[multiple] Update library (#135)

* sabnzbd: use common chart

* remove app name in app.env example

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,7 @@
+#### Special notes for your reviewer:
+
+#### Checklist
+[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
+- [ ] Chart Version bumped
+- [ ] Variables are documented in the README.md
+- [ ] Title of the PR starts with chart name (e.g. `[radarr]`)

.github/workflows/lint-test.yaml

@@ -0,0 +1,28 @@
+name: Lint and Test Charts
+on: pull_request
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Fetch history
+        run: |
+          git fetch --prune --unshallow;
+          echo ::set-env name=commitmsg::$(git log --format=%B -n 1 ${{ github.event.after }})
+      - name: Run chart-testing (lint)
+        id: lint
+        uses: helm/chart-testing-action@v1.0.0
+        if: "! contains(env.commitmsg, '[skip lint]')"
+        with:
+          command: lint
+          config: ct.yaml
+      - name: Create kind cluster
+        uses: helm/kind-action@v1.0.0
+        if: "steps.lint.outputs.changed == 'true' && ! contains(env.commitmsg, '[skip install]')"
+      - name: Run chart-testing (install)
+        uses: helm/chart-testing-action@v1.0.0
+        if: "steps.lint.outputs.changed == 'true' && ! contains(env.commitmsg, '[skip install]')"
+        with:
+          command: install
+          config: ct.yaml

.github/workflows/release.yaml

@@ -0,0 +1,45 @@
+
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  release:
+    timeout-minutes: 5
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Turnstyle
+        uses: softprops/turnstyle@v1
+        with:
+          continue-after-seconds: 180
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Fetch history
+        run: git fetch --prune --unshallow
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+      # See https://github.com/helm/chart-releaser-action/issues/6
+      - name: Install Helm
+        run: |
+          curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+          chmod 700 get_helm.sh
+          ./get_helm.sh
+      - name: Add dependency chart repos
+        run: |
+          helm repo add stable https://charts.helm.sh/stable
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.0.0
+        with:
+          charts_repo_url: https://k8s-at-home.com/charts/
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -1 +1,4 @@
 .env
+.idea
+charts/*/Chart.lock
+charts/*/charts

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "kube-plex"]
-	path = kube-plex
-	url = https://github.com/billimek/kube-plex.git

.pre-commit-config.yaml

@@ -0,0 +1,13 @@
+# See https://pre-commit.com for more information
+repos:
+- repo: local
+  hooks:
+  - id: ct-lint
+    name: "Chart Test: Lint"
+    language: docker_image
+    pass_filenames: false
+    types: ['file']
+    files: '^charts/.*(\.ya?ml|\.tpl|\.helmignore|NOTES.txt)'
+    entry: -u 0 quay.io/helmpack/chart-testing:v3.0.0 ct
+    args:
+    - lint

CONTRIBUTING.md

@@ -0,0 +1,57 @@
+# Contributing Guidelines
+
+Contributions are welcome via GitHub pull requests. This document outlines the process to help get your contribution accepted.
+
+## Sign off Your Work
+
+The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the [DCO](http://developercertificate.org/). Contributors must sign-off that they adhere to these requirements by adding a `Signed-off-by` line to commit messages.
+
+```
+This is my commit message
+
+Signed-off-by: Random J Developer <random@developer.example.org>
+```
+
+See `git help commit`:
+
+```
+-s, --signoff
+    Add Signed-off-by line by the committer at the end of the commit log
+    message. The meaning of a signoff depends on the project, but it typically
+    certifies that committer has the rights to submit this work under the same
+    license and agrees to a Developer Certificate of Origin (see
+    http://developercertificate.org/ for more information).
+```
+
+## How to Contribute
+
+1. Fork this repository, develop, and test your changes
+1. Remember to sign off your commits as described above
+1. Submit a pull request
+
+***NOTE***: In order to make testing and merging of PRs easier, please submit changes to multiple charts in separate PRs.
+
+### Technical Requirements
+
+* Must follow [Charts best practices](https://helm.sh/docs/topics/chart_best_practices/).
+* Must pass CI jobs for linting and installing changed charts with the [chart-testing](https://github.com/helm/chart-testing) tool See [pre-commit](#pre-commit) below.
+* Any change to a chart requires a version bump following [semver](https://semver.org/) principles. See [Immutability](#immutability) and [Versioning](#versioning) below.
+
+Once changes have been merged, the release job will automatically run to package and release changed charts.
+
+### Immutability
+
+Chart releases must be immutable. Any change to a chart warrants a chart version bump even if it is only changed to the documentation.
+
+### Versioning
+
+The chart `version` should follow [semver](https://semver.org/).
+
+Charts should start at `1.0.0`. Any breaking (backwards incompatible) changes to a chart should:
+
+1. Bump the MAJOR version
+2. In the README, under a section called "Upgrading", describe the manual steps necessary to upgrade to the new (specified) MAJOR version
+
+### pre-commit
+
+This repo supports the [pre-commit](https://pre-commit.com) framework. By installing the framework (see [docs](https://pre-commit.com/#install)) it is possible to perform the chart linting step before committing your code. This can help prevent linter issues in the pipeline. Note that this requires having Docker running on your development environment.

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2020 k8s@Home
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,8 +1,30 @@
-# personal helm charts
+# k8s@Home collection of helm charts
 
-## Installation
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![](https://github.com/k8s-at-home/charts/workflows/Release%20Charts/badge.svg?branch=master)](https://github.com/k8s-at-home/charts/actions)
+[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/k8s-at-home)](https://artifacthub.io/packages/search?repo=k8s-at-home)
+## Usage
+
+[Helm](https://helm.sh) must be installed to use the charts.
+Please refer to Helm's [documentation](https://helm.sh/docs/) to get started.
+
+Once Helm is set up properly, add the repo as follows:
 
 ```console
-helm repo add billimek https://billimek.github.io/helm-repo
-helm search billimek
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
 ```
+
+You can then run `helm search repo k8s-at-home` to see the charts.
+
+## Charts
+
+See [artifact hub](https://artifacthub.io/packages/search?org=k8s-at-home) for a complete list.
+
+## Contributing
+
+See [CONTRIBUTING.md](./CONTRIBUTING.md)
+
+## License
+
+[Apache 2.0 License](./LICENSE)

charts/README.templates.md.gotmpl

@@ -0,0 +1,72 @@
+{{- define "repository.organization" -}}
+  k8s-at-home
+{{- end -}}
+
+{{- define "repository.url" -}}
+  https://github.com/k8s-at-home/charts
+{{- end -}}
+
+{{- define "helm.url" -}}
+  https://k8s-at-home.com/charts/
+{{- end -}}
+
+{{- define "helm.path" -}}
+    {{ template "repository.organization" . }}/{{ template "chart.name" . }}
+{{- end -}}
+{{- define "badge.artifactHub" -}}
+  [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/{{ template "chart.name" . }})](https://artifacthub.io/packages/helm/{{ template "chart.name" . }})
+{{- end -}}
+{{- define "description.multiarch" -}}
+The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
+{{- end -}}
+
+{{- define "install.tldr" -}}
+## TL;DR
+```console
+$ helm repo add {{ template "repository.organization" . }} {{ template "helm.url" . }}
+$ helm install {{ template "helm.path" . }}
+```
+{{- end -}}
+
+{{- define "install" -}}
+## Installing the Chart
+To install the chart with the release name `{{ template "chart.name" . }}`:
+```console
+helm install {{ template "chart.name" . }} {{ template "helm.path" . }}
+```
+{{- end -}}
+
+{{- define "uninstall" -}}
+## Uninstalling the Chart
+To uninstall the `{{ template "chart.name" . }}` deployment:
+```console
+helm uninstall {{ template "chart.name" . }}
+```
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+{{- end -}}
+
+{{- define "configuration.header" -}}
+## Configuration
+{{- end -}}
+
+{{- define "configuration.readValues" -}}
+Read through the [values.yaml]({{ template "repository.url" . }}/blob/master/charts/{{ template "chart.name" . }}/values.yaml)
+file. It has several commented out suggested values.
+{{- end -}}
+
+{{- define "configuration.example.set" -}}
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install {{ template "chart.name" . }} \
+  --set env.TZ="America/New York" \
+    {{ template "helm.path" . }}
+```
+{{- end -}}
+
+{{- define "configuration.example.file" -}}
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+For example,
+```console
+helm install {{ template "chart.name" . }} {{ template "helm.path" . }} --values values.yaml
+```
+{{- end -}}

charts/adguard-home/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/adguard-home/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+appVersion: v0.102.0
+description: DNS proxy as ad-blocker for local network
+name: adguard-home
+version: 2.2.0
+keywords:
+  - adguard-home
+  - adguard
+  - dns
+home: https://github.com/k8s-at-home/charts/tree/master/charts/adguard-home
+icon: https://avatars3.githubusercontent.com/u/8361145?s=200&v=4?sanitize=true
+sources:
+  - https://github.com/AdguardTeam/AdGuardHome
+maintainers:
+  - name: billimek

charts/adguard-home/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek

charts/adguard-home/README.md

@@ -0,0 +1,64 @@
+# DNS proxy as ad-blocker for local network
+
+This is an opinionated helm chart for [adguard-home](https://github.com/AdguardTeam/AdGuardHome)
+
+The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
+
+## TL;DR
+
+```shell
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm install k8s-at-home/adguard-home
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name adguard-home k8s-at-home/adguard-home
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `adguard-home` deployment:
+
+```console
+helm delete adguard-home --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/adguard-home/values.yaml) file. It has several commented out suggested values.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install --name adguard-home \
+  --set timeZone="America/New York" \
+    k8s-at-home/adguard-home
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install --name adguard-home -f values.yaml k8s-at-home/adguard-home
+```
+
+#### Helm force upgrade
+
+```sh
+helm upgrade --force
+```
+
+#### Delete the existing `adguard-home` services prior to upgrading
+
+```sh
+kubectl delete svc/adguard-home
+```
+
+#### Remove the existing adguard-home chart first
+
+This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on adguard-home for DNS

charts/adguard-home/templates/NOTES.txt

@@ -0,0 +1,15 @@
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.serviceUDP.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "adguard-home.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.serviceUDP.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ include "adguard-home.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "adguard-home.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.serviceUDP.port }}
+{{- else if contains "ClusterIP" .Values.serviceUDP.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "adguard-home.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:3000
+{{- end }}

charts/adguard-home/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "adguard-home.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "adguard-home.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "adguard-home.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/adguard-home/templates/config-pvc.yaml

