[oauth2-proxy] migrate oauth2-proxy chart (#179)

* Add jvmInitHeapSize and jvmMaxHeapSize which are passed on
  to the container as env vars

* Bump version, no change in default behaviour

* Update README.md with new configuration parameters

Signed-off-by: Thomas Ingvarsson <ingvarsson.thomas@gmail.com>

charts/bazarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.9.0.5
 description: Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements
 name: bazarr
-version: 4.1.0
+version: 4.4.0
 keywords:
   - bazarr
   - radarr
@@ -21,4 +21,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.2.0
+    version: ^1.5.0

charts/bazarr/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v0.9.0.5
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 6767

charts/common/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: Function library for k8s-at-home charts
 type: library
-version: 1.3.0
+version: 1.5.1
 keywords:
   - k8s-at-home
   - common

charts/common/templates/_all.tpl

@@ -1,8 +1,6 @@
 {{- define "common.all" -}}
   {{- /* Merge the local chart values and the common chart defaults */ -}}
-  {{- $defaultValues := .Values.common -}}
-  {{- $_ := deepCopy $defaultValues | merge .Values -}}
-  {{- $_ := unset .Values "common" -}}
+  {{- include "common.values.setup" . }}
   
   {{- /* Enable OpenVPN VPN add-on if required */ -}}
   {{- if .Values.addons.vpn.enabled }}

charts/common/templates/_deployment.tpl

@@ -53,14 +53,14 @@ spec:
 
       {{- with .Values.nodeSelector }}
       nodeSelector:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.affinity }}
       affinity:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.tolerations }}
       tolerations:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
 {{- end }}

charts/common/templates/_ingress.tpl

@@ -4,7 +4,6 @@
 
     {{- /* Generate primary ingress */ -}}
     {{- $ingressValues := .Values.ingress -}}
-    {{- $_ := set $ingressValues "svcPort" $svcPort -}}
     {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}}
     {{- include "common.classes.ingress" . }}
 
@@ -13,7 +12,6 @@
       {{- if $extraIngress.enabled -}}
         {{- print ("---") | nindent 0 -}}
         {{- $ingressValues := $extraIngress -}}
-        {{- $_ := set $ingressValues "svcPort" $svcPort -}}
         {{- if not $ingressValues.nameSuffix -}}
           {{- $_ := set $ingressValues "nameSuffix" $index -}}
         {{ end -}}

charts/common/templates/_statefulset.tpl

@@ -54,14 +54,14 @@ spec:
 
       {{- with .Values.nodeSelector }}
       nodeSelector:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.affinity }}
       affinity:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.tolerations }}
       tolerations:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
 {{- end }}

charts/common/templates/classes/_ingress.tpl

@@ -9,7 +9,8 @@
 {{- if hasKey $values "nameSuffix" -}}
   {{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}}
 {{ end -}}
-{{- $svcPort := $values.svcPort -}}
+{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}}
+{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}}
 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
@@ -39,7 +40,7 @@ spec:
           {{- range .paths }}
           - path: {{ .path }}
             backend:
-              serviceName: {{ $ingressName }}
+              serviceName: {{ $svcName }}
               servicePort: {{ $svcPort }}
           {{- end }}
   {{- end }}

charts/common/templates/classes/_service.tpl

@@ -1,3 +1,6 @@
+{{/*
+service class: all services should adhere to this
+*/}}
 {{- define "common.classes.service" -}}
 {{- $values := .Values.service -}}
 {{- if hasKey . "ObjectValues" -}}
@@ -9,7 +12,7 @@
 {{- if hasKey $values "nameSuffix" -}}
   {{- $serviceName = printf "%v-%v" $serviceName $values.nameSuffix -}}
 {{ end -}}
-{{- $svcType := $values.type -}}
+{{- $svcType := $values.type | default "" -}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -58,17 +61,7 @@ spec:
   {{- if $values.publishNotReadyAddresses }}
   publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }}
   {{- end }}
-  ports:
-    - port: {{ $values.port.port }}
-      targetPort: {{ $values.port.targetPort }}
-      protocol: {{ $values.port.protocol }}
-      name: {{ $values.port.name }}
-      {{- if (and (eq $svcType "NodePort") (not (empty $values.port.nodePort))) }}
-      nodePort: {{ $values.port.nodePort }}
-      {{ end }}
-    {{- with $values.additionalPorts }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}
+  {{- include "common.classes.service.ports" (dict "svcType" $svcType "values" $values ) | trim | nindent 2 }}
   selector:
     {{- include "common.labels.selectorLabels" . | nindent 4 }}
 {{- end }}

charts/common/templates/classes/_service_ports.tpl

@@ -0,0 +1,23 @@
+{{/*
+logic that lists the ports and additionalPorts for a service
+*/}}
+{{- define "common.classes.service.ports" -}}
+  {{- $ports := list -}}
+  {{- $values := .values -}}
+  {{- $ports = mustAppend $ports $values.port -}}
+  {{- range $_ := $values.additionalPorts -}}
+    {{- $ports = mustAppend $ports . -}}
+  {{- end }}
+  {{- if $ports -}}
+  ports:
+  {{- range $_ := $ports }}
+  - port: {{ .port }}
+    targetPort: {{ .targetPort | default .name }}
+    protocol: {{ .protocol | default "TCP" }}
+    name: {{ .name }}
+    {{- if (and (eq $.svcType "NodePort") (not (empty .nodePort))) }}
+    nodePort: {{ .nodePort }}
+    {{ end }}
+  {{- end -}}
+  {{- end -}}
+{{- end }}

charts/common/templates/lib/chart/_values.tpl

@@ -0,0 +1,9 @@
+{{- define "common.values.setup" -}}
+  {{- /* Merge the local chart values and the common chart defaults */ -}}
+  {{- if .Values.common -}}
+    {{- $defaultValues := deepCopy .Values.common -}}
+    {{- $userValues := deepCopy (omit .Values "common") -}}
+    {{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}}
+    {{- $_ := set . "Values" (deepCopy $mergedValues) -}}
+  {{- end }}  
+{{- end }}

charts/common/templates/lib/controller/_container.tpl

@@ -1,4 +1,6 @@
-{{- /* The main containter that will be included in the controller */ -}}
+{{- /*
+The main containter that will be included in the controller 
+*/ -}}
 {{- define "common.controller.mainContainer" -}}
 - name: {{ template "common.names.fullname" . }}
   image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -14,15 +16,7 @@
     value: {{ $value | quote }}
   {{- end }}
   {{- end }}
-  ports:
-  - name: {{ .Values.service.port.name }}
-    containerPort: {{ .Values.service.port.port }}
-    protocol: {{ .Values.service.port.protocol }}
-  {{- range $port := .Values.service.additionalPorts }}
-  - name: {{ $port.name }}
-    containerPort: {{ $port.port }}
-    protocol: {{ $port.protocol }}
-  {{- end }}
+  {{- include "common.controller.ports" . | trim | nindent 2 }}
   volumeMounts:
   {{- range $index, $PVC := .Values.persistence }}
   {{- if $PVC.enabled }}

charts/common/templates/lib/controller/_ports.tpl

@@ -0,0 +1,36 @@
+{{/*
+ports included by the controller
+*/}}
+{{- define "common.controller.ports" -}}
+  {{- $ports := list -}}
+  {{- with .Values.service -}}
+    {{- $serviceValues := deepCopy . -}}
+    {{/* append the ports for the main service */}}
+    {{- if .enabled -}}
+      {{- $ports = mustAppend $ports .port -}}
+      {{- range $_ := .additionalPorts -}}
+        {{/* append the additonalPorts for the main service */}}
+        {{- $ports = mustAppend $ports . -}}
+      {{- end }}
+    {{- end }}
+    {{/* append the ports for each additional service */}}
+    {{- range $_ := .additionalServices }}
+      {{- if .enabled -}}
+        {{- $ports = mustAppend $ports .port -}}
+        {{- range $_ := .additionalPorts -}}
+          {{/* append the additonalPorts for each additional service */}}
+          {{- $ports = mustAppend $ports . -}}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{/* export/render the list of ports */}}
+  {{- if $ports -}}
+  ports:
+  {{- range $_ := $ports }}
+  - name: {{ required "Missing port.name" .name }}
+    containerPort: {{ required "Missing port.port" .port }}
+    protocol: {{ .protocol | default "TCP" }}
+  {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/common/values.yaml

@@ -43,7 +43,7 @@ service:
   type: ClusterIP
   # Specify the default port information
   port:
-    port: ""
+    port:
     name: http
     protocol: TCP
     targetPort: http
@@ -102,8 +102,8 @@ ingress:
   #     - host: chart-example.local
   #       paths:
   #         - path: /api
-  #          # Ignored if not kubeVersion >= 1.14-0
-  #          pathType: Prefix
+  #           # Ignored if not kubeVersion >= 1.14-0
+  #           pathType: Prefix
   #   tls: []
   #   #  - secretName: chart-example-tls
   #   #    hosts:
@@ -141,6 +141,12 @@ additionalVolumes: []
 
 additionalVolumeMounts: []
 
+nodeSelector: {}
+
+affinity: {}
+
+tolerations: []
+
 addons:
   vpn:
     enabled: false

charts/couchpotato/.helmignore

@@ -19,5 +19,6 @@
 .project
 .idea/
 *.tmproj
+.vscode
 # OWNERS file for Kubernetes
 OWNERS

charts/couchpotato/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v3.0.1
-description: couchpotato is a movie downloading client
+appVersion: latest
+description: CouchPotato (CP) is an automatic NZB and torrent downloader.
 name: couchpotato
-version: 2.0.1
+version: 3.0.0
 keywords:
   - couchpotato
   - usenet
@@ -13,5 +13,9 @@ sources:
   - https://hub.docker.com/r/linuxserver/couchpotato/
   - https://github.com/CouchPotato/CouchPotatoServer/
 maintainers:
-  - name: skaro13
-    email: simon.caron@protonmail.com
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.0

charts/couchpotato/README.md

@@ -1,6 +1,6 @@
-# couchpotato movie download client
+# Couchpotato
 
-This is a helm chart for [couchpotato](https://github.com/couchpotato/couchpotato/) leveraging the [Linuxserver.io image](https://hub.docker.com/r/linuxserver/couchpotato/)
+This is a helm chart for [couchpotato](https://github.com/CouchPotato/CouchPotatoServer).
 
