - name: PENPOT_FLAGS
+              value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
+            - name: PENPOT_SECRET_KEY
+              value: {{ .Values.config.apiSecretKey | quote }}
+            - name: PENPOT_DATABASE_URI
+              value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
+            - name: PENPOT_DATABASE_USERNAME
+            {{- if not .Values.config.postgresql.secretKeys.usernameKey }}
+              value: {{ .Values.config.postgresql.username | quote }}
+            {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgresql.existingSecret }}
+                  key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
+            {{- end }}
+            - name: PENPOT_DATABASE_PASSWORD
+            {{- if not .Values.config.postgresql.secretKeys.passwordKey }}
+              value: {{ .Values.config.postgresql.password | quote }}
+            {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgresql.existingSecret }}
+                  key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
+            {{- end }}
+            - name: PENPOT_REDIS_URI
+              value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
+            - name: PENPOT_ASSETS_STORAGE_BACKEND
+              value: {{ .Values.config.assets.storageBackend | quote }}
+          {{- if eq .Values.config.assets.storageBackend "assets-fs" }}
+            - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
+              value: {{ .Values.config.assets.filesystem.directory | quote }}
+          {{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
+            - name: PENPOT_STORAGE_ASSETS_S3_REGION
+              value: {{ .Values.config.assets.s3.region | quote }}
+            - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
+              value: {{ .Values.config.assets.s3.bucket | quote }}
+            - name: AWS_ACCESS_KEY_ID
+          {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
+              value: {{ .Values.config.assets.s3.accessKeyID | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
+          {{- end }}
+            - name: AWS_SECRET_ACCESS_KEY
+          {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
+              value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
+          {{- end }}
+            - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
+          {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
+              value: {{ .Values.config.assets.s3.endpointURI | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
+          {{- end }}
+          {{- end }}
+            - name: PENPOT_TELEMETRY_ENABLED
+              value: {{ .Values.config.telemetryEnabled | quote }}
+
+          {{- if .Values.config.smtp.enabled }}
+          {{- if .Values.config.smtp.defaultFrom }}
+            - name: PENPOT_SMTP_DEFAULT_FROM
+              value: {{ .Values.config.smtp.defaultFrom | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.defaultReplyTo }}
+            - name: PENPOT_SMTP_DEFAULT_REPLY_TO
+              value: {{ .Values.config.smtp.defaultReplyTo | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.host }}
+            - name: PENPOT_SMTP_HOST
+              value: {{ .Values.config.smtp.host | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.port }}
+            - name: PENPOT_SMTP_PORT
+              value: {{ .Values.config.smtp.port | quote }}
+          {{- end }}
+          {{- if not .Values.config.smtp.secretKeys.usernameKey }}
+            - name: PENPOT_SMTP_USERNAME
+              value: {{ .Values.config.smtp.username | quote }}
+          {{- else }}
+            - name: PENPOT_SMTP_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.smtp.existingSecret }}
+                  key: {{ .Values.config.smtp.secretKeys.usernameKey }}
+          {{- end }}
+          {{- if not .Values.config.smtp.secretKeys.passwordKey }}
+            - name: PENPOT_SMTP_PASSWORD
+              value: {{ .Values.config.smtp.password | quote }}
+          {{- else }}
+            - name: PENPOT_SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.smtp.existingSecret }}
+                  key: {{ .Values.config.smtp.secretKeys.passwordKey }}
+          {{- end }}
+          {{- if .Values.config.smtp.tls }}
+            - name: PENPOT_SMTP_TLS
+              value: {{ .Values.config.smtp.tls | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.ssl }}
+            - name: PENPOT_SMTP_SSL
+              value: {{ .Values.config.smtp.ssl | quote }}
+          {{- end }}
+          {{- end }}
+
+
+          {{- if .Values.config.registrationDomainWhitelist }}
+            - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
+              value: {{ .Values.config.registrationDomainWhitelist | quote }}
+          {{- end }}
+
+          {{- if .Values.config.providers.google.enabled }}
+          {{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
+            - name: PENPOT_GOOGLE_CLIENT_ID
+              value: {{ .Values.config.providers.google.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GOOGLE_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
+            - name: PENPOT_GOOGLE_CLIENT_SECRET