@@ -0,0 +1,29 @@
+
+{{- if and .Values.persistence.config.enabled (not .Values.persistence.config.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "adguard-home.fullname" . }}-config
+  {{- if .Values.persistence.config.skipuninstall }}
+  annotations:
+    "helm.sh/resource-policy": keep
+  {{- end }}
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.config.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.config.size | quote }}
+{{- if .Values.persistence.config.storageClass }}
+{{- if (eq "-" .Values.persistence.config.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.config.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}

charts/adguard-home/templates/configmap.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.configAsCode.enabled }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "adguard-home.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  AdGuardHome.yaml: |
+    {{- toYaml .Values.configAsCode.config | nindent 4 }}
+{{- end }}

charts/adguard-home/templates/deployment.yaml

@@ -0,0 +1,196 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "adguard-home.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  replicas: 1
+  strategy:
+    type: {{ .Values.strategyType }}
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+      {{- with .Values.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.configAsCode.enabled }}
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+      {{- end }}
+    spec:
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if or .Values.configAsCode.enabled .Values.securityContext.runAsUser }}
+      initContainers:
+        {{- if .Values.configAsCode.enabled }}
+        - name: "config"
+          securityContext:
+            readOnlyRootFilesystem: true
+          image: "{{ .Values.configAsCode.image.repository }}:{{ .Values.configAsCode.image.tag }}"
+          imagePullPolicy: {{ .Values.configAsCode.image.pullPolicy }}
+          command: ["sh", "-c", "cat /configmap/AdGuardHome.yaml > /opt/adguardhome/conf/AdGuardHome.yaml"]
+          resources: {{- toYaml .Values.configAsCode.resources | nindent 12 }}
+          volumeMounts:
+            - name: configmap
+              mountPath: /configmap
+            - name: config
+              mountPath: /opt/adguardhome/conf
+              readOnly: false
+        {{- end }}
+        {{- if .Values.securityContext.runAsUser }}
+        - name: "volume-permissions"
+          securityContext:
+            readOnlyRootFilesystem: true
+          image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}"
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy }}
+          command: ["/bin/chown", "-R", "{{ .Values.securityContext.runAsUser }}:", "/opt/adguardhome/work", "/opt/adguardhome/conf"]
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          volumeMounts:
+            - name: work
+              mountPath: /opt/adguardhome/work
+              readOnly: false
+            - name: config
+              mountPath: /opt/adguardhome/conf
+              readOnly: false
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            {{- if .Values.timezone }}
+            - name: TZ
+              value: {{ .Values.timezone | quote }}
+            {{- end }}
+          volumeMounts:
+            - name: work
+              mountPath: /opt/adguardhome/work
+              readOnly: false
+            - name: config
+              mountPath: /opt/adguardhome/conf
+              readOnly: false
+            {{- if .Values.tlsSecretName }}
+            - name: certs
+              mountPath: /certs
+              readOnly: false
+            {{- end }}
+          ports:
+            - name: http
+              {{- if .Values.configAsCode.enabled }}
+              containerPort: {{ .Values.configAsCode.config.bind_port | default 3000 }}
+              {{- else }}
+              containerPort: 3000
+              {{- end }}
+            - name: dns
+              {{- if .Values.configAsCode.enabled }}
+              containerPort: {{ .Values.configAsCode.config.dns.port | default 53 }}
+              {{- else }}
+              containerPort: 53
+              {{- end }}
+              protocol: TCP
+            - name: dns-udp
+              {{- if .Values.configAsCode.enabled }}
+              containerPort: {{ .Values.configAsCode.config.dns.port | default 53 }}
+              {{- else }}
+              containerPort: 53
+              {{- end }}
+              protocol: UDP
+            {{- if .Values.serviceDHCP.enabled }}
+            - name: dhcp-server-udp
+              containerPort: 67
+              protocol: UDP
+            - name: dhcp-client-tcp
+              containerPort: 68
+              protocol: TCP
+            - name: dhcp-client-udp
+              containerPort: 68
+              protocol: UDP
+            {{- end }}
+            {{- if .Values.serviceDNSOverTLS.enabled }}
+            - name: dns-over-tls
+              containerPort: 853
+              protocol: TCP
+            {{- end }}
+          {{- if .Values.probes.liveness.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /login.html
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+            periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
+          {{- end }}
+          {{- if .Values.probes.readiness.enabled }}
+          readinessProbe:
+            httpGet:
+              path: /login.html
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+            periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
+          {{- end }}
+          {{- if .Values.probes.startup.enabled }}
+          startupProbe:
+            httpGet:
+              path: /login.html
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+      {{- if .Values.tlsSecretName }}
+      - name: certs
+        secret:
+          secretName: {{ .Values.tlsSecretName }}
+      {{- end }}
+      {{- if .Values.configAsCode.enabled }}
+      - name: configmap
+        configMap:
+          name: {{ include "adguard-home.fullname" . }}
+      {{- end }}
+      - name: config
+      {{- if .Values.persistence.config.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "adguard-home.fullname" . }}-config{{- end }}
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
+      - name: work
+      {{- if .Values.persistence.work.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ if .Values.persistence.work.existingClaim }}{{ .Values.persistence.work.existingClaim }}{{- else }}{{ template "adguard-home.fullname" . }}-work{{- end }}
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}

charts/adguard-home/templates/ingress.yaml

@@ -1,13 +1,13 @@
 {{- if .Values.ingress.enabled -}}
-{{- $fullName := include "sonarr.fullname" . -}}
+{{- $fullName := include "adguard-home.fullname" . -}}
 {{- $ingressPath := .Values.ingress.path -}}
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
   name: {{ $fullName }}
   labels:
-    app.kubernetes.io/name: {{ include "sonarr.name" . }}
-    helm.sh/chart: {{ include "sonarr.chart" . }}
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- with .Values.ingress.annotations }}

charts/adguard-home/templates/service-dhcp.yaml

@@ -0,0 +1,45 @@
+{{- if .Values.serviceDHCP.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "adguard-home.fullname" . }}-dhcp
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.serviceDHCP.annotations }}
+  annotations:
+{{ toYaml .Values.serviceDHCP.annotations | indent 4 }}
+{{- end }}
+spec:
+  type: {{ .Values.serviceDHCP.type }}
+  {{- if .Values.serviceDHCP.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.serviceDHCP.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.serviceDHCP.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.serviceDHCP.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.serviceDHCP.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.serviceDHCP.externalIPs | indent 4 }}
+  {{- end }}
+  externalTrafficPolicy: {{ .Values.serviceDHCP.externalTrafficPolicy }}
+  ports:
+    - port: 67
+      targetPort: dhcp-server-udp
+      protocol: UDP
+      name: dhcp-server-udp
+    - port: 68
+      targetPort: dhcp-client-tcp
+      protocol: TCP
+      name: dhcp-client-tcp
+    - port: 68
+      targetPort: dhcp-client-udp
+      protocol: UDP
+      name: dhcp-client-udp
+  selector:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/adguard-home/templates/service-dns-over-tls.yaml

@@ -0,0 +1,37 @@
+{{- if .Values.serviceDNSOverTLS.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "adguard-home.fullname" . }}-dns-over-tls
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.serviceDNSOverTLS.annotations }}
+  annotations:
+{{ toYaml .Values.serviceDNSOverTLS.annotations | indent 4 }}
+{{- end }}
+spec:
+  type: {{ .Values.serviceDNSOverTLS.type }}
+  {{- if .Values.serviceDNSOverTLS.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.serviceDNSOverTLS.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.serviceDNSOverTLS.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.serviceDNSOverTLS.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.serviceDNSOverTLS.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.serviceDNSOverTLS.externalIPs | indent 4 }}
+  {{- end }}
+  externalTrafficPolicy: {{ .Values.serviceDNSOverTLS.externalTrafficPolicy }}
+  ports:
+    - port: 853
+      targetPort: dns-over-tls
+      protocol: TCP
+      name: dns-over-tls
+  selector:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/adguard-home/templates/service-tcp.yaml

@@ -0,0 +1,37 @@
+{{- if .Values.serviceTCP.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "adguard-home.fullname" . }}-tcp
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.serviceTCP.annotations }}
+  annotations:
+{{ toYaml .Values.serviceTCP.annotations | indent 4 }}
+{{- end }}
+spec:
+  type: {{ .Values.serviceTCP.type }}
+  {{- if .Values.serviceTCP.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.serviceTCP.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.serviceTCP.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.serviceTCP.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.serviceTCP.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.serviceTCP.externalIPs | indent 4 }}
+  {{- end }}
+  externalTrafficPolicy: {{ .Values.serviceTCP.externalTrafficPolicy }}
+  ports:
+    - port: 53
+      targetPort: dns
+      protocol: TCP
+      name: dns
+  selector:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/adguard-home/templates/service-udp.yaml

@@ -0,0 +1,37 @@
+{{- if .Values.serviceUDP.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "adguard-home.fullname" . }}-udp
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.serviceUDP.annotations }}
+  annotations:
+{{ toYaml .Values.serviceUDP.annotations | indent 4 }}
+{{- end }}
+spec:
+  type: {{ .Values.serviceUDP.type }}
+  {{- if .Values.serviceUDP.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.serviceUDP.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.serviceUDP.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.serviceUDP.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.serviceUDP.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.serviceUDP.externalIPs | indent 4 }}
+  {{- end }}
+  externalTrafficPolicy: {{ .Values.serviceUDP.externalTrafficPolicy }}
+  ports:
+    - port: 53
+      targetPort: dns-udp
+      protocol: UDP
+      name: dns-udp
+  selector:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/adguard-home/templates/service.yaml

