disable rules by default

* Update cloudflare/cloudflared Docker tag to v2024.6.0

* bump chart version

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: alexlebens <alexanderlebens@gmail.com>

.github/renovate.json

@@ -5,7 +5,7 @@
         "mergeConfidence:all-badges",
         ":rebaseStalePrs"
     ],
-    "timezone": "US/Mountain",
+    "timezone": "US/Central",
     "schedule": [
         "every weekday"
     ],
@@ -39,74 +39,26 @@
             "automerge": false
         },
         {
-            "description": "Label service images",
+            "description": "Label images",
-            "matchPackageNames": [
-                "ghcr.io/alex1989hu/kubelet-serving-cert-approver",
-                "ghcr.io/cloudnative-pg/postgresql",
-                "redis/redis-stack-server"
-            ],
             "matchDatasources": [
                 "docker"
             ],
             "addLabels": [
-                "service",
                 "image"
             ],
             "automerge": false,
             "minimumReleaseAge": "3 days"
         },
         {
-            "description": "Label service charts",
+            "description": "Label charts",
-            "matchPackageNames": [
-                "elasticsearch",
-                "redis"
-            ],
             "matchDatasources": [
                 "helm"
             ],
             "addLabels": [
-                "serivce",
-                "chart"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        },
-        {
-            "description": "Label application images",
-            "matchPackageNames": [
-                "bbilly1/tubearchivist-jf",
-                "bbilly1/tubearchivist",
-                "freshrss/freshrss",
-                "ghcr.io/gethomepage/homepage",
-                "homeassistant/home-assistant",
-                "linuxserver/calibre",
-                "linuxserver/code-server",
-                "linuxserver/cops",
-                "outlinewiki/outline",
-                "rmcrackan/libation"
-            ],
-            "matchDatasources": [
-                "docker"
-            ],
-            "addLabels": [
-                "application",
-                "image"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        },
-        {
-            "description": "Label application charts",
-            "matchPackageNames": [],
-            "matchDatasources": [
-                "helm"
-            ],
-            "addLabels": [
-                "application",
                 "chart"
             ],
             "automerge": false,
             "minimumReleaseAge": "3 days"
         }
     ]
-}
+}

.gitignore

@@ -1,3 +1,6 @@
+# Archived
+charts/**/archive
+
 # Compiled Helm chart dependencies
 charts/**/Chart.lock
 charts/**/charts/

charts/calibre-server/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: calibre-server
-version: 0.0.6
-description: Chart for Calibre content database
-keywords:
-  - media
-  - books
-sources:
-  - https://github.com/kovidgoyal/calibre
-maintainers:
-  - name: alexlebens
-icon: https://raw.githubusercontent.com/kovidgoyal/calibre/master/resources/images/lt.png
-appVersion: 7.5.1

charts/calibre-server/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Calibre](https://calibre-ebook.com/)
-
-calibre is an e-book manager. It can view, convert, edit and catalog e-books in all of the major e-book formats. It can also talk to e-book reader devices. It can go out to the internet and fetch metadata for your books. It can download newspapers and convert them into e-books for convenient reading.
-
-This chart bootstraps a [Calibre](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/calibre-server/templates/deployment.yaml

@@ -1,83 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: calibre-server
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: calibre-server
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: calibre-server
-      automountServiceAccountToken: true
-      containers:
-        - name: calibre-server
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-            - name: content
-              containerPort: {{ .Values.service.content.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - mountPath: /config
-              name: calibre-server-config
-            - mountPath: /books
-              name: calibre-server-books
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-      volumes:
-        - name: calibre-server-config
-          persistentVolumeClaim:
-            claimName: calibre-server-config
-        - name: calibre-server-books
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.books.claimName }}

charts/calibre-server/templates/ingress-route.yaml

@@ -1,34 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: calibre-server
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.http.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: calibre-server
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.http.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}
-{{- end }}

charts/calibre-server/templates/middleware.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-{{- end }}

charts/calibre-server/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: calibre-server-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/calibre-server/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: calibre-server

charts/calibre-server/templates/service.yaml

@@ -1,44 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: calibre-server-content
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.content.port }}
-      targetPort: content
-      protocol: TCP
-      name: content
-  selector:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/calibre-server/values.yaml

@@ -1,42 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: linuxserver/calibre
-    tag: v7.5.1-ls269
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "1001"
-    PUID: "1001"
-    TZ: UTC
-    UMASK_SET: "022"
-    CUSTOM_USER: calibre
-    TITLE: Calibre Server
-    NO_DECOR: true
-  envFrom:
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  http:
-    port: 8080
-  content:
-    port: 8081
-ingressRoute:
-  enabled: true
-  http:
-    host:
-  authentik:
-    outpost:
-    port: 9000
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/cloudflared/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: cloudflared
+version: 1.4.0
+description: Cloudflared Tunnel
+keywords:
+  - cloudflare
+  - tunnel
+sources:
+  - https://github.com/cloudflare/cloudflared
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.2.1
+icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
+appVersion: "2024.6.0"

charts/cloudflared/README.md

@@ -0,0 +1,16 @@
+## Introduction
+
+[Cloudflared](https://github.com/cloudflare/cloudflared)
+
+Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins.
+
+This chart bootstraps a [Cloudflared](https://github.com/cloudflare/cloudflared) tunnel on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+
+## Parameters
+
+See the [values files](values.yaml).

charts/cloudflared/templates/common.yaml

@@ -0,0 +1,41 @@
+{{- include "bjw-s.common.loader.init" . }}
+
+{{- define "cloudflared.hardcodedValues" -}}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}  
+controllers:
+  main:
+    type: deployment
+    strategy: Recreate
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - tunnel
+          - --protocol
+          - http2
+          - --no-autoupdate
+          - run
+          - --token
+          - $(CF_MANAGED_TUNNEL_TOKEN)
+        env:
+          - name: CF_MANAGED_TUNNEL_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.existingSecretName }}
+                key: {{ .Values.existingSecretKey }}
+        resources:
+        {{- with .Values.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{ end }}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/cloudflared/values.yaml

@@ -0,0 +1,11 @@
+name: cloudflared
+existingSecretName: cloudflared-secret
+existingSecretKey: cf-tunnel-token
+image:
+  repository: cloudflare/cloudflared
+  tag: "2024.6.0"
+  pullPolicy: IfNotPresent
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi

charts/cops/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: cops
-version: 0.0.3
-description: Chart for Calibre OPDS (and HTML) PHP Server
-keywords:
-  - calibre
-  - OPDS
-sources:
-  - https://github.com/seblucas/cops
-maintainers:
-  - name: alexlebens
-appVersion: 1.1.3

charts/cops/README.md

@@ -1,22 +0,0 @@
-## Introduction
-
-[Calibre OPDS (and HTML) PHP Server](https://github.com/seblucas/cops)
-
-COPS's main advantages are :
-
- - No need for many dependencies.
- - No need for a lot of CPU or RAM.
- - Not much code.
- - Search is available.
- - It was fun to code.
-
-This chart bootstraps a [COPS](https://github.com/seblucas/cops) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/cops/templates/deployment.yaml

@@ -1,82 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          volumeMounts:
-            - mountPath: /config
-              name: cops-config
-            - mountPath: /books
-              name: cops-books
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}            
-          livenessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 5
-            failureThreshold: 30
-            periodSeconds: 10
-            timeoutSeconds: 1
-      volumes:
-        - name: cops-config
-          persistentVolumeClaim:
-            claimName: cops-config
-        - name: cops-books
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.books.claimName }}

charts/cops/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Release.Name }}-secret-tls
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: http
-{{- end }}

charts/cops/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: cops-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/cops/templates/pod.yaml

@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ .Release.Name }}-test-connection"
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  restartPolicy: Never
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ .Release.Name }}:{{ .Values.service.http.port }}']
-      resources:
-        limits:
-          cpu: 500m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 256Mi

charts/cops/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/cops/templates/service.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  externalTrafficPolicy:
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/cops/values.yaml