 ## TL;DR;
 
@@ -28,81 +28,49 @@ helm delete my-release --purge
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
 ## Configuration
-
-The following tables lists the configurable parameters of the Sentry chart and their default values.
-
-| Parameter                  | Description                         | Default                                                 |
-|----------------------------|-------------------------------------|---------------------------------------------------------|
-| `image.repository`         | Image repository | `linuxserver/couchpotato` |
-| `image.tag`                | Image tag. Possible values listed [here](https://hub.docker.com/r/linuxserver/couchpotato/tags/).| `7260c12f-ls33`|
-| `image.pullPolicy`         | Image pull policy | `IfNotPresent` |
-| `strategyType`             | Specifies the strategy used to replace old Pods by new ones | `Recreate` |
-| `timezone`                 | Timezone the couchpotato instance should run as, e.g. 'America/New_York' | `UTC` |
-| `puid`                     | process userID the couchpotato instance should run as | `1001` |
-| `pgid`                     | process groupID the couchpotato instance should run as | `1001` |
-| `probes.liveness.initialDelaySeconds`  | Specify liveness `initialDelaySeconds` parameter for the deployment  | `60` |
-| `probes.liveness.failureThreshold`     | Specify liveness `failureThreshold` parameter for the deployment     | `5`  |
-| `probes.liveness.timeoutSeconds`       | Specify liveness `timeoutSeconds` parameter for the deployment       | `10` |
-| `probes.readiness.initialDelaySeconds` | Specify readiness `initialDelaySeconds` parameter for the deployment | `60` |
-| `probes.readiness.failureThreshold`    | Specify readiness `failureThreshold` parameter for the deployment    | `5`  |
-| `probes.readiness.timeoutSeconds`      | Specify readiness `timeoutSeconds` parameter for the deployment      | `10` |
-| `Service.type`          | Kubernetes service type for the couchpotato GUI | `ClusterIP` |
-| `Service.port`          | Kubernetes port where the couchpotato GUI is exposed| `5050` |
-| `Service.annotations`   | Service annotations for the couchpotato GUI | `{}` |
-| `Service.labels`        | Custom labels | `{}` |
-| `Service.loadBalancerIP` | Loadbalance IP for the couchpotato GUI | `{}` |
-| `Service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported)      | None
-| `ingress.enabled`              | Enables Ingress | `false` |
-| `ingress.annotations`          | Ingress annotations | `{}` |
-| `ingress.labels`               | Custom labels                       | `{}`
-| `ingress.path`                 | Ingress path | `/` |
-| `ingress.hosts`                | Ingress accepted hostnames | `chart-example.local` |
-| `ingress.tls`                  | Ingress TLS configuration | `[]` |
-| `persistence.config.enabled`      | Use persistent volume to store configuration data | `true` |
-| `persistence.config.size`         | Size of persistent volume claim | `1Gi` |
-| `persistence.config.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.config.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.config.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.config.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.downloads.enabled`      | Use persistent volume to store configuration data | `true` |
-| `persistence.downloads.size`         | Size of persistent volume claim | `10Gi` |
-| `persistence.downloads.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.downloads.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.downloads.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.downloads.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.movies.enabled`      | Use persistent volume to store configuration data | `true` |
-| `persistence.movies.size`         | Size of persistent volume claim | `10Gi` |
-| `persistence.movies.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.movies.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.movies.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.movies.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.extraExistingClaimMounts`  | Optionally add multiple existing claims | `[]` |
-| `resources`                | CPU/Memory resource requests/limits | `{}` |
-| `nodeSelector`             | Node labels for pod assignment | `{}` |
-| `tolerations`              | Toleration labels for pod assignment | `[]` |
-| `affinity`                 | Affinity settings for pod assignment | `{}` |
-| `podAnnotations`           | Key-value pairs to add as pod annotations  | `{}` |
-| `deploymentAnnotations`           | Key-value pairs to add as deployment annotations  | `{}` |
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/couchpotato/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
 ```console
-helm install --name my-release \
-  --set timezone="America/New York" \
+helm install couchpotato \
+  --set env.TZ="America/New_York" \
     k8s-at-home/couchpotato
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
 ```console
-helm install --name my-release -f values.yaml stable/couchpotato
+helm install couchpotato k8s-at-home/couchpotato --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
 ```
 
 ---
 **NOTE**
 
-If you get `Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...` it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
 
 ---
 
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/couchpotato/values.yaml) file. It has several commented out suggested values.
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.

charts/couchpotato/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/couchpotato/templates/NOTES.txt

@@ -1,19 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "couchpotato.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "couchpotato.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "couchpotato.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "couchpotato.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:5050
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}

charts/couchpotato/templates/_helpers.tpl

@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "couchpotato.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "couchpotato.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "couchpotato.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/couchpotato/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/couchpotato/templates/config-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.config.enabled (not .Values.persistence.config.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "couchpotato.fullname" . }}-config
-  {{- if .Values.persistence.config.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.config.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.size | quote }}
-{{- if .Values.persistence.config.storageClass }}
-{{- if (eq "-" .Values.persistence.config.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.config.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/couchpotato/templates/deployment.yaml

@@ -1,122 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "couchpotato.fullname" . }}
-  {{- if .Values.deploymentAnnotations }}
-  annotations:
-    {{- range $key, $value := .Values.deploymentAnnotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  strategy:
-    type: {{ .Values.strategyType }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-        {{- range $key, $value := .Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-      {{- end }}
-    spec:
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 5050
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          readinessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          env:
-            - name: TZ
-              value: "{{ .Values.timezone }}"
-            - name: PUID
-              value: "{{ .Values.puid }}"
-            - name: PGID
-              value: "{{ .Values.pgid }}"
-          volumeMounts:
-            - mountPath: /config
-              name: config
-            - mountPath: /downloads
-              name: downloads
-            {{- if .Values.persistence.downloads.subPath }}
-              subPath: {{ .Values.persistence.downloads.subPath }}
-            {{- end }}
-            - mountPath: /movies
-              name: movies
-            {{- if .Values.persistence.movies.subPath }}
-              subPath: {{ .Values.persistence.movies.subPath }}
-            {{- end }}
-            {{- range .Values.persistence.extraExistingClaimMounts }}
-            - name: {{ .name }}
-              mountPath: {{ .mountPath }}
-              readOnly: {{ .readOnly }}
-            {{- end }}
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-      volumes:
-      - name: config
-      {{- if .Values.persistence.config.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "couchpotato.fullname" . }}-config{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: downloads
-      {{- if .Values.persistence.downloads.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.downloads.existingClaim }}{{ .Values.persistence.downloads.existingClaim }}{{- else }}{{ template "couchpotato.fullname" . }}-downloads{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: movies
-      {{- if .Values.persistence.movies.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.movies.existingClaim }}{{ .Values.persistence.movies.existingClaim }}{{- else }}{{ template "couchpotato.fullname" . }}-movies{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      {{- range .Values.persistence.extraExistingClaimMounts }}
-      - name: {{ .name }}
-        persistentVolumeClaim:
-          claimName: {{ .existingClaim }}
-      {{- end }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}

charts/couchpotato/templates/downloads-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.downloads.enabled (not .Values.persistence.downloads.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "couchpotato.fullname" . }}-downloads
-  {{- if .Values.persistence.downloads.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.downloads.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.downloads.size | quote }}
-{{- if .Values.persistence.downloads.storageClass }}
-{{- if (eq "-" .Values.persistence.downloads.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.downloads.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/couchpotato/templates/ingress.yaml

@@ -1,41 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "couchpotato.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    {{- with .Values.ingress.labels -}}
-    {{ toYaml . | nindent 4 }}
-    {{- end -}}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}

charts/couchpotato/templates/movies-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.movies.enabled (not .Values.persistence.movies.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "couchpotato.fullname" . }}-movies
-  {{- if .Values.persistence.movies.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.movies.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.movies.size | quote }}
-{{- if .Values.persistence.movies.storageClass }}
-{{- if (eq "-" .Values.persistence.movies.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.movies.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/couchpotato/templates/service.yaml

@@ -1,52 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "couchpotato.fullname" . }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- if .Values.service.labels }}
-{{ toYaml .Values.service.labels | indent 4 }}
-{{- end }}
-{{- with .Values.service.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
-  type: ClusterIP
-  {{- if .Values.service.clusterIP }}
-  clusterIP: {{ .Values.service.clusterIP }}
-  {{end}}
-{{- else if eq .Values.service.type "LoadBalancer" }}
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-{{- else }}
-  type: {{ .Values.service.type }}
-{{- end }}
-{{- if .Values.service.externalIPs }}
-  externalIPs:
-{{ toYaml .Values.service.externalIPs | indent 4 }}
-{{- end }}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - name: http
-      port: {{ .Values.service.port }}
-      protocol: TCP
-      targetPort: http
-{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{.Values.service.nodePort}}
-{{ end }}
-  selector:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/couchpotato/values.yaml

@@ -1,151 +1,40 @@
-# Default values for couchpotato.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+# Default values for Couchpotato.
 
 image:
   repository: linuxserver/couchpotato
-  tag: 7260c12f-ls42
-  pullPolicy: IfNotPresent
+  pullPolicy: Always
+  tag: latest
 
-# upgrade strategy type (e.g. Recreate or RollingUpdate)
-strategyType: Recreate
-
-# Probes configuration
-probes:
-  liveness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-
-nameOverride: ""
-fullnameOverride: ""
-
-timezone: UTC
-puid: 1001
-pgid: 1001
+strategy:
+  type: Recreate
 
 service:
-  type: ClusterIP
-  port: 5050
-  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  # nodePort:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  ## Use loadBalancerIP to request a specific static IP,
-  ## otherwise leave blank
-  ##
-  loadBalancerIP:
-  # loadBalancerSourceRanges: []
-  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
-  # externalTrafficPolicy: Cluster
+  port:
+    port: 5050
 
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  labels: {}
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+env: {}
+  # TZ: UTC
+  # PUID: 1001
+  # PGID: 1001
 
 persistence:
   config:
-    enabled: true
-    ## couchpotato configuration data Persistent Volume Storage Class
+    enabled: false
+    emptyDir: false
+
+  media:
+    enabled: false
+    emptyDir: false
+    mountPath: /media
+    ## Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
     ## If undefined (the default) or set to null, no storageClassName spec is
     ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
     ##   GKE, AWS & OpenStack)
-    ##
     # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    accessMode: ReadWriteOnce
-    size: 1Gi
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
     ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  downloads:
-    enabled: true
-    ## couchpotato downloads volume configuration
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  movies:
-    enabled: true
-    ## Directory where movies are persisted
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  extraExistingClaimMounts: []
-    # - name: external-mount
-    #   mountPath: /srv/external-mount
-    ## A manually managed Persistent Volume and Claim
-    ## If defined, PVC must be created manually before volume will be bound
-    #   existingClaim:
-    #   readOnly: true
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}
-
-deploymentAnnotations: {}
+    # skipuninstall: false
+    # existingClaim: ""

charts/ddclient/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/ddclient/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+appVersion: 3.9.1
+description: Perl client used to update dynamic DNS entries for accounts on Dynamic DNS Network Service Providers
+name: ddclient
+version: 1.0.0
+keywords:
+  - ddclient
+  - dns
+home: https://github.com/ddclient/ddclient
+icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/ddclient-logo.png
+sources:
+  - https://github.com/ddclient/ddclient
+  - https://hub.docker.com/r/linuxserver/ddclient
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.1

charts/ddclient/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek

charts/ddclient/README.md

@@ -0,0 +1,59 @@
+# ddclient
+
+This is a helm chart for [ddclient](https://github.com/ddclient/ddclient).
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/ddclient
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/ddclient
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/ddclient/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install ddclient \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/ddclient
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install ddclient k8s-at-home/ddclient --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.