+              value: {{ .Values.config.providers.google.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GOOGLE_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.github.enabled }}
+          {{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
+            - name: PENPOT_GITHUB_CLIENT_ID
+              value: {{ .Values.config.providers.github.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GITHUB_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.githubClientSecretKey  }}
+            - name: PENPOT_GITHUB_CLIENT_SECRET
+              value: {{ .Values.config.providers.github.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GITHUB_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.gitlab.enabled }}
+          {{- if .Values.config.providers.gitlab.baseURI }}
+            - name: PENPOT_GITLAB_BASE_URI
+              value: {{ .Values.config.providers.gitlab.baseURI | quote }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
+            - name: PENPOT_GITLAB_CLIENT_ID
+              value: {{ .Values.config.providers.gitlab.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GITLAB_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
+            - name: PENPOT_GITLAB_CLIENT_SECRET
+              value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GITLAB_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.oidc.enabled }}
+          {{- if .Values.config.providers.oidc.baseURI }}
+            - name: PENPOT_OIDC_BASE_URI
+              value: {{ .Values.config.providers.oidc.baseURI | quote }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
+            - name: PENPOT_OIDC_CLIENT_ID
+              value: {{ .Values.config.providers.oidc.clientID | quote}}
+          {{- else }}
+            - name: PENPOT_OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
+            - name: PENPOT_OIDC_CLIENT_SECRET
+              value: {{ .Values.config.providers.oidc.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.authURI }}
+            - name: PENPOT_OIDC_AUTH_URI
+              value: {{ .Values.config.providers.oidc.authURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.tokenURI }}
+            - name: PENPOT_OIDC_TOKEN_URI
+              value: {{ .Values.config.providers.oidc.tokenURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.userURI }}
+            - name: PENPOT_OIDC_USER_URI
+              value: {{ .Values.config.providers.oidc.userURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.roles }}
+            - name: PENPOT_OIDC_ROLES
+              value: {{ .Values.config.providers.oidc.roles | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.rolesAttribute }}
+            - name: PENPOT_OIDC_ROLES_ATTR
+              value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.scopes }}
+            - name: PENPOT_OIDC_SCOPES
+              value: {{ .Values.config.providers.oidc.scopes | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.nameAttribute }}
+            - name: PENPOT_OIDC_NAME_ATTR
+              value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.emailAttribute }}
+            - name: PENPOT_OIDC_EMAIL_ATTR
+              value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.ldap.enabled }}
+          {{- if .Values.config.providers.ldap.host }}
+            - name: PENPOT_LDAP_HOST
+              value: {{ .Values.config.providers.ldap.host | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.port }}
+            - name: PENPOT_LDAP_PORT
+              value: {{ .Values.config.providers.ldap.port | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.ssl }}
+            - name: PENPOT_LDAP_SSL
+              value: {{ .Values.config.providers.ldap.ssl | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.startTLS }}
+            - name: PENPOT_LDAP_STARTTLS
+              value: {{ .Values.config.providers.ldap.startTLS | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.baseDN }}
+            - name: PENPOT_LDAP_BASE_DN
+              value: {{ .Values.config.providers.ldap.baseDN | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.bindDN }}
+            - name: PENPOT_LDAP_BIND_DN
+              value: {{ .Values.config.providers.ldap.bindDN | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.bindPassword }}
+            - name: PENPOT_LDAP_BIND_PASSWORD
+              value: {{ .Values.config.providers.ldap.bindPassword | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesUsername }}
+            - name: PENPOT_LDAP_ATTRS_USERNAME
+              value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesEmail }}
+            - name: PENPOT_LDAP_ATTRS_EMAIL
+              value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesFullname }}
+            - name: PENPOT_LDAP_ATTRS_FULLNAME
+              value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesPhoto }}
+            - name: PENPOT_LDAP_ATTRS_PHOTO
+              value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
+          {{- end }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.exporter.service.port }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.exporter.resources | nindent 12 }}
+      {{- with .Values.exporter.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.exporter.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.exporter.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}

