[flood] new chart (#184)

* Add jvmInitHeapSize and jvmMaxHeapSize which are passed on
  to the container as env vars

* Bump version, no change in default behaviour

* Update README.md with new configuration parameters

Signed-off-by: Thomas Ingvarsson <ingvarsson.thomas@gmail.com>

charts/common/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: Function library for k8s-at-home charts
 type: library
-version: 1.5.0
+version: 1.5.1
 keywords:
   - k8s-at-home
   - common

charts/common/templates/classes/_service.tpl

@@ -1,3 +1,6 @@
+{{/*
+service class: all services should adhere to this
+*/}}
 {{- define "common.classes.service" -}}
 {{- $values := .Values.service -}}
 {{- if hasKey . "ObjectValues" -}}
@@ -9,7 +12,7 @@
 {{- if hasKey $values "nameSuffix" -}}
   {{- $serviceName = printf "%v-%v" $serviceName $values.nameSuffix -}}
 {{ end -}}
-{{- $svcType := $values.type -}}
+{{- $svcType := $values.type | default "" -}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -58,17 +61,7 @@ spec:
   {{- if $values.publishNotReadyAddresses }}
   publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }}
   {{- end }}
-  ports:
-    - port: {{ $values.port.port }}
-      targetPort: {{ $values.port.targetPort }}
-      protocol: {{ $values.port.protocol }}
-      name: {{ $values.port.name }}
-      {{- if (and (eq $svcType "NodePort") (not (empty $values.port.nodePort))) }}
-      nodePort: {{ $values.port.nodePort }}
-      {{ end }}
-    {{- with $values.additionalPorts }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}
+  {{- include "common.classes.service.ports" (dict "svcType" $svcType "values" $values ) | trim | nindent 2 }}
   selector:
     {{- include "common.labels.selectorLabels" . | nindent 4 }}
 {{- end }}

charts/common/templates/classes/_service_ports.tpl

@@ -0,0 +1,23 @@
+{{/*
+logic that lists the ports and additionalPorts for a service
+*/}}
+{{- define "common.classes.service.ports" -}}
+  {{- $ports := list -}}
+  {{- $values := .values -}}
+  {{- $ports = mustAppend $ports $values.port -}}
+  {{- range $_ := $values.additionalPorts -}}
+    {{- $ports = mustAppend $ports . -}}
+  {{- end }}
+  {{- if $ports -}}
+  ports:
+  {{- range $_ := $ports }}
+  - port: {{ .port }}
+    targetPort: {{ .targetPort | default .name }}
+    protocol: {{ .protocol | default "TCP" }}
+    name: {{ .name }}
+    {{- if (and (eq $.svcType "NodePort") (not (empty .nodePort))) }}
+    nodePort: {{ .nodePort }}
+    {{ end }}
+  {{- end -}}
+  {{- end -}}
+{{- end }}

charts/common/templates/lib/controller/_container.tpl

@@ -1,4 +1,6 @@
-{{- /* The main containter that will be included in the controller */ -}}
+{{- /*
+The main containter that will be included in the controller 
+*/ -}}
 {{- define "common.controller.mainContainer" -}}
 - name: {{ template "common.names.fullname" . }}
   image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -14,15 +16,7 @@
     value: {{ $value | quote }}
   {{- end }}
   {{- end }}
-  ports:
-  - name: {{ .Values.service.port.name }}
-    containerPort: {{ .Values.service.port.port }}
-    protocol: {{ .Values.service.port.protocol }}
-  {{- range $port := .Values.service.additionalPorts }}
-  - name: {{ $port.name }}
-    containerPort: {{ $port.port }}
-    protocol: {{ $port.protocol }}
-  {{- end }}
+  {{- include "common.controller.ports" . | trim | nindent 2 }}
   volumeMounts:
   {{- range $index, $PVC := .Values.persistence }}
   {{- if $PVC.enabled }}

charts/common/templates/lib/controller/_ports.tpl

@@ -0,0 +1,36 @@
+{{/*
+ports included by the controller
+*/}}
+{{- define "common.controller.ports" -}}
+  {{- $ports := list -}}
+  {{- with .Values.service -}}
+    {{- $serviceValues := deepCopy . -}}
+    {{/* append the ports for the main service */}}
+    {{- if .enabled -}}
+      {{- $ports = mustAppend $ports .port -}}
+      {{- range $_ := .additionalPorts -}}
+        {{/* append the additonalPorts for the main service */}}
+        {{- $ports = mustAppend $ports . -}}
+      {{- end }}
+    {{- end }}
+    {{/* append the ports for each additional service */}}
+    {{- range $_ := .additionalServices }}
+      {{- if .enabled -}}
+        {{- $ports = mustAppend $ports .port -}}
+        {{- range $_ := .additionalPorts -}}
+          {{/* append the additonalPorts for each additional service */}}
+          {{- $ports = mustAppend $ports . -}}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{/* export/render the list of ports */}}
+  {{- if $ports -}}
+  ports:
+  {{- range $_ := $ports }}
+  - name: {{ required "Missing port.name" .name }}
+    containerPort: {{ required "Missing port.port" .port }}
+    protocol: {{ .protocol | default "TCP" }}
+  {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/ddclient/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/ddclient/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+appVersion: 3.9.1
+description: Perl client used to update dynamic DNS entries for accounts on Dynamic DNS Network Service Providers
+name: ddclient
+version: 1.0.0
+keywords:
+  - ddclient
+  - dns
+home: https://github.com/ddclient/ddclient
+icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/ddclient-logo.png
+sources:
+  - https://github.com/ddclient/ddclient
+  - https://hub.docker.com/r/linuxserver/ddclient
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.1

charts/ddclient/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek

charts/ddclient/README.md

@@ -0,0 +1,59 @@
+# ddclient
+
+This is a helm chart for [ddclient](https://github.com/ddclient/ddclient).
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/ddclient
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/ddclient
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/ddclient/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install ddclient \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/ddclient
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install ddclient k8s-at-home/ddclient --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.

charts/ddclient/ci/ct-values.yaml

@@ -0,0 +1,7 @@
+service:
+  enabled: false
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false

charts/ddclient/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/ddclient/templates/common.yaml

@@ -0,0 +1,31 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{/* Append the configMap to the additionalVolumes */}}
+{{- define "ddclient.configmap.volume" -}}
+name: ddclient-settings
+configMap:
+  name: {{ template "common.names.fullname" . }}-settings
+{{- end -}}
+
+{{- $volume := include "ddclient.configmap.volume" . | fromYaml -}}
+{{- if $volume -}}
+    {{- $additionalVolumes := append .Values.additionalVolumes $volume }}
+    {{- $_ := set .Values "additionalVolumes" (deepCopy $additionalVolumes) -}}
+{{- end -}}
+
+{{/* Append the configMap volume to the additionalVolumeMounts */}}
+{{- define "ddclient.configmap.volumeMount" -}}
+name: ddclient-settings
+mountPath: /defaults/ddclient.conf
+subPath: ddclient.conf
+{{- end -}}
+
+{{- $volumeMount := include "ddclient.configmap.volumeMount" . | fromYaml -}}
+{{- if $volumeMount -}}
+    {{- $additionalVolumeMounts := append .Values.additionalVolumeMounts $volumeMount }}
+    {{- $_ := set .Values "additionalVolumeMounts" (deepCopy $additionalVolumeMounts) -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "common.all" . }}