charts/ddclient/ci/ct-values.yaml

@@ -0,0 +1,7 @@
+service:
+  enabled: false
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false

charts/ddclient/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/ddclient/templates/common.yaml

@@ -0,0 +1,31 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{/* Append the configMap to the additionalVolumes */}}
+{{- define "ddclient.configmap.volume" -}}
+name: ddclient-settings
+configMap:
+  name: {{ template "common.names.fullname" . }}-settings
+{{- end -}}
+
+{{- $volume := include "ddclient.configmap.volume" . | fromYaml -}}
+{{- if $volume -}}
+    {{- $additionalVolumes := append .Values.additionalVolumes $volume }}
+    {{- $_ := set .Values "additionalVolumes" (deepCopy $additionalVolumes) -}}
+{{- end -}}
+
+{{/* Append the configMap volume to the additionalVolumeMounts */}}
+{{- define "ddclient.configmap.volumeMount" -}}
+name: ddclient-settings
+mountPath: /defaults/ddclient.conf
+subPath: ddclient.conf
+{{- end -}}
+
+{{- $volumeMount := include "ddclient.configmap.volumeMount" . | fromYaml -}}
+{{- if $volumeMount -}}
+    {{- $additionalVolumeMounts := append .Values.additionalVolumeMounts $volumeMount }}
+    {{- $_ := set .Values "additionalVolumeMounts" (deepCopy $additionalVolumeMounts) -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "common.all" . }}

charts/ddclient/templates/configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "common.names.fullname" . }}-settings
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+data:
+  ddclient.conf: |
+{{ .Values.config | indent 4 }}

charts/ddclient/values.yaml

@@ -0,0 +1,37 @@
+# Default values for ddclient.
+
+image:
+  repository: linuxserver/ddclient
+  pullPolicy: IfNotPresent
+  tag: version-v3.9.1
+
+env: {}
+  # TZ:
+  # PUID:
+  # PGID:
+
+service:
+  enabled: false
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+
+strategy:
+  type: Recreate
+
+config: |
+  # This is the configuration for ddclient
+  # Inorder for it to function you need to set it up
+  # e.g. this is the config for Cloudflare
+  use=web
+  web=dynamicdns.park-your-domain.com/getip
+  protocol=cloudflare
+  ssl=yes
+  ttl=1
+  login=${CF_EMAIL}
+  password=${CF_GLOBAL_APIKEY}
+  zone=${DOMAIN}.${TLD}
+  ${DOMAIN}.${TLD}

charts/deconz/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: deconz
 description: A Helm chart for deploying deCONZ
-version: 2.0.0
+version: 2.0.1
 appVersion: 2.05.80
 keywords:
   - deconz

charts/deconz/README.md

@@ -79,6 +79,7 @@ Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master
 | `persistence.existingClaim`                 | Use an existing PVC to persist data                                                          | `nil`                                          |
 | `persistence.accessMode`                    | Persistence access mode                                                                      | `ReadWriteOnce`                                |
 | `persistence.size`                          | Size of persistent volume claim                                                              | `1Gi`                                          |
+| `persistence.subPath`                       | Mount a sub dir of the persistent volume                                                     | `nil`                                          |
 | `extraVolumes`                              | Optionally add additional Volumes                                                            | `[]`                                           |
 | `resources`                                 | CPU/Memory resource requests/limits                                                          | `{}`                                           |
 | `nodeSelector`                              | Node labels for pod assignment                                                               | `{}`                                           |

charts/deconz/templates/statefulset.yaml

@@ -77,6 +77,9 @@ spec:
             {{- end }}
             - name: config
               mountPath: /root/.local/share/dresden-elektronik/deCONZ
+              {{- if .Values.persistence.subPath }}
+              subPath: {{ .Values.persistence.subPath }}
+              {{- end }}
             {{- include "deconz.extraVolumeMounts" . | nindent 12 }}
           {{- if .Values.probes.liveness.enabled }}
           livenessProbe:

charts/deconz/values.yaml

@@ -79,6 +79,8 @@ persistence:
   # existingClaim: deconz-data
   accessMode: ReadWriteOnce
   size: 1Gi
+  ## When mounting the data volume you may specify a subPath
+  # subPath: /configs/deconz
 
 # Any extra volumes to define for the pod
 # Volumes will be mounted to the folder specified under mountPath

charts/home-assistant/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.116.1
 description: Home Assistant
 name: home-assistant
-version: 2.6.0
+version: 2.7.0
 keywords:
 - home-assistant
 - hass

charts/home-assistant/README.md

@@ -68,6 +68,7 @@ The following tables lists the configurable parameters of the Home Assistant cha
 | `service.publishNotReadyAddresses`              | Set to true if the editors (vscode or configurator) should be reachable when home assistant does not run                                                                                                                                  | `false`                                |
 | `service.externalTrafficPolicy`                 | Loadbalancer externalTrafficPolicy                                                                                                                                                                                                        | ``                                     |
 | `hostNetwork`                                   | Enable hostNetwork - might be needed for discovery to work                                                                                                                                                                                | `false`                                |
+| `hostAliases`                                   | Define custom entries in /etc/hosts                                                                                                                                                                                                       | `[]`                                   |
 | `service.nodePort`                              | nodePort to listen on for the home-assistant GUI                                                                                                                                                                                          | ``                                     |
 | `ingress.enabled`                               | Enables Ingress                                                                                                                                                                                                                           | `false`                                |
 | `ingress.annotations`                           | Ingress annotations                                                                                                                                                                                                                       | `{}`                                   |
@@ -234,7 +235,7 @@ kubectl create secret generic git-creds --from-file=id_rsa=git/k8s_id_rsa --from
 
 ## git-crypt support
 
-When using Git sync it is possible to specify a file called `git-crypt-key` in the secret referred to in `git.secret`. When this file is present, `git-crypt unlock` will automatically be executed after the repo has been synced. 
+When using Git sync it is possible to specify a file called `git-crypt-key` in the secret referred to in `git.secret`. When this file is present, `git-crypt unlock` will automatically be executed after the repo has been synced.
 
 **Note:** `git-crypt` is not installed by default in the other images! If you wish to push changes from the VS Code or Configurator containers, you will have to make sure that it is installed.
 

charts/home-assistant/templates/deployment.yaml

@@ -37,6 +37,10 @@ spec:
       {{- if .Values.hostNetwork }}
       hostNetwork: {{ .Values.hostNetwork }}
       dnsPolicy: ClusterFirstWithHostNet
+      {{- end }}
+      {{- if .Values.hostAliases }}
+      hostAliases:
+{{ toYaml .Values.hostAliases | indent 8 }}
       {{- end }}
       initContainers:
       {{- if .Values.git.enabled }}
@@ -56,7 +60,7 @@ spec:
           then
             git -C "{{ .Values.git.syncPath }}" pull || true;
           else
-            if [ "$(ls -A {{ .Values.git.syncPath }})" ]; 
+            if [ "$(ls -A {{ .Values.git.syncPath }})" ];
             then
               git clone --depth 2 "{{ .Values.git.repo }}" /tmp/repo;
               cp -rf /tmp/repo/.git "{{ .Values.git.syncPath }}";

charts/home-assistant/values.yaml

@@ -65,6 +65,14 @@ ingress:
 
 hostNetwork: false
 
+hostAliases: []
+  # Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  # - ip: "192.168.1.100"
+  #   hostnames:
+  #   - "example.com"
+  #   - "www.example.com"
+
 persistence:
   enabled: true
   ## home-assistant data Persistent Volume Storage Class

charts/jackett/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.16.2106
 description: API Support for your favorite torrent trackers
 name: jackett
-version: 5.1.0
+version: 5.4.0
 keywords:
   - jackett
   - torrent
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.2.0
+    version: ^1.5.0

charts/jackett/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v0.16.2106
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 9117

charts/jellyfin/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/jellyfin/Chart.yaml

@@ -1,16 +1,21 @@
 apiVersion: v2
-appVersion: 10.6.3
+appVersion: 10.6.4
 description: Jellyfin is a Free Software Media System
 name: jellyfin
-version: 2.0.1
+version: 3.0.0
 keywords:
-  - Jellyfin
-  - mediaplayer
+  - jellyfin
+  - plex
+  - emby
 home: https://github.com/k8s-at-home/charts/tree/master/charts/Jellyfin
 icon: https://github.com/jellyfin/jellyfin-ux/blob/master/branding/SVG/icon-solid-black.svg
 sources:
   - https://hub.docker.com/r/linuxserver/Jellyfin/
-  - https://github.com/Jellyfin/Jellyfin
+  - https://github.com/jellyfin/jellyfin
 maintainers:
-  - name: skaro13
-    email: simon.caron@protonmail.com
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.0

charts/jellyfin/README.md

@@ -1,6 +1,6 @@
-# Jellyfin Media Player
+# Jellyfin
 
-This is a helm chart for [Jellyfin](https://github.com/jellyfin/jellyfin) leveraging the [Linuxserver.io image](https://hub.docker.com/r/linuxserver/jellyfin/)
+This is a helm chart for [Jellyfin](https://github.com/jellyfin/jellyfin).
 
 ## TL;DR;
 
@@ -28,82 +28,50 @@ helm delete my-release --purge
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
 ## Configuration
-
-The following tables lists the configurable parameters of the Sentry chart and their default values.
-
-| Parameter                  | Description                         | Default                                                 |
-|----------------------------|-------------------------------------|---------------------------------------------------------|
-| `image.repository`         | Image repository | `linuxserver/jellyfin` |
-| `image.tag`                | Image tag. Possible values listed [here](https://hub.docker.com/r/linuxserver/jellyfin/tags/).| `v10.5.3-ls45`|
-| `image.pullPolicy`         | Image pull policy | `IfNotPresent` |
-| `strategyType`             | Specifies the strategy used to replace old Pods by new ones | `Recreate` |
-| `timezone`                 | Timezone the jellyfin instance should run as, e.g. 'America/New_York' | `UTC` |
-| `puid`                     | process userID the jellyfin instance should run as | `1001` |
-| `pgid`                     | process groupID the jellyfin instance should run as | `1001` |
-| `umaskSet`                     | for umask setting of Jellyfin | `022` |
-| `probes.liveness.initialDelaySeconds`  | Specify liveness `initialDelaySeconds` parameter for the deployment  | `60` |
-| `probes.liveness.failureThreshold`     | Specify liveness `failureThreshold` parameter for the deployment     | `5`  |
-| `probes.liveness.timeoutSeconds`       | Specify liveness `timeoutSeconds` parameter for the deployment       | `10` |
-| `probes.readiness.initialDelaySeconds` | Specify readiness `initialDelaySeconds` parameter for the deployment | `60` |
-| `probes.readiness.failureThreshold`    | Specify readiness `failureThreshold` parameter for the deployment    | `5`  |
-| `probes.readiness.timeoutSeconds`      | Specify readiness `timeoutSeconds` parameter for the deployment      | `10` |
-| `Service.type`          | Kubernetes service type for the jellyfin GUI | `ClusterIP` |
-| `Service.port`          | Kubernetes port where the jellyfin GUI is exposed| `8096` |
-| `Service.annotations`   | Service annotations for the jellyfin GUI | `{}` |
-| `Service.labels`        | Custom labels | `{}` |
-| `Service.loadBalancerIP` | Loadbalance IP for the jellyfin GUI | `{}` |
-| `Service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported)      | None
-| `ingress.enabled`              | Enables Ingress | `false` |
-| `ingress.annotations`          | Ingress annotations | `{}` |
-| `ingress.labels`               | Custom labels                       | `{}`
-| `ingress.path`                 | Ingress path | `/` |
-| `ingress.hosts`                | Ingress accepted hostnames | `chart-example.local` |
-| `ingress.tls`                  | Ingress TLS configuration | `[]` |
-| `persistence.config.enabled`      | Use persistent volume to store configuration data | `true` |
-| `persistence.config.size`         | Size of persistent volume claim | `1Gi` |
-| `persistence.config.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.config.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.config.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.config.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.tvshows.enabled`      | Use persistent volume to store tvshows data | `true` |
-| `persistence.tvshows.size`         | Size of persistent volume claim | `10Gi` |
-| `persistence.tvshows.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.tvshows.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.tvshows.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.tvshows.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.movies.enabled`      | Use persistent volume to store movies data | `true` |
-| `persistence.movies.size`         | Size of persistent volume claim | `10Gi` |
-| `persistence.movies.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.movies.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.movies.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.movies.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.extraExistingClaimMounts`  | Optionally add multiple existing claims | `[]` |
-| `resources`                | CPU/Memory resource requests/limits | `{}` |
-| `nodeSelector`             | Node labels for pod assignment | `{}` |
-| `tolerations`              | Toleration labels for pod assignment | `[]` |
-| `affinity`                 | Affinity settings for pod assignment | `{}` |
-| `podAnnotations`           | Key-value pairs to add as pod annotations  | `{}` |
-| `deploymentAnnotations`           | Key-value pairs to add as deployment annotations  | `{}` |
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/jellyfin/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
 ```console
-helm install --name my-release \
-  --set timezone="America/New York" \
+helm install jellyfin \
+  --set env.TZ="America/New_York" \
     k8s-at-home/jellyfin
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
 ```console
-helm install --name my-release -f values.yaml stable/jellyfin
+helm install jellyfin k8s-at-home/jellyfin --values values.yaml 
+```
+
+These values will be nested as it is a dependency, for example
+```yaml
+image:
+  tag: ...
 ```
 