charts/penpot/templates/deployment-frontend.yaml

@@ -0,0 +1,375 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "penpot.fullname" . }}-frontend
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.frontend.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "penpot.frontendSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "penpot.frontendSelectorLabels" . | nindent 8 }}
+    spec:
+    {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "penpot.serviceAccountName" . }}
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app.kubernetes.io/instance
+                operator: In
+                values:
+                - {{ .Release.Name }}
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+        - name: {{ .Chart.Name }}-frontend
+          image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
+          imagePullPolicy: {{ .Values.frontend.image.imagePullPolicy }}
+          env:
+            - name: PENPOT_PUBLIC_URI
+              value: {{ .Values.config.publicURI | quote }}
+            - name: PENPOT_FLAGS
+              value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
+            - name: PENPOT_SECRET_KEY
+              value: {{ .Values.config.apiSecretKey | quote }}
+            - name: PENPOT_DATABASE_URI
+              value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
+            - name: PENPOT_DATABASE_USERNAME
+            {{- if not .Values.config.postgresql.secretKeys.usernameKey }}
+              value: {{ .Values.config.postgresql.username | quote }}
+            {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgresql.existingSecret }}
+                  key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
+            {{- end }}
+            - name: PENPOT_DATABASE_PASSWORD
+            {{- if not .Values.config.postgresql.secretKeys.passwordKey }}
+              value: {{ .Values.config.postgresql.password | quote }}
+            {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgresql.existingSecret }}
+                  key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
+            {{- end }}
+            - name: PENPOT_REDIS_URI
+              value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
+            - name: PENPOT_ASSETS_STORAGE_BACKEND
+              value: {{ .Values.config.assets.storageBackend | quote }}
+          {{- if eq .Values.config.assets.storageBackend "assets-fs" }}
+            - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
+              value: {{ .Values.config.assets.filesystem.directory | quote }}
+          {{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
+            - name: PENPOT_STORAGE_ASSETS_S3_REGION
+              value: {{ .Values.config.assets.s3.region | quote }}
+            - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
+              value: {{ .Values.config.assets.s3.bucket | quote }}
+            - name: AWS_ACCESS_KEY_ID
+          {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
+              value: {{ .Values.config.assets.s3.accessKeyID | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
+          {{- end }}
+            - name: AWS_SECRET_ACCESS_KEY
+          {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
+              value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
+          {{- end }}
+            - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
+          {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
+              value: {{ .Values.config.assets.s3.endpointURI | quote }}
+          {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.assets.s3.existingSecret }}
+                  key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
+          {{- end }}
+          {{- end }}
+            - name: PENPOT_TELEMETRY_ENABLED
+              value: {{ .Values.config.telemetryEnabled | quote }}
+
+          {{- if .Values.config.smtp.enabled }}
+          {{- if .Values.config.smtp.defaultFrom }}
+            - name: PENPOT_SMTP_DEFAULT_FROM
+              value: {{ .Values.config.smtp.defaultFrom | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.defaultReplyTo }}
+            - name: PENPOT_SMTP_DEFAULT_REPLY_TO
+              value: {{ .Values.config.smtp.defaultReplyTo | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.host }}
+            - name: PENPOT_SMTP_HOST
+              value: {{ .Values.config.smtp.host | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.port }}
+            - name: PENPOT_SMTP_PORT
+              value: {{ .Values.config.smtp.port | quote }}
+          {{- end }}
+          {{- if not .Values.config.smtp.secretKeys.usernameKey }}
+            - name: PENPOT_SMTP_USERNAME
+              value: {{ .Values.config.smtp.username | quote }}
+          {{- else }}
+            - name: PENPOT_SMTP_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.smtp.existingSecret }}
+                  key: {{ .Values.config.smtp.secretKeys.usernameKey }}
+          {{- end }}
+          {{- if not .Values.config.smtp.secretKeys.passwordKey }}
+            - name: PENPOT_SMTP_PASSWORD
+              value: {{ .Values.config.smtp.password | quote }}
+          {{- else }}
+            - name: PENPOT_SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.smtp.existingSecret }}
+                  key: {{ .Values.config.smtp.secretKeys.passwordKey }}
+          {{- end }}
+          {{- if .Values.config.smtp.tls }}
+            - name: PENPOT_SMTP_TLS
+              value: {{ .Values.config.smtp.tls | quote }}
+          {{- end }}
+          {{- if .Values.config.smtp.ssl }}
+            - name: PENPOT_SMTP_SSL
+              value: {{ .Values.config.smtp.ssl | quote }}
+          {{- end }}
+          {{- end }}
+
+
+          {{- if .Values.config.registrationDomainWhitelist }}
+            - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
+              value: {{ .Values.config.registrationDomainWhitelist | quote }}
+          {{- end }}
+
+          {{- if .Values.config.providers.google.enabled }}
+          {{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
+            - name: PENPOT_GOOGLE_CLIENT_ID
+              value: {{ .Values.config.providers.google.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GOOGLE_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
+            - name: PENPOT_GOOGLE_CLIENT_SECRET