@@ -1,36 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: linuxserver/cops
-    tag: 2.3.1-ls185
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "1000"
-    PUID: "1000"
-    TZ: UTC
-  envFrom:        
-  resources:    
-    limits:
-      cpu: 500m
-      memory: 1Gi
-    requests:
-      cpu: 50m
-      memory: 256Mi
-serviceAccount:
-  create: true
-service:
-  http:
-    port: 80
-ingress:
-  enabled: false
-  annotations:
-  className:
-  host:
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/freshrss/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: freshrss
-version: 0.0.3
-description: Chart for Freshrss
-keywords:
-  - rss
-sources:
-  - https://github.com/FreshRSS/FreshRSS
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/9414285?s=48&v=4
-appVersion: "1.23.1"

charts/freshrss/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[FreshRSS](https://github.com/FreshRSS/FreshRSS)
-
-FreshRSS is a self-hosted RSS feed aggregator.
-
-It is lightweight, easy to work with, powerful, and customizable.
-
-This chart bootstraps a [FreshRSS](https://github.com/FreshRSS/FreshRSS) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/freshrss/templates/deployment.yaml

@@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          volumeMounts:
-            - name: {{ .Release.Name }}-config
-              mountPath: /config
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          env:
-            - name: LISTEN
-              value: "0.0.0.0:{{ .Values.service.http.port }}"
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-      volumes:
-        - name: {{ .Release.Name }}-config
-          persistentVolumeClaim:
-            claimName: {{ .Release.Name }}-config

charts/freshrss/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Release.Name }}-secret-tls
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: http
-{{- end }}

charts/freshrss/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Release.Name }}-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/freshrss/templates/pod.yaml

@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ .Release.Name }}-test-connection"
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  restartPolicy: Never
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ .Release.Name }}:{{ .Values.service.http.port }}']
-      resources:
-        limits:
-          cpu: 500m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 256Mi

charts/freshrss/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/freshrss/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/freshrss/values.yaml

@@ -1,33 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: freshrss/freshrss
-    tag: 1.23.1
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "568"
-    PUID: "568"
-    TZ: UTC
-    FRESHRSS_ENV: production
-  envFrom:
-  resources:
-    limits:
-      cpu: 500m
-      memory: 1Gi
-    requests:
-      cpu: 50m
-      memory: 256Mi
-service:
-  http:
-    port: 80
-ingress:
-  enabled: true
-  className:
-  annotations:
-  host:
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem

charts/home-assistant/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: home-assistant
-version: 0.1.1
-description: Chart for Home Assistant
-keywords:
-  - home-automation
-sources:
-  - https://github.com/home-assistant
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
-appVersion: v2024.3.0

charts/home-assistant/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Home Assistant](https://www.home-assistant.io/)
-
-Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. 
-
-This chart bootstraps a [Home-Assistant](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/home-assistant/templates/deployment.yaml

@@ -1,98 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - mountPath: /config
-              name: home-assistant-config
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-        {{- if .Values.codeserver.enabled }}
-        - name: codeserver
-          image: "{{ .Values.codeserver.image.repository }}:{{ .Values.codeserver.image.tag }}"
-          imagePullPolicy: {{ .Values.codeserver.image.imagePullPolicy }}
-          ports:
-            - containerPort: {{ .Values.codeserver.service.http.port }}
-              name: codeserver-http
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.codeserver.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.codeserver.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          securityContext:
-            {{- toYaml .Values.codeserver.securityContext | nindent 12 }}
-          volumeMounts:
-            - mountPath: /config/home-assistant
-              name: home-assistant-config
-        {{- end }}
-      volumes:
-        - name: home-assistant-config
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-config"

charts/home-assistant/templates/ingress-route.yaml

@@ -1,70 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}           
-      priority: 10
-      services:
-        - kind: Service
-          name: {{ .Release.Name }}
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}    
-{{- end }}
-
----
-{{- if and .Values.codeserver.ingressRoute.enabled .Values.codeserver.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: "{{ .Release.Name }}-codeserver"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.codeserver.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}      
-      priority: 10
-      services:
-        - kind: Service
-          name: "{{ .Release.Name }}-codeserver"
-          port: {{ .Values.codeserver.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}          
-{{- end }}

charts/home-assistant/templates/middleware.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-{{- end }}

charts/home-assistant/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: "{{ .Release.Name }}-config"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/home-assistant/templates/prometheus-rule.yaml

@@ -1,18 +0,0 @@
-{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  groups:
-    - name: {{ .Release.Name }}
-      rules:
-        {{- toYaml .Values.metrics.prometheusRule.rules | nindent 8 }}
-{{- end }}

charts/home-assistant/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/home-assistant/templates/service-monitor.yaml

@@ -1,26 +0,0 @@
-{{- if .Values.metrics.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: http
-      interval: {{ .Values.metrics.serviceMonitor.interval }}
-      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
-      path: /api/prometheus
-      bearerTokenSecret:
-        name: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.name }}
-        key: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.key }}
-{{- end }}

charts/home-assistant/templates/service.yaml

@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-
----
-{{- if .Values.codeserver.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}-codeserver"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.codeserver.service.http.port }}
-      targetPort: codeserver-http
-      protocol: TCP
-      name: codeserver-http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}

charts/home-assistant/values.yaml

@@ -1,74 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: homeassistant/home-assistant
-    tag: 2024.3.0
-    imagePullPolicy: IfNotPresent
-  env:
-    TZ: UTC
-  envFrom:
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  http:
-    port: 8123
-ingressRoute:
-  enabled: true
-  host:
-  authentik:
-    outpost:
-    port: 9000
-metrics:
-  enabled: false
-  serviceMonitor:
-    interval: 1m
-    scrapeTimeout: 30s
-    ## See https://www.home-assistant.io/docs/authentication/ for where to find
-    ## long lived access token creation under your account profile, which is
-    ## needed to monitor Home Assistant
-    bearerTokenSecret:
-      name: ""
-      key: ""
-  prometheusRule:
-    enabled: false
-    rules:
-      - alert: HomeAssistantAbsent
-        annotations:
-          description: Home Assistant has disappeared from Prometheus service discovery.
-          summary: Home Assistant is down.
-        expr: |
-          absent(up{job=~".*home-assistant.*"} == 1)
-        for: 5m
-        labels:
-          severity: critical
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 1Gi
-    volumeMode: Filesystem
-codeserver:
-  enabled: false
-  image:
-    repository: linuxserver/code-server
-    tag: 4.22.0
-    imagePullPolicy: IfNotPresent
-  env:
-    TZ: UTC
-    PUID: 1000
-    PGID: 1000
-    DEFAULT_WORKSPACE: /config
-  envFrom:
-  securityContext:
-    runAsUser: 0
-  service:
-    http:
-      port: 8443
-  ingressRoute:
-    enabled: false
-    host:

charts/homepage/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: homepage
-version: 0.0.8
-description: Chart for benphelps homepage
-keywords:
-  - dashboard
-sources:
-  - https://github.com/gethomepage/homepage
-maintainers:
-  - name: alexlebens
-icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.9

charts/homepage/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Homepage](https://github.com/benphelps/homepage)
-
-A modern (fully static, fast), secure (fully proxied), highly customizable application dashboard with integrations for more than 25 services and translations for over 15 languages. Easily configured via YAML files (or discovery via docker labels).
-
-This chart bootstraps a [Homepage](https://github.com/benphelps/homepage) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/homepage/templates/cluster-role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Release.Name }}
-subjects:
-  - kind: ServiceAccount
-    name: homepage
-    namespace: {{ .Release.Namespace }}

charts/homepage/templates/cluster-role.yaml

@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - pods
-      - nodes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - traefik.containo.us
-      - traefik.io
-    resources:
-      - ingressroutes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - metrics.k8s.io
-    resources:
-      - nodes
-      - pods
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - apiextensions.k8s.io
-    resources:
-      - customresourcedefinitions/status
-    verbs:
-      - get

charts/homepage/templates/config-map.yaml

@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: homepage-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-data:
-  bookmarks.yaml: {{- if .Values.config.bookmarks }} |
-{{- .Values.config.bookmarks | toYaml | nindent 4}}
-{{- else }} ""
-{{- end }}
-  docker.yaml: {{- if .Values.config.docker }} |
-{{- .Values.config.docker | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  kubernetes.yaml: {{- if .Values.config.kubernetes }} |
-{{- .Values.config.kubernetes | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  services.yaml: {{- if .Values.config.services }} |
-{{- .Values.config.services | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  settings.yaml: {{- if .Values.config.settings }} |
-{{- .Values.config.settings | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  widgets.yaml: {{- if .Values.config.widgets }} |
-{{- .Values.config.widgets | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}

charts/homepage/templates/deployment.yaml

@@ -1,95 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: homepage
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: homepage
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: homepage
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - name: homepage-config
-              subPath: bookmarks.yaml
-              mountPath: /app/config/bookmarks.yaml
-            - name: homepage-config
-              subPath: docker.yaml
-              mountPath: /app/config/docker.yaml
-            - name: homepage-config
-              subPath: kubernetes.yaml
-              mountPath: /app/config/kubernetes.yaml
-            - name: homepage-config
-              subPath: services.yaml
-              mountPath: /app/config/services.yaml
-            - name: homepage-config
-              subPath: settings.yaml
-              mountPath: /app/config/settings.yaml
-            - name: homepage-config
-              subPath: widgets.yaml
-              mountPath: /app/config/widgets.yaml
-            - name: logs
-              mountPath: /app/config/logs
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-          readinessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-          startupProbe:
-            failureThreshold: 30
-            initialDelaySeconds: 0
-            periodSeconds: 5
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-      volumes:
-        - name: homepage-config
-          configMap:
-            name: homepage-config
-        - name: logs
-          emptyDir: {}

charts/homepage/templates/ingress-route.yaml

@@ -1,32 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: homepage
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}

charts/homepage/templates/middleware.yaml

@@ -1,27 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version

charts/homepage/templates/secret.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: "{{ .Release.Name }}-sa-token"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-  annotations:
-    kubernetes.io/service-account.name: homepage

charts/homepage/templates/service-account.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-secrets:
-  - name: "{{ .Release.Name }}-sa-token"

charts/homepage/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/homepage/values.yaml