@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "adguard-home.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.service.annotations }}
+  annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.service.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.service.externalIPs | indent 4 }}
+  {{- end }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  ports:
+    - port: 3000
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/adguard-home/templates/servicemonitor.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "adguard-home.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+  {{- with .Values.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  endpoints:
+  - port: http
+    interval: 30s
+    path: /
+{{- end }}

charts/adguard-home/templates/work-pvc.yaml

@@ -0,0 +1,29 @@
+
+{{- if and .Values.persistence.work.enabled (not .Values.persistence.work.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "adguard-home.fullname" . }}-work
+  {{- if .Values.persistence.work.skipuninstall }}
+  annotations:
+    "helm.sh/resource-policy": keep
+  {{- end }}
+  labels:
+    app.kubernetes.io/name: {{ include "adguard-home.name" . }}
+    helm.sh/chart: {{ include "adguard-home.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.work.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.work.size | quote }}
+{{- if .Values.persistence.work.storageClass }}
+{{- if (eq "-" .Values.persistence.work.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.work.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}

charts/adguard-home/values.yaml

@@ -0,0 +1,362 @@
+# upgrade strategy type (e.g. Recreate or RollingUpdate)
+strategyType: Recreate
+
+configAsCode:
+  enabled: false
+  resources: {}
+  # requests:
+  #   memory: 128Mi
+  #   cpu: 100m
+  image:
+    repository: busybox
+    tag: latest
+    pullPolicy: Always
+  config:
+    bind_host: 0.0.0.0
+    bind_port: 3000
+    users: []
+    # - name: admin
+    #   password: $2y$05$mV4GSa5Dymk4Hjg3NCscBuCYSckCGfc2mbS57SNkBkBAfvqfOdFfm
+    http_proxy: ""
+    language: "en"
+    rlimit_nofile: 0
+    debug_pprof: false
+    web_session_ttl: 720
+    dns:
+      bind_host: 0.0.0.0
+      port: 53
+      statistics_interval: 1
+      querylog_enabled: true
+      querylog_interval: 90
+      querylog_size_memory: 1000
+      anonymize_client_ip: false
+      protection_enabled: true
+      blocking_mode: default
+      blocking_ipv4: ""
+      blocking_ipv6: ""
+      blocked_response_ttl: 10
+      parental_block_host: family-block.dns.adguard.com
+      safebrowsing_block_host: standard-block.dns.adguard.com
+      ratelimit: 0
+      ratelimit_whitelist: []
+      refuse_any: true
+      upstream_dns:
+      - https://dns10.quad9.net/dns-query
+      bootstrap_dns:
+      - 9.9.9.10
+      - 149.112.112.10
+      - 2620:fe::10
+      - 2620:fe::fe:10
+      all_servers: false
+      fastest_addr: false
+      allowed_clients: []
+      # - 10.0.0.1
+      # - 10.0.1.1/24
+      disallowed_clients: []
+      # - 10.0.1.1
+      # - 10.0.11.1/24
+      blocked_hosts: []
+      # - example.org
+      # - '*.example.org'
+      # - '||example.org^'
+      cache_size: 4194304
+      cache_ttl_min: 0
+      cache_ttl_max: 0
+      bogus_nxdomain: []
+      aaaa_disabled: false
+      enable_dnssec: false
+      edns_client_subnet: false
+      filtering_enabled: true
+      filters_update_interval: 24
+      parental_enabled: false
+      safesearch_enabled: false
+      safebrowsing_enabled: false
+      safebrowsing_cache_size: 1048576
+      safesearch_cache_size: 1048576
+      parental_cache_size: 1048576
+      cache_time: 30
+      rewrites: []
+      # - domain: example.org
+      #   answer: 127.0.0.1
+      # - domain: '*.example.org'
+      #   answer: 127.0.0.1
+      blocked_services: []
+      # - facebook
+      # - origin
+      # - twitter
+      # - snapchat
+      # - skype
+      # - whatsapp
+      # - instagram
+      # - youtube
+      # - netflix
+      # - twitch
+      # - discord
+      # - amazon
+      # - ebay
+      # - cloudflare
+      # - steam
+      # - epic_games
+      # - reddit
+      # - ok
+      # - vk
+      # - mail_ru
+      # - tiktok
+    tls:
+      enabled: false
+      server_name: ""
+      force_https: false
+      port_https: 443
+      port_dns_over_tls: 853
+      allow_unencrypted_doh: false
+      strict_sni_check: false
+      certificate_chain: ""
+      private_key: ""
+      certificate_path: ""
+      private_key_path: ""
+    filters:
+    - enabled: true
+      url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
+      name: AdGuard DNS filter
+      id: 1
+    - enabled: false
+      url: https://adaway.org/hosts.txt
+      name: AdAway
+      id: 2
+    - enabled: false
+      url: https://www.malwaredomainlist.com/hostslist/hosts.txt
+      name: MalwareDomainList.com Hosts List
+      id: 4
+    whitelist_filters: []
+    # - enabled: true
+    #   url: https://easylist-downloads.adblockplus.org/exceptionrules.txt
+    #   name: Allow nonintrusive advertising
+    #   id: 1595760241
+    user_rules: []
+    # - '||example.org^'
+    # - '@@||example.org^'
+    # - 127.0.0.1 example.org
+    # - '! Here goes a comment'
+    # - '# Also a comment'
+    dhcp:
+      enabled: false
+      interface_name: ""
+      gateway_ip: ""
+      subnet_mask: ""
+      range_start: ""
+      range_end: ""
+      lease_duration: 86400
+      icmp_timeout_msec: 1000
+    clients: []
+    # - name: myuser
+    #   tags:
+    #   - user_admin
+    #   ids:
+    #   - 192.168.91.1
+    #   use_global_settings: true
+    #   filtering_enabled: false
+    #   parental_enabled: false
+    #   safesearch_enabled: false
+    #   safebrowsing_enabled: false
+    #   use_global_blocked_services: true
+    #   blocked_services: []
+    #   upstreams: []
+    log_file: ""
+    verbose: false
+    schema_version: 6
+
+tlsSecretName: ""
+# name of the secret that contains the tls cert and key.
+# this secret will be mounted inside the adguard container /certs path. e.g. works with cert-manager
+
+image:
+  repository: adguard/adguardhome
+  # Image tag is set via charts appVersion. If you want to override the tag, specify it here
+  # tag: vX.Y.Z
+  pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  #   add:
+  #   - NET_BIND_SERVICE
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+timezone: "UTC"
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+
+# Probes configuration
+probes:
+  liveness:
+    enabled: true
+    initialDelaySeconds: 5
+    failureThreshold: 5
+    periodSeconds: 10
+  readiness:
+    enabled: false
+    initialDelaySeconds: 5
+    failureThreshold: 5
+    periodSeconds: 10
+  startup:
+    enabled: false
+    initialDelaySeconds: 5
+    failureThreshold: 30
+    periodSeconds: 10
+
+service:
+  type: ClusterIP
+  # externalTrafficPolicy: Local
+  # externalIPs: []
+  # loadBalancerIP: ""
+    # a fixed LoadBalancer IP
+  # loadBalancerSourceRanges: []
+  annotations: {}
+    # metallb.universe.tf/address-pool: network-services
+    # metallb.universe.tf/allow-shared-ip: adguard-home-svc
+
+serviceTCP:
+  enabled: false
+  type: NodePort
+  # externalTrafficPolicy: Local
+  # externalIPs: []
+  loadBalancerIP: ""
+    # a fixed LoadBalancer IP
+  # loadBalancerSourceRanges: []
+  annotations: {}
+    # metallb.universe.tf/address-pool: network-services
+    # metallb.universe.tf/allow-shared-ip: adguard-home-svc
+
+serviceUDP:
+  enabled: true
+  type: NodePort
+  # externalTrafficPolicy: Local
+  # externalIPs: []
+  loadBalancerIP: ""
+    # a fixed LoadBalancer IP
+  # loadBalancerSourceRanges: []
+  annotations: {}
+    # metallb.universe.tf/address-pool: network-services
+    # metallb.universe.tf/allow-shared-ip: adguard-home-svc
+
+serviceDNSOverTLS:
+  enabled: false
+  ## Enable if you use AdGuard as a DNS over TLS/HTTPS server
+  type: NodePort
+  # externalTrafficPolicy: Local
+  # externalIPs: []
+  loadBalancerIP: ""
+    # a fixed LoadBalancer IP
+  # loadBalancerSourceRanges: []
+  annotations: {}
+    # metallb.universe.tf/address-pool: network-services
+    # metallb.universe.tf/allow-shared-ip: adguard-home-svc
+
+serviceDHCP:
+  enabled: false
+  ## Enable if you use AdGuard as a DHCP Server
+  type: NodePort
+  # externalTrafficPolicy: Local
+  # externalIPs: []
+  loadBalancerIP: ""
+    # a fixed LoadBalancer IP
+  annotations: {}
+    # metallb.universe.tf/address-pool: network-services
+    # metallb.universe.tf/allow-shared-ip: adguard-home-svc
+
+serviceMonitor:
+  enabled: false
+  additionalLabels: {}
+
+## Pod Annotations
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "api"
+
+persistence:
+  config:
+    enabled: true
+    ## adguard-home configuration data Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    ##
+    # storageClass: "-"
+    ##
+    ## If you want to reuse an existing claim, you can pass the name of the PVC using
+    ## the existingClaim variable
+    # existingClaim: your-claim
+    # subPath: some-subpath
+    accessMode: ReadWriteOnce
+    size: 20Mi
+    ## Do not delete the pvc upon helm uninstall
+    skipuninstall: false
+  work:
+    enabled: true
+    ## adguard-home work volume configuration
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    ##
+    # storageClass: "-"
+    ##
+    ## If you want to reuse an existing claim, you can pass the name of the PVC using
+    ## the existingClaim variable
+    # existingClaim: your-claim
+    # subPath: some-subpath
+    accessMode: ReadWriteOnce
+    size: 10Gi
+    ## Do not delete the pvc upon helm uninstall
+    skipuninstall: false
+
+volumePermissions:
+  image:
+    repository: busybox
+    tag: latest
+    pullPolicy: Always
+  resources: {}
+    # requests:
+    #   memory: 128Mi
+    #   cpu: 100m
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  memory: 500Mi
+  # requests:
+  #  cpu: 50m
+  #  memory: 275Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

charts/bazarr/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+appVersion: v0.9.0.5
+description: Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements
+name: bazarr
+version: 4.0.2
+keywords:
+  - bazarr
+  - radarr
+  - sonarr
+  - subtitles
+  - usenet
+  - torrent
+home: https://github.com/k8s-at-home/charts/tree/master/charts/bazarr
+icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/bazarr.png
+sources:
+  - https://hub.docker.com/r/linuxserver/bazarr/
+  - https://github.com/morpheus65535/bazarr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.1.0

charts/bazarr/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek

charts/bazarr/README.md

@@ -0,0 +1,76 @@
+# Bazarr
+
+This is a helm chart for [Bazarr](https://github.com/morpheus65535/bazarr).
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/bazarr
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/bazarr
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/bazarr/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install bazarr \
+  --set env.TZ="America/New York" \
+    k8s-at-home/bazarr
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install bazarr k8s-at-home/bazarr --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 3.x.x to 4.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.