+              value: {{ .Values.config.providers.google.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GOOGLE_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.github.enabled }}
+          {{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
+            - name: PENPOT_GITHUB_CLIENT_ID
+              value: {{ .Values.config.providers.github.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GITHUB_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.githubClientSecretKey  }}
+            - name: PENPOT_GITHUB_CLIENT_SECRET
+              value: {{ .Values.config.providers.github.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GITHUB_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.gitlab.enabled }}
+          {{- if .Values.config.providers.gitlab.baseURI }}
+            - name: PENPOT_GITLAB_BASE_URI
+              value: {{ .Values.config.providers.gitlab.baseURI | quote }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
+            - name: PENPOT_GITLAB_CLIENT_ID
+              value: {{ .Values.config.providers.gitlab.clientID | quote }}
+          {{- else }}
+            - name: PENPOT_GITLAB_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
+            - name: PENPOT_GITLAB_CLIENT_SECRET
+              value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_GITLAB_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.oidc.enabled }}
+          {{- if .Values.config.providers.oidc.baseURI }}
+            - name: PENPOT_OIDC_BASE_URI
+              value: {{ .Values.config.providers.oidc.baseURI | quote }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
+            - name: PENPOT_OIDC_CLIENT_ID
+              value: {{ .Values.config.providers.oidc.clientID | quote}}
+          {{- else }}
+            - name: PENPOT_OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
+          {{- end }}
+          {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
+            - name: PENPOT_OIDC_CLIENT_SECRET
+              value: {{ .Values.config.providers.oidc.clientSecret | quote }}
+          {{- else }}
+            - name: PENPOT_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.providers.existingSecret }}
+                  key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.authURI }}
+            - name: PENPOT_OIDC_AUTH_URI
+              value: {{ .Values.config.providers.oidc.authURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.tokenURI }}
+            - name: PENPOT_OIDC_TOKEN_URI
+              value: {{ .Values.config.providers.oidc.tokenURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.userURI }}
+            - name: PENPOT_OIDC_USER_URI
+              value: {{ .Values.config.providers.oidc.userURI | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.roles }}
+            - name: PENPOT_OIDC_ROLES
+              value: {{ .Values.config.providers.oidc.roles | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.rolesAttribute }}
+            - name: PENPOT_OIDC_ROLES_ATTR
+              value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.scopes }}
+            - name: PENPOT_OIDC_SCOPES
+              value: {{ .Values.config.providers.oidc.scopes | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.nameAttribute }}
+            - name: PENPOT_OIDC_NAME_ATTR
+              value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.oidc.emailAttribute }}
+            - name: PENPOT_OIDC_EMAIL_ATTR
+              value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.config.providers.ldap.enabled }}
+          {{- if .Values.config.providers.ldap.host }}
+            - name: PENPOT_LDAP_HOST
+              value: {{ .Values.config.providers.ldap.host | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.port }}
+            - name: PENPOT_LDAP_PORT
+              value: {{ .Values.config.providers.ldap.port | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.ssl }}
+            - name: PENPOT_LDAP_SSL
+              value: {{ .Values.config.providers.ldap.ssl | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.startTLS }}
+            - name: PENPOT_LDAP_STARTTLS
+              value: {{ .Values.config.providers.ldap.startTLS | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.baseDN }}
+            - name: PENPOT_LDAP_BASE_DN
+              value: {{ .Values.config.providers.ldap.baseDN | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.bindDN }}
+            - name: PENPOT_LDAP_BIND_DN
+              value: {{ .Values.config.providers.ldap.bindDN | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.bindPassword }}
+            - name: PENPOT_LDAP_BIND_PASSWORD
+              value: {{ .Values.config.providers.ldap.bindPassword | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesUsername }}
+            - name: PENPOT_LDAP_ATTRS_USERNAME
+              value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesEmail }}
+            - name: PENPOT_LDAP_ATTRS_EMAIL
+              value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesFullname }}
+            - name: PENPOT_LDAP_ATTRS_FULLNAME
+              value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
+          {{- end }}
+          {{- if .Values.config.providers.ldap.attributesPhoto }}
+            - name: PENPOT_LDAP_ATTRS_PHOTO
+              value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
+          {{- end }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /opt/data
+              name: app-data
+              readOnly: false
+            - mountPath: /etc/nginx/nginx.conf
+              name: "{{ include "penpot.fullname" . }}-frontend-nginx"
+              readOnly: true
+              subPath: nginx.conf
+          ports:
+            - name: http
+              containerPort: {{ .Values.frontend.service.port }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.frontend.resources | nindent 12 }}
+      {{- with .Values.frontend.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.frontend.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.frontend.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      volumes:
+      - name: app-data
+      {{- if .Values.persistence.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
+      - configMap:
+          defaultMode: 420
+          name: "{{ include "penpot.fullname" . }}-frontend-nginx"
+        name: "{{ include "penpot.fullname" . }}-frontend-nginx"