@@ -1,32 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.9
-    imagePullPolicy: IfNotPresent
-  env:
-  envFrom:
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 512Mi
-      cpu: 500m 
-service:
-  http:
-    port: 3000
-ingressRoute:
-  host:
-  authentik:
-    outpost:
-    port: 9000
-config:
-  bookmarks:
-  services:
-  widgets:
-  kubernetes:
-    mode: cluster
-  docker:
-  settings:

charts/kubelet-serving-cert-approver/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: kubelet-serving-cert-approver
-version: 0.0.4
-description: Kubelet Serving TLS Certificate Signing Request Approver
-keywords:
-  - kubernetes
-  - certificate
-sources:
-  - https://github.com/alex1989hu/kubelet-serving-cert-approver
-  - https://github.com/alexlebens/helm-charts/charts/homepage
-maintainers:
-  - name: alexlebens
-appVersion: 0.8.1

charts/kubelet-serving-cert-approver/README.md

@@ -1,16 +0,0 @@
-## Introduction
-
-[Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver)
-
-Kubelet Serving Certificate Approver is a custom approving controller which approves kubernetes.io/kubelet-serving Certificate Signing Request that kubelet use to serve TLS endpoints.
-
-This chart bootstraps a [Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: "certificates:{{ .Release.Name }}"
-subjects:
-  - kind: ServiceAccount
-    name: {{ .Release.Name }}
-    namespace: {{ .Release.Namespace }}

charts/kubelet-serving-cert-approver/templates/cluster-role.yaml

@@ -1,61 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: "certificates:{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-rules:
-  - apiGroups:
-      - certificates.k8s.io
-    resources:
-      - certificatesigningrequests
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - certificates.k8s.io
-    resources:
-      - certificatesigningrequests/approval
-    verbs:
-      - update
-  - apiGroups:
-      - authorization.k8s.io
-    resources:
-      - subjectaccessreviews
-    verbs:
-      - create
-  - apiGroups:
-      - certificates.k8s.io
-    resourceNames:
-      - kubernetes.io/kubelet-serving
-    resources:
-      - signers
-    verbs:
-      - approve
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: "events:{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approverv
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch

charts/kubelet-serving-cert-approver/templates/deployment.yaml

@@ -1,88 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: kubelet-serving-cert-approver
-      app.kubernetes.io/instance: {{ .Release.Name }}
-
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: kubelet-serving-cert-approver
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - preference:
-                matchExpressions:
-                  - key: node-role.kubernetes.io/master
-                    operator: DoesNotExist
-                  - key: node-role.kubernetes.io/control-plane
-                    operator: DoesNotExist
-              weight: 100
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - containerPort: 8080
-              name: health
-            - containerPort: 9090
-              name: metrics
-          args:
-            - serve
-          env:
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: health
-            initialDelaySeconds: 6
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: health
-            initialDelaySeconds: 3
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            privileged: false
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-      priorityClassName: {{ .Values.deployment.priorityClassName }}
-      securityContext:
-        fsGroup: 65534
-        runAsGroup: 65534
-        runAsUser: 65534
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: kubelet-serving-cert-approver
-      tolerations:
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/master
-          operator: Exists
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/control-plane
-          operator: Exists

charts/kubelet-serving-cert-approver/templates/namespace.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kubelet-serving-cert-approver
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/warn: restricted

charts/kubelet-serving-cert-approver/templates/role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: "events:{{ .Release.Name }}"
-  namespace: default
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: "events:{{ .Release.Name }}"
-subjects:
-  - kind: ServiceAccount
-    name: kubelet-serving-cert-approver
-    namespace: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver

charts/kubelet-serving-cert-approver/templates/service.yaml

@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-spec:
-  ports:
-    - name: metrics
-      port: 9090
-      protocol: TCP
-      targetPort: metrics
-  selector:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/values.yaml

@@ -1,15 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  priorityClassName: system-cluster-critical
-  image:
-    repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
-    tag: main
-    imagePullPolicy: Always
-  resources:
-    limits:
-      cpu: 250m
-      memory: 32Mi
-    requests:
-      cpu: 10m
-      memory: 16Mi

charts/libation/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: libation
-version: 0.0.6
-description: Import library from audible
-keywords:
-  - audiobooks
-  - job
-sources:
-  - https://github.com/rmcrackan/Libation
-maintainers:
-  - name: alexlebens
-icon: https://getlibation.com/images/libation-logo.png
-appVersion: "11.1.0"

charts/libation/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Libation](https://github.com/rmcrackan/Libation)
-
-Libation: Liberate your Library. Import library from audible, including cover art
-
-
-This chart bootstraps a [Libation](https://github.com/benphelps/homepage) CronJob on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- CronJob
-
-## Parameters
-
-See the [values files](values.yaml).

charts/libation/templates/job.yaml

@@ -1,39 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: libation
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: job
-    app.kubernetes.io/part-of: libation
-spec:
-  schedule: {{ .Values.job.schedule }}
-  successfulJobsHistoryLimit: 3
-  failedJobsHistoryLimit: 3
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          restartPolicy: Never
-          containers:
-            - name: libation
-              image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-              imagePullPolicy: {{ .Values.image.pullPolicy }}
-              env:
-                - name: SLEEP_TIME
-                  value: "-1"
-              volumeMounts:
-                - name: libation-config
-                  mountPath: /config
-                - name: libation-books
-                  mountPath: /data
-          volumes:
-            - name: libation-config
-              persistentVolumeClaim:
-                claimName: libation-config
-            - name: libation-books
-              persistentVolumeClaim:
-                claimName: {{ .Values.persistence.books.claimName }}

charts/libation/templates/persistent-volume-claim.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: libation-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: libation
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/libation/values.yaml

@@ -1,13 +0,0 @@
-job:
-  schedule: "0 * * * *"
-image:
-  repository: rmcrackan/libation
-  tag: "11.1.0"
-  pullPolicy: IfNotPresent
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 1Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/mysql-cluster/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: mysql-cluster
+version: 0.2.1
+description: Chart for a mysql cluster
+keywords:
+  - database
+  - mysql
+sources:
+  - https://dev.mysql.com/
+  - https://github.com/mysql/mysql-operator
+  - https://github.com/mysql/mysql-operator/tree/trunk/helm/mysql-innodbcluster
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/2452804?s=48&v=4
+appVersion: 8.4.0

charts/mysql-cluster/README.md

@@ -0,0 +1,17 @@
+## Introduction
+
+[MySQL Operator](https://dev.mysql.com/doc/mysql-operator/en/)
+
+MySQL Operator for Kubernetes manages MySQL InnoDB Cluster setups inside a Kubernetes Cluster. MySQL Operator for Kubernetes manages the full lifecycle with setup and maintenance including automating upgrades and backups.
+
+This chart bootstraps a [MySQL InnoDB](https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-innodbcluster.html) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+- MySQL Operator
+
+## Parameters
+
+See the [values files](values.yaml).