charts/bazarr/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/bazarr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/bazarr/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/bazarr/values.yaml

@@ -0,0 +1,37 @@
+# Default values for Bazarr.
+
+image:
+  repository: linuxserver/bazarr
+  pullPolicy: IfNotPresent
+  tag: version-v0.9.0.5
+
+service:
+  port:
+    port: 6767
+
+env: {}
+  # TZ: UTC
+  # PUID: 1001
+  # PGID: 1001
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+
+  media:
+    enabled: false
+    emptyDir: false
+    mountPath: /media
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""

charts/bitwardenrs/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/bitwardenrs/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: bitwardenrs
+description: Unofficial Bitwarden compatible server written in Rust
+type: application
+version: 1.0.0
+appVersion: 1.16.3
+keywords:
+  - bitwarden
+  - bitwardenrs
+  - bitwarden_rs
+  - password
+  - rust
+home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwarden_rs
+sources:
+  - https://github.com/dani-garcia/bitwarden_rs
+maintainers:
+  - name: DirtyCajunRice
+    email: nick@cajun.pro
+icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png

charts/bitwardenrs/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- DirtyCajunRice
+reviewers:
+- DirtyCajunRice

charts/bitwardenrs/README.md

@@ -0,0 +1,48 @@
+# Unofficial Bitwarden compatible server written in Rust
+
+This is an opinionated helm chart for [bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs) 
+
+The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
+
+## TL;DR
+
+```console
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm install k8s-at-home/bitwardenrs
+```
+
+## Installing the Chart
+
+To install the chart with the release name `bitwarden`:
+
+```console
+helm install bitwarden k8s-at-home/bitwardenrs
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `bitwarden` deployment:
+
+```console
+helm uninstall bitwarden
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/bitwardenrs/values.yaml) file. It has several commented out suggested values.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install bitwarden \
+  --set timeZone="America/New York" \
+    k8s-at-home/bitwardenrs
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install bitwarden k8s-at-home/bitwardenrs  --values values.yaml 
+```

charts/bitwardenrs/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bitwardenrs.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "bitwardenrs.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bitwardenrs.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bitwardenrs.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

charts/bitwardenrs/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "bitwardenrs.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "bitwardenrs.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "bitwardenrs.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "bitwardenrs.labels" -}}
+helm.sh/chart: {{ include "bitwardenrs.chart" . }}
+{{ include "bitwardenrs.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "bitwardenrs.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "bitwardenrs.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "bitwardenrs.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "bitwardenrs.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/bitwardenrs/templates/configmap.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "bitwardenrs.fullname" . }}
+  labels:
+  {{- include "bitwardenrs.labels" . | nindent 4 }}
+data:
+  SIGNUPS_ALLOWED: {{ .Values.bitwardenrs.signupsAllowed | quote }}
+  {{- if .Values.bitwardenrs.domain }}
+  DOMAIN: {{ .Values.bitwardenrs.domain | quote }}
+  {{- end }}
+  WEBSOCKET_ENABLED: {{ .Values.bitwardenrs.websockets.enabled | quote }}
+  {{- if and .Values.bitwardenrs.admin.enabled .Values.bitwardenrs.admin.disableAdminToken }}
+  DISABLE_ADMIN_TOKEN: "true"
+    {{- end }}
+    {{- with .Values.bitwardenrs.smtp }}
+  {{- if .enabled }}
+  SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .host | quote }}
+  SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .from | quote }}
+  {{- if .fromName }}
+  SMTP_FROM_NAME: {{ .fromName | quote }}
+  {{- end }}
+  {{- if .ssl }}
+  SMTP_SSL: {{ .ssl | quote }}
+  {{- end }}
+  {{- if .port }}
+  SMTP_PORT: {{ .port | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .user }}
+  SMTP_USERNAME: {{ .user | quote }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.env }}
+  {{- toYaml .Values.env | nindent 2 }}
+  {{- end }}

charts/bitwardenrs/templates/deployment.yaml

@@ -0,0 +1,120 @@
+{{- if eq .Values.persistence.type "deployment" }}
+  {{- $fullName := include "bitwardenrs.fullname" . -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $fullName }}
+  labels:
+  {{- include "bitwardenrs.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+  {{- include "bitwardenrs.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+    {{- include "bitwardenrs.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "bitwardenrs.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ $fullName }}
+          {{- with .Values.securityContext }}
+          securityContext:
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          envFrom:
+            - configMapRef:
+                name: {{ $fullName }}
+          env:
+            {{- with .Values.bitwardenrs.admin }}
+            {{- if and .enabled (not .disableAdminToken) }}
+            - name: ADMIN_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  {{- if .existingSecret.enabled }}
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.tokenKey | quote }}
+                  {{- else }}
+                  name: {{ $fullName }}
+                  key: admin-token
+                {{- end }}
+                {{- end }}
+                {{- end }}
+                {{- with .Values.bitwardenrs.smtp }}
+                {{- if eq .enabled true }}
+            {{- if and .existingSecret.enabled (not .user) }}
+            - name: SMTP_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.userKey | quote }}
+            - name: SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.passwordKey | quote }}
+              {{- end }}
+          {{- end }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+            {{- if .Values.bitwardenrs.websockets.enabled }}
+            - name: websocket
+              containerPort: {{ .Values.bitwardenrs.websockets.port }}
+              protocol: TCP
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          {{- with .Values.resources }}
+          resources:
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: {{ include "bitwardenrs.fullname" . }}
+              mountPath: /data
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: {{ include "bitwardenrs.fullname" . }}
+          {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim | quote }}{{- else }}{{ include "bitwardenrs.fullname" . }}{{- end }}
+          {{- else }}
+          emptyDir: {}
+  {{- end }}
+  {{- end }}

charts/bitwardenrs/templates/hpa.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "bitwardenrs.fullname" . }}
+  labels:
+    {{- include "bitwardenrs.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "bitwardenrs.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+{{- end }}

charts/bitwardenrs/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "bitwardenrs.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "bitwardenrs.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+  {{- end }}

charts/bitwardenrs/templates/pvc.yaml

@@ -0,0 +1,15 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "bitwardenrs.fullname" . }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+  {{- if .Values.persistence.storageClass }}
+  storageClassName: {{ .Values.persistence.storageClass | quote }}
+  {{- end }}
+  {{- end -}}

charts/bitwardenrs/templates/secret.yaml

@@ -0,0 +1,11 @@
+{{- if not .Values.bitwardenrs.admin.existingSecret.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "bitwardenrs.fullname" . }}
+  labels:
+  {{- include "bitwardenrs.labels" . | nindent 4 }}
+type: Opaque
+data:
+  admin-token: {{ randAlphaNum 48 | b64enc | quote }}
+  {{- end }}

charts/bitwardenrs/templates/service.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "bitwardenrs.fullname" . }}
+  labels:
+  {{- include "bitwardenrs.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+    {{- if .Values.bitwardenrs.websockets.enabled }}
+    - port: {{ .Values.bitwardenrs.websockets.port }}
+      targetPort: websocket
+      protocol: TCP
+      name: websocket
+  {{- end }}
+  {{- with .Values.service.additionalSpec }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  selector:
+  {{- include "bitwardenrs.selectorLabels" . | nindent 4 }}

charts/bitwardenrs/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "bitwardenrs.serviceAccountName" . }}
+  labels:
+    {{- include "bitwardenrs.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/bitwardenrs/templates/statefulset.yaml

@@ -0,0 +1,121 @@
+{{- if eq .Values.persistence.type "statefulset" }}
+  {{- $fullName := include "bitwardenrs.fullname" . -}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ $fullName }}
+  labels:
+  {{- include "bitwardenrs.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+  {{- include "bitwardenrs.selectorLabels" . | nindent 6 }}
+  serviceName: {{ $fullName }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+    {{- include "bitwardenrs.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "bitwardenrs.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ $fullName }}
+          {{- with .Values.securityContext }}
+          securityContext:
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          envFrom:
+            - configMapRef:
+                name: {{ $fullName }}
+          env:
+            {{- with .Values.bitwardenrs.admin }}
+            {{- if and .enabled (not .disableAdminToken) }}
+            - name: ADMIN_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  {{- if .existingSecret.enabled }}
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.tokenKey | quote }}
+                  {{- else }}
+                  name: {{ $fullName }}
+                  key: admin-token
+                {{- end }}
+                {{- end }}
+                {{- end }}
+                {{- with .Values.bitwardenrs.smtp }}
+                {{- if eq .enabled true }}
+            {{- if and .existingSecret.enabled (not .user) }}
+            - name: SMTP_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.userKey | quote }}
+            - name: SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.passwordKey | quote }}
+              {{- end }}
+          {{- end }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+            {{- if .Values.bitwardenrs.websockets.enabled }}
+            - name: websocket
+              containerPort: {{ .Values.bitwardenrs.websockets.port }}
+              protocol: TCP
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          {{- with .Values.resources }}
+          resources:
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: {{ include "bitwardenrs.fullname" . }}
+              mountPath: /data
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: {{ include "bitwardenrs.fullname" . }}
+          {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim | quote }}{{- else }}{{ include "bitwardenrs.fullname" . }}{{- end }}
+          {{- else }}
+          emptyDir: {}
+  {{- end }}
+  {{- end }}

charts/bitwardenrs/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "bitwardenrs.fullname" . }}-test-connection"
+  labels:
+    {{- include "bitwardenrs.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "bitwardenrs.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