charts/ddclient/templates/configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "common.names.fullname" . }}-settings
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+data:
+  ddclient.conf: |
+{{ .Values.config | indent 4 }}

charts/ddclient/values.yaml

@@ -0,0 +1,37 @@
+# Default values for ddclient.
+
+image:
+  repository: linuxserver/ddclient
+  pullPolicy: IfNotPresent
+  tag: version-v3.9.1
+
+env: {}
+  # TZ:
+  # PUID:
+  # PGID:
+
+service:
+  enabled: false
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+
+strategy:
+  type: Recreate
+
+config: |
+  # This is the configuration for ddclient
+  # Inorder for it to function you need to set it up
+  # e.g. this is the config for Cloudflare
+  use=web
+  web=dynamicdns.park-your-domain.com/getip
+  protocol=cloudflare
+  ssl=yes
+  ttl=1
+  login=${CF_EMAIL}
+  password=${CF_GLOBAL_APIKEY}
+  zone=${DOMAIN}.${TLD}
+  ${DOMAIN}.${TLD}

charts/flood/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/flood/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v2
+appVersion: 4.1.1
+description: Flood is a monitoring service for various torrent clients
+name: flood
+version: 1.0.0
+keywords:
+  - flood
+  - rtorrent
+  - qbittorrent
+  - transmission
+home: https://github.com/k8s-at-home/charts/tree/master/charts/flood
+icon: https://raw.githubusercontent.com/jesec/flood/master/flood.svg
+sources:
+  - https://github.com/jesec/flood
+  - https://hub.docker.com/r/jesec/flood
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.1

charts/flood/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek

charts/flood/README.md

@@ -0,0 +1,59 @@
+# flood
+
+This is a helm chart for [flood](https://github.com/jesec/flood).
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/flood
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/flood
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/flood/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install flood \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/flood
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install flood k8s-at-home/flood --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.

charts/flood/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/flood/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/flood/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/flood/values.yaml

@@ -0,0 +1,34 @@
+# Default values for flood.
+
+image:
+  repository: jesec/flood
+  pullPolicy: IfNotPresent
+  tag: 4.1.1
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 3000
+
+env: {}
+  # TZ: UTC
+
+persistence:
+  data:
+    enabled: false
+    emptyDir: false
+    mountPath: /data
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""

charts/node-red/.helmignore

@@ -19,5 +19,6 @@
 .project
 .idea/
 *.tmproj
+.vscode/
 # OWNERS file for Kubernetes
 OWNERS

charts/node-red/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 1.0.6-12
+appVersion: 1.2.5
 description: Node-RED is low-code programming for event-driven applications
 name: node-red
-version: 3.3.0
+version: 4.0.0
 keywords:
   - nodered
   - node-red
@@ -14,5 +14,7 @@ sources:
 maintainers:
   - name: billimek
     email: jeff@billimek.com
-  - name: batazor
-    email: batazor111@gmail.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.1

charts/node-red/OWNERS

@@ -1,6 +1,4 @@
 approvers:
 - billimek
-- batazor
 reviewers:
 - billimek
-- batazor

charts/node-red/README.md

@@ -1,107 +1,79 @@
-# Node-RED
+# Node-Red
 
-Low-code programming for event-driven applications
+This is a helm chart for [Node-Red](https://nodered.org/).
 
 **This chart is not maintained by the Node-RED project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new)**
 
 ## TL;DR;
 
 ```shell
-helm repo add k8s-at-home https://k8s-at-home.com/charts/
-helm install k8s-at-home/node-red
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/node-red
 ```
 
-## Introduction
-
-This code is adopted from the [official node-red docker image](https://hub.docker.com/r/nodered/node-red/) which runs the [Node-RED application](https://nodered.org/)
-
 ## Installing the Chart
 
 To install the chart with the release name `my-release`:
 
-```shell
+```console
 helm install --name my-release k8s-at-home/node-red
 ```
+
 ## Uninstalling the Chart
 
 To uninstall/delete the `my-release` deployment:
 
-```shell
+```console
 helm delete my-release --purge
 ```
 