charts/penpot/templates/ingress.yaml

@@ -0,0 +1,53 @@
+{{- if .Values.ingress.enabled -}}
+{{- $gitVersion := .Capabilities.KubeVersion.GitVersion -}}
+{{- $fullName := include "penpot.fullname" . -}}
+{{- $svcPort := .Values.frontend.service.port -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if semverCompare ">=1.19-0" $gitVersion }}
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+{{ else }}
+          - path: /
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+{{- end }}
+  {{- end }}
+{{- end }}

charts/penpot/templates/persistent-volume-claim.yaml

@@ -0,0 +1,24 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "penpot.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{- include "penpot.labels" . | nindent 4 }}
+{{- if .Values.persistence.annotations }}
+  annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+  accessModes:
+  {{- range .Values.persistence.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end -}}

charts/penpot/templates/service-account.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "penpot.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

charts/penpot/templates/service.yaml

@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "penpot.fullname" . }}-backend
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.backend.service.type }}
+  ports:
+    - port: {{ .Values.backend.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "penpot.backendSelectorLabels" . | nindent 4 }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "penpot.fullname" . }}-exporter
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.exporter.service.type }}
+  ports:
+    - port: {{ .Values.exporter.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "penpot.exporterSelectorLabels" . | nindent 4 }}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "penpot.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "penpot.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.frontend.service.type }}
+  ports:
+    - port: {{ .Values.frontend.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "penpot.frontendSelectorLabels" . | nindent 4 }}