charts/mysql-cluster/templates/_backup.tpl

@@ -0,0 +1,72 @@
+{{- define "cluster.backup" -}}
+
+{{- if and .Values.backup.enabled .Values.backup.profiles }}
+backupProfiles:
+{{- $isDumpInstance := false }}
+{{- $isSnapshot := false }}
+{{- range $_, $profile := .Values.backup.profiles }}
+  - name: {{ $profile.name | quote }}
+      {{- if hasKey $profile "podAnnotations" }}
+    podAnnotations:
+      {{ toYaml $profile.podAnnotations | nindent 6 }}
+      {{- end }}
+      {{- if hasKey $profile "podLabels" }}
+    podLabels:
+      {{ toYaml $profile.podLabels | nindent 6 }}
+      {{- end }}
+
+    {{- $isDumpInstance = hasKey $profile "dumpInstance" }}
+    {{- $isSnapshot = hasKey $profile "snapshot" }}
+    {{- if or $isDumpInstance $isSnapshot }}
+
+      {{- $backupProfile := ternary $profile.dumpInstance $profile.snapshot $isDumpInstance }}
+      {{- if $isDumpInstance }}
+    dumpInstance:
+      {{- else if $isSnapshot }}
+    snapshot:
+      {{- else }}
+      {{- fail "Unsupported or unspecified backup type, must be either snapshot or dumpInstance" }}
+      {{ end }}
+
+      {{- if not (hasKey $backupProfile "storage") }}
+      {{- fail "backup profile $profile.name has no storage section" }}
+      {{- else if hasKey $backupProfile.storage "s3" }}
+      storage:
+        s3:
+            {{- if $backupProfile.storage.s3.prefix }}
+          prefix: {{ $backupProfile.storage.s3.prefix }}
+            {{- end }}
+          bucketName: {{ required "bucketName is required" $backupProfile.storage.s3.bucketName }}
+          config: {{ required "config is required" $backupProfile.storage.s3.config }}
+            {{- if $backupProfile.storage.s3.profile }}
+          profile: {{ $backupProfile.storage.s3.profile }}
+            {{- end }}
+            {{- if $backupProfile.storage.s3.endpoint }}
+          endpoint: {{ $backupProfile.storage.s3.endpoint }}
+            {{- end }}
+      {{- else if hasKey $backupProfile.storage "persistentVolumeClaim" }}
+      storage:
+        persistentVolumeClaim: {{ toYaml $backupProfile.storage.persistentVolumeClaim | nindent 12}}
+      {{- else -}}
+      {{- fail "Backup profile $profile.name has empty storage section - neither s3 nor persistentVolumeClaim defined" }}
+      {{- end -}}
+
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.backup.schedules }}
+backupSchedules:
+{{- range $_, $schedule := .Values.backup.schedules }}
+  - name: {{ $schedule.name | quote }}
+    enabled: {{ $schedule.enabled }}
+    schedule: {{ quote $schedule.schedule }}
+      {{- if ($schedule).timeZone }}
+    timeZone: {{ quote $schedule.timeZone }}
+      {{- end }}
+    deleteBackupData: {{ $schedule.deleteBackupData }}
+    backupProfileName: {{ $schedule.backupProfileName }}
+{{- end }}
+{{- end }}
+
+{{- end }}

charts/mysql-cluster/templates/_helpers.tpl

@@ -0,0 +1,64 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster.name" -}}
+  {{- if .Values.global.nameOverride }}
+    {{- .Values.global.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-mysql-%s" .Release.Name ((semver .Values.cluster.image.version).Major | toString) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Check for invalid versions
+*/}}
+{{- $minimalVersion := "8.0.27" }}
+{{- $forbiddenVersions := list "8.0.29" }}
+{{- $serverVersion := .Values.serverVersion | default .Chart.AppVersion }}
+{{- if lt $serverVersion $minimalVersion }}
+  {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above" $serverVersion $minimalVersion }}
+  {{- fail $err }}
+{{- end }}
+{{- if has $serverVersion $forbiddenVersions }}
+  {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above except %v" $serverVersion $minimalVersion $forbiddenVersions }}
+  {{- fail $err }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster.labels" -}}
+helm.sh/chart: {{ include "cluster.chart" . }}
+{{ include "cluster.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: cloudnative-pg
+{{- end }}
+
+{{/*
+Create the name of the service account to use.
+*/}}
+{{- define "mysql.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+    {{ default (include "cluster.name" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/mysql-cluster/templates/_init.tpl

@@ -0,0 +1,47 @@
+{{- define "cluster.init" -}}
+
+{{- if eq .Values.mode "clone" }}
+{{- with .Values.clone }}
+initDB:
+  clone:
+    donorUrl: {{ required "clone donorUrl is required" .donorUrl }}
+    rootUser: {{ .rootUser | default "root" }}
+    secretKeyRef:
+      name: {{ required "clone credentials is required" .exisitingCredentialsSecret }}
+{{- end }}
+{{- end }}
+
+{{- if eq .Values.mode "recovery" }}
+{{- with .Values.recovery }}
+initDB:
+  dump:
+      {{- if .name }}
+    name: {{ .name | quote }}
+      {{- end }}
+      {{- if .path }}
+    path: {{ .path | quote }}
+      {{- end }}
+      {{- if .options }}
+    options: {{ toYaml .options | nindent 8 }}
+      {{- end }}
+    storage:
+      {{- if eq .type "s3" }}
+      s3:
+        prefix: {{ required "s3 prefix is required" .s3.prefix }}
+        bucketName: {{ required "s3 bucketName is required" .s3.bucketName }}
+        config: {{ required "s3 config is required" .s3.config }}
+          {{- if .s3.profile }}
+        profile: {{ .s3.profile }}
+          {{- end }}
+          {{- if .s3.endpoint }}
+        endpoint: {{ .s3.endpoint }}
+          {{- end }}
+      {{- end }}
+      {{- if eq .type "pvc" }}
+      persistentVolumeClaim:
+        {{ toYaml .persistentVolumeClaim | nindent 10}}
+      {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}

charts/mysql-cluster/templates/deployment.yaml

@@ -0,0 +1,75 @@
+apiVersion: mysql.oracle.com/v2
+kind: InnoDBCluster
+metadata:
+  name: {{ include "cluster.name" . }}-cluster
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.selectorLabels" . | nindent 4 }}
+    {{- with .Values.global.labels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  instances: {{ required "serverInstances is required" .Values.cluster.serverInstances }}
+  baseServerId: {{ required "baseServerId is required" .Values.cluster.baseServerId }}  
+  serviceAccountName: {{ include "mysql.serviceAccountName" . }}  
+  imagePullPolicy : {{ .Values.cluster.image.pullPolicy }}
+  version: {{ .Values.cluster.image.version }}
+  tlsUseSelfSigned: true
+  secretName: {{ .Values.cluster.exisitingCredentialsSecret }}
+  podSpec:
+    {{- with .Values.cluster.podSpec }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  podAnnotations:
+    {{- with .Values.cluster.podAnnotations }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  podLabels:
+    {{- with .Values.cluster.podLabels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  router:
+    instances: {{ required "router.instances is required" .Values.cluster.router.instances }}
+    podSpec:
+      {{- with .Values.cluster.router.podSpec }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    podAnnotations:
+      {{- with .Values.cluster.router.podAnnotations }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    podLabels:
+      {{- with .Values.cluster.router.podLabels }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    tlsSecretName: {{ include "cluster.name" . }}-router-tls
+  logs:
+    {{- with .Values.cluster.logs }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}      
+  mycnf: |
+{{ .Values.cluster.serverConfig.mycnf | indent 4 }}
+  {{- if .Values.cluster.datadirVolumeClaimTemplate }}
+  {{- with .Values.cluster.datadirVolumeClaimTemplate }}
+  datadirVolumeClaimTemplate:
+    {{- if .storageClassName }}
+    storageClassName: {{ .storageClassName | quote }}
+    {{- end}}
+    {{- if .accessModes }}
+    accessModes: [ "{{ .accessModes }}" ]
+    {{- end }}
+    {{- if .size }}
+    resources:
+      requests:
+        storage: "{{ .size }}"
+    {{- end }}
+  {{- end }}
+  {{- end }}
+
+  {{ include "cluster.init" . | nindent 2 }}
+  {{ include "cluster.backup" . | nindent 2 }}

charts/mysql-cluster/templates/service-account.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "mysql.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.selectorLabels" . | nindent 4 }}    
+    {{- with .Values.global.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccount.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}    
+  annotations:
+    {{- with .Values.global.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.serviceAccount.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}