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
 ## Configuration
-
-The following tables lists the configurable parameters of the Node-RED chart and their default values.
-
-| Parameter                             | Description                                                             | Default                   |
-|:------------------------------------- |:----------------------------------------------------------------------- |:------------------------- |
-| `image.repository`                    | node-red image                                                          | `nodered/node-red`        |
-| `image.tag`                           | node-red image tag                                                      | `1.0.6-12-minimal`        |
-| `image.pullPolicy`                    | node-red image pull policy                                              | `IfNotPresent`            |
-| `strategyType`                        | Specifies the strategy used to replace old Pods by new ones             | `Recreate`                |
-| `serviceAccountName`                  | Service account to run the pod as                                       | ``                        |
-| `probes.liveness.enabled`             | Enable/ disable livenessProbe                                           | `true`                    |
-| `probes.liveness.probePath`           | Set livenessProbe path                                                  | `/`                       |
-| `probes.liveness.initialDelaySeconds` | Set livenessProbe initial delay                                         | 60                        |
-| `probes.liveness.failureThreshold`    | Set livenessProbe failure threshold                                     | 5                         |
-| `probes.liveness.timeoutSeconds`      | Set livenessProbe timeout                                               | 10                        |
-| `probes.readiness.enabled`            | Enable/ disable readinessProbe                                          | `true`                    |
-| `probes.readiness.probePath`          | Set readinessProbe path                                                 | `/`                       |
-| `probes.readiness.initialDelaySeconds`| Set readinessProbe initial delay                                        | 60                        |
-| `probes.readiness.failureThreshold`   | Set readinessProbe failure threshold                                    | 5                         |
-| `probes.readiness.timeoutSeconds`     | Set readinessProbe timeout                                              | 10                        |
-| `probes.startup.enabled`              | Enable/ disable readinessProbe                                          | `false`                   |
-| `probes.startup.probePath`            | Set startupProbe path                                                   | `/`                       |
-| `probes.startup.failureThreshold`     | Set startupProbe failure threshold                                      | 30                        |
-| `probes.startup.periodSeconds`        | Set startupProbe period                                                 | 10                        |
-| `flows`                               | Default flows configuration                                             | `flows.json`              |
-| `safeMode`                            | Setting to true starts Node-RED in safe (not running) mode              | `false`                   |
-| `enableProjects`                      | setting to true starts Node-RED with the projects feature enabled       | `false`                   |
-| `nodeOptions`                         | Node.js runtime arguments                                               | ``                        |
-| `extraEnvs`                           | Extra environment variables which will be appended to the env           | `[]`                      |
-| `timezone`                            | Default timezone                                                        | `UTC`                     |
-| `service.type`                        | Kubernetes service type for the GUI                                     | `ClusterIP`               |
-| `service.port`                        | Kubernetes port where the GUI is exposed                                | `1880`                    |
-| `service.nodePort`                    | Kubernetes nodePort where the GUI is exposed                            | ``                        |
-| `service.annotations`                 | Service annotations for the GUI                                         | `{}`                      |
-| `service.labels`                      | Custom labels                                                           | `{}`                      |
-| `service.loadBalancerIP`              | Loadbalance IP for the GUI                                              | `{}`                      |
-| `service.loadBalancerSourceRanges`    | List of IP CIDRs allowed access to load balancer (if supported)         | None                      |
-| `service.externalTrafficPolicy`       | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster`                 |
-| `ingress.enabled`                     | Enables Ingress                                                         | `false`                   |
-| `ingress.annotations`                 | Ingress annotations                                                     | `{}`                      |
-| `ingress.path`                        | Ingress path                                                            | `/`                       |
-| `ingress.hosts`                       | Ingress accepted hostnames                                              | `chart-example.local`     |
-| `ingress.tls`                         | Ingress TLS configuration                                               | `[]`                      |
-| `persistence.enabled`                 | Use persistent volume to store data                                     | `false`                   |
-| `persistence.size`                    | Size of persistent volume claim                                         | `5Gi`                     |
-| `persistence.existingClaim`           | Use an existing PVC to persist data                                     | `nil`                     |
-| `persistence.storageClass`            | Type of persistent volume claim                                         | `-`                       |
-| `persistence.accessModes`             | Persistence access modes                                                | `ReadWriteOnce`           |
-| `persistence.subPath`                 | Mount a sub dir of the persistent volume                                | `nil`                     |
-| `resources`                           | CPU/Memory resource requests/limits                                     | `{}`                      |
-| `nodeSelector`                        | Node labels for pod assignment                                          | `{}`                      |
-| `tolerations`                         | Toleration labels for pod assignment                                    | `[]`                      |
-| `affinity`                            | Affinity settings for pod assignment                                    | `{}`                      |
-| `podAnnotations`                      | Key-value pairs to add as pod annotations                               | `{}`                      |
-| `deploymentAnnotations`               | Key-value pairs to add as deployment annotations                        | `{}`                      |
-| `hostAliases`                         | Specify /etc/hosts entries                                              | `[]`                      |
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/node-red/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```shell
-helm install --name my-release \
-  --set config.timezone="America/New_York" \
+```console
+helm install node-red \
+  --set env.TZ="America/New_York" \
     k8s-at-home/node-red
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
-```shell
-helm install --name my-release -f values.yaml k8s-at-home/node-red
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install node-red k8s-at-home/node-red --values values.yaml 
 ```
 
-Read through the [values.yaml](values.yaml) file. It has several commented out suggested values.
+These values will be nested as it is a dependency, for example
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 3.x.x to 4.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.

charts/node-red/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/node-red/templates/NOTES.txt

@@ -1,19 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "node-red.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "node-red.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "node-red.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "node-red.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}

charts/node-red/templates/_helpers.tpl

@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "node-red.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "node-red.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "node-red.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/node-red/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/node-red/templates/deployment.yaml

@@ -1,120 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "node-red.fullname" . }}
-  {{- if .Values.deploymentAnnotations }}
-  annotations:
-    {{- range $key, $value := .Values.deploymentAnnotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    helm.sh/chart: {{ include "node-red.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  replicas: 1
-  strategy:
-    type: {{ .Values.strategyType }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "node-red.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "node-red.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-        {{- range $key, $value := .Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-      {{- end }}
-    spec:
-    {{- if .Values.serviceAccountName }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-    {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 1880
-              protocol: TCP
-          {{- if .Values.probes.liveness.enabled }}
-          livenessProbe:
-            httpGet:
-              path: {{ .Values.probes.liveness.probePath }}
-              port: http
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.probes.readiness.enabled }}
-          readinessProbe:
-            httpGet:
-              path: {{ .Values.probes.readiness.probePath }}
-              port: http
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.probes.startup.enabled }}
-          startupProbe:
-            httpGet:
-              path: {{ .Values.probes.startup.probePath }}
-              port: http