 ---
 **NOTE**
 
-If you get `Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...` it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
 
 ---
 
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/jellyfin/values.yaml) file. It has several commented out suggested values.
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.

charts/jellyfin/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/jellyfin/templates/NOTES.txt

@@ -1,19 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "jellyfin.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "jellyfin.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "jellyfin.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "jellyfin.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:8096
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}

charts/jellyfin/templates/_helpers.tpl

@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "jellyfin.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "jellyfin.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "jellyfin.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/jellyfin/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/jellyfin/templates/config-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.config.enabled (not .Values.persistence.config.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "jellyfin.fullname" . }}-config
-  {{- if .Values.persistence.config.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.config.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.size | quote }}
-{{- if .Values.persistence.config.storageClass }}
-{{- if (eq "-" .Values.persistence.config.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.config.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/jellyfin/templates/deployment.yaml

@@ -1,124 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "jellyfin.fullname" . }}
-  {{- if .Values.deploymentAnnotations }}
-  annotations:
-    {{- range $key, $value := .Values.deploymentAnnotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  strategy:
-    type: {{ .Values.strategyType }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-        {{- range $key, $value := .Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-      {{- end }}
-    spec:
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 8096
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          readinessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          env:
-            - name: TZ
-              value: "{{ .Values.timezone }}"
-            - name: PUID
-              value: "{{ .Values.puid }}"
-            - name: PGID
-              value: "{{ .Values.pgid }}"
-            - name: UMASK_SET
-              value: "{{ .Values.umaskSet }}"
-          volumeMounts:
-            - mountPath: /config
-              name: config
-            - mountPath: /data/tvshows
-              name: tvshows
-            {{- if .Values.persistence.tvshows.subPath }}
-              subPath: {{ .Values.persistence.tvshows.subPath }}
-            {{- end }}
-            - mountPath: /data/movies
-              name: movies
-            {{- if .Values.persistence.movies.subPath }}
-              subPath: {{ .Values.persistence.movies.subPath }}
-            {{- end }}
-            {{- range .Values.persistence.extraExistingClaimMounts }}
-            - name: {{ .name }}
-              mountPath: {{ .mountPath }}
-              readOnly: {{ .readOnly }}
-            {{- end }}
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-      volumes:
-      - name: config
-      {{- if .Values.persistence.config.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "jellyfin.fullname" . }}-config{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: tvshows
-      {{- if .Values.persistence.tvshows.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.tvshows.existingClaim }}{{ .Values.persistence.tvshows.existingClaim }}{{- else }}{{ template "jellyfin.fullname" . }}-tvshows{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: movies
-      {{- if .Values.persistence.movies.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.movies.existingClaim }}{{ .Values.persistence.movies.existingClaim }}{{- else }}{{ template "jellyfin.fullname" . }}-movies{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      {{- range .Values.persistence.extraExistingClaimMounts }}
-      - name: {{ .name }}
-        persistentVolumeClaim:
-          claimName: {{ .existingClaim }}
-      {{- end }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}

charts/jellyfin/templates/ingress.yaml

@@ -1,41 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "jellyfin.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    {{- with .Values.ingress.labels -}}
-    {{ toYaml . | nindent 4 }}
-    {{- end -}}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}

charts/jellyfin/templates/movies-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.movies.enabled (not .Values.persistence.movies.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "jellyfin.fullname" . }}-movies
-  {{- if .Values.persistence.movies.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.movies.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.movies.size | quote }}
-{{- if .Values.persistence.movies.storageClass }}
-{{- if (eq "-" .Values.persistence.movies.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.movies.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/jellyfin/templates/service.yaml