charts/bitwardenrs/values.yaml

@@ -0,0 +1,132 @@
+# Default values for bitwardenrs.
+
+replicaCount: 1
+
+image:
+  repository: bitwardenrs/server
+  pullPolicy: IfNotPresent
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+bitwardenrs:
+  domain: ""
+  signupsAllowed: false
+  websockets:
+    enabled: true
+    port: 3012
+  admin:
+    enabled: true
+    disableAdminToken: false
+    existingSecret:
+      enabled: false
+      name: ""
+      tokenKey: ""
+  # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
+  smtp:
+    enabled: false
+    # SMTP hostname, required if SMTP is enabled
+    host: ""
+    # SMTP sender e-mail address, required if SMTP is enabled
+    from: ""
+    # SMTP sender name, defaults to 'Bitwarden_RS'
+    fromName: ""
+    # Enable SSL connection
+    ssl: true
+    # SMTP port
+    port: 587
+    # SMTP username
+    user: ""
+    # SMTP password. Required is user is specified, ignored if no user provided
+    password: ""
+    # Use existing secret for SMTP authentication
+    existingSecret:
+      enabled: false
+      name: ""
+      userKey: ""
+      passwordKey: ""
+
+env: {}
+
+persistence:
+  type: statefulset
+  enabled: false
+  size: 1Gi
+  accessMode: ReadWriteOnce
+  ## Persistent Volume storage class
+  # storageClass: "-"
+  ## Use existing Persistent Volume Claim
+  # existingClaim:
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+  ## Provide any additional annotations which may be required. This can be used to
+  ## set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  annotations: {}
+  labels: {}
+  additionalSpec: {}
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths: []
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

charts/blocky/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/blocky/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+appVersion: v0.10
+description: DNS proxy as ad-blocker for local network
+name: blocky
+version: 4.0.1
+keywords:
+  - blocky
+  - dbs
+home: https://github.com/k8s-at-home/charts/tree/master/charts/blocky
+icon: https://github.com/0xERR0R/blocky/raw/master/docs/blocky.svg?sanitize=true
+sources:
+  - https://github.com/0xERR0R/blocky
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com

charts/blocky/README.md

@@ -0,0 +1,74 @@
+# DNS proxy as ad-blocker for local network
+
+This is an opinionated helm chart for [blocky](https://github.com/0xERR0R/blocky) 
+
+The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
+
+## TL;DR
+
+```shell
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm install k8s-at-home/blocky
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name blocky k8s-at-home/blocky
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `blocky` deployment:
+
+```console
+helm delete blocky --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/blocky/values.yaml) file. It has several commented out suggested values.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install --name blocky \
+  --set timeZone="America/New York" \
+    k8s-at-home/blocky
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install --name blocky -f values.yaml k8s-at-home/blocky
+```
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 2.2.2 -> 3.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+Due to the renaming of the service port, an upgrade-in-place will not work.  The following are possible approaches to solve this:
+
+#### Helm force upgrade
+
+```sh
+helm upgrade --force
+```
+
+#### Delete the existing `blocky` service prior to upgrading
+
+```sh
+kubectl delete svc/blocky
+```
+
+#### Remove the existing blocky chart first
+
+This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on blocky for DNS
+

charts/blocky/templates/NOTES.txt

@@ -0,0 +1,15 @@
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.serviceUDP.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "blocky.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.serviceUDP.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ include "blocky.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "blocky.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.serviceUDP.port }}
+{{- else if contains "ClusterIP" .Values.serviceUDP.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "blocky.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}

charts/blocky/templates/_helpers.tpl

@@ -0,0 +1,41 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "blocky.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "blocky.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified postgresql name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "blocky.postgresql.fullname" -}}
+{{- $name := default "postgresql" .Values.postgresql.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "blocky.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/blocky/templates/configmap.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "blocky.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    helm.sh/chart: {{ include "blocky.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+{{- if .Values.config }}
+{{ $root := . }}
+  config.yml: |
+{{ tpl (toYaml .Values.config | indent 4) $root }}
+{{- end }}
+{{- range $name, $value := .Values.extraLists }}
+  {{ $name }}: |-
+{{ $value | indent 4}}
+{{- end }}

charts/blocky/templates/deployment.yaml

@@ -0,0 +1,103 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "blocky.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    helm.sh/chart: {{ include "blocky.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicas }}
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "blocky.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "blocky.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            {{- if .Values.timeZone }}
+            - name: TZ
+              value: {{ .Values.timeZone | quote }}
+            {{- end }}
+          volumeMounts:
+            - name: config
+              mountPath: /app/config.yml
+              subPath: config.yml
+              readOnly: true
+            {{- range $name, $value := .Values.extraLists }}
+            - name: config
+              mountPath: /app/{{ $name }}
+              subPath: {{ $name }}
+              readOnly: true
+            {{- end }}
+          ports:
+            - name: api
+              containerPort: 4000
+            - name: dns
+              containerPort: 53
+              protocol: TCP
+            - name: dns-udp
+              containerPort: 53
+              protocol: UDP
+          livenessProbe:
+            httpGet:
+              path: /metrics
+              port: api
+            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+            periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: api
+            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+            periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
+          startupProbe:
+            httpGet:
+              path: /metrics
+              port: api
+            initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        - name: config
+          projected:
+            defaultMode: 0444
+            sources:
+              - configMap:
+                  name: {{ template "blocky.fullname" . }}
+                  items:
+                    - key: config.yml
+                      path: config.yml
+                  {{- range $name, $value := .Values.extraLists }}
+                    - key: {{ $name }}
+                      path: {{ $name }}
+                  {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}

charts/blocky/templates/service-tcp.yaml

@@ -0,0 +1,34 @@
+{{- if .Values.serviceTCP.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "blocky.fullname" . }}-tcp
+  labels:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    helm.sh/chart: {{ include "blocky.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.serviceTCP.annotations }}
+  annotations:
+{{ toYaml .Values.serviceTCP.annotations | indent 4 }}
+{{- end }}
+spec:
+  type: {{ .Values.serviceTCP.type }}
+  {{- if .Values.serviceTCP.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.serviceTCP.loadBalancerIP }}
+  {{- end }}
+{{- if .Values.serviceTCP.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.serviceTCP.externalIPs | indent 4 }}
+{{- end }}
+  externalTrafficPolicy: {{ .Values.serviceTCP.externalTrafficPolicy }}
+  ports:
+    - port: 53
+      targetPort: dns
+      protocol: TCP
+      name: dns
+  selector:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+

charts/blocky/templates/service-udp.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.serviceUDP.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "blocky.fullname" . }}-udp
+  labels:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    helm.sh/chart: {{ include "blocky.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.serviceUDP.annotations }}
+  annotations:
+{{ toYaml .Values.serviceUDP.annotations | indent 4 }}
+{{- end }}
+spec:
+  type: {{ .Values.serviceUDP.type }}
+  {{- if .Values.serviceUDP.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.serviceUDP.loadBalancerIP }}
+  {{- end }}
+{{- if .Values.serviceUDP.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.serviceUDP.externalIPs | indent 4 }}
+{{- end }}
+  externalTrafficPolicy: {{ .Values.serviceUDP.externalTrafficPolicy }}
+  ports:
+    - port: 53
+      targetPort: dns-udp
+      protocol: UDP
+      name: dns-udp
+  selector:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/blocky/templates/service.yaml

@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "blocky.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    helm.sh/chart: {{ include "blocky.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.service.annotations }}
+  annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+  type: ClusterIP
+  {{- if .Values.service.clusterIP }}
+  clusterIP: {{ .Values.service.clusterIP }}
+  {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+{{- else }}
+  type: {{ .Values.service.type }}
+{{- end }}
+{{- if .Values.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.service.externalIPs | indent 4 }}
+{{- end }}
+  {{- if .Values.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  {{- end }}
+  ports:
+  - name: api
+    port: 4000
+    targetPort: api
+  selector:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/blocky/templates/servicemonitor.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "blocky.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "blocky.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "blocky.chart" . }}
+  {{- with .Values.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "blocky.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  endpoints:
+  - port: api
+    interval: 30s
+    path: /metrics
+{{- end }}