-            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
-            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
-          {{- end }}
-          env:
-            - name: FLOWS
-              value: "{{ .Values.flows }}"
-            - name: NODE_RED_ENABLE_SAFE_MODE
-              value: "{{ .Values.safeMode }}"
-            - name: NODE_RED_ENABLE_PROJECTS
-              value: "{{ .Values.enableProjects }}"
-            - name: NODE_OPTIONS
-              value: "{{ .Values.nodeOptions }}"
-            - name: TZ
-              value: "{{ .Values.timezone }}"
-          {{- with .Values.extraEnvs }}
-{{ toYaml . | indent 12 }}
-          {{- end }}
-          volumeMounts:
-            - name: data
-              mountPath: /data
-{{- if .Values.persistence.subPath }}
-              subPath: {{ .Values.persistence.subPath }}
-{{- end }}
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-      volumes:
-        - name: data
-        {{- if .Values.persistence.enabled }}
-          persistentVolumeClaim:
-            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "node-red.fullname" . }}{{- end }}
-        {{- else }}
-          emptyDir: {}
-        {{ end }}
-    {{- if .Values.hostAliases }}
-      hostAliases:
-{{ toYaml .Values.hostAliases | indent 8 }}
-    {{- end }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-      securityContext:
-        fsGroup: 1001

charts/node-red/templates/ingress.yaml

@@ -1,38 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "node-red.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    helm.sh/chart: {{ include "node-red.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}

charts/node-red/templates/pvc.yaml

@@ -1,24 +0,0 @@
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "node-red.fullname" . }}
-  labels:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    helm.sh/chart: {{ include "node-red.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size | quote }}
-{{- if .Values.persistence.storageClass }}
-{{- if (eq "-" .Values.persistence.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/node-red/templates/service.yaml

@@ -1,42 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "node-red.fullname" . }}
-  {{- if .Values.service.annotations }}
-  annotations:
-    {{- toYaml .Values.service.annotations | nindent 4 }}
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    helm.sh/chart: {{ include "node-red.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
-  type: ClusterIP
-{{- else if eq .Values.service.type "LoadBalancer" }}
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-{{- else }}
-  type: {{ .Values.service.type }}
-{{- end }}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{.Values.service.nodePort}}
-{{ end }}
-  selector:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/node-red/values.yaml

@@ -1,132 +1,28 @@
 # Default values for node-red.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# upgrade strategy type (e.g. Recreate or RollingUpdate)
-strategyType: Recreate
 
 image:
   repository: nodered/node-red
-  tag: 1.0.6-12-minimal
   pullPolicy: IfNotPresent
+  tag: 1.2.5
 
-nameOverride: ""
-fullnameOverride: ""
+strategy:
+  type: Recreate
 
-serviceAccountName: ""
-
-# Probes configuration
-# ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-probes:
-  liveness:
-    # Indicates whether the container is running. If the liveness probe fails, the kubelet kills the container
-    # and the container is subjected to its restart policy.
-    enabled: true
-    probePath: /
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    # Indicates whether the container is ready to respond to requests.
-    enabled: true
-    probePath: /
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  startup:
-    # Indicates whether the application within the container is started.
-    # All other probes are disabled if a startup probe is provided, until it succeeds.
-    enabled: false
-    probePath: /
-    failureThreshold: 30
-    periodSeconds: 10
-
-flows: "flows.json"
-safeMode: "false"
-enableProjects: "false"
-# nodeOptions: ""
-extraEnvs: []
-timezone: "UTC"
+# See more environment varaibles in the node-red documentation
+# https://nodered.org/docs/getting-started/docker
+env: {}
+  # TZ:
+  # NODE_OPTIONS:
+  # NODE_RED_ENABLE_PROJECTS:
+  # NODE_RED_ENABLE_SAFE_MODE:
+  # FLOWS:
 
 service:
-  type: ClusterIP
-  port: 1880
-  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  # nodePort:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  ## Use loadBalancerIP to request a specific static IP,
-  ## otherwise leave blank
-  ##
-  loadBalancerIP:
-  # loadBalancerSourceRanges: []
-  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
-  # externalTrafficPolicy: Cluster
-
-hostAliases: []
-  # Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
-  # ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
-  # - ip: "192.168.1.100"
-  #   hostnames:
-  #   - "example.com"
-  #   - "www.example.com"
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+  port:
+    port: 1880
 
 persistence:
-  enabled: false
-  ## node-red data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-  # storageClass: "-"
-  ##
-  ## If you want to reuse an existing claim, you can pass the name of the PVC using
-  ## the existingClaim variable
-  # existingClaim: your-claim
-  accessMode: ReadWriteOnce
-  size: 5Gi
-  ## When mounting the data volume you may specify a subPath
-  # subPath: /configs/node-red
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}
-
-deploymentAnnotations: {}
+  data:
+    enabled: false
+    emptyDir: false
+    mountPath: /data

charts/oauth2-proxy/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+OWNERS

charts/oauth2-proxy/Chart.yaml

@@ -0,0 +1,20 @@
+name: oauth2-proxy
+version: 4.0.0
+apiVersion: v1
+appVersion: 5.1.0
+home: https://pusher.github.io/oauth2_proxy/
+description: A reverse proxy that provides authentication with Google, Github or other providers
+keywords:
+- kubernetes
+- oauth
+- oauth2
+- authentication
+- google
+- github
+sources:
+- https://github.com/pusher/oauth2_proxy
+engine: gotpl
+kubeVersion: ">=1.9.0-0"
+maintainers:
+  - name: carpenike
+    email: ryan@ryanholt.net

charts/oauth2-proxy/README.md

@@ -0,0 +1,170 @@
+# oauth2-proxy
+
+[oauth2-proxy](https://github.com/pusher/oauth2_proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
+
+## TL;DR;
+
+```console
+$ helm install stable/oauth2-proxy
+```
+
+## Introduction
+
+This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install stable/oauth2-proxy --name my-release
+```
+
+The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 1.0.0
+
+This version upgrade oauth2-proxy to v4.0.0. Please see the [changelog](https://github.com/pusher/oauth2_proxy/blob/v4.0.0/CHANGELOG.md#v400) in order to upgrade.
+
+### To 2.0.0
+
+Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`.  See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
+
+Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade`of this chart from versions earlier than 2.0.0.
+
+### To 3.0.0
+
+Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart.  This is a breaking change since the service account is enabled by default.  To disable this behaviour set `serviceAccount.enabled` to `false`
+
+### To 4.0.0
+
+This is a breaking change as the chart was moved to k8s-at-home. No other change on top of the 3.x.x branch.
+
+## Configuration
+
+The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`affinity` | node/pod affinities | None
+`authenticatedEmailsFile.enabled` | Enables authorize individual email addresses | `false`
+`authenticatedEmailsFile.template` | Name of the configmap that is handled outside of that chart | `""`
+`authenticatedEmailsFile.restricted_access` | [email addresses](https://github.com/pusher/oauth2_proxy#email-authentication) list config | `""`
+`config.clientID` | oauth client ID | `""`
+`config.clientSecret` | oauth client secret | `""`
+`config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 | head -c 32 | base64` | `""`
+`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/secret.yaml) for the required values | `nil`
+`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/pusher/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example) contents for settings not overridable via environment nor command line | `""`
+`config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/configmap.yaml) for the required values | `nil`
+`config.google.adminEmail` | user impersonated by the google service account | `""`
+`config.google.serviceAccountJson` | google service account json contents | `""`
+`config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil`
+`extraArgs` | key:value list of extra arguments to give the binary | `{}`
+`extraEnv` | key:value list of extra environment variables to give the binary | `[]`
+`extraVolumes` | list of extra volumes | `[]`
+`extraVolumeMounts` | list of extra volumeMounts | `[]`
+`htpasswdFile.enabled` | enable htpasswd-file option | `false`
+`htpasswdFile.entries` | list of [SHA encrypted user:passwords](https://pusher.github.io/oauth2_proxy/configuration#command-line-options) | `{}`
+`htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""`
+`httpScheme` | `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http`
+`image.pullPolicy` | Image pull policy | `IfNotPresent`
+`image.repository` | Image repository | `quay.io/pusher/oauth2_proxy`
+`image.tag` | Image tag | `v5.1.0`
+`imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods)
+`ingress.enabled` | Enable Ingress | `false`
+`ingress.path` | Ingress accepted path | `/`
+`ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`
+`ingress.annotations` | Ingress annotations | `nil`
+`ingress.hosts` | Ingress accepted hostnames | `nil`
+`ingress.tls` | Ingress TLS configuration | `nil`
+`livenessProbe.enabled`  | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`livenessProbe.initialDelaySeconds` | number of seconds | 0
+`livenessProbe.timeoutSeconds` | number of seconds | 1
+`nodeSelector` | node labels for pod assignment | `{}`
+`podAnnotations` | annotations to add to each pod | `{}`
+`podLabels` | additional labesl to add to each pod | `{}`
+`podDisruptionBudget.enabled`| Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true
+`podDisruptionBudget.minAvailable`| minAvailable parameter for PodDisruptionBudget | 1
+`podSecurityContext` | Kubernetes security context to apply to pod | `{}`
+`priorityClassName` | priorityClassName | `nil`
+`readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`readinessProbe.initialDelaySeconds` | number of seconds | 0
+`readinessProbe.timeoutSeconds` | number of seconds | 1
+`readinessProbe.periodSeconds` | number of seconds | 10
+`readinessProbe.successThreshold` | number of successes | 1
+`replicaCount` | desired number of pods | `1`
+`resources` | pod resource requests & limits | `{}`
+`service.port` | port for the service | `80`