@@ -1,52 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "jellyfin.fullname" . }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- if .Values.service.labels }}
-{{ toYaml .Values.service.labels | indent 4 }}
-{{- end }}
-{{- with .Values.service.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
-  type: ClusterIP
-  {{- if .Values.service.clusterIP }}
-  clusterIP: {{ .Values.service.clusterIP }}
-  {{end}}
-{{- else if eq .Values.service.type "LoadBalancer" }}
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-{{- else }}
-  type: {{ .Values.service.type }}
-{{- end }}
-{{- if .Values.service.externalIPs }}
-  externalIPs:
-{{ toYaml .Values.service.externalIPs | indent 4 }}
-{{- end }}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - name: http
-      port: {{ .Values.service.port }}
-      protocol: TCP
-      targetPort: http
-{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{.Values.service.nodePort}}
-{{ end }}
-  selector:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/jellyfin/templates/tvshows-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.tvshows.enabled (not .Values.persistence.tvshows.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "jellyfin.fullname" . }}-tvshows
-  {{- if .Values.persistence.tvshows.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.tvshows.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.tvshows.size | quote }}
-{{- if .Values.persistence.tvshows.storageClass }}
-{{- if (eq "-" .Values.persistence.tvshows.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.tvshows.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/jellyfin/values.yaml

@@ -1,152 +1,35 @@
 # Default values for jellyfin.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
 
 image:
   repository: linuxserver/jellyfin
-  tag: 10.6.3-1-ls70
   pullPolicy: IfNotPresent
+  tag: version-10.6.4-1
 
-# upgrade strategy type (e.g. Recreate or RollingUpdate)
-strategyType: Recreate
-
-# Probes configuration
-probes:
-  liveness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-
-nameOverride: ""
-fullnameOverride: ""
-
-timezone: UTC
-puid: 1001
-pgid: 1001
-umaskSet: "022"
+strategy:
+  type: Recreate
 
 service:
-  type: ClusterIP
-  port: 8096
-  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  # nodePort:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  ## Use loadBalancerIP to request a specific static IP,
-  ## otherwise leave blank
-  ##
-  loadBalancerIP:
-  # loadBalancerSourceRanges: []
-  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
-  # externalTrafficPolicy: Cluster
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  labels: {}
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+  port:
+    port: 8096
 
 persistence:
   config:
-    enabled: true
-    ## jellyfin configuration data Persistent Volume Storage Class
+    enabled: false
+    emptyDir: false
+
+  media:
+    enabled: false
+    emptyDir: false
+    mountPath: /media
+    ## Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
     ## If undefined (the default) or set to null, no storageClassName spec is
     ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
     ##   GKE, AWS & OpenStack)
-    ##
     # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    accessMode: ReadWriteOnce
-    size: 1Gi
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
     ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  tvshows:
-    enabled: true
-    ## jellyfin tv volume configuration
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  movies:
-    enabled: true
-    ## jellyfin movie volume configuration
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  extraExistingClaimMounts: []
-    # - name: external-mount
-    #   mountPath: /srv/external-mount
-    ## A manually managed Persistent Volume and Claim
-    ## If defined, PVC must be created manually before volume will be bound
-    #   existingClaim:
-    #   readOnly: true
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}
-
-deploymentAnnotations: {}
+    # skipuninstall: false
+    # existingClaim: ""

charts/lidarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.8.0.1886
 description: Looks and smells like Sonarr but made for music
 name: lidarr
-version: 5.1.0
+version: 5.4.0
 keywords:
   - lidarr
   - torrent
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.2.0
+    version: ^1.5.0

charts/lidarr/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-0.8.0.1886
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 8686

charts/node-red/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.0.6-12
 description: Node-RED is low-code programming for event-driven applications
 name: node-red
-version: 3.1.0
+version: 3.3.0
 keywords:
   - nodered
   - node-red

charts/node-red/README.md

@@ -36,46 +36,59 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following tables lists the configurable parameters of the Node-RED chart and their default values.
 
-| Parameter                          | Description                                                             | Default                   |
-|:---------------------------------- |:----------------------------------------------------------------------- |:------------------------- |
-| `image.repository`                 | node-red image                                                          | `nodered/node-red`        |
-| `image.tag`                        | node-red image tag                                                      | `1.0.6-12-minimal`        |
-| `image.pullPolicy`                 | node-red image pull policy                                              | `IfNotPresent`            |
-| `strategyType`                     | Specifies the strategy used to replace old Pods by new ones             | `Recreate`                |
-| `serviceAccountName`               | Service account to run the pod as                                       | ``                        |
-| `livenessProbePath`                | Default livenessProbe path                                              | `/`                       |
-| `readinessProbePath`               | Default readinessProbe path                                             | `/`                       |
-| `flows`                            | Default flows configuration                                             | `flows.json`              |
-| `safeMode`                         | Setting to true starts Node-RED in safe (not running) mode              | `false`                   |
-| `enableProjects`                   | setting to true starts Node-RED with the projects feature enabled       | `false`                   |
-| `nodeOptions`                      | Node.js runtime arguments                                               | ``                        |
-| `extraEnvs`                        | Extra environment variables which will be appended to the env           | `[]`                      |
-| `timezone`                         | Default timezone                                                        | `UTC`                     |
-| `service.type`                     | Kubernetes service type for the GUI                                     | `ClusterIP`               |
-| `service.port`                     | Kubernetes port where the GUI is exposed                                | `1880`                    |
-| `service.nodePort`                 | Kubernetes nodePort where the GUI is exposed                            | ``                        |
-| `service.annotations`              | Service annotations for the GUI                                         | `{}`                      |
-| `service.labels`                   | Custom labels                                                           | `{}`                      |
-| `service.loadBalancerIP`           | Loadbalance IP for the GUI                                              | `{}`                      |
-| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported)         | None                      |
-| `service.externalTrafficPolicy`    | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster`                 |
-| `ingress.enabled`                  | Enables Ingress                                                         | `false`                   |
-| `ingress.annotations`              | Ingress annotations                                                     | `{}`                      |
-| `ingress.path`                     | Ingress path                                                            | `/`                       |
-| `ingress.hosts`                    | Ingress accepted hostnames                                              | `chart-example.local`     |
-| `ingress.tls`                      | Ingress TLS configuration                                               | `[]`                      |
-| `persistence.enabled`              | Use persistent volume to store data                                     | `false`                   |
-| `persistence.size`                 | Size of persistent volume claim                                         | `5Gi`                     |
-| `persistence.existingClaim`        | Use an existing PVC to persist data                                     | `nil`                     |
-| `persistence.storageClass`         | Type of persistent volume claim                                         | `-`                       |
-| `persistence.accessModes`          | Persistence access modes                                                | `ReadWriteOnce`           |
-| `persistence.subPath`              | Mount a sub dir of the persistent volume                                | `nil`                     |
-| `resources`                        | CPU/Memory resource requests/limits                                     | `{}`                      |
-| `nodeSelector`                     | Node labels for pod assignment                                          | `{}`                      |
-| `tolerations`                      | Toleration labels for pod assignment                                    | `[]`                      |
-| `affinity`                         | Affinity settings for pod assignment                                    | `{}`                      |
-| `podAnnotations`                   | Key-value pairs to add as pod annotations                               | `{}`                      |
-| `deploymentAnnotations`            | Key-value pairs to add as deployment annotations                        | `{}`                      |
+| Parameter                             | Description                                                             | Default                   |
+|:------------------------------------- |:----------------------------------------------------------------------- |:------------------------- |
+| `image.repository`                    | node-red image                                                          | `nodered/node-red`        |
+| `image.tag`                           | node-red image tag                                                      | `1.0.6-12-minimal`        |
+| `image.pullPolicy`                    | node-red image pull policy                                              | `IfNotPresent`            |
+| `strategyType`                        | Specifies the strategy used to replace old Pods by new ones             | `Recreate`                |
+| `serviceAccountName`                  | Service account to run the pod as                                       | ``                        |
+| `probes.liveness.enabled`             | Enable/ disable livenessProbe                                           | `true`                    |
+| `probes.liveness.probePath`           | Set livenessProbe path                                                  | `/`                       |
+| `probes.liveness.initialDelaySeconds` | Set livenessProbe initial delay                                         | 60                        |
+| `probes.liveness.failureThreshold`    | Set livenessProbe failure threshold                                     | 5                         |
+| `probes.liveness.timeoutSeconds`      | Set livenessProbe timeout                                               | 10                        |
+| `probes.readiness.enabled`            | Enable/ disable readinessProbe                                          | `true`                    |
+| `probes.readiness.probePath`          | Set readinessProbe path                                                 | `/`                       |
+| `probes.readiness.initialDelaySeconds`| Set readinessProbe initial delay                                        | 60                        |
+| `probes.readiness.failureThreshold`   | Set readinessProbe failure threshold                                    | 5                         |
+| `probes.readiness.timeoutSeconds`     | Set readinessProbe timeout                                              | 10                        |
+| `probes.startup.enabled`              | Enable/ disable readinessProbe                                          | `false`                   |
+| `probes.startup.probePath`            | Set startupProbe path                                                   | `/`                       |
+| `probes.startup.failureThreshold`     | Set startupProbe failure threshold                                      | 30                        |
+| `probes.startup.periodSeconds`        | Set startupProbe period                                                 | 10                        |
+| `flows`                               | Default flows configuration                                             | `flows.json`              |
+| `safeMode`                            | Setting to true starts Node-RED in safe (not running) mode              | `false`                   |
+| `enableProjects`                      | setting to true starts Node-RED with the projects feature enabled       | `false`                   |
+| `nodeOptions`                         | Node.js runtime arguments                                               | ``                        |
+| `extraEnvs`                           | Extra environment variables which will be appended to the env           | `[]`                      |
+| `timezone`                            | Default timezone                                                        | `UTC`                     |
+| `service.type`                        | Kubernetes service type for the GUI                                     | `ClusterIP`               |
+| `service.port`                        | Kubernetes port where the GUI is exposed                                | `1880`                    |
+| `service.nodePort`                    | Kubernetes nodePort where the GUI is exposed                            | ``                        |
+| `service.annotations`                 | Service annotations for the GUI                                         | `{}`                      |
+| `service.labels`                      | Custom labels                                                           | `{}`                      |
+| `service.loadBalancerIP`              | Loadbalance IP for the GUI                                              | `{}`                      |
+| `service.loadBalancerSourceRanges`    | List of IP CIDRs allowed access to load balancer (if supported)         | None                      |
+| `service.externalTrafficPolicy`       | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster`                 |
+| `ingress.enabled`                     | Enables Ingress                                                         | `false`                   |
+| `ingress.annotations`                 | Ingress annotations                                                     | `{}`                      |
+| `ingress.path`                        | Ingress path                                                            | `/`                       |
+| `ingress.hosts`                       | Ingress accepted hostnames                                              | `chart-example.local`     |
+| `ingress.tls`                         | Ingress TLS configuration                                               | `[]`                      |
+| `persistence.enabled`                 | Use persistent volume to store data                                     | `false`                   |
+| `persistence.size`                    | Size of persistent volume claim                                         | `5Gi`                     |
+| `persistence.existingClaim`           | Use an existing PVC to persist data                                     | `nil`                     |
+| `persistence.storageClass`            | Type of persistent volume claim                                         | `-`                       |
+| `persistence.accessModes`             | Persistence access modes                                                | `ReadWriteOnce`           |
+| `persistence.subPath`                 | Mount a sub dir of the persistent volume                                | `nil`                     |
+| `resources`                           | CPU/Memory resource requests/limits                                     | `{}`                      |
+| `nodeSelector`                        | Node labels for pod assignment                                          | `{}`                      |
+| `tolerations`                         | Toleration labels for pod assignment                                    | `[]`                      |
+| `affinity`                            | Affinity settings for pod assignment                                    | `{}`                      |
+| `podAnnotations`                      | Key-value pairs to add as pod annotations                               | `{}`                      |
+| `deploymentAnnotations`               | Key-value pairs to add as deployment annotations                        | `{}`                      |
+| `hostAliases`                         | Specify /etc/hosts entries                                              | `[]`                      |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