charts/penpot/values.yaml

@@ -0,0 +1,468 @@
+## Default values for Penpot
+
+## @section Global parameters
+
+## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
+## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
+## @param global.imagePullSecrets Global Docker registry secret names as an array.
+##
+global:
+  ## E.g.
+  ## imagePullSecrets:
+  ##   - myRegistryKeySecretName
+  ##
+  imagePullSecrets: []
+
+## @section Common parameters
+
+## @param nameOverride String to partially override common.names.fullname
+##
+nameOverride: ""
+## @param fullnameOverride String to fully override common.names.fullname
+##
+fullnameOverride: ""
+## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created.
+## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
+## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
+##
+serviceAccount:
+  enabled: true
+  annotations: {}
+  name: ""
+
+## @section Backend parameters
+
+## Penpot Backend
+##
+backend:
+  ## @param backend.image.repository The Docker repository to pull the image from.
+  ## @param backend.image.tag The image tag to use.
+  ## @param backend.image.imagePullPolicy The image pull policy to use.
+  ##
+  image:
+    repository: penpotapp/backend
+    tag: 2.0.1
+    imagePullPolicy: IfNotPresent
+  ## @param backend.replicaCount The number of replicas to deploy.
+  ##
+  replicaCount: 1
+  ## @param backend.service.type The service type to create.
+  ## @param backend.service.port The service port to use.
+  ##
+  service:
+    type: ClusterIP
+    port: 6060
+  ## Configure Pods Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context
+  ## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroup: 1001
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context
+  ## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
+  ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
+  ## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
+  ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
+  ## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
+  ##
+  containerSecurityContext:
+    enabled: true
+    runAsUser: 1001
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - all
+    readOnlyRootFilesystem: false
+    runAsNonRoot: true
+  ## @param backend.affinity Affinity for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+  ## @param backend.nodeSelector Node labels for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## @param backend.tolerations Tolerations for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+  ## Penpot backend resource requests and limits
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param backend.resources.limits The resources limits for the Penpot backend containers
+  ## @param backend.resources.requests The requested resources for the Penpot backend containers
+  ##
+  resources:
+    limits: {}
+    requests: {}
+
+## @section Frontend parameters
+
+## Penpot Frontend
+##
+frontend:
+  ## @param frontend.image.repository The Docker repository to pull the image from.
+  ## @param frontend.image.tag The image tag to use.
+  ## @param frontend.image.imagePullPolicy The image pull policy to use.
+  ##
+  image:
+    repository: penpotapp/frontend
+    tag: 2.0.1
+    imagePullPolicy: IfNotPresent
+  ## @param frontend.replicaCount The number of replicas to deploy.
+  ##
+  replicaCount: 1
+  ## @param frontend.service.type The service type to create.
+  ## @param frontend.service.port The service port to use.
+  ##
+  service:
+    type: ClusterIP
+    port: 80
+  ## @param frontend.affinity Affinity for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+  ## @param frontend.nodeSelector Node labels for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## @param frontend.tolerations Tolerations for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+  ## Penpot frontend resource requests and limits
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param frontend.resources.limits The resources limits for the Penpot frontend containers
+  ## @param frontend.resources.requests The requested resources for the Penpot frontend containers
+  ##
+  resources:
+    limits: {}
+    requests: {}
+
+## @section Exporter parameters
+
+## Penpot Exporter
+##
+exporter:
+  ## @param exporter.image.repository The Docker repository to pull the image from.
+  ## @param exporter.image.tag The image tag to use.
+  ## @param exporter.image.imagePullPolicy The image pull policy to use.
+  ##
+  image:
+    repository: penpotapp/exporter
+    tag: 2.0.1
+    imagePullPolicy: IfNotPresent
+  ## @param exporter.replicaCount The number of replicas to deploy.
+  ##
+  replicaCount: 1
+  ## @param exporter.service.type The service type to create.
+  ## @param exporter.service.port The service port to use.
+  ##
+  service:
+    type: ClusterIP
+    port: 6061
+  ## Configure Pods Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context
+  ## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroup: 1001
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context
+  ## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
+  ## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
+  ## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
+  ## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
+  ## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
+  ##
+  containerSecurityContext:
+    enabled: true
+    runAsUser: 1001
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - all
+    readOnlyRootFilesystem: false
+    runAsNonRoot: true
+  ## @param exporter.affinity Affinity for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ##
+  affinity: {}
+  ## @param exporter.nodeSelector Node labels for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## @param exporter.tolerations Tolerations for Penpot pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+  ## Penpot exporter resource requests and limits
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param exporter.resources.limits The resources limits for the Penpot exporter containers
+  ## @param exporter.resources.requests The requested resources for the Penpot exporter containers
+  ##
+  resources:
+    limits: {}
+    requests: {}
+
+## @section Ingress parameters
+
+## @param frontend.ingress.enabled Enable ingress record generation for Penpot frontend.
+## @param frontend.ingress.annotations Mapped annotations for the frontend ingress.
+## @param frontend.ingress.hosts Array style hosts for the frontend ingress.
+## @param frontend.ingress.tls Array style TLS secrets for the frontend ingress.
+##
+ingress:
+  enabled: false
+  ## E.g.
+  ## annotations:
+  ##   kubernetes.io/ingress.class: nginx
+  ##   kubernetes.io/tls-acme: "true"
+  ##
+  annotations:
+    {}
+  ## E.g.
+  ## hosts:
+  ##   - host: penpot-example.local
+  hosts: []
+  ## E.g.
+  ##  - secretName: chart-example-tls
+  ##    hosts:
+  ##      - chart-example.local
+  tls: []
+
+## @section Persistence parameters
+
+## Penpot persistence
+##
+persistence:
+  ## @param persistence.enabled Enable persistence using Persistent Volume Claims.
+  ##
+  enabled: false
+  ## @param persistence.storageClass Persistent Volume storage class.
+  ## If defined, storageClassName: <storageClass>.
+  ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
+  ##
+  storageClass: ""
+  ## @param persistence.size Persistent Volume size.
+  ##
+  size: 8Gi
+  ## @param persistence.existingClaim The name of an existing PVC to use for persistence.
+  ##
+  existingClaim: ""
+  ## @param persistence.accessModes Persistent Volume access modes.
+  ##
+  accessModes:
+    - ReadWriteOnce
+  ## @param persistence.annotations Persistent Volume Claim annotations.
+  ##
+  annotations: {}
+
+## @section Configuration parameters
+
+## Penpot configuration
+##
+config:
+  ## @param config.publicURI The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
+  ## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