+`service.type` | type of service | `ClusterIP`
+`service.clusterIP` | cluster ip address | `nil`
+`service.loadBalancerIP` | ip of load balancer | `nil`
+`service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil`
+`serviceAccount.enabled` | create a service account | `true`
+`serviceAccount.name` | the service account name | ``
+`serviceAccount.annotations` | (optional) annotations for the service account | `{}`
+`tolerations` | list of node taints to tolerate | `[]`
+`securityContext.enabled` | enable Kubernetes security context on container | `false`
+`securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
+`proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install stable/oauth2-proxy --name my-release \
+  --set=image.tag=v0.0.2,resources.limits.cpu=200m
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install stable/oauth2-proxy --name my-release -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## SSL Configuration
+
+See: [SSL Configuration](https://pusher.github.io/oauth2_proxy/tls-configuration).
+Use ```values.yaml``` like:
+
+```yaml
+...
+extraArgs:
+  tls-cert: /path/to/cert.pem
+  tls-key: /path/to/cert.key
+
+extraVolumes:
+  - name: ssl-cert
+    secret:
+      secretName: my-ssl-secret
+
+extraVolumeMounts:
+  - mountPath: /path/to/
+    name: ssl-cert
+...
+```
+
+With a secret called `my-ssl-secret`:
+
+```yaml
+...
+data:
+  cert.pem: AB..==
+  cert.key: CD..==
+```

charts/oauth2-proxy/ci/default-values.yaml

@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.

charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml

@@ -0,0 +1,6 @@
+ingress:
+  extraPaths:
+  - path: /*
+    backend:
+      serviceName: ssl-redirect
+      servicePort: use-annotation

charts/oauth2-proxy/ci/pdb-values.yaml

@@ -0,0 +1 @@
+replicaCount: 2  # Enables PodDisruptionBudget which is disabled when replicaCount is 1

charts/oauth2-proxy/ci/pod-security-context-values.yaml

@@ -0,0 +1,4 @@
+# Allocate a FSGroup that owns the pod’s volumes via podSecurityContext
+---
+podSecurityContext:
+  fsGroup: 2000

charts/oauth2-proxy/default-values.yaml

@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.

charts/oauth2-proxy/pdb-values.yaml

@@ -0,0 +1,2 @@
+# Will trigger creation of pdb
+replicaCount: 2

charts/oauth2-proxy/templates/NOTES.txt

@@ -0,0 +1,3 @@
+To verify that oauth2-proxy has started, run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.fullname" . }}"

charts/oauth2-proxy/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "unifi-poller.name" -}}
+{{- define "oauth2-proxy.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "unifi-poller.fullname" -}}
+{{- define "oauth2-proxy.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,29 +27,27 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "unifi-poller.chart" -}}
+{{- define "oauth2-proxy.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
-Common labels
+Get the secret name.
 */}}
-{{- define "unifi-poller.labels" -}}
-app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-helm.sh/chart: {{ include "unifi-poller.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- define "oauth2-proxy.secretName" -}}
+{{- if .Values.config.existingSecret -}}
+{{- printf "%s" .Values.config.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "oauth2-proxy.fullname" .) -}}
+{{- end -}}
 {{- end -}}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "unifi-poller.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "unifi-poller.fullname" .) .Values.serviceAccount.name }}
+{{- define "oauth2-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+    {{ default (include "oauth2-proxy.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}

charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.authenticatedEmailsFile.enabled }}
+{{- if .Values.authenticatedEmailsFile.restricted_access }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+data:
+  restricted_user_access: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/templates/configmap-htpasswd-file.yaml

@@ -0,0 +1,17 @@
+{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+type: Opaque
+stringData:
+  users.txt: |-
+    {{- range $entries := .Values.htpasswdFile.entries }}
+    {{ $entries }}
+    {{- end -}}
+{{- end }}

charts/oauth2-proxy/templates/configmap.yaml

@@ -0,0 +1,15 @@
+{{- if not .Values.config.existingConfig }}
+{{- if .Values.config.configFile }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+data:
+  oauth2_proxy.cfg: {{ .Values.config.configFile | quote }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/templates/deployment.yaml

@@ -0,0 +1,206 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "oauth2-proxy.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }}
+{{- if .Values.htpasswdFile.enabled }}
+        checksum/htpasswd: {{ include (print $.Template.BasePath "/configmap-htpasswd-file.yaml") . | sha256sum }}
+{{- end }}
+    {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+    {{- end }}
+      labels:
+        app: {{ template "oauth2-proxy.name" . }}
+        release: "{{ .Release.Name }}"
+      {{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+    {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --http-address=0.0.0.0:4180
+        {{- range $key, $value := .Values.extraArgs }}
+          {{- if $value }}
+          - --{{ $key }}={{ $value }}
+          {{- else }}
+          - --{{ $key }}
+          {{- end }}
+        {{- end }}
+        {{- if or .Values.config.existingConfig .Values.config.configFile }}
+          - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
+        {{- end }}
+        {{- if .Values.authenticatedEmailsFile.enabled }}
+        {{- if .Values.authenticatedEmailsFile.template }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }}
+        {{- else }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list
+        {{- end }}
+        {{- end }}
+        {{- with .Values.config.google }}
+        {{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+          - --google-admin-email={{ .adminEmail }}
+          - --google-service-account-json=/google/service-account.json
+        {{- end }}
+        {{- end }}
+        {{- if .Values.htpasswdFile.enabled }}
+          - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt
+        {{- end }}
+        env:
+        {{- if .Values.proxyVarsAsSecrets }}
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-id
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-secret
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: cookie-secret
+        {{- end }}
+        {{- if .Values.extraEnv }}
+{{ toYaml .Values.extraEnv | indent 8 }}
+        {{- end }}
+        ports:
+          - containerPort: 4180
+            name: {{ .Values.httpScheme }}
+            protocol: TCP
+{{- if .Values.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+{{- end }}
+{{- if .Values.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.readinessProbe.successThreshold }}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+{{- end }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        volumeMounts:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+        - name: google-secret
+          mountPath: /google
+          readOnly: true
+{{- end }}
+{{- end }}
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+        - mountPath: /etc/oauth2_proxy
+          name: configmain
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+        - mountPath: /etc/oauth2-proxy
+          name: configaccesslist
+          readOnly: true
+{{- end }}
+{{- if .Values.htpasswdFile.enabled }}
+        - mountPath: /etc/oauth2_proxy/htpasswd
+          name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+          readOnly: true
+{{- end }}
+{{- if ne (len .Values.extraVolumeMounts) 0 }}
+{{ toYaml .Values.extraVolumeMounts | indent 8 }}
+{{- end }}
+{{- if .Values.securityContext.enabled }}
+        securityContext:
+          runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
+{{- end}}
+      volumes:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+      - name: google-secret
+        secret:
+          secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" $ }}{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.htpasswdFile.enabled }}
+      - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+        secret:
+          secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }}
+{{- end }}
+
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+      - configMap:
+          defaultMode: 420
+          name: {{ if .Values.config.existingConfig }}{{ .Values.config.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}{{ end }}
+        name: configmain
+{{- end }}
+{{- if ne (len .Values.extraVolumes) 0 }}
+{{ toYaml .Values.extraVolumes | indent 6 }}
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+      - configMap:
+{{- if .Values.authenticatedEmailsFile.template }}
+          name: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+          name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+          items:
+          - key: restricted_user_access
+{{- if .Values.authenticatedEmailsFile.template }}
+            path: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+            path: authenticated-emails-list
+{{- end }}
+        name: configaccesslist
+{{- end }}
+
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+    {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+    {{- end }}
+    {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+    {{- end }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}

charts/oauth2-proxy/templates/google-secret.yaml

@@ -0,0 +1,14 @@
+{{- if and .Values.config.google (not .Values.config.google.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-google
+type: Opaque
+data:
+  service-account.json: {{ .serviceAccountJson }}
+{{- end -}}

charts/oauth2-proxy/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "oauth2-proxy.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  rules:
+    {{- range $host := .Values.ingress.hosts }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+    {{- end -}}
+  {{- if .Values.ingress.tls }}
+  tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+  {{- end -}}
+{{- end -}}

charts/oauth2-proxy/templates/poddisruptionbudget.yaml

@@ -0,0 +1,17 @@
+{{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "oauth2-proxy.name" . }}
+      release: {{ .Release.Name }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}

charts/oauth2-proxy/templates/secret.yaml

@@ -0,0 +1,16 @@
+{{- if and (not .Values.config.existingSecret) (.Values.proxyVarsAsSecrets) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+type: Opaque
+data:
+  cookie-secret: {{ .Values.config.cookieSecret | b64enc | quote }}
+  client-secret: {{ .Values.config.clientSecret | b64enc | quote }}
+  client-id: {{ .Values.config.clientID | b64enc | quote }}
+{{- end -}}

charts/oauth2-proxy/templates/service.yaml