charts/node-red/templates/deployment.yaml

@@ -44,14 +44,32 @@ spec:
             - name: http
               containerPort: 1880
               protocol: TCP
+          {{- if .Values.probes.liveness.enabled }}
           livenessProbe:
             httpGet:
-              path: {{ .Values.livenessProbePath }}
+              path: {{ .Values.probes.liveness.probePath }}
               port: http
+            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.probes.readiness.enabled }}
           readinessProbe:
             httpGet:
-              path: {{ .Values.readinessProbePath }}
+              path: {{ .Values.probes.readiness.probePath }}
               port: http
+            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.probes.startup.enabled }}
+          startupProbe:
+            httpGet:
+              path: {{ .Values.probes.startup.probePath }}
+              port: http
+            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
+          {{- end }}
           env:
             - name: FLOWS
               value: "{{ .Values.flows }}"
@@ -82,6 +100,10 @@ spec:
         {{- else }}
           emptyDir: {}
         {{ end }}
+    {{- if .Values.hostAliases }}
+      hostAliases:
+{{ toYaml .Values.hostAliases | indent 8 }}
+    {{- end }}
     {{- with .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml . | indent 8 }}

charts/node-red/values.yaml

@@ -15,8 +15,31 @@ fullnameOverride: ""
 
 serviceAccountName: ""
 
-livenessProbePath: /
-readinessProbePath: /
+# Probes configuration
+# ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+probes:
+  liveness:
+    # Indicates whether the container is running. If the liveness probe fails, the kubelet kills the container
+    # and the container is subjected to its restart policy.
+    enabled: true
+    probePath: /
+    initialDelaySeconds: 60
+    failureThreshold: 5
+    timeoutSeconds: 10
+  readiness:
+    # Indicates whether the container is ready to respond to requests.
+    enabled: true
+    probePath: /
+    initialDelaySeconds: 60
+    failureThreshold: 5
+    timeoutSeconds: 10
+  startup:
+    # Indicates whether the application within the container is started.
+    # All other probes are disabled if a startup probe is provided, until it succeeds.
+    enabled: false
+    probePath: /
+    failureThreshold: 30
+    periodSeconds: 10
 
 flows: "flows.json"
 safeMode: "false"
@@ -46,6 +69,14 @@ service:
   ## Set the externalTrafficPolicy in the Service to either Cluster or Local
   # externalTrafficPolicy: Cluster
 
+hostAliases: []
+  # Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  # - ip: "192.168.1.100"
+  #   hostnames:
+  #   - "example.com"
+  #   - "www.example.com"
+
 ingress:
   enabled: false
   annotations: {}

charts/nzbget/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v21.0
 description: NZBGet is a Usenet downloader client
 name: nzbget
-version: 6.1.0
+version: 6.4.0
 keywords:
   - nzbget
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.2.0
+    version: ^1.5.0

charts/nzbget/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v21.0
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 6789

charts/nzbhydra2/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v3.4.3
 description: Usenet meta search
 name: nzbhydra2
-version: 4.1.0
+version: 4.4.0
 keywords:
   - nzbhydra2
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.2.0
+    version: ^1.5.0

charts/nzbhydra2/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v3.4.3
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 5076

charts/oauth2-proxy/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+OWNERS

charts/oauth2-proxy/Chart.yaml

@@ -0,0 +1,20 @@
+name: oauth2-proxy
+version: 4.0.0
+apiVersion: v1
+appVersion: 5.1.0
+home: https://pusher.github.io/oauth2_proxy/
+description: A reverse proxy that provides authentication with Google, Github or other providers
+keywords:
+- kubernetes
+- oauth
+- oauth2
+- authentication
+- google
+- github
+sources:
+- https://github.com/pusher/oauth2_proxy
+engine: gotpl
+kubeVersion: ">=1.9.0-0"
+maintainers:
+  - name: carpenike
+    email: ryan@ryanholt.net