+  ## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `openssl rand -hex 16` for example.
+  ##
+  publicURI: "http://localhost:8080"
+  flags: "enable-registration enable-login disable-demo-users disable-demo-warning"
+  apiSecretKey:
+    existingSecretName: ""
+    existingSecretKey: ""
+  ## @param config.postgresql.host The PostgreSQL host to connect to.
+  ## @param config.postgresql.port The PostgreSQL host port to use.
+  ## @param config.postgresql.database The PostgreSQL database to use.
+  ## @param config.postgresql.username The database username to use.
+  ## @param config.postgresql.password The database username to use.
+  ## @param config.postgresql.existingSecret The name of an existing secret.
+  ## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret.
+  ## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret.
+  ##
+  postgresql:
+    host: "postgresql.penpot.svc.cluster.local"
+    port: 5432
+    username: ""
+    password: ""
+    database: ""
+    existingSecret: ""
+    secretKeys:
+      usernameKey: ""
+      passwordKey: ""
+  ## @param config.redis.host The Redis host to connect to.
+  ## @param config.redis.port The Redis host port to use.
+  ## @param config.redis.database The Redis database to connect to.
+  ##
+  redis:
+    host: "redis-headless.penpot.svc.cluster.local"
+    port: 6379
+    database: "0"
+  ## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
+  ## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend.
+  ## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend.
+  ## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend.
+  ## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend.
+  ## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend.
+  ## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend.
+  ## @param config.assets.s3.existingSecret The name of an existing secret.
+  ## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret.
+  ## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret.
+  ## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret.
+  ##
+  assets:
+    storageBackend: "assets-fs"
+    filesystem:
+      directory: "/opt/data/assets"
+    s3:
+      accessKeyID: ""
+      secretAccessKey: ""
+      region: ""
+      bucket: ""
+      endpointURI: ""
+      existingSecret: ""
+      secretKeys:
+        accessKeyIDKey: ""
+        secretAccessKey: ""
+        endpointURIKey: ""
+  ## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data.
+  ##
+  telemetryEnabled: true
+  ## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
+  ## @param config.smtp.defaultFrom The SMTP default email to send from.
+  ## @param config.smtp.defaultReplyTo The SMTP default email to reply to.
+  ## @param config.smtp.host The SMTP host to use.
+  ## @param config.smtp.port The SMTP host port to use.
+  ## @param config.smtp.username The SMTP username to use.
+  ## @param config.smtp.password The SMTP password to use.
+  ## @param config.smtp.tls Whether to use TLS for the SMTP connection.
+  ## @param config.smtp.ssl Whether to use SSL for the SMTP connection.
+  ## @param config.smtp.existingSecret The name of an existing secret.
+  ## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret.
+  ## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret.
+  ##
+  smtp:
+    enabled: false
+    defaultFrom: ""
+    defaultReplyTo: ""
+    host: ""
+    port: ""
+    username: ""
+    password: ""
+    tls: true
+    ssl: false
+    existingSecret: ""
+    secretKeys:
+      usernameKey: ""
+      passwordKey: ""
+  ## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains.
+  ##
+  registrationDomainWhitelist: ""
+  ## Penpot Authentication providers parameters
+  ##
+  providers:
+    ## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
+    ## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
+    ## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
+    ##
+    google:
+      enabled: false
+      clientID: ""
+      clientSecret: ""
+    ## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
+    ## @param config.providers.github.clientID The GitHub client ID to use.
+    ## @param config.providers.github.clientSecret The GitHub client secret to use.
+    ##
+    github:
+      enabled: false
+      clientID: ""
+      clientSecret: ""
+    ## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
+    ## @param config.providers.gitlab.baseURI The GitLab base URI to use.
+    ## @param config.providers.gitlab.clientID The GitLab client ID to use.
+    ## @param config.providers.gitlab.clientSecret The GitLab client secret to use.
+    ##
+    gitlab:
+      enabled: false
+      baseURI: "https://gitlab.com"
+      clientID: ""
+      clientSecret: ""
+    ## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
+    ## @param config.providers.oidc.baseURI The OpenID Connect base URI to use.
+    ## @param config.providers.oidc.clientID The OpenID Connect client ID to use.
+    ## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use.
+    ## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided.
+    ## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided.
+    ## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided.
+    ## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking  disabled.
+    ## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
+    ## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
+    ## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
+    ## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
+    ##
+    oidc:
+      enabled: false
+      baseURI: ""
+      clientID: ""
+      clientSecret: ""
+      authURI: ""
+      tokenURI: ""
+      userURI: ""
+      roles: "role1 role2"
+      rolesAttribute: ""
+      scopes: "scope1 scope2"
+      nameAttribute: ""
+      emailAttribute: ""
+    ## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
+    ## @param config.providers.ldap.host The LDAP host to use.
+    ## @param config.providers.ldap.port The LDAP port to use.
+    ## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection.
+    ## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection.
+    ## @param config.providers.ldap.baseDN The LDAP base DN to use.
+    ## @param config.providers.ldap.bindDN The LDAP bind DN to use.
+    ## @param config.providers.ldap.bindPassword The LDAP bind password to use.
+    ## @param config.providers.ldap.attributesUsername The LDAP attributes username to use.
+    ## @param config.providers.ldap.attributesEmail The LDAP attributes email to use.
+    ## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use.
+    ## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use.
+    ##
+    ldap:
+      enabled: false
+      host: "ldap"
+      port: 10389
+      ssl: false
+      startTLS: false
+      baseDN: "ou=people,dc=planetexpress,dc=com"
+      bindDN: "cn=admin,dc=planetexpress,dc=com"
+      bindPassword: "GoodNewsEveryone"
+      attributesUsername: "uid"
+      attributesEmail: "mail"
+      attributesFullname: "cn"
+      attributesPhoto: "jpegPhoto"
+    ## @param config.providers.existingSecret The name of an existing secret to use.
+    ## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret.
+    ## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret.
+    ## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret.
+    ## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret.
+    ## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret.
+    ## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret.
+    ## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret.
+    ## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret.
+    ##
+    existingSecret: ""
+    secretKeys:
+      googleClientIDKey: ""
+      googleClientSecretKey: ""
+      githubClientIDKey: ""
+      githubClientSecretKey: ""
+      gitlabClientIDKey: ""
+      gitlabClientSecretKey: ""
+      oidcClientIDKey: ""
+      oidcClientSecretKey: ""