charts/blocky/values.yaml

@@ -0,0 +1,190 @@
+replicaCount: 1
+
+image:
+  repository: spx01/blocky
+  tag: v0.10
+  pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+replicas: 1
+
+timeZone: "UTC"
+
+# blocky configuration - will translate to config.yml file inside the pod
+config:
+  upstream:
+    # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
+    # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
+    externalResolvers:
+      - udp:8.8.8.8
+      - udp:8.8.4.4
+      - udp:1.1.1.1
+      - tcp-tls:1.0.0.1:853
+      - https://cloudflare-dns.com/dns-query
+
+  # optional: custom IP address for domain name (with all sub-domains)
+  # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
+  # customDNS:
+  #   mapping:
+  #     printer.lan: 192.168.178.3
+
+  # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains).
+  # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name
+  # conditional:
+  #   mapping:
+  #     fritz.box: udp:192.168.178.1
+
+  # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
+  blocking:
+    # definition of blacklist groups. Can be external link (http/https) or local file
+    blackLists:
+      ads:
+        - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
+        - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+        - https://mirror1.malwaredomains.com/files/justdomains
+        - http://sysctl.org/cameleon/hosts
+        - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
+        - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
+      special:
+        - https://hosts-file.net/ad_servers.txt
+    # definition of whitelist groups. Attention: if the same group has black and whitelists,
+    # whitelists will be used to disable particular blacklist entries. If a group has only
+    # whitelist entries -> this means only domains from this list are allowed,
+    # all other domains will be blocked.
+    # Also see the extraLists section below to add your own in-line whitelists
+    # whiteLists:
+    #   ads:
+    #     - whitelist.txt
+    # definition: which groups should be applied for which client
+    clientGroupsBlock:
+      # default will be used, if no special definition for a client name exists
+      default:
+        - ads
+        - special
+      # use client name or ip address
+      # laptop.fritz.box:
+      #   - ads
+
+    # which response will be sent, if query is blocked:
+    #   zeroIp: 0.0.0.0 will be returned (default)
+    #   nxDomain: return NXDOMAIN as return code
+    # blockType: zeroIp
+
+    # optional: automatically list refresh period in minutes. Default: 4h.
+    # Negative value -> deactivate automatically refresh.
+    # 0 value -> use default
+    # refreshPeriod: 1
+
+  # optional: configuration for caching of DNS responses
+  # caching:
+  #   # amount in minutes, how long a response must be cached (min value).
+  #   # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
+  #   # Default: 0
+  #   minTime: 40
+  #   # amount in minutes, how long a response must be cached (max value).
+  #   # If <0, do not cache responses
+  #   # If 0, use TTL
+  #   # If > 0, use this value, if TTL is greater
+  #   # Default: 0
+  #   maxTime: -1
+
+  # optional: configuration of client name resolution
+  # clientLookup:
+  #   # this DNS resolver will be used to perform reverse DNS lookup (typically local router)
+  #   upstream: udp:192.168.178.1
+  #   # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
+  #   # Example: take second name if present, if not take first name
+  #   singleNameOrder:
+  #     - 2
+  #     - 1
+  # optional: configuration for prometheus metrics endpoint
+  prometheus:
+    # enabled if true
+    enable: true
+    # url path, optional (default '/metrics')
+    path: /metrics
+
+  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ...
+  httpPort: 4000
+  # optional: Log level (one from debug, info, warn, error). Default: info
+  logLevel: info
+
+
+# Probes configuration
+probes:
+  liveness:
+    failureThreshold: 5
+    periodSeconds: 10
+  readiness:
+    failureThreshold: 5
+    periodSeconds: 10
+  startup:
+    initialDelaySeconds: 5
+    failureThreshold: 30
+    periodSeconds: 10
+
+service:
+  type: ClusterIP
+  # externalTrafficPolicy: Local
+  # loadBalancerIP: ""
+    # a fixed LoadBalancer IP
+  annotations: {}
+    # metallb.universe.tf/address-pool: network-services
+    # metallb.universe.tf/allow-shared-ip: blocky-svc
+
+serviceTCP:
+  enabled: false
+  externalIPs: []
+  type: NodePort
+  externalTrafficPolicy: Local
+  loadBalancerIP: ""
+    # a fixed LoadBalancer IP
+  annotations: {}
+    # metallb.universe.tf/address-pool: network-services
+    # metallb.universe.tf/allow-shared-ip: blocky-svc
+
+serviceUDP:
+  enabled: true
+  externalIPs: []
+  type: NodePort
+  externalTrafficPolicy: Local
+  loadBalancerIP: ""
+    # a fixed LoadBalancer IP
+  annotations: {}
+    # metallb.universe.tf/address-pool: network-services
+    # metallb.universe.tf/allow-shared-ip: blocky-svc
+
+serviceMonitor:
+  enabled: false
+  additionalLabels: {}
+
+## Pod Annotations
+podAnnotations:
+  prometheus.io/scrape: "true"
+  prometheus.io/port: "api"
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  memory: 500Mi
+  # requests:
+  #  cpu: 50m
+  #  memory: 275Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+## Add any extra files you want populated to /app here, e.g.:
+#  extraLists:
+#    whitelist.txt: |
+#      analytics.google.com
+#      googleadservices.com
+extraLists: {}

charts/calibre-web/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/calibre-web/Chart.yaml

@@ -0,0 +1,17 @@
+type: application
+apiVersion: v2
+appVersion: 0.6.8
+description: Calibre-Web is a web app providing a clean interface for browsing, reading and downloading eBooks using an existing Calibre database.
+name: calibre-web
+version: 2.0.1
+keywords:
+  - calibre
+  - ebook
+home: https://github.com/k8s-at-home/charts/tree/master/charts/calibre-web
+icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/calibre-web-icon.png
+sources:
+  - https://hub.docker.com/r/linuxserver/calibre-web/
+  - https://github.com/janeczku/calibre-web
+maintainers:
+  - name: wojoinc
+    email: wojoinc@pm.me

charts/calibre-web/README.md

@@ -0,0 +1,107 @@
+# calibre-web
+
+This is a helm chart for [calibre-web](https://github.com/janeczku/calibre-web) utilizing the [Linuxserver.io calibre-web image](https://hub.docker.com/r/linuxserver/calibre-web)
+
+## TL;DR;
+
+```shell
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm install k8s-at-home/calibre-web
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/calibre-web
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following tables lists the configurable parameters of the `calibre-web` chart and their default values.
+
+| Parameter                                     | Description                                                                                                                                                             | Default                   |
+| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
+| `image.repository`                            | Image repository                                                                                                                                                        | `linuxserver/calibre-web` |
+| `image.tag`                                   | Image tag. Possible values listed [here](https://hub.docker.com/r/linuxserver/calibre-web/tags/).                                                                       | `0.6.8-ls74`              |
+| `image.pullPolicy`                            | Image pull policy                                                                                                                                                       | `IfNotPresent`            |
+| `dockerMods.ebookConversion.enabled`          | Enable optional ebook conversion feature. (x86_64 only) refer [here](https://github.com/linuxserver/docker-calibre-web#application-setup)                               | `false`                   |
+| `dockerMods.ebookConversion.image.repository` | DockerMod image repository                                                                                                                                              | `linuxserver/calibre-web` |
+| `dockerMods.ebookConversion.image.tag`        | DockerMod image tag. These typically start with `v`, with the "stable" tag being `calibre`. Can be found [here](https://hub.docker.com/r/linuxserver/calibre-web/tags/) | `calibre`                 |
+| `strategyType`                                | Specifies the strategy used to replace old Pods by new ones                                                                                                             | `Recreate`                |
+| `timezone`                                    | Timezone the calibre-web instance should run as, e.g. 'America/New_York'                                                                                                | `UTC`                     |
+| `puid`                                        | process userID the calibre-web instance should run as                                                                                                                   | `1001`                    |
+| `pgid`                                        | process groupID the calibre-web instance should run as                                                                                                                  | `1001`                    |
+| `umask`                                       | Default umask to use when creating new files                                                                                                                            | `22`                      |
+| `probes.liveness.initialDelaySeconds`         | Specify liveness `initialDelaySeconds` parameter for the deployment                                                                                                     | `60`                      |
+| `probes.liveness.failureThreshold`            | Specify liveness `failureThreshold` parameter for the deployment                                                                                                        | `5`                       |
+| `probes.liveness.timeoutSeconds`              | Specify liveness `timeoutSeconds` parameter for the deployment                                                                                                          | `10`                      |
+| `probes.readiness.initialDelaySeconds`        | Specify readiness `initialDelaySeconds` parameter for the deployment                                                                                                    | `60`                      |
+| `probes.readiness.failureThreshold`           | Specify readiness `failureThreshold` parameter for the deployment                                                                                                       | `5`                       |
+| `probes.readiness.timeoutSeconds`             | Specify readiness `timeoutSeconds` parameter for the deployment                                                                                                         | `10`                      |
+| `Service.type`                                | Kubernetes service type for the calibre-web GUI                                                                                                                         | `ClusterIP`               |
+| `Service.port`                                | Kubernetes port where the calibre-web GUI is exposed                                                                                                                    | `8083`                    |
+| `Service.annotations`                         | Service annotations for the calibre-web GUI                                                                                                                             | `{}`                      |
+| `Service.labels`                              | Custom labels                                                                                                                                                           | `{}`                      |
+| `Service.loadBalancerIP`                      | Loadbalance IP for the calibre-web GUI                                                                                                                                  | `{}`                      |
+| `Service.loadBalancerSourceRanges`            | List of IP CIDRs allowed access to load balancer (if supported)                                                                                                         | None                      |
+| `ingress.enabled`                             | Enables Ingress                                                                                                                                                         | `false`                   |
+| `ingress.annotations`                         | Ingress annotations                                                                                                                                                     | `{}`                      |
+| `ingress.labels`                              | Custom labels                                                                                                                                                           | `{}`                      |
+| `ingress.path`                                | Ingress path                                                                                                                                                            | `/`                       |
+| `ingress.hosts`                               | Ingress accepted hostnames                                                                                                                                              | `chart-example.local`     |
+| `ingress.tls`                                 | Ingress TLS configuration                                                                                                                                               | `[]`                      |
+| `persistence.config.enabled`                  | Use persistent volume to store configuration data                                                                                                                       | `true`                    |
+| `persistence.config.size`                     | Size of persistent volume claim                                                                                                                                         | `1Gi`                     |
+| `persistence.config.existingClaim`            | Use an existing PVC to persist data                                                                                                                                     | `nil`                     |
+| `persistence.config.storageClass`             | Type of persistent volume claim                                                                                                                                         | `-`                       |
+| `persistence.config.accessMode`               | Persistence access mode                                                                                                                                                 | `ReadWriteOnce`           |
+| `persistence.config.skipuninstall`            | Do not delete the pvc upon helm uninstall                                                                                                                               | `false`                   |
+| `persistence.books.enabled`                   | Use persistent volume to store books data                                                                                                                               | `true`                    |
+| `persistence.books.size`                      | Size of persistent volume claim                                                                                                                                         | `10Gi`                    |
+| `persistence.books.existingClaim`             | Use an existing PVC to persist data                                                                                                                                     | `nil`                     |
+| `persistence.books.storageClass`              | Type of persistent volume claim                                                                                                                                         | `-`                       |
+| `persistence.books.accessMode`                | Persistence access mode                                                                                                                                                 | `ReadWriteOnce`           |
+| `persistence.books.skipuninstall`             | Do not delete the pvc upon helm uninstall                                                                                                                               | `false`                   |
+| `persistence.extraExistingClaimMounts`        | Optionally add multiple existing claims                                                                                                                                 | `[]`                      |
+| `resources`                                   | CPU/Memory resource requests/limits                                                                                                                                     | `{}`                      |
+| `nodeSelector`                                | Node labels for pod assignment                                                                                                                                          | `{}`                      |
+| `tolerations`                                 | Toleration labels for pod assignment                                                                                                                                    | `[]`                      |
+| `affinity`                                    | Affinity settings for pod assignment                                                                                                                                    | `{}`                      |
+| `podAnnotations`                              | Key-value pairs to add as pod annotations                                                                                                                               | `{}`                      |
+| `deploymentAnnotations`                       | Key-value pairs to add as deployment annotations                                                                                                                        | `{}`                      |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install --name my-release \
+  --set timezone="America/New York" \
+    k8s-at-home/calibre-web
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install --name my-release -f values.yaml stable/calibre-web
+```
+
+---
+
+**NOTE**
+
+If you get `Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...` it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/calibre-web/values.yaml) file. It has several commented out suggested values.