charts/mysql-cluster/values.yaml

@@ -0,0 +1,148 @@
+global:
+  nameOverride:
+  labels: {}
+  annotations: {}
+
+serviceAccount:
+  enabled: true
+  labels: {}
+  annotations: {}
+  name: ""
+
+###
+# Cluster mode of operation. Available modes:
+# * `standalone` - Default mode. Creates new or updates an existing cluster.
+# * `recovery` - Same as standalone but creates a cluster from a backup
+# * `clone` - Create database as a replica from another cluster
+mode: standalone
+
+##
+# Cluster spec
+#
+# Reference: https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-properties.html#mysql-operator-spec-innodbclusterspecinitdbdumpstorages3
+#
+cluster:
+  serverInstances: 1
+  baseServerId: 1000
+
+  # Existing secret that contains the keys "rootUser", "rootHost", and "rootPassword"
+  exisitingCredentialsSecret: ""
+
+  image:
+    version: 8.4.0
+    pullPolicy: IfNotPresent
+
+  router:
+    instances: 1
+    podSpec: {}
+    podAnnotations: {}
+    podLabels: {}
+
+  logs:
+    error:
+      enabled: true
+      collect: false
+    general:
+      enabled: false
+      collect: false
+    slowQuery:
+      enabled: false
+      longQueryTime: 2.5
+
+  serverConfig:
+    mycnf: |
+      [mysqld]
+      core_file
+      local_infile=off
+      mysql_native_password=ON
+
+  datadirVolumeClaimTemplate:
+    storageClassName: ""
+    accessModes: ""
+    size: ""
+
+  podSpec:
+    containers:
+      - name: mysql
+        resources:
+          limits:
+            memory: 1024Mi
+            cpu: 1000m
+          requests:
+            memory: 512Mi
+            cpu: 100m
+  podAnnotations: {}
+  podLabels: {}
+
+##
+# Recovery database from storage
+#
+recovery:
+
+  # * `s3` - Restores from s3 object store
+  # * `pvc` - Restores from persistent volume claim
+  type:
+
+  # -- Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator
+  name: ""
+  # -- Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage, S3, or azure.
+  path: ""
+  # -- A dictionary of key-value pairs passed directly to MySQL Shell's loadDump()
+  options: {}
+
+  s3:
+    # -- Path in the bucket where the dump files are stored
+    prefix: ""
+    # -- Name of a Secret with S3 configuration and credentials as contained in ~/.aws/config
+    config: ""
+    # -- Name of the S3 bucket where the dump is stored
+    bucketName: ""
+    # -- Override endpoint URL
+    endpoint: ""
+
+  persistentVolumeClaim: {}
+
+##
+# Clone database from another instance
+#
+clone:
+  donorUrl: ""
+  rootUser: root
+  exisitingCredentialsSecret: ""
+
+##
+# Backup database to pvc or s3
+#
+backup:
+  enabled: false
+  profiles:
+
+## -- Example profile that back ups to local pvc
+
+#    - name: pvc-backup
+#      dumpInstance:
+#        storage:
+#          persistentVolumeClaim:
+#            claimName: backup-volume-claim
+
+## -- Example profile that back ups to s3 endpoint
+
+#    - name: s3-backup
+#      snapshot:
+#        storage:
+#          s3:
+#            prefix: ""
+#            config: ""
+#            bucketName: ""
+#            endpoint: ""
+
+  schedules:
+
+## -- Example schedule that backups daily
+
+#    - name: schedule-daily
+#      enabled: true
+#      schedule: "0 0 0 * * *"
+#      timeZone: "US/Central"
+#      deleteBackupData: false
+#      backupProfileName:

charts/outline/Chart.yaml

@@ -1,18 +0,0 @@
-apiVersion: v2
-name: outline
-version: 0.0.8
-description: Chart for Outline wiki
-keywords:
-  - wiki
-  - documentation
-sources:
-  - https://github.com/outline/outline
-  - https://github.com/bitnami/charts/tree/main/bitnami/redis
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
-dependencies:
-  - name: redis
-    repository: https://charts.bitnami.com/bitnami
-    version: 18.19.2
-appVersion: v0.75.2

charts/outline/README.md

@@ -1,17 +0,0 @@
-## Introduction
-
-[Outline](https://github.com/outline/outline)
-
-The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.
-
-This chart bootstraps an [Outline](https://github.com/outline/outline) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Bitnami Redis Chart
-
-## Parameters
-
-See the [values files](values.yaml).

charts/outline/templates/deployment.yaml

@@ -1,201 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: outline
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: outline
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: outline
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: outline
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: outline
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: web
-              containerPort: {{ .Values.service.web.port }}
-              protocol: TCP
-          env:
-            - name: NODE_ENV
-              value: "{{ .Values.outline.nodeEnv }}"
-            - name: URL
-              value: "{{ .Values.outline.url }}"
-            - name: PORT
-              value: "{{ .Values.service.web.port }}"
-            - name: SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.secretKey.existingSecretName }}"
-                  key: "{{ .Values.outline.secretKey.existingSecretKey }}"
-            - name: UTILS_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.utilsSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.secretKey.existingSecretKey }}"
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.passwordSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.database.passwordSecret.existingSecretKey }}"
-            - name: POSTGRES_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.usernameSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.database.usernameSecret.existingSecretKey }}"
-            - name: POSTGRES_DATABASE_NAME
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.databaseName.existingSecretName }}"
-                  key: "{{ .Values.outline.database.databaseName.existingSecretKey }}"
-            - name: POSTGRES_DATABASE_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.database.databaseHost.existingSecretName }}"
-                  key: "{{ .Values.outline.database.databaseHost.existingSecretKey }}"
-            - name: DATABASE_URL
-              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@postgresql-{{ .Release.Name }}-cluster-rw:5432/$(POSTGRES_DATABASE_NAME)"
-            - name: DATABASE_URL_TEST
-              value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@postgresql-{{ .Release.Name }}-cluster-rw:5432/$(POSTGRES_DATABASE_NAME)-test"
-            - name: DATABASE_CONNECTION_POOL_MIN
-              value: "{{ .Values.outline.database.connectionPoolMin }}"
-            - name: DATABASE_CONNECTION_POOL_MAX
-              value: "{{ .Values.outline.database.connectionPoolMax }}"
-            - name: PGSSLMODE
-              value: "{{ .Values.outline.database.sslMode }}"
-            - name: REDIS_URL
-              value: "redis://{{ .Release.Name }}-redis-master:6379"
-            - name: FILE_STORAGE
-              value: "{{ .Values.persistence.type }}"
-
-          {{- if eq .Values.persistence.type "s3" }}
-            - name: AWS_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.persistence.s3.credentialsSecret }}"
-                  key: AWS_ACCESS_KEY_ID
-            - name: AWS_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.persistence.s3.credentialsSecret }}"
-                  key: AWS_SECRET_ACCESS_KEY
-          {{- if .Values.persistence.s3.endpointConfigMap.enabled }}
-            - name: AWS_REGION
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_REGION
-            - name: AWS_S3_UPLOAD_BUCKET_NAME
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_NAME
-            - name: AWS_S3_UPLOAD_BUCKET_HOST
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_HOST
-            - name: AWS_S3_UPLOAD_BUCKET_PORT
-              valueFrom:
-                configMapKeyRef:
-                  name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
-                  key: BUCKET_PORT
-            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)|"
-          {{- else }}
-            - name: AWS_REGION
-              value: "{{ .Values.persistence.s3.region }}"
-            - name: AWS_S3_UPLOAD_BUCKET_NAME
-              value: "{{ .Values.persistence.s3.bucketName }}"
-            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: "{{ .Values.persistence.s3.endpoint }}"
-          {{- end }}
-            - name: AWS_S3_FORCE_PATH_STYLE
-              value: "{{ .Values.persistence.s3.forcePathStyle }}"
-            - name: AWS_S3_ACL
-              value: "{{ .Values.persistence.s3.acl }}"
-            - name: FILE_STORAGE_UPLOAD_MAX_SIZE
-              value: "{{ .Values.persistence.s3.uploadMaxSize }}"
-          {{- else if eq .Values.persistence.type "local" }}
-            - name: FILE_STORAGE_LOCAL_ROOT_DIR
-              value: "{{ .Values.persistence.local.localRootDir }}"
-            - name: FILE_STORAGE_UPLOAD_MAX_SIZE
-              value: "{{ .Values.persistence.local.uploadMaxSize }}"
-          {{- end }}
-
-            - name: FORCE_HTTPS
-              value: "{{ .Values.outline.optional.forceHttps }}"
-            - name: ENABLE_UPDATES
-              value: "{{ .Values.outline.optional.enableUpdates }}"
-            - name: WEB_CONCURRENCY
-              value: "{{ .Values.outline.optional.webConcurrency }}"
-            - name: FILE_STORAGE_IMPORT_MAX_SIZE
-              value: "{{ .Values.outline.optional.maximumImportSize }}"
-            - name: LOG_LEVEL
-              value: "{{ .Values.outline.optional.logLevel }}"
-            - name: DEFAULT_LANGUAGE
-              value: "{{ .Values.outline.optional.defaultLanguage }}"
-            - name: RATE_LIMITER_ENABLED
-              value: "{{ .Values.outline.optional.rateLimiter.enabled }}"
-            - name: RATE_LIMITER_REQUESTS
-              value: "{{ .Values.outline.optional.rateLimiter.requests }}"
-            - name: RATE_LIMITER_DURATION_WINDOW
-              value: "{{ .Values.outline.optional.rateLimiter.durationWindow }}"
-            - name: DEVELOPMENT_UNSAFE_INLINE_CSP
-              value: "{{ .Values.outline.optional.developmentUnsafeInlineCsp }}"
-
-          {{- if .Values.outline.auth.oidc.enabled }}
-            - name: OIDC_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.auth.oidc.clientId.existingSecretName }}"
-                  key: "{{ .Values.outline.auth.oidc.clientId.existingSecretKey }}"
-            - name: OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Values.outline.auth.oidc.clientSecret.existingSecretName }}"
-                  key: "{{ .Values.outline.auth.oidc.clientSecret.existingSecretKey }}"
-            - name: OIDC_AUTH_URI
-              value: "{{ .Values.outline.auth.oidc.authUri }}"
-            - name: OIDC_TOKEN_URI
-              value: "{{ .Values.outline.auth.oidc.tokenUri }}"
-            - name: OIDC_USERINFO_URI
-              value: "{{ .Values.outline.auth.oidc.userinfoUri }}"
-            - name: OIDC_USERNAME_CLAIM
-              value: "{{ .Values.outline.auth.oidc.usernameClaim }}"
-            - name: OIDC_DISPLAY_NAME
-              value: "{{ .Values.outline.auth.oidc.displayName }}"
-            - name: OIDC_SCOPES
-              value: "{{ .Values.outline.auth.oidc.scopes }}"
-          {{- end }}
-
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-
-      {{- if eq .Values.persistence.type "local" }}
-          volumeMounts:
-          - name: "{{ .Release.Name }}-volume-claim"
-            mountPath: {{ .Values.persistence.local.localRootDir }}
-      volumes:
-      - name: "{{ .Release.Name }}-volume-claim"
-        persistentVolumeClaim:
-          claimName: "{{ .Release.Name }}-volume-claim"
-      {{- end }}