charts/oauth2-proxy/README.md

@@ -0,0 +1,170 @@
+# oauth2-proxy
+
+[oauth2-proxy](https://github.com/pusher/oauth2_proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
+
+## TL;DR;
+
+```console
+$ helm install stable/oauth2-proxy
+```
+
+## Introduction
+
+This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install stable/oauth2-proxy --name my-release
+```
+
+The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 1.0.0
+
+This version upgrade oauth2-proxy to v4.0.0. Please see the [changelog](https://github.com/pusher/oauth2_proxy/blob/v4.0.0/CHANGELOG.md#v400) in order to upgrade.
+
+### To 2.0.0
+
+Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`.  See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
+
+Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade`of this chart from versions earlier than 2.0.0.
+
+### To 3.0.0
+
+Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart.  This is a breaking change since the service account is enabled by default.  To disable this behaviour set `serviceAccount.enabled` to `false`
+
+### To 4.0.0
+
+This is a breaking change as the chart was moved to k8s-at-home. No other change on top of the 3.x.x branch.
+
+## Configuration
+
+The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`affinity` | node/pod affinities | None
+`authenticatedEmailsFile.enabled` | Enables authorize individual email addresses | `false`
+`authenticatedEmailsFile.template` | Name of the configmap that is handled outside of that chart | `""`
+`authenticatedEmailsFile.restricted_access` | [email addresses](https://github.com/pusher/oauth2_proxy#email-authentication) list config | `""`
+`config.clientID` | oauth client ID | `""`
+`config.clientSecret` | oauth client secret | `""`
+`config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 | head -c 32 | base64` | `""`
+`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/secret.yaml) for the required values | `nil`
+`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/pusher/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example) contents for settings not overridable via environment nor command line | `""`
+`config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/configmap.yaml) for the required values | `nil`
+`config.google.adminEmail` | user impersonated by the google service account | `""`
+`config.google.serviceAccountJson` | google service account json contents | `""`
+`config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil`
+`extraArgs` | key:value list of extra arguments to give the binary | `{}`
+`extraEnv` | key:value list of extra environment variables to give the binary | `[]`
+`extraVolumes` | list of extra volumes | `[]`
+`extraVolumeMounts` | list of extra volumeMounts | `[]`
+`htpasswdFile.enabled` | enable htpasswd-file option | `false`
+`htpasswdFile.entries` | list of [SHA encrypted user:passwords](https://pusher.github.io/oauth2_proxy/configuration#command-line-options) | `{}`
+`htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""`
+`httpScheme` | `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http`
+`image.pullPolicy` | Image pull policy | `IfNotPresent`
+`image.repository` | Image repository | `quay.io/pusher/oauth2_proxy`
+`image.tag` | Image tag | `v5.1.0`
+`imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods)
+`ingress.enabled` | Enable Ingress | `false`
+`ingress.path` | Ingress accepted path | `/`
+`ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`
+`ingress.annotations` | Ingress annotations | `nil`
+`ingress.hosts` | Ingress accepted hostnames | `nil`
+`ingress.tls` | Ingress TLS configuration | `nil`
+`livenessProbe.enabled`  | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`livenessProbe.initialDelaySeconds` | number of seconds | 0
+`livenessProbe.timeoutSeconds` | number of seconds | 1
+`nodeSelector` | node labels for pod assignment | `{}`
+`podAnnotations` | annotations to add to each pod | `{}`
+`podLabels` | additional labesl to add to each pod | `{}`
+`podDisruptionBudget.enabled`| Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true
+`podDisruptionBudget.minAvailable`| minAvailable parameter for PodDisruptionBudget | 1
+`podSecurityContext` | Kubernetes security context to apply to pod | `{}`
+`priorityClassName` | priorityClassName | `nil`
+`readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`readinessProbe.initialDelaySeconds` | number of seconds | 0
+`readinessProbe.timeoutSeconds` | number of seconds | 1
+`readinessProbe.periodSeconds` | number of seconds | 10
+`readinessProbe.successThreshold` | number of successes | 1
+`replicaCount` | desired number of pods | `1`
+`resources` | pod resource requests & limits | `{}`
+`service.port` | port for the service | `80`
+`service.type` | type of service | `ClusterIP`
+`service.clusterIP` | cluster ip address | `nil`
+`service.loadBalancerIP` | ip of load balancer | `nil`
+`service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil`
+`serviceAccount.enabled` | create a service account | `true`
+`serviceAccount.name` | the service account name | ``
+`serviceAccount.annotations` | (optional) annotations for the service account | `{}`
+`tolerations` | list of node taints to tolerate | `[]`
+`securityContext.enabled` | enable Kubernetes security context on container | `false`
+`securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
+`proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install stable/oauth2-proxy --name my-release \
+  --set=image.tag=v0.0.2,resources.limits.cpu=200m
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install stable/oauth2-proxy --name my-release -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## SSL Configuration
+
+See: [SSL Configuration](https://pusher.github.io/oauth2_proxy/tls-configuration).
+Use ```values.yaml``` like:
+
+```yaml
+...
+extraArgs:
+  tls-cert: /path/to/cert.pem
+  tls-key: /path/to/cert.key
+
+extraVolumes:
+  - name: ssl-cert
+    secret:
+      secretName: my-ssl-secret
+
+extraVolumeMounts:
+  - mountPath: /path/to/
+    name: ssl-cert
+...
+```
+
+With a secret called `my-ssl-secret`:
+
+```yaml
+...
+data:
+  cert.pem: AB..==
+  cert.key: CD..==
+```

charts/oauth2-proxy/ci/default-values.yaml

@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.

charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml

@@ -0,0 +1,6 @@
+ingress:
+  extraPaths:
+  - path: /*
+    backend:
+      serviceName: ssl-redirect
+      servicePort: use-annotation

charts/oauth2-proxy/ci/pdb-values.yaml

@@ -0,0 +1 @@
+replicaCount: 2  # Enables PodDisruptionBudget which is disabled when replicaCount is 1

charts/oauth2-proxy/ci/pod-security-context-values.yaml

@@ -0,0 +1,4 @@
+# Allocate a FSGroup that owns the pod’s volumes via podSecurityContext
+---
+podSecurityContext:
+  fsGroup: 2000

charts/oauth2-proxy/default-values.yaml

@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.

charts/oauth2-proxy/pdb-values.yaml

@@ -0,0 +1,2 @@
+# Will trigger creation of pdb
+replicaCount: 2

charts/oauth2-proxy/templates/NOTES.txt

@@ -0,0 +1,3 @@
+To verify that oauth2-proxy has started, run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.fullname" . }}"

charts/oauth2-proxy/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "unifi-poller.name" -}}
+{{- define "oauth2-proxy.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "unifi-poller.fullname" -}}
+{{- define "oauth2-proxy.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,29 +27,27 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "unifi-poller.chart" -}}
+{{- define "oauth2-proxy.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
-Common labels
+Get the secret name.
 */}}
-{{- define "unifi-poller.labels" -}}
-app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-helm.sh/chart: {{ include "unifi-poller.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- define "oauth2-proxy.secretName" -}}
+{{- if .Values.config.existingSecret -}}
+{{- printf "%s" .Values.config.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "oauth2-proxy.fullname" .) -}}
+{{- end -}}
 {{- end -}}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "unifi-poller.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "unifi-poller.fullname" .) .Values.serviceAccount.name }}
+{{- define "oauth2-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+    {{ default (include "oauth2-proxy.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}

charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.authenticatedEmailsFile.enabled }}
+{{- if .Values.authenticatedEmailsFile.restricted_access }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+data:
+  restricted_user_access: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/templates/configmap-htpasswd-file.yaml

@@ -0,0 +1,17 @@
+{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+type: Opaque
+stringData:
+  users.txt: |-
+    {{- range $entries := .Values.htpasswdFile.entries }}
+    {{ $entries }}
+    {{- end -}}
+{{- end }}

charts/oauth2-proxy/templates/configmap.yaml

@@ -0,0 +1,15 @@
+{{- if not .Values.config.existingConfig }}
+{{- if .Values.config.configFile }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+data:
+  oauth2_proxy.cfg: {{ .Values.config.configFile | quote }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/templates/deployment.yaml

@@ -0,0 +1,206 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "oauth2-proxy.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }}
+{{- if .Values.htpasswdFile.enabled }}
+        checksum/htpasswd: {{ include (print $.Template.BasePath "/configmap-htpasswd-file.yaml") . | sha256sum }}
+{{- end }}
+    {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+    {{- end }}
+      labels:
+        app: {{ template "oauth2-proxy.name" . }}
+        release: "{{ .Release.Name }}"
+      {{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+    {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --http-address=0.0.0.0:4180
+        {{- range $key, $value := .Values.extraArgs }}
+          {{- if $value }}
+          - --{{ $key }}={{ $value }}
+          {{- else }}
+          - --{{ $key }}
+          {{- end }}
+        {{- end }}
+        {{- if or .Values.config.existingConfig .Values.config.configFile }}
+          - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
+        {{- end }}
+        {{- if .Values.authenticatedEmailsFile.enabled }}
+        {{- if .Values.authenticatedEmailsFile.template }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }}
+        {{- else }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list
+        {{- end }}
+        {{- end }}
+        {{- with .Values.config.google }}
+        {{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+          - --google-admin-email={{ .adminEmail }}
+          - --google-service-account-json=/google/service-account.json
+        {{- end }}
+        {{- end }}
+        {{- if .Values.htpasswdFile.enabled }}
+          - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt
+        {{- end }}
+        env:
+        {{- if .Values.proxyVarsAsSecrets }}
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-id
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-secret
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: cookie-secret
+        {{- end }}
+        {{- if .Values.extraEnv }}
+{{ toYaml .Values.extraEnv | indent 8 }}
+        {{- end }}
+        ports:
+          - containerPort: 4180
+            name: {{ .Values.httpScheme }}
+            protocol: TCP
+{{- if .Values.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+{{- end }}
+{{- if .Values.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.readinessProbe.successThreshold }}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+{{- end }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        volumeMounts:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+        - name: google-secret
+          mountPath: /google
+          readOnly: true
+{{- end }}
+{{- end }}
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+        - mountPath: /etc/oauth2_proxy
+          name: configmain
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+        - mountPath: /etc/oauth2-proxy
+          name: configaccesslist
+          readOnly: true
+{{- end }}
+{{- if .Values.htpasswdFile.enabled }}
+        - mountPath: /etc/oauth2_proxy/htpasswd
+          name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+          readOnly: true
+{{- end }}
+{{- if ne (len .Values.extraVolumeMounts) 0 }}
+{{ toYaml .Values.extraVolumeMounts | indent 8 }}
+{{- end }}
+{{- if .Values.securityContext.enabled }}
+        securityContext:
+          runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
+{{- end}}
+      volumes:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+      - name: google-secret
+        secret:
+          secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" $ }}{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.htpasswdFile.enabled }}
+      - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+        secret:
+          secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }}
+{{- end }}
+
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+      - configMap:
+          defaultMode: 420
+          name: {{ if .Values.config.existingConfig }}{{ .Values.config.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}{{ end }}
+        name: configmain
+{{- end }}
+{{- if ne (len .Values.extraVolumes) 0 }}
+{{ toYaml .Values.extraVolumes | indent 6 }}
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+      - configMap:
+{{- if .Values.authenticatedEmailsFile.template }}
+          name: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+          name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+          items:
+          - key: restricted_user_access
+{{- if .Values.authenticatedEmailsFile.template }}
+            path: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+            path: authenticated-emails-list
+{{- end }}
+        name: configaccesslist
+{{- end }}
+
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+    {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+    {{- end }}
+    {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+    {{- end }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}

charts/oauth2-proxy/templates/google-secret.yaml

@@ -0,0 +1,14 @@
+{{- if and .Values.config.google (not .Values.config.google.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-google
+type: Opaque
+data:
+  service-account.json: {{ .serviceAccountJson }}
+{{- end -}}

charts/oauth2-proxy/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "oauth2-proxy.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  rules:
+    {{- range $host := .Values.ingress.hosts }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+    {{- end -}}
+  {{- if .Values.ingress.tls }}
+  tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+  {{- end -}}
+{{- end -}}