@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- if .Values.service.annotations }}
+  annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+  type: ClusterIP
+  {{- if .Values.service.clusterIP }}
+  clusterIP: {{ .Values.service.clusterIP }}
+  {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+{{- else }}
+  type: {{ .Values.service.type }}
+{{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.httpScheme }}
+      protocol: TCP
+      name: {{ .Values.httpScheme }}
+  selector:
+    app: {{ template "oauth2-proxy.name" . }}
+    release: {{ .Release.Name }}

charts/oauth2-proxy/templates/serviceaccount.yaml

@@ -0,0 +1,15 @@
+{{- if or .Values.serviceAccount.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- end -}}

charts/oauth2-proxy/values.yaml

@@ -0,0 +1,184 @@
+# Oauth client configuration specifics
+config:
+  # OAuth client ID
+  clientID: "XXXXXXX"
+  # OAuth client secret
+  clientSecret: "XXXXXXXX"
+  # Create a new secret with the following command
+  # openssl rand -base64 32 | head -c 32 | base64
+  # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
+  # Example:
+  # existingSecret: secret
+  cookieSecret: "XXXXXXXXXX"
+  google: {}
+    # adminEmail: xxxx
+    # serviceAccountJson: xxxx
+    # Alternatively, use an existing secret (see google-secret.yaml for required fields)
+    # Example:
+    # existingSecret: google-secret
+  # Default configuration, to be overridden
+  configFile: |-
+    email_domains = [ "*" ]
+    upstreams = [ "file:///dev/null" ]
+  # Custom configuration file: oauth2_proxy.cfg
+  # configFile: |-
+  #   pass_basic_auth = false
+  #   pass_access_token = true
+  # Use an existing config map (see configmap.yaml for required fields)
+  # Example:
+  # existingConfig: config
+
+image:
+  repository: "quay.io/pusher/oauth2_proxy"
+  tag: "v5.1.0"
+  pullPolicy: "IfNotPresent"
+
+# Optionally specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+# imagePullSecrets:
+  # - name: myRegistryKeySecretName
+
+extraArgs: {}
+extraEnv: []
+
+# To authorize individual email addresses
+# That is part of extraArgs but since this needs special treatment we need to do a separate section
+authenticatedEmailsFile:
+  enabled: false
+  # template is the name of the configmap what contains the email user list but has been configured without this chart.
+  # It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service.
+  # Be aware the value name in the extern config map in data needs to be named to "restricted_user_access".
+  template: ""
+  # One email per line
+  # example:
+  # restricted_access: |-
+  #   name1@domain
+  #   name2@domain
+  # If you override the config with restricted_access it will configure a user list within this chart what takes care of the
+  # config map resource.
+  restricted_access: ""
+
+service:
+  type: ClusterIP
+  # when service.type is ClusterIP ...
+  # clusterIP: 192.0.2.20
+  # when service.type is LoadBalancer ...
+  # loadBalancerIP: 198.51.100.40
+  # loadBalancerSourceRanges: 203.0.113.0/24
+  port: 80
+  annotations: {}
+  # foo.io/bar: "true"
+
+## Create or use ServiceAccount
+serviceAccount:
+  ## Specifies whether a ServiceAccount should be created
+  enabled: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  name:
+  annotations: {}
+
+ingress:
+  enabled: false
+  path: /
+  # Used to create an Ingress record.
+  # hosts:
+    # - chart-example.local
+  # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
+  # extraPaths:
+  # - path: /*
+  #   backend:
+  #     serviceName: ssl-redirect
+  #     servicePort: use-annotation
+  # annotations:
+  #   kubernetes.io/ingress.class: nginx
+  #   kubernetes.io/tls-acme: "true"
+  # tls:
+    # Secrets must be manually created in the namespace.
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+
+resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 300Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 300Mi
+
+extraVolumes: []
+  # - name: ca-bundle-cert
+  #   secret:
+  #     secretName: <secret-name>
+
+extraVolumeMounts: []
+  # - mountPath: /etc/ssl/certs/
+  #   name: ca-bundle-cert
+
+priorityClassName: ""
+
+# Affinity for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+# affinity: {}
+
+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
+proxyVarsAsSecrets: true
+
+# Configure Kubernetes liveness and readiness probes.
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 0
+  timeoutSeconds: 1
+
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 0
+  timeoutSeconds: 1
+  periodSeconds: 10
+  successThreshold: 1
+
+# Configure Kubernetes security context for container
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext:
+  enabled: false
+  runAsNonRoot: true
+
+podAnnotations: {}
+podLabels: {}
+replicaCount: 1
+
+## PodDisruptionBudget settings
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+podDisruptionBudget:
+  enabled: true
+  minAvailable: 1
+
+# Configure Kubernetes security context for pod
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+podSecurityContext: {}
+
+# whether to use http or https
+httpScheme: http
+
+# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption.
+# Alternatively supply an existing secret which contains the required information.
+htpasswdFile:
+  enabled: false
+  existingSecret: ""
+  entries: {}
+  # One row for each user
+  # example:
+  # entries:
+  #  - testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv

charts/plex-media-server/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/plex-media-server/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+appVersion: 1.20.4.3517-ab5e1197c
+description: Plex Media Server
+name: plex-media-server
+version: 0.0.1
+keywords:
+  - plex
+  - plex-media-server
+home: https://plex.tv/
+icon: https://www.plex.tv/wp-content/uploads/2018/01/pmp-icon-1.png
+sources:
+  - https://github.com/k8s-at-home/charts/tree/master/charts/plex
+  - https://hub.docker.com/r/plexinc/pms-docker/
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.1

charts/plex-media-server/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek

charts/plex-media-server/README.md

@@ -0,0 +1,5 @@
+# plex-media-server
+
+**Do not use this chart, this is currently for testing bringing in the common library and using the k8s-at-home container image**
+
+Be sure to use the [plex](https://github.com/k8s-at-home/charts/tree/master/charts/plex) chart instead.

charts/plex-media-server/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/plex-media-server/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/plex-media-server/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/plex-media-server/values.yaml

@@ -0,0 +1,75 @@
+# Default values for zwave2mqtt.
+
+image:
+  repository: k8sathome/plex-media-server
+  pullPolicy: IfNotPresent
+  tag: v1.20.4.3517-ab5e1197c
+
+strategy:
+  type: Recreate
+
+env: {}
+  # TZ:
+
+service:
+  port:
+    port: 32400
+
+# securityContext:
+#   privileged: true
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+    mountPath: /config
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""
+
+  transcode:
+    enabled: false
+    emptyDir: false
+    mountPath: /transcode
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""
+
+# # Path to your intel gpu device in the container
+# additionalVolumeMounts:
+#   - name: intel-gpu
+#     mountPath: /dev/dri
+
+# # Path to yourintel gpu device on the host
+# additionalVolumes:
+#   - name: intel-gpu
+#     hostPath:
+#       path: /dev/dri
+
+# affinity:
+#   nodeAffinity:
+#     requiredDuringSchedulingIgnoredDuringExecution:
+#       nodeSelectorTerms:
+#       - matchExpressions:
+#         - key: kubernetes.io/hostname
+#           operator: In
+#           values:
+#           - k8s-worker-a

charts/plex/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.20.2.3402
 description: Plex Media Server
 name: plex
-version: 2.0.4
+version: 2.1.0
 keywords:
   - plex
 home: https://plex.tv/

charts/plex/templates/deployment.yaml

@@ -230,6 +230,9 @@ spec:
           {{ end }}
           {{-  range .Values.persistence.extraData }}
           - mountPath: "/data-{{ .name }}"
+          {{- if .subPath }}
+            subPath: {{ .subPath }}
+          {{ end }}
             name: "extradata-{{ .name }}"
           {{- end }}
           {{-  range .Values.persistence.extraMounts }}
@@ -238,6 +241,9 @@ spec:
           {{- else }}
           - mountPath: /{{ .name }}
           {{- end }}
+          {{- if .subPath }}
+            subPath: {{ .subPath }}
+          {{ end }}
             name: {{ .name }}
           {{- end }}
           - name: shared
@@ -300,9 +306,11 @@ spec:
 {{- end }}
 {{- end }}
 {{- range .Values.persistence.extraMounts }}
+  {{- if .claimName }}
       - name: {{ .name }}
         persistentVolumeClaim:
           claimName: {{ .claimName }}
+  {{- end }}        
 {{- end }}
       - name: shared
         emptyDir: {}

charts/plex/values.yaml

@@ -210,6 +210,7 @@ persistence:
     # with the additional field 'name'
     # - claimName: "special-tv"
     #   name: 'foo'
+    #   subPath: optional/sub/path
 
   extraMounts: []
   ## Include additional claims that can be mounted inside the
@@ -217,8 +218,11 @@ persistence:
   ## Claim will me mounted as /{mountPath} if specified. If no {mountPath} is given,
   ## mountPath will default to {name}
   # - name: video
-  #   claimName: video-claim
+  #   # if claimName is specified the a new volume will mounted, if omitted the mount will be considered to be associated with one of the standard volumes (e.g data, config, transcode).
+  #   # This useful to mount data to a different subPath
+  #   claimName: optional-claim
   #   mountPath: /mnt/path/in/pod
+  #   subPath: optional/sub/path
 
   config:
     # Optionally specify claimName to manually override the PVC to be used for

charts/unifi-poller/.helmignore

@@ -20,3 +20,5 @@
 .idea/
 *.tmproj
 .vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/unifi-poller/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.0.1
 description: Collect ALL UniFi Controller, Site, Device & Client Data - Export to InfluxDB or Prometheus
 name: unifi-poller
-version: 2.0.1
+version: 3.0.0
 keywords:
   - unifi
   - unifi-poller
@@ -14,3 +14,7 @@ sources:
 maintainers:
   - name: billimek
     email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.0

charts/unifi-poller/OWNERS

@@ -1,4 +1,4 @@
 approvers:
 - billimek
 reviewers:
-- billimek
+- billimek

charts/unifi-poller/README.md

@@ -1,10 +1,6 @@
 # unifi-poller
 
-This is an opinionated helm chart for [unifi-poller](https://github.com/unifi-poller/unifi-poller)
-
-Collect ALL UniFi Controller, Site, Device & Client Data - Export to InfluxDB or Prometheus
-
-The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
+This is a helm chart for [unifi-poller](https://github.com/unifi-poller/unifi-poller).
 
 ## TL;DR;
 
@@ -18,32 +14,63 @@ $ helm install k8s-at-home/unifi-poller
 To install the chart with the release name `my-release`:
 