charts/outline/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Release.Name }}-secret-tls
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: web
-{{- end }}

charts/outline/templates/persistent-volume-claim.yaml

@@ -1,20 +0,0 @@
-{{- if eq .Values.persistence.type "local" }}
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Release.Name }}-volume-claim
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: outline
-spec:
-  storageClassName: {{ .Values.persistence.local.storageClassName }}
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.local.storageSize }}
-{{- end }}

charts/outline/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: outline
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: outline

charts/outline/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.web.port }}
-      targetPort: web
-      protocol: TCP
-      name: web
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/outline/values.yaml

@@ -1,96 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: outlinewiki/outline
-    tag: "0.75.2"
-    imagePullPolicy: IfNotPresent
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  web:
-    port: 3000
-ingress:
-  enabled: true
-  className:
-  annotations:
-  host:
-persistence:
-  type: s3
-  s3:
-    credentialsSecret:
-    endpointConfigMap:
-      enabled: false
-      name:
-    region:
-    bucketName:
-    endpoint:
-    uploadMaxSize: "26214400"
-    forcePathStyle: false
-    acl: private
-  local:
-    storageClassName: default
-    storageSize: 50Gi
-    localRootDir: /var/lib/outline/data
-    uploadMaxSize: 26214400
-redis:
-  architecture: standalone
-  auth:
-    enabled: false
-outline:
-  nodeEnv: production
-  url:
-  secretKey:
-    existingSecretName: outline-key-secret
-    existingSecretKey: secret-key
-  utilsSecret:
-    existingSecretName: outline-key-secret
-    existingSecretKey: utils-key
-  database:
-    passwordSecret:
-      existingSecretName:
-      existingSecretKey:
-    usernameSecret:
-      existingSecretName:
-      existingSecretKey:
-    databaseName:
-      existingSecretName:
-      existingSecretKey:
-    databaseHost:
-      existingSecretName:
-      existingSecretKey:
-    connectionPoolMin: ""
-    connectionPoolMax: "20"
-    sslMode: disable
-  optional:
-    forceHttps: false
-    enableUpdates: false
-    webConcurrency: 1
-    maximumImportSize: 5120000
-    logLevel: info
-    defaultLanguage: en_US
-    rateLimiter:
-      enabled: false
-      requests: 1000
-      durationWindow: 60
-    developmentUnsafeInlineCsp: false
-  auth:
-    oidc:
-      enabled: true
-      clientId:
-        existingSecretName: outline-auth-secret
-        existingSecretKey: oidc-client-id
-      clientSecret:
-        existingSecretName: outline-auth-secret
-        existingSecretKey: oidc-client-secret
-      authUri:
-      tokenUri:
-      userinfoUri:
-      usernameClaim:
-      displayName:
-      scopes: openid profile email

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.2.3
+version: 3.6.0
 description: Chart for cloudnative-pg cluster
 keywords:
   - database
@@ -10,4 +10,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.22.1
+appVersion: v1.23.1

charts/postgres-cluster/templates/_backup.tpl

@@ -0,0 +1,30 @@
+{{- define "cluster.backup" -}}
+{{- if .Values.backup.enabled }}
+backup:
+  retentionPolicy: {{ .Values.backup.retentionPolicy }}
+  barmanObjectStore:
+    destinationPath: {{ .Values.backup.destinationPath }}
+    endpointURL: {{ .Values.backup.endpointURL }}
+    {{- if .Values.backup.endpointCA }}
+    endpointCA:
+      name: {{ .Values.backup.endpointCA }}
+      key: ca-bundle.crt
+    {{- end }}
+    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
+    s3Credentials:
+      accessKeyId:
+        name: {{ include "cluster.backupCredentials" . }}
+        key: ACCESS_KEY_ID
+      secretAccessKey:
+        name: {{ include "cluster.backupCredentials" . }}
+        key: ACCESS_SECRET_KEY
+    wal:
+      compression: {{ .Values.backup.wal.compression }}
+      encryption: {{ .Values.backup.wal.encryption }}
+      maxParallel: {{ .Values.backup.wal.maxParallel }}
+    data:
+      compression: {{ .Values.backup.data.compression }}
+      encryption: {{ .Values.backup.data.encryption }}
+      jobs: {{ .Values.backup.data.jobs }}
+{{- end }}
+{{- end }}