charts/calibre-web/templates/NOTES.txt

@@ -0,0 +1,25 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "calibre-web.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "calibre-web.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "calibre-web.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "calibre-web.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:{{ .Values.service.port }}
+{{- end }}
+
+{{- if .Values.dockerMods.ebookConversion.enabled }}
+2. DockerMods:
+  You have enabled the EbookConversion Docker Mod using the {{ .Values.dockerMods.ebookConversion.image.repository }}:{{ .Values.dockerMods.ebookConversion.image.tag }} image.
+  Remember to visit https://github.com/linuxserver/docker-calibre-web#application-setup for instructions on configuring this feature in the calibre-web settings.
+{{- end }}

charts/calibre-web/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "calibre-web.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "calibre-web.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "calibre-web.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "calibre-web.labels" -}}
+helm.sh/chart: {{ include "calibre-web.chart" . }}
+{{ include "calibre-web.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "calibre-web.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "calibre-web.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "calibre-web.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "calibre-web.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/calibre-web/templates/books-pvc.yaml

@@ -0,0 +1,25 @@
+
+{{- if and .Values.persistence.books.enabled (not .Values.persistence.books.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "calibre-web.fullname" . }}-books
+  {{- if .Values.persistence.books.skipuninstall }}
+  annotations:
+    "helm.sh/resource-policy": keep
+  {{- end }}
+  labels: {{ include "calibre-web.labels" . | nindent 4}}
+spec:
+  accessModes:
+    - {{ .Values.persistence.books.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.books.size | quote }}
+{{- if .Values.persistence.books.storageClass }}
+{{- if (eq "-" .Values.persistence.books.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.books.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}

charts/calibre-web/templates/config-pvc.yaml

@@ -0,0 +1,25 @@
+
+{{- if and .Values.persistence.config.enabled (not .Values.persistence.config.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "calibre-web.fullname" . }}-config
+  {{- if .Values.persistence.config.skipuninstall }}
+  annotations:
+    "helm.sh/resource-policy": keep
+  {{- end }}
+  labels: {{ include "calibre-web.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.config.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.config.size | quote }}
+{{- if .Values.persistence.config.storageClass }}
+{{- if (eq "-" .Values.persistence.config.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.config.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}

charts/calibre-web/templates/deployment.yaml

@@ -0,0 +1,112 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "calibre-web.fullname" . }}
+  {{- if .Values.deploymentAnnotations }}
+  annotations:
+    {{- range $key, $value := .Values.deploymentAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+  labels: {{ include "calibre-web.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  revisionHistoryLimit: 3
+  strategy:
+    type: {{ .Values.strategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "calibre-web.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "calibre-web.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- if .Values.podAnnotations }}
+      annotations:
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8083
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
+          readinessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
+          env:
+            - name: TZ
+              value: "{{ .Values.timezone }}"
+            - name: PUID
+              value: "{{ .Values.puid }}"
+            - name: PGID
+              value: "{{ .Values.pgid }}"
+            - name: UMASK
+              value: "{{ .Values.umask }}"
+            {{- if eq .Values.dockerMods.ebookConversion.enabled true }}
+            - name: DOCKER_MODS
+              value: "{{ .Values.dockerMods.ebookConversion.image.repository }}:{{ .Values.dockerMods.ebookConversion.image.tag }}"
+            {{- end }}
+          volumeMounts:
+            - mountPath: /config
+              name: config
+            - mountPath: /books
+              name: books
+            {{- if .Values.persistence.books.subPath }}
+              subPath: {{ .Values.persistence.books.subPath }}
+            {{- end }}
+            {{- range .Values.persistence.extraExistingClaimMounts }}
+            - name: {{ .name }}
+              mountPath: {{ .mountPath }}
+              readOnly: {{ .readOnly }}
+            {{- end }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+      volumes:
+      - name: config
+      {{- if .Values.persistence.config.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "calibre-web.fullname" . }}-config{{- end }}
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
+      - name: books
+      {{- if .Values.persistence.books.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ if .Values.persistence.books.existingClaim }}{{ .Values.persistence.books.existingClaim }}{{- else }}{{ template "calibre-web.fullname" . }}-books{{- end }}
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
+      {{- range .Values.persistence.extraExistingClaimMounts }}
+      - name: {{ .name }}
+        persistentVolumeClaim:
+          claimName: {{ .existingClaim }}
+      {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

charts/calibre-web/templates/ingress.yaml

@@ -0,0 +1,34 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "calibre-web.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels: {{ include "calibre-web.labels" . | nindent 4 }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}

charts/calibre-web/templates/service.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "calibre-web.fullname" . }}
+  labels: {{ include "calibre-web.labels" . | nindent 4 }}
+{{- if .Values.service.labels }}
+{{ toYaml .Values.service.labels | indent 4 }}
+{{- end }}
+{{- with .Values.service.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+  type: ClusterIP
+  {{- if .Values.service.clusterIP }}
+  clusterIP: {{ .Values.service.clusterIP }}
+  {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+{{- else }}
+  type: {{ .Values.service.type }}
+{{- end }}
+{{- if .Values.service.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.service.externalIPs | indent 4 }}
+{{- end }}
+  {{- if .Values.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  {{- end }}
+  ports:
+    - name: http
+      port: {{ .Values.service.port }}
+      protocol: TCP
+      targetPort: http
+{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
+      nodePort: {{.Values.service.nodePort}}
+{{ end }}
+  selector:
+    app.kubernetes.io/name: {{ include "calibre-web.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/calibre-web/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "calibre-web.fullname" . }}-test-connection"
+  labels:
+    {{- include "calibre-web.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "calibre-web.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

charts/calibre-web/values.yaml

@@ -0,0 +1,136 @@
+# Default values for calibre-web.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: linuxserver/calibre-web
+  tag: 0.6.8-ls74
+  pullPolicy: IfNotPresent
+
+# upgrade strategy type (e.g. Recreate or RollingUpdate)
+strategyType: Recreate
+
+# Probes configuration
+probes:
+  liveness:
+    initialDelaySeconds: 60
+    failureThreshold: 5
+    timeoutSeconds: 10
+  readiness:
+    initialDelaySeconds: 60
+    failureThreshold: 5
+    timeoutSeconds: 10
+
+nameOverride: ""
+fullnameOverride: ""
+
+# Linuxserver.io additional layers.
+# Enables additional features for the image, at the cost of increased size and
+# possible incompatabilities with certain architectures. Disabled by default.
+dockerMods:
+  # Enable ebook conversion. Compatible with x86_64 image only.
+  # To enable, set enabled to true, and follow the guide at: https://github.com/linuxserver/docker-calibre-web#application-setup
+  # to configure the application.
+  ebookConversion:
+    enabled: false
+    image:
+      repository: linuxserver/calibre-web
+      # To use a different tag for the DockerMod, specify the tag below
+      tag: calibre
+
+timezone: UTC
+puid: 1001
+pgid: 1001
+umask: 22
+
+service:
+  type: ClusterIP
+  port: 8083
+  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+  ##
+  # nodePort:
+  ## Provide any additional annotations which may be required. This can be used to
+  ## set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  annotations: {}
+  labels: {}
+  ## Use loadBalancerIP to request a specific static IP,
+  ## otherwise leave blank
+  ##
+  loadBalancerIP:
+  # loadBalancerSourceRanges: []
+  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
+  # externalTrafficPolicy: Cluster
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+persistence:
+  config:
+    enabled: true
+    ## calibre-web configuration data Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    ##
+    # storageClass: "-"
+    ##
+    ## If you want to reuse an existing claim, you can pass the name of the PVC using
+    ## the existingClaim variable
+    # existingClaim: your-claim
+    accessMode: ReadWriteOnce
+    size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    skipuninstall: false
+  books:
+    enabled: true
+    # storageClass: "-"
+    # existingClaim: your-claim
+    # subPath: some-subpath
+    accessMode: ReadWriteOnce
+    size: 10Gi
+    ## Do not delete the pvc upon helm uninstall
+    skipuninstall: false
+  extraExistingClaimMounts: []
+    # - name: external-mount
+    #   mountPath: /srv/external-mount
+    ## A manually managed Persistent Volume and Claim
+    ## If defined, PVC must be created manually before volume will be bound
+    #   existingClaim:
+    #   readOnly: true
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+podAnnotations: {}
+
+deploymentAnnotations: {}

charts/comcast/Chart.yaml

@@ -1,16 +1,17 @@
-apiVersion: v1
+apiVersion: v2
 name: comcast
-version: 1.0.0
+version: 3.0.0
 appVersion: 1.0.0
 description: periodic comcast data usage checks and save the results to InfluxDB
 keywords:
 - comcast
 - influxdb
 - xfinity
-home: https://github.com/billimek/billimek-charts/tree/master/comcast
+home: https://github.com/k8s-at-home/charts/tree/master/charts/comcast
+icon: https://i.imgur.com/iR1dUpp.png
 sources:
 - https://github.com/billimek/comcastUsage-for-influxdb
-- https://github.com/billimek/billimek-charts
+- https://github.com/k8s-at-home/charts
 maintainers:
 - name: billimek
   email: jeff@billimek.com

charts/comcast/README.md

@@ -7,8 +7,8 @@ This tool allows you to run periodic comcast data usage checks and save the resu
 ## TL;DR;
 
 ```console
-$ helm repo add billimek https://billimek.github.io/helm-repo
-$ helm install billimek/comcast
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/comcast
 ```
 
 ## Introduction
@@ -20,7 +20,7 @@ This code is adopted from the work done by [barrycarey](https://github.com/barry
 To install the chart with the release name `my-release`:
 
 ```console
-$ helm install --name my-release billimek/comcast
+$ helm install --name my-release k8s-at-home/comcast
 ```
 ## Uninstalling the Chart
 
@@ -34,7 +34,7 @@ The command removes all the Kubernetes components associated with the chart and
 
 ## Configuration
 
-The configuration is set as a block of text through a configmap and mouted as a file in /src/config.ini Any value in this text block should match the defined Comcast configuration. There are several values here that will have to match our kubernetes configuration.
+The configuration is set as a block of text through a configmap and mounted as a file in /src/config.ini Any value in this text block should match the defined Comcast configuration. There are several values here that will have to match our kubernetes configuration.
 