 ```console
-helm install --name unifi-poller k8s-at-home/unifi-poller
+helm install --name my-release k8s-at-home/unifi-poller
 ```
 
 ## Uninstalling the Chart
 
-To uninstall/delete the `unifi-poller` deployment:
+To uninstall/delete the `my-release` deployment:
 
 ```console
-helm delete unifi-poller --purge
+helm delete my-release --purge
 ```
 
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
 ## Configuration
-
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/unifi-poller/values.yaml) file. It has several commented out suggested values.
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/unifi-poller/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
 ```console
-helm install --name unifi-poller \
+helm install unifi-poller \
+  --set env.TZ="America/New_York" \
     k8s-at-home/unifi-poller
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
 ```console
-helm install --name unifi-poller -f values.yaml stable/unifi-poller
+helm install unifi-poller k8s-at-home/unifi-poller --values values.yaml 
 ```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.

charts/unifi-poller/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: false

charts/unifi-poller/templates/NOTES.txt

@@ -1,21 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "unifi-poller.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "unifi-poller.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "unifi-poller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "unifi-poller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:9130 to use your application"
-  kubectl port-forward $POD_NAME 9130:80
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}

charts/unifi-poller/templates/common.yaml

@@ -0,0 +1,31 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{/* Append the configMap to the additionalVolumes */}}
+{{- define "unifi-poller.configmap.volume" -}}
+name: unifi-poller-settings
+configMap:
+  name: {{ template "common.names.fullname" . }}-settings
+{{- end -}}
+
+{{- $volume := include "unifi-poller.configmap.volume" . | fromYaml -}}
+{{- if $volume -}}
+    {{- $additionalVolumes := append .Values.additionalVolumes $volume }}
+    {{- $_ := set .Values "additionalVolumes" (deepCopy $additionalVolumes) -}}
+{{- end -}}
+
+{{/* Append the configMap volume to the additionalVolumeMounts */}}
+{{- define "unifi-poller.configmap.volumeMount" -}}
+name: unifi-poller-settings
+mountPath: /config/unifi-poller.yaml
+subPath: unifi-poller.yaml
+{{- end -}}
+
+{{- $volumeMount := include "unifi-poller.configmap.volumeMount" . | fromYaml -}}
+{{- if $volumeMount -}}
+    {{- $additionalVolumeMounts := append .Values.additionalVolumeMounts $volumeMount }}
+    {{- $_ := set .Values "additionalVolumeMounts" (deepCopy $additionalVolumeMounts) -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "common.all" . }}

charts/unifi-poller/templates/configmap.yaml

@@ -1,9 +1,11 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "unifi-poller.fullname" . }}
+  name: {{ template "common.names.fullname" . }}-settings
   labels:
-{{ include "unifi-poller.labels" . | indent 4 }}
+    {{- include "common.labels" . | nindent 4 }}
 data:
-  up.yaml: {{ .Values.config | toYaml | quote }}
-
+  unifi-poller.yaml: |
+  {{- with .Values.config }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}

charts/unifi-poller/templates/deployment.yaml

@@ -1,70 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "unifi-poller.fullname" . }}
-  labels:
-{{ include "unifi-poller.labels" . | indent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      annotations:
-        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-      labels:
-        app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-    {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      serviceAccountName: {{ template "unifi-poller.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-            - "-c"
-            - "/etc/unifi-poller/up.yaml"
-          ports:
-            - name: http
-              containerPort: 9130
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
-          volumeMounts:
-          - name: config
-            mountPath: /etc/unifi-poller
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      volumes:
-      - name: config
-        configMap:
-          name: {{ template "unifi-poller.fullname" . }}

charts/unifi-poller/templates/ingress.yaml

@@ -1,38 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "unifi-poller.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-    helm.sh/chart: {{ include "unifi-poller.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}

charts/unifi-poller/templates/service.yaml

@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "unifi-poller.fullname" . }}
-  labels:
-{{ include "unifi-poller.labels" . | indent 4 }}
-{{- if .Values.service.annotations }}
-  annotations:
-{{ toYaml .Values.service.annotations | indent 4 }}
-{{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/unifi-poller/templates/serviceaccount.yaml