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -0,0 +1,91 @@
+{{- define "cluster.bootstrap" -}}
+bootstrap:
+{{- if eq .Values.mode "standalone" }}
+  initdb:
+    {{- with .Values.cluster.initdb }}
+    {{- with (omit . "postInitApplicationSQL") }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+    {{- end }}
+    postInitApplicationSQL:
+      {{- if eq .Values.type "postgis" }}
+      - CREATE EXTENSION IF NOT EXISTS postgis;
+      - CREATE EXTENSION IF NOT EXISTS postgis_topology;
+      - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
+      - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
+      {{- else if eq .Values.type "timescaledb" }}
+      - CREATE EXTENSION IF NOT EXISTS timescaledb;
+      {{- end }}
+      {{- with .Values.cluster.initdb }}
+      {{- range .postInitApplicationSQL }}
+      {{- printf "- %s" . | nindent 6 }}
+      {{- end }}
+      {{- end }}
+{{- else if eq .Values.mode "replica" }}
+  initdb:
+    import:
+      type: {{ .Values.replica.importType }}
+      databases:
+        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
+          {{ fail "Too many databases in import type of microservice!" }}
+        {{- else}}
+        {{- with .Values.replica.importDatabases }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+        {{- end }}
+      {{- if eq .Values.replica.importType "monolith" }}
+      roles:
+        {{- with .Values.replica.importRoles }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
+      postImportApplicationSQL:
+        {{- with .Values.replica.postImportApplicationSQL }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      source:
+        externalCluster: "{{ include "cluster.name" . }}-cluster"
+externalClusters:
+  - name: "{{ include "cluster.name" . }}-cluster"
+    {{- with .Values.replica.externalCluster }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+{{- else if eq .Values.mode "recovery" }}
+  recovery:
+    {{- with .Values.recovery.pitrTarget.time }}
+    recoveryTarget:
+      targetTime: {{ . }}
+    {{- end }}
+    source: {{ include "cluster.recoveryServerName" . }}
+externalClusters:
+  - name: {{ include "cluster.recoveryServerName" . }}
+    barmanObjectStore:
+      serverName: {{ include "cluster.recoveryServerName" . }}
+      destinationPath: {{ .Values.recovery.destinationPath }}
+      endpointURL: {{ .Values.recovery.endpointURL }}
+      {{- with .Values.recovery.endpointCA }}
+      endpointCA:
+        name: {{ . }}
+        key: ca-bundle.crt
+      {{- end }}
+      s3Credentials:
+        accessKeyId:
+          name: {{ include "cluster.recoveryCredentials" . }}
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: {{ include "cluster.recoveryCredentials" . }}
+          key: ACCESS_SECRET_KEY
+      wal:
+        compression: {{ .Values.recovery.wal.compression }}
+        encryption: {{ .Values.recovery.wal.encryption }}
+        maxParallel: {{ .Values.recovery.wal.maxParallel }}
+      data:
+        compression: {{ .Values.recovery.data.compression }}
+        encryption: {{ .Values.recovery.data.encryption }}
+        jobs: {{ .Values.recovery.data.jobs }}
+{{- else }}
+  {{ fail "Invalid cluster mode!" }}
+{{- end }}
+{{- end }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -0,0 +1,91 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster.name" -}}
+  {{- if .Values.nameOverride }}
+    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster.labels" -}}
+helm.sh/chart: {{ include "cluster.chart" . }}
+{{ include "cluster.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: cloudnative-pg
+{{- end }}
+
+{{/*
+Generate name for object store credentials
+*/}}
+{{- define "cluster.recoveryCredentials" -}}
+  {{- if .Values.recovery.endpointCredentials -}}
+    {{- .Values.recovery.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{- define "cluster.backupCredentials" -}}
+  {{- if .Values.backup.endpointCredentials -}}
+    {{- .Values.backup.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate backup server name
+*/}}
+{{- define "cluster.backupName" -}}
+  {{- if .Values.backup.backupName -}}
+    {{- .Values.backup.backupName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}
+
+
+{{/*
+Generate recovery server name
+*/}}
+{{- define "cluster.recoveryServerName" -}}
+  {{- if .Values.recovery.recoveryServerName -}}
+    {{- .Values.recovery.recoveryServerName -}}
+  {{- else -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate recovery instance name
+*/}}
+{{- define "cluster.recoveryInstanceName" -}}
+  {{- if .Values.recovery.recoveryInstanceName -}}
+    {{- .Values.recovery.recoveryInstanceName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -0,0 +1,52 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ include "cluster.name" . }}-cluster
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.cluster.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  instances: {{ .Values.cluster.instances }}
+  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
+  imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
+  postgresUID: {{ .Values.cluster.postgresUID }}
+  postgresGID: {{ .Values.cluster.postgresGID }}
+  walStorage:
+    size: {{ .Values.cluster.walStorage.size }}
+    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+  storage:
+    size: {{ .Values.cluster.storage.size }}
+    storageClass: {{ .Values.cluster.storage.storageClass }}
+  {{- with .Values.cluster.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  {{- with .Values.cluster.affinity }}
+  affinity:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  priorityClassName: {{ .Values.cluster.priorityClassName }}
+  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
+  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
+  logLevel: {{ .Values.cluster.logLevel }}
+  postgresql:
+    shared_preload_libraries:
+      {{- if eq .Values.type "timescaledb" }}
+      - timescaledb
+      {{- end }}
+    {{- with .Values.cluster.postgresql.parameters }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  monitoring:
+    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+
+  {{ include "cluster.bootstrap" . | nindent 2 }}
+  {{ include "cluster.backup" . | nindent 2 }}

charts/postgres-cluster/templates/postgresql-cluster.yaml

@@ -1,81 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: postgresql
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  instances: {{ .Values.cluster.instances }}
-  replicationSlots:
-    highAvailability:
-      enabled: true
-  affinity:
-    enablePodAntiAffinity: true
-    topologyKey: kubernetes.io/hostname
-  postgresql:
-    parameters:
-      {{- toYaml .Values.cluster.parameters | nindent 6 }}
-  resources:
-    {{- toYaml .Values.cluster.resources | nindent 4 }}
-  storage:
-    storageClass: {{ .Values.cluster.storage.data.storageClass }}
-    size: {{ .Values.cluster.storage.data.size }}
-  walStorage:
-    storageClass: {{ .Values.cluster.storage.wal.storageClass }}
-    size: {{ .Values.cluster.storage.wal.size }}
-  monitoring:
-    enablePodMonitor: true
-
-  {{- if .Values.bootstrap.initdbEnabled }}
-  bootstrap:
-    initdb:
-      {{- toYaml .Values.bootstrap.initdb | nindent 6 }}
-  {{- end }}
-
-  {{- if .Values.bootstrap.recoveryEnabled }}
-  bootstrap:
-    recovery:
-      source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
-  externalClusters:
-    - name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.bootstrap.recoveryIndex }}"
-      barmanObjectStore:
-        endpointURL: {{ .Values.bootstrap.endpointURL }}
-        destinationPath: "s3://{{ .Values.bootstrap.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
-        s3Credentials:
-          accessKeyId:
-            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-            key: ACCESS_KEY_ID
-          secretAccessKey:
-            name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-            key: ACCESS_SECRET_KEY
-        data:
-          compression: {{ .Values.cluster.compression }}
-        wal:
-          compression: {{ .Values.cluster.compression }}
-  {{- end }}
-
-  {{- if .Values.backup.backupEnabled }}
-  backup:
-    retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
-    barmanObjectStore:
-      destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
-      endpointURL: {{ .Values.backup.endpointURL }}
-      serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
-      s3Credentials:
-        accessKeyId:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_KEY_ID
-        secretAccessKey:
-          name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
-          key: ACCESS_SECRET_KEY
-      data:
-        compression: {{ .Values.cluster.compression }}
-      wal:
-        compression: {{ .Values.cluster.compression }}
-  {{- end }}

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -0,0 +1,30 @@
+{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "cluster.name" . }}-alert-rules
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  groups:
+    - name: cloudnative-pg/{{ include "cluster.name" . }}
+      rules:
+        {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
+        {{- $_ := set $dict "value"       "{{ $value }}" -}}
+        {{- $_ := set $dict "namespace"   .Release.Namespace -}}
+        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
+        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
+        {{- $_ := set $dict "Values"      .Values -}}
+        {{- $_ := set $dict "Template"    .Template -}}
+        {{- range $path, $_ := .Files.Glob  "prometheus_rules/**.yaml" }}
+        {{- $tpl := tpl ($.Files.Get $path) $dict | nindent 10 | trim -}}
+        {{- with $tpl }}
+        - {{ $tpl }}
+        {{- end -}}
+        {{- end -}}
+{{ end }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -1,16 +1,18 @@
+{{ if .Values.backup.enabled }}
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: "postgresql-{{ .Release.Name }}-cluster-backup"
+  name: {{ include "cluster.name" . }}-scheduled-backup
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: postgresql
+    {{- include "cluster.labels" . | nindent 4 }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- with .Values.cluster.additionalLabels }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    {{ toYaml . | nindent 4 }}
-    app.kubernetes.io/component: database
+  {{- end }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
+  immediate: true
   schedule: {{ .Values.backup.schedule }}
   backupOwnerReference: self
   cluster:
-    name: "postgresql-{{ .Release.Name }}-cluster"
+    name: {{ include "cluster.name" . }}-cluster
+{{ end }}