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 2.3.3
+version: 3.1.0
 description: Chart for cloudnative-pg cluster
 keywords:
   - database

charts/postgres-cluster/templates/_backup.tpl

@@ -3,7 +3,7 @@
 backup:
   retentionPolicy: {{ .Values.backup.retentionPolicy }}
   barmanObjectStore:
-    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.backupName" . }}"
+    destinationPath: {{ .Values.backup.destinationPath }}
     endpointURL: {{ .Values.backup.endpointURL }}
     {{- if .Values.backup.endpointCA }}
     endpointCA:

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -26,21 +26,20 @@ bootstrap:
     import:
       type: {{ .Values.replica.importType }}
       databases:
-        {{ $length := len .Values.replica.importDatabases | int }}
+        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
-        {{- if and ($length gt 1) (.Values.replica.importType eq "microservice") }}
           {{ fail "Too many databases in import type of microservice!" }}
         {{- else}}
         {{- with .Values.replica.importDatabases }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
         {{- end }}        
-      {{- if .Values.replica.importType eq "monolith" }}
+      {{- if eq .Values.replica.importType "monolith" }}
       roles:
         {{- with .Values.replica.importRoles }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
       {{- end }}
-      {{- if and (.Values.replica.postImportApplicationSQL) (.Values.replica.importType eq "microservice") }}
+      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
       postImportApplicationSQL:
         {{- with .Values.replica.postImportApplicationSQL }}
         {{- . | toYaml | nindent 8 }}
@@ -59,19 +58,18 @@ externalClusters:
     recoveryTarget:
       targetTime: {{ . }}
     {{- end }}
-    source: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+    source: {{ include "cluster.recoveryServerName" . }}
 externalClusters:
-  - name: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+  - name: {{ include "cluster.recoveryServerName" . }}
     barmanObjectStore:
-      serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+      serverName: {{ include "cluster.recoveryServerName" . }}
-      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.recoveryName" . }}"
+      destinationPath: {{ .Values.recovery.destinationPath }}
       endpointURL: {{ .Values.recovery.endpointURL }}
       {{- with .Values.recovery.endpointCA }}
       endpointCA:
         name: {{ . }}
         key: ca-bundle.crt
       {{- end }}
-      serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
       s3Credentials:
         accessKeyId:
           name: {{ include "cluster.recoveryCredentials" . }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -71,9 +71,20 @@ Generate backup server name
 {{/*
 Generate recovery server name
 */}}
-{{- define "cluster.recoveryName" -}}
+{{- define "cluster.recoveryServerName" -}}
-  {{- if .Values.recovery.recoveryName -}}
+  {{- if .Values.recovery.recoveryServerName -}}
-    {{- .Values.recovery.recoveryName -}}
+    {{- .Values.recovery.recoveryServerName -}}
+  {{- else -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate recovery instance name
+*/}}
+{{- define "cluster.recoveryInstanceName" -}}
+  {{- if .Values.recovery.recoveryInstanceName -}}
+    {{- .Values.recovery.recoveryInstanceName -}}
   {{- else -}}
     {{ include "cluster.name" . }}
   {{- end }}

charts/postgres-cluster/values.yaml

@@ -15,15 +15,12 @@ type: postgresql
 # * `replica` - Create database as a replica from another CNPG cluster
 mode: standalone
 
-# Generates bucket name and path for recovery and backup, creates: <endpointBucket>/<clusterName>/postgresql/{{ .Release.Name }}
-kubernetesClusterName: ""
-
 cluster:
   instances: 3
 
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "16.2"
+    tag: "16.3"
     pullPolicy: IfNotPresent
 
   # The UID and GID of the postgres user inside the image
@@ -43,7 +40,7 @@ cluster:
       cpu: 10m
     limits:
       memory: 1Gi
-      cpu: 100m
+      cpu: 800m
       hugepages-2Mi: 256Mi
 
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
@@ -84,7 +81,8 @@ cluster:
   # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
   # See: https://cloudnative-pg.io/documentation/current/bootstrap/
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
-  initdb: {}
+  initdb:
+    {}
     # database: app
     # owner: app
     # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
@@ -96,10 +94,9 @@ recovery:
   pitrTarget:
     time: ""
 
-  # Overrides the provider specific default endpoint. Defaults to:
+  # S3 https endpoint and the s3:// path
-  # S3: https://s3.<region>.amazonaws.com"
   endpointURL: ""
-  endpointBucket: ""
+  destinationPath: ""
 
   # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
   endpointCA: ""
@@ -107,11 +104,14 @@ recovery:
   # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
   endpointCredentials: ""
 
-  # Generate external cluster name, uses: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
   recoveryIndex: 1
 
   # Name of the recovery cluster in the object store, defaults to "cluster.name"
-  recoveryName: ""
+  recoveryServerName: ""
+
+  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
+  recoveryInstanceName: ""
 
   wal:
     # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
@@ -137,7 +137,7 @@ replica:
   # If type microservice only one database is allowed, default is app as standard in cnpg clusters
   importDatabases:
     - app
-  
+
   # If type microservice no roles are imported and ignored
   importRoles: []
 
@@ -157,9 +157,11 @@ replica:
 backup:
   enabled: false
 
-  # Overrides the provider specific default endpoint
+  # S3 endpoint starting with "https://"
   endpointURL: ""
-  endpointBucket: ""
+
+  # S3 path starting with "s3://"
+  destinationPath: ""
 
   # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
   endpointCA: ""

charts/taiga/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: taiga
-version: 0.2.0
+version: 0.2.3
 description: Chart for Taiga
 keywords:
   - kanban
@@ -14,11 +14,11 @@ maintainers:
 icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
 dependencies:
   - name: rabbitmq
-    version: 14.0.1
+    version: 14.1.5
     repository: https://charts.bitnami.com/bitnami
     alias: async-rabbitmq
   - name: rabbitmq
-    version: 14.0.1
+    version: 14.1.5
     repository: https://charts.bitnami.com/bitnami
     alias: events-rabbitmq
 appVersion: 6.7.7

charts/tdarr/Chart.yaml

@@ -1,18 +0,0 @@
-apiVersion: v2
-name: tdarr
-version: 0.0.5
-description: Chart for Tdarr V2
-keywords:
-  - video
-  - transcode
-sources:
-  - https://github.com/HaveAGitGat/Tdarr
-  - https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/43864057?s=48&v=4
-dependencies:
-  - name: tdarr-exporter
-    version: 1.1.1
-    repository: https://homeylab.github.io/helm-charts/
-appVersion: "2.17.01"