charts/oauth2-proxy/templates/poddisruptionbudget.yaml

@@ -0,0 +1,17 @@
+{{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "oauth2-proxy.name" . }}
+      release: {{ .Release.Name }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}

charts/oauth2-proxy/templates/secret.yaml

@@ -0,0 +1,16 @@
+{{- if and (not .Values.config.existingSecret) (.Values.proxyVarsAsSecrets) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+type: Opaque
+data:
+  cookie-secret: {{ .Values.config.cookieSecret | b64enc | quote }}
+  client-secret: {{ .Values.config.clientSecret | b64enc | quote }}
+  client-id: {{ .Values.config.clientID | b64enc | quote }}
+{{- end -}}

charts/oauth2-proxy/templates/service.yaml

@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- if .Values.service.annotations }}
+  annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+  type: ClusterIP
+  {{- if .Values.service.clusterIP }}
+  clusterIP: {{ .Values.service.clusterIP }}
+  {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+{{- else }}
+  type: {{ .Values.service.type }}
+{{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.httpScheme }}
+      protocol: TCP
+      name: {{ .Values.httpScheme }}
+  selector:
+    app: {{ template "oauth2-proxy.name" . }}
+    release: {{ .Release.Name }}

charts/oauth2-proxy/templates/serviceaccount.yaml

@@ -0,0 +1,15 @@
+{{- if or .Values.serviceAccount.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- end -}}

charts/oauth2-proxy/values.yaml

@@ -0,0 +1,184 @@
+# Oauth client configuration specifics
+config:
+  # OAuth client ID
+  clientID: "XXXXXXX"
+  # OAuth client secret
+  clientSecret: "XXXXXXXX"
+  # Create a new secret with the following command
+  # openssl rand -base64 32 | head -c 32 | base64
+  # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
+  # Example:
+  # existingSecret: secret
+  cookieSecret: "XXXXXXXXXX"
+  google: {}
+    # adminEmail: xxxx
+    # serviceAccountJson: xxxx
+    # Alternatively, use an existing secret (see google-secret.yaml for required fields)
+    # Example:
+    # existingSecret: google-secret
+  # Default configuration, to be overridden
+  configFile: |-
+    email_domains = [ "*" ]
+    upstreams = [ "file:///dev/null" ]
+  # Custom configuration file: oauth2_proxy.cfg
+  # configFile: |-
+  #   pass_basic_auth = false
+  #   pass_access_token = true
+  # Use an existing config map (see configmap.yaml for required fields)
+  # Example:
+  # existingConfig: config
+
+image:
+  repository: "quay.io/pusher/oauth2_proxy"
+  tag: "v5.1.0"
+  pullPolicy: "IfNotPresent"
+
+# Optionally specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+# imagePullSecrets:
+  # - name: myRegistryKeySecretName
+
+extraArgs: {}
+extraEnv: []
+
+# To authorize individual email addresses
+# That is part of extraArgs but since this needs special treatment we need to do a separate section
+authenticatedEmailsFile:
+  enabled: false
+  # template is the name of the configmap what contains the email user list but has been configured without this chart.
+  # It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service.
+  # Be aware the value name in the extern config map in data needs to be named to "restricted_user_access".
+  template: ""
+  # One email per line
+  # example:
+  # restricted_access: |-
+  #   name1@domain
+  #   name2@domain
+  # If you override the config with restricted_access it will configure a user list within this chart what takes care of the
+  # config map resource.
+  restricted_access: ""
+
+service:
+  type: ClusterIP
+  # when service.type is ClusterIP ...
+  # clusterIP: 192.0.2.20
+  # when service.type is LoadBalancer ...
+  # loadBalancerIP: 198.51.100.40
+  # loadBalancerSourceRanges: 203.0.113.0/24
+  port: 80
+  annotations: {}
+  # foo.io/bar: "true"
+
+## Create or use ServiceAccount
+serviceAccount:
+  ## Specifies whether a ServiceAccount should be created
+  enabled: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  name:
+  annotations: {}
+
+ingress:
+  enabled: false
+  path: /
+  # Used to create an Ingress record.
+  # hosts:
+    # - chart-example.local
+  # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
+  # extraPaths:
+  # - path: /*
+  #   backend:
+  #     serviceName: ssl-redirect
+  #     servicePort: use-annotation
+  # annotations:
+  #   kubernetes.io/ingress.class: nginx
+  #   kubernetes.io/tls-acme: "true"
+  # tls:
+    # Secrets must be manually created in the namespace.
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+
+resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 300Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 300Mi
+
+extraVolumes: []
+  # - name: ca-bundle-cert
+  #   secret:
+  #     secretName: <secret-name>
+
+extraVolumeMounts: []
+  # - mountPath: /etc/ssl/certs/
+  #   name: ca-bundle-cert
+
+priorityClassName: ""
+
+# Affinity for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+# affinity: {}
+
+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
+proxyVarsAsSecrets: true
+
+# Configure Kubernetes liveness and readiness probes.
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 0
+  timeoutSeconds: 1
+
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 0
+  timeoutSeconds: 1
+  periodSeconds: 10
+  successThreshold: 1
+
+# Configure Kubernetes security context for container
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext:
+  enabled: false
+  runAsNonRoot: true
+
+podAnnotations: {}
+podLabels: {}
+replicaCount: 1
+
+## PodDisruptionBudget settings
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+podDisruptionBudget:
+  enabled: true
+  minAvailable: 1
+
+# Configure Kubernetes security context for pod
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+podSecurityContext: {}
+
+# whether to use http or https
+httpScheme: http
+
+# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption.
+# Alternatively supply an existing secret which contains the required information.
+htpasswdFile:
+  enabled: false
+  existingSecret: ""
+  entries: {}
+  # One row for each user
+  # example:
+  # entries:
+  #  - testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv

charts/ombi/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.681
 description: Want a Movie or TV Show on Plex or Emby? Use Ombi!
 name: ombi
-version: 5.1.0
+version: 5.4.0
 keywords:
   - ombi
   - plex
@@ -21,4 +21,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.2.0
+    version: ^1.5.0

charts/ombi/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v4.0.681
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 3579

charts/organizr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: latest
 description: HTPC/Homelab Services Organizer
 name: organizr
-version: 2.1.0
+version: 2.4.0
 keywords:
   - organizr
 home: https://github.com/k8s-at-home/charts/tree/master/charts/organizr
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.2.0
+    version: ^1.5.0

charts/organizr/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: Always
   tag: latest
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 80

charts/piaware/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v3.8.1
+appVersion: v4.0
 description: Program for forwarding ADS-B data to FlightAware
 name: piaware
-version: 2.1.0
+version: 3.0.0
 keywords:
   - piaware
   - flight-aware
@@ -14,3 +14,7 @@ sources:
 maintainers:
   - name: billimek
     email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.0

charts/piaware/README.md

@@ -1,6 +1,6 @@
-# piaware: Program for forwarding ADS-B data to FlightAware
+# piaware
 
-This is a helm chart for [piaware](https://github.com/flightaware/piaware)
+This is a helm chart for [piaware](https://github.com/flightaware/piaware).
 
 ## TL;DR;
 
@@ -17,18 +17,22 @@ To install the chart with the release name `my-release`:
 helm install --name my-release k8s-at-home/piaware
 ```
 
-### Configuration
-There are two main options for this chart, either use a UBB device on the node where the pod runs or use 
-[readsb](https://hub.docker.com/r/mikenye/readsb) with beast
+**IMPORTANT NOTE:** a piaware device must be accessible on the node where this pod runs, in order for this chart to function properly.
 
-#### USB
-Set the value 
+First, you will need to mount your piaware device into the pod, you can do so by adding the following to your values:
 
-    device: "/dev/bus/usb/001/004"
+```yaml
+additionalVolumeMounts:
+  - name: usb
+    mountPath: /path/to/device
 
-**IMPORTANT NOTE:** a flight-aware USB device must be accessible on the node where this pod runs, in order for this chart to function properly.
+additionalVolumes:
+  - name: usb
+    hostPath:
+      path: /path/to/device
+```
 
-A way to achieve this can be with nodeAffinity rules, for example:
+Second you will need to set a nodeAffinity rule, for example:
 
 ```yaml
 affinity:
@@ -39,16 +43,10 @@ affinity:
         - key: app
           operator: In
           values:
-          - flight-aware
+          - piaware
 ```
 
-... where a node with an attached flight-aware USB device is labeled with `app: flight-aware`
-
-#### Beast
-Use this together with the [readsb](https://hub.docker.com/r/mikenye/readsb) 
-Set the value
-
-    beastHost: <host running readsb>
+... where a node with an attached piaware USB device is labeled with `app: piaware`
 
 ## Uninstalling the Chart
 
@@ -60,20 +58,49 @@ helm delete my-release --purge
 
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
-## Configuration
-
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/piaware/values.yaml) file. It has several commented out suggested values.
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/piaware/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
 ```console
-helm install --name my-release \
-  --set feederId="nosecrets" \
+helm install my-release \
+  --set env.TZ="America/New_York" \
     k8s-at-home/piaware
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
 ```console
-helm install --name my-release -f values.yaml k8s-at-home/piaware
+helm install my-release k8s-at-home/piaware --values values.yaml 
 ```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+As of 3.0.0 this chart was migrated to a centralized [common](https://github.com/k8s-at-home/charts/tree/master/charts/common) library, some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the [common](https://github.com/k8s-at-home/charts/tree/master/charts/common) library for more configuration options.

charts/piaware/ci/ct-values.yaml

@@ -0,0 +1,5 @@
+ingress:
+  enabled: true
+env:
+  LAT: "29.9792"
+  LONG: "31.1342"