charts/postgres-cluster/values.yaml

@@ -1,42 +1,196 @@
+# -- Override the name of the cluster
+nameOverride: ""
+
+###
+# -- Type of the CNPG database. Available types:
+# * `postgresql`
+# * `postgis`
+# * `timescaledb`
+type: postgresql
+
+###
+# Cluster mode of operation. Available modes:
+# * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
+# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
+# * `replica` - Create database as a replica from another CNPG cluster
+mode: standalone
+
 cluster:
-  name: cl01tl
+  instances: 3
+
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 16.0
+    tag: "16.3"
-  instances: 2
+    pullPolicy: IfNotPresent
-  parameters:
+
-    shared_buffers: 128MB
+  # The UID and GID of the postgres user inside the image
-    max_slot_wal_keep_size: 2000MB
+  postgresUID: 26
-    hot_standby_feedback: "on"
+  postgresGID: 26
-  compression: snappy
+
+  walStorage:
+    size: 2Gi
+    storageClass: ""
+  storage:
+    size: 10Gi
+    storageClass: ""
+
   resources:
     requests:
-      memory: 512Mi
+      memory: 256Mi
-      cpu: 100m
+      cpu: 10m
     limits:
-      memory: 2Gi
+      memory: 1Gi
-      cpu: 1500m
+      cpu: 800m
-      hugepages-2Mi: 512Mi
+      hugepages-2Mi: 256Mi
-  storage:
+
-    data:
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
-      storageClass: default
+  affinity:
-      size: 10Gi
+    enablePodAntiAffinity: true
-    wal:
+    topologyKey: kubernetes.io/hostname
-      storageClass: default
+
-      size: 2Gi
+  additionalLabels: {}
-bootstrap:
+  annotations: {}
-  recoveryEnabled: false
+
+  priorityClassName: ""
+
+  # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated. It can be switchover (default) or in-place (restart).
+  primaryUpdateMethod: switchover
+
+  # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
+  primaryUpdateStrategy: unsupervised
+
+  logLevel: "info"
+
+  monitoring:
+    enabled: false
+    podMonitor:
+      enabled: true
+    prometheusRule:
+      enabled: false
+      excludeRules: []
+
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
+  postgresql:
+    parameters:
+      shared_buffers: 128MB
+      max_slot_wal_keep_size: 2000MB
+      hot_standby_feedback: "on"
+
+  # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
+  # See: https://cloudnative-pg.io/documentation/current/bootstrap/
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
+  initdb: {}
+    # database: app
+    # owner: app
+    # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+    # postInitApplicationSQL:
+    #   - CREATE TABLE IF NOT EXISTS example;
+
+recovery:
+  # Point in time recovery target in RFC3339 format
+  pitrTarget:
+    time: ""
+
+  # S3 https endpoint and the s3:// path
+  endpointURL: ""
+  destinationPath: ""
+
+  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  endpointCA: ""
+
+  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  endpointCredentials: ""
+
+  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
   recoveryIndex: 1
-  endpointURL:
+
-  bucket:
+  # Name of the recovery cluster in the object store, defaults to "cluster.name"
-  initdbEnabled: false
+  recoveryServerName: ""
-  initdb:
+
-    database: app
+  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
-    owner: app
+  recoveryInstanceName: ""
+
+  wal:
+    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of WAL files to be archived or restored in parallel.
+    maxParallel: 2
+  data:
+    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of data files to be archived or restored in parallel.
+    jobs: 2
+
+replica:
+  # See https://cloudnative-pg.io/documentation/current/database_import/
+  # * `microservice` - Single database import as expected from cnpg clusters
+  # * `monolith` - Import multiple databases and roles
+  importType: microservice
+
+  # If type microservice only one database is allowed, default is app as standard in cnpg clusters
+  importDatabases:
+    - app
+
+  # If type microservice no roles are imported and ignored
+  importRoles: []
+
+  # If import type is monolith postImportApplicationSQL is not supported and ignored
+  postImportApplicationSQL: []
+
+  # External cluster connection, password specifies a secret name and the key containing the password value
+  externalCluster:
+    connectionParameters:
+      host: postgresql
+      user: app
+      dbname: app
+    password:
+      name: postgresql
+      key: password
+
 backup:
-  backupEnabled: true
+  enabled: false
-  schedule: "0 0 0 * * *"
+
-  retentionPolicy: 14d
+  # S3 endpoint starting with "https://"
+  endpointURL: ""
+
+  # S3 path starting with "s3://"
+  destinationPath: ""
+
+  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  endpointCA: ""
+
+  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  endpointCredentials: ""
+
+  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
   backupIndex: 1
-  endpointURL:
+
-  bucket:
+  # Name of the backup cluster in the object store, defaults to "cluster.name"
+  backupName: ""
+
+  wal:
+    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of WAL files to be archived or restored in parallel.
+    maxParallel: 2
+  data:
+    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # Number of data files to be archived or restored in parallel.
+    jobs: 2
+
+  # Retention policy for backups
+  retentionPolicy: "30d"
+
+  # Scheduled backup in cron format
+  schedule: "0 0 0 * * *"

charts/qbittorrent/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: qbittorrent
-version: 0.0.4
-description: Chart for qBittorrent
-keywords:
-  - downloads
-  - torrent
-sources:
-  - https://github.com/qbittorrent/qBittorrent
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/2131270?s=48&v=4
-appVersion: version-4.6.3-r0

charts/qbittorrent/README.md

@@ -1,17 +0,0 @@
-## Introduction
-
-[qBittorrent](https://github.com/qbittorrent/qBittorrent)
-
-qBittorrent is a bittorrent client programmed in C++ / Qt that uses libtorrent
-
-This chart bootstraps a [qBittorrent](https://github.com/qbittorrent/qBittorrent) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/qbittorrent/templates/deployment.yaml

@@ -1,132 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: qbittorrent
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: qbittorrent
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: qbittorrent
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.server.replicas }}
-  strategy:
-    type: {{ .Values.server.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: qbittorrent
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: qbittorrent
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: qbittorrent
-      automountServiceAccountToken: true
-      containers:
-        - name: qbittorrent
-          image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
-          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
-          env:
-          {{- with (concat .Values.global.env .Values.server.env) }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-            - name: WEBUI_PORT
-              value: "{{ .Values.server.service.http.port }}"
-          resources:
-            {{- toYaml .Values.server.resources | nindent 12 }}
-          volumeMounts:
-            - name: qbittorrent-config
-              mountPath: /config
-            - name: media-storage
-              mountPath: {{ .Values.global.persistence.media.mountPath }}
-
-        {{- if .Values.gluetun.enabled }}
-        - name: gluetun
-          image: "{{.Values.gluetun.image.repository}}:{{.Values.gluetun.image.tag}}"
-          imagePullPolicy: {{ .Values.gluetun.image.pullPolicy }}
-          env:
-          {{- with (concat .Values.global.env .Values.server.env) }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          ports:
-            - name: health
-              containerPort: {{ .Values.gluetun.service.health.port }}
-              protocol: TCP
-            - name: http
-              containerPort: {{ .Values.server.service.http.port }}
-              protocol: TCP
-            - name: metrics
-              containerPort: 9022
-              protocol: TCP
-          securityContext:
-            {{- toYaml .Values.gluetun.securityContext | nindent 12 }}
-          resources:
-            {{- toYaml .Values.gluetun.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.gluetun.service.health.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.gluetun.service.health.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.gluetun.service.health.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-          volumeMounts:
-            - name: tunnel-device
-              mountPath: /dev/net/tun
-            - name: wg0-wireguard-config
-              mountPath: /gluetun/wireguard/
-        {{- end }}
-
-        {{- if .Values.metrics.enabled }}
-        - name: exporter
-          image: "{{ .Values.metrics.exporter.image.repository }}:{{.Values.metrics.exporter.image.tag }}"
-          imagePullPolicy: {{ .Values.metrics.exporter.image.pullPolicy }}
-          env:
-          {{- with (concat .Values.global.env .Values.server.env) }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-            - name: QBITTORRENT_HOST
-              value: "http://localhost"
-            - name: QBITTORRENT_PORT
-              value: "{{ .Values.server.service.http.port }}"
-            - name: EXPORTER_PORT
-              value: 9022
-        {{- end }}
-
-      volumes:
-
-        {{- if .Values.gluetun.enabled }}
-        - name: tunnel-device
-          hostPath:
-            path: /dev/net/tun
-        - name: wg0-wireguard-config
-          secret:
-            secretName: {{ .Values.gluetun.existingSecretName }}
-            items:
-              - key: wg0.conf
-                path: wg0.conf
-        {{- end }}
-
-        - name: qbittorrent-config
-          persistentVolumeClaim:
-            claimName: qbittorrent-config
-        - name: media-storage
-          persistentVolumeClaim:
-            claimName: {{ .Values.global.persistence.media.claimName }}

charts/qbittorrent/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.server.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: qbittorrent
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: qbittorrent
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: qbittorrent
-  annotations:
-    {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.server.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.server.ingress.host }}
-      secretName: qbittorrent-secret-tls
-  rules:
-    - host: {{ .Values.server.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: qbittorrent-webui
-                port:
-                  name: http
-{{- end }}