 ## Configuration
 
@@ -55,22 +55,23 @@ The following tables lists the configurable parameters of the Sentry chart and t
 | `config.influxdb.ssl`                | InfluxDB connection using SSL                | `false`                                                  |
 | `config.comcast.username`            | Comcast website login usernma                | `someuser`                                               |
 | `config.comcast.password`            | Comcast website login password               | `somepassword`                                           |
+| `podAnnotations`                     | Key-value pairs to add as pod annotations    | `{}` |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
 ```console
-$ helm install --name my-release \
+helm install --name my-release \
   --set config.comcast.username=tonystark,config.comcast.password=mypassword \
-    billimek/comcast
+    k8s-at-home/comcast
 ```
 
 Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
 
 ```console
-$ helm install --name my-release -f values.yaml billimek/comcast
+helm install --name my-release -f values.yaml k8s-at-home/comcast
 ```
 
-Read through the [values.yaml](values.yaml) file. It has several commented out suggested values.
+Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/comcast/values.yaml) file. It has several commented out suggested values.
 
 ## InfluxDB metrics
 ```
@@ -80,4 +81,4 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s
 		'total',
 		'unit'
 }
-```
+```

charts/comcast/templates/deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "comcast.fullname" . }}
@@ -13,11 +13,18 @@ spec:
       app: {{ template "comcast.name" . }}
       release: {{ .Release.Name }}
   replicas: {{ default 1 .Values.replicas }}
+  revisionHistoryLimit: 3
   template:
     metadata:
       labels:
         app: {{ template "comcast.name" . }}
         release: {{ .Release.Name }}
+      {{- if .Values.podAnnotations }}
+      annotations:
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
     spec:
       containers:
         - name: {{ .Chart.Name }}

charts/comcast/values.yaml

@@ -20,17 +20,19 @@ resources: {}
 nodeSelector: {}
 debug: false
 config:
-    # how many seconds to wait between checks
-    delay: 3600
-    influxdb:
-        # host/port/database are mandatory - change as needed
-        host: influxdb-influxdb
-        port: 8086
-        database: comcast
-        # username:
-        # password:
-        ssl: false
-    comcast:
-        # username/password are mandatory and must be populated
-        username: someuser
-        password: somepassword
+  # how many seconds to wait between checks
+  delay: 3600
+  influxdb:
+    # host/port/database are mandatory - change as needed
+    host: influxdb-influxdb
+    port: 8086
+    database: comcast
+    # username:
+    # password:
+    ssl: false
+  comcast:
+    # username/password are mandatory and must be populated
+    username: someuser
+    password: somepassword
+
+podAnnotations: {}

charts/common/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/common/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: common
+description: Function library for k8s-at-home charts
+type: library
+version: 1.1.0
+keywords:
+  - k8s-at-home
+  - common
+home: https://github.com/k8s-at-home/charts/tree/master/charts/common
+maintainers:
+  - name: BJW-S
+    email: me@juggels.online

charts/common/README.md

@@ -0,0 +1,30 @@
+# Library chart for k8s@home media charts
+## **THIS CHART IS NOT MEANT TO BE INSTALLED DIRECTLY**
+
+This is a [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between k8s@home charts.
+
+## Introduction
+
+This chart provides common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
+
+## TL;DR
+
+```yaml
+dependencies:
+  - name: common
+    version: 0.x.x
+    repository: https://k8s-at-home.com/charts/
+```
+
+```bash
+$ helm dependency update
+```
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" . }}
+data:
+  myvalue: "Hello World"
+```

charts/common/templates/_all.tpl

@@ -0,0 +1,24 @@
+{{- define "common.all" -}}
+  {{- /* Merge the local chart values and the common chart defaults */ -}}
+  {{- $defaultValues := .Values.common -}}
+  {{- $_ := deepCopy $defaultValues | merge .Values -}}
+  {{- $_ := unset .Values "common" -}}
+  
+  {{- /* Enable OpenVPN VPN add-on if required */ -}}
+  {{- if .Values.addons.vpn.enabled }}
+    {{- include "common.addon.vpn" . }}
+  {{- end -}}
+
+  {{- /* Build the templates */ -}}
+  {{- include "common.pvc" . }}
+  {{- print "---" | nindent 0 -}}
+  {{- if eq .Values.controllerType "statefulset" }}
+    {{- include "common.statefulset" . | nindent 0 }}
+  {{ else }}
+    {{- include "common.deployment" . | nindent 0 }}
+  {{- end -}}
+  {{- print "---" | nindent 0 -}}
+  {{ include "common.service" . | nindent 0 }}
+  {{- print "---" | nindent 0 -}}
+  {{ include "common.ingress" .  | nindent 0 }}
+{{- end -}}

charts/common/templates/_deployment.tpl

@@ -0,0 +1,62 @@
+{{- define "common.deployment" -}}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels:
+  {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.controllerLabels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.controllerAnnotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+    {{- include "common.labels.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+      {{- include "common.labels.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.initContainers }}
+      initContainers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      {{- include "common.controller.mainContainer" . | nindent 6 }}
+      {{- with .Values.additionalContainers }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+
+      volumes:
+      {{- include "common.controller.volumes" . | trim | nindent 6 }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+{{- end }}

charts/common/templates/_ingress.tpl

@@ -0,0 +1,25 @@
+{{- define "common.ingress" -}}
+  {{- if .Values.ingress.enabled -}}
+    {{- $svcPort := .Values.service.port.port -}}
+
+    {{- /* Generate primary ingress */ -}}
+    {{- $ingressValues := .Values.ingress -}}
+    {{- $_ := set $ingressValues "svcPort" $svcPort -}}
+    {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}}
+    {{- include "common.classes.ingress" . }}
+
+    {{- /* Generate additional ingresses as required */ -}}
+    {{- range $index, $extraIngress := .Values.ingress.additionalIngresses }}
+      {{- if $extraIngress.enabled -}}
+        {{- print ("---") | nindent 0 -}}
+        {{- $ingressValues := $extraIngress -}}
+        {{- $_ := set $ingressValues "svcPort" $svcPort -}}
+        {{- if not $ingressValues.nameSuffix -}}
+          {{- $_ := set $ingressValues "nameSuffix" $index -}}
+        {{ end -}}
+        {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
+        {{- include "common.classes.ingress" $ -}}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/common/templates/_notes.tpl

@@ -0,0 +1,25 @@
+{{/*
+Default NOTES.txt content.
+*/}}
+{{- define "common.notes.defaultNotes" -}}
+{{- $svcPort := .Values.service.port.port -}}
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }}{{ (first .paths).path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ include "common.names.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ $svcPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:{{ $svcPort }}
+{{- end }}
+{{- end }}

charts/common/templates/_pvc.tpl

@@ -0,0 +1,14 @@
+{{- define "common.pvc" -}}
+  {{- /* Generate pvc as required */ -}}
+  {{- range $index, $PVC := .Values.persistence }}
+    {{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}}
+      {{- $persistenceValues := $PVC -}}
+      {{- if not $persistenceValues.nameSuffix -}}
+        {{- $_ := set $persistenceValues "nameSuffix" $index -}}
+      {{- end -}}
+      {{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}}
+      {{- print ("---") | nindent 0 -}}
+      {{- include "common.classes.pvc" $ -}}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/common/templates/_service.tpl

@@ -0,0 +1,19 @@
+{{- define "common.service" -}}
+  {{- if .Values.service.enabled -}}
+    {{- /* Generate primary service */ -}}
+    {{- include "common.classes.service" . }}
+
+    {{- /* Generate additional services as required */ -}}
+    {{- range $index, $extraService := .Values.service.additionalServices }}
+      {{- if $extraService.enabled -}}
+        {{- print ("---") | nindent 0 -}}
+        {{- $serviceValues := $extraService -}}
+        {{- if not $serviceValues.nameSuffix -}}
+          {{- $_ := set $serviceValues "nameSuffix" $index -}}
+        {{ end -}}
+        {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
+        {{- include "common.classes.service" $ -}}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/common/templates/_statefulset.tpl

@@ -0,0 +1,63 @@
+{{- define "common.statefulset" -}}
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels:
+  {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.controllerLabels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.controllerAnnotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+    {{- include "common.labels.selectorLabels" . | nindent 6 }}
+  serviceName: {{ include "common.names.fullname" . }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+      {{- include "common.labels.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.initContainers }}
+      initContainers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      {{- include "common.controller.mainContainer" . | nindent 6 }}
+      {{- with .Values.additionalContainers }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+
+      volumes:
+      {{- include "common.controller.volumes" . | trim | nindent 6 }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+{{- end }}

charts/common/templates/addons/vpn/_configmap.tpl

@@ -0,0 +1,26 @@
+{{/*
+The OpenVPN configmaps to be included
+*/}}
+{{- define "common.addon.vpn.configmap" -}}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "common.names.fullname" . }}-vpn
+  labels:
+  {{- include "common.labels" . | nindent 4 }}
+data:
+{{- with .Values.addons.vpn.configFile }}
+  vpnConfigfile: |-
+    {{- . | nindent 4}}
+{{- end }}
+{{- with .Values.addons.vpn.scripts.up }}
+  up.sh: |-
+    {{- . | nindent 4}}
+{{- end }}
+{{- with .Values.addons.vpn.scripts.down }}
+  down.sh: |-
+    {{- . | nindent 4}}
+{{- end }}
+{{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/_networkpolicy.tpl

@@ -0,0 +1,21 @@
+{{/*
+The OpenVPN networkpolicy to be included
+*/}}
+{{- define "common.addon.vpn.networkpolicy" -}}
+{{- if .Values.addons.vpn.networkPolicy.enabled -}}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ template "common.names.fullname" . }}
+spec:
+  podSelector:
+    matchLabels:
+    {{- include "common.labels.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Egress
+  egress:
+  {{- with .Values.addons.vpn.networkPolicy.egress }} 
+    {{- . | toYaml | nindent 4 }}
+  {{- end -}}
+{{- end -}}
+{{- end -}}