@@ -1,8 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "unifi-poller.serviceAccountName" . }}
-  labels:
-{{ include "unifi-poller.labels" . | indent 4 }}
-{{- end -}}

charts/unifi-poller/templates/servicemonitor.yaml

@@ -2,24 +2,20 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ include "unifi-poller.fullname" . }}
+  name: {{ template "common.names.fullname" . }}
   labels:
-    app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    helm.sh/chart: {{ include "unifi-poller.chart" . }}
-  {{- with .Values.prometheus.serviceMonitor.additionalLabels }}
+    {{- include "common.labels" . | nindent 4 }}
+    {{- with .Values.prometheus.serviceMonitor.additionalLabels }}
     {{- toYaml . | nindent 4 }}
-  {{- end }}
+    {{- end }}
 spec:
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- include "common.labels.selectorLabels" . | nindent 6 }}
   endpoints:
   - port: http
-{{- if .Values.prometheus.serviceMonitor.interval }}
-    interval: {{ .Values.prometheus.serviceMonitor.interval }}
-{{- end }}
+    {{- with .Values.prometheus.serviceMonitor.interval }}
+    interval: {{ . }}
+    {{- end }}
     path: /metrics
-{{- end }}
+{{- end }}

charts/unifi-poller/templates/tests/test-connection.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "unifi-poller.fullname" . }}-test-connection"
-  labels:
-    app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-    helm.sh/chart: {{ include "unifi-poller.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args:  ['{{ include "unifi-poller.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

charts/unifi-poller/values.yaml

@@ -1,81 +1,26 @@
 # Default values for unifi-poller.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
 
 image:
   repository: golift/unifi-poller
-  tag: 2.0.1
   pullPolicy: IfNotPresent
+  tag: 2.0.1
 
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+strategy:
+  type: Recreate
 
 service:
-  type: ClusterIP
-  port: 9130
-  annotations: {}
+  port:
+    port: 9130
 
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths: []
-
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-# if using prometheus in the options below
-# wire up a servicemonitor for prometheus-operator
+# enable a prometheus-operator servicemonitor
 prometheus:
   serviceMonitor:
     enabled: false
     interval: 1m
     additionalLabels: {}
 
+# unifi-poller configuration settings
+# https://github.com/unifi-poller/unifi-poller/wiki/Configuration
 config:
   poller:
     # config.poller.debug -- Turns on line numbers, microsecond logging, and a per-device log.

charts/unifi/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 5.14.23
 description: Ubiquiti Network's Unifi Controller
 name: unifi
-version: 1.2.0
+version: 1.3.0
 keywords:
   - ubiquiti
   - unifi

charts/unifi/README.md

@@ -141,6 +141,8 @@ The following tables lists the configurable parameters of the Unifi chart and th
 | `persistence.accessModes`                       | `[]`                         | Persistence access modes                                                                                               |
 | `extraConfigFiles`                              | `{}`                         | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples)       |
 | `extraJvmOpts`                                  | `[]`                         | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]`                        |
+| `jvmInitHeapSize`                               | ``                           | Java Virtual Machine (JVM) initial, and minimum, heap size.                                                            |
+| `jvmMaxHeapSize`                                | `1024M`                      | Java Virtual Machine (JVM) maximum heap size.                                                                          |
 | `resources`                                     | `{}`                         | CPU/Memory resource requests/limits                                                                                    |
 | `livenessProbe.enabled`                         | `true`                       | Turn on and off liveness probe                                                                                         |
 | `livenessProbe.initialDelaySeconds`             | `30`                         | Delay before liveness probe is initiated                                                                               |

charts/unifi/templates/deployment.yaml

@@ -126,6 +126,14 @@ spec:
             - name: JVM_EXTRA_OPTS
               value: "{{- join " " .Values.extraJvmOpts }}"
             {{- end }}
+            {{- if .Values.jvmInitHeapSize }}
+            - name: JVM_INIT_HEAP_SIZE
+              value: "{{ .Values.jvmInitHeapSize }}"
+            {{- end }}
+            {{- if .Values.jvmMaxHeapSize }}
+            - name: JVM_MAX_HEAP_SIZE
+              value: "{{ .Values.jvmMaxHeapSize }}"
+            {{- end }}
             {{- if .Values.mongodb.enabled }}
             - name: DB_URI
               value: "{{ .Values.mongodb.dbUri }}"

charts/unifi/values.yaml

@@ -300,6 +300,15 @@ extraJvmOpts: []
   # - "-Dlog4j.configurationFile=file:/configmap/log4j2.xml"
   # - "-Dsystem_ip=1.2.3.4"
 
+## Java Virtual Machine (JVM) initial, and minimum, heap size
+## Unset value means there is no lower limit
+jvmInitHeapSize:
+
+## Java Virtual Machine (JVM) maximum heap size
+## For larger installations a larger value is recommended.
+## For memory constrained system this value can be lowered.
+jvmMaxHeapSize: 1024M
+
 extraConfigFiles: {}
   ## Specify additional config files which are mounted to /configmap
   ## Here is an example for a custom log4j config:

charts/zigbee2mqtt/.helmignore

@@ -14,10 +14,11 @@
 *.swp
 *.bak
 *.tmp
-*.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/zigbee2mqtt/Chart.yaml

@@ -1,12 +1,12 @@
 apiVersion: v2
-name: zigbee2mqtt
-type: application
+appVersion: 1.16.1
 description: Bridges events and allows you to control your Zigbee devices via MQTT
-appVersion: 1.15.0
-version: 2.1.0
+name: zigbee2mqtt
+version: 3.0.0
 keywords:
   - zigbee
   - mqtt
+  - home-assistant
 home: https://www.zigbee2mqtt.io
 icon: https://www.zigbee2mqtt.io/images/logo.png
 sources:
@@ -16,3 +16,7 @@ maintainers:
     email: helm@movishell.pl
   - name: masantiago
     email: miguelangel.santiago@hotmail.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.0

charts/zigbee2mqtt/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek

charts/zigbee2mqtt/README.md

@@ -1,6 +1,6 @@
-# zigbee2mqtt: Fully configurable Zigbee to MQTT Gateway
+# zigbee2mqtt
 
-This is a helm chart for [zigbee2mqtt](https://www.zigbee2mqtt.io)
+This is a helm chart for [zigbee2mqtt](https://www.zigbee2mqtt.io).
 
 ## TL;DR;
 
@@ -17,9 +17,22 @@ To install the chart with the release name `my-release`:
 helm install --name my-release k8s-at-home/zigbee2mqtt
 ```
 
-**IMPORTANT NOTE:** a [supported Zigbee sniffer](https://www.zigbee2mqtt.io/getting_started/what_do_i_need.html) must be accessible on the node where this pod runs, in order for this chart to function properly.
+**IMPORTANT NOTE:** a zigbee controller device must be accessible on the node where this pod runs, in order for this chart to function properly.
 
-A way to achieve this can be with nodeAffinity rules, for example:
+First, you will need to mount your zigbee device into the pod, you can do so by adding the following to your values:
+
+```yaml
+additionalVolumeMounts:
+  - name: usb
+    mountPath: /path/to/device
+
+additionalVolumes:
+  - name: usb
+    hostPath:
+      path: /path/to/device
+```
+
+Second you will need to set a nodeAffinity rule, for example:
 
 ```yaml
 affinity:
@@ -33,9 +46,7 @@ affinity:
           - zigbee-controller
 ```
 
-... where a node with an attached zigbee sniffer is labeled with `app: zigbee-controller`
-
-Because zigbee2mqtt writes to the config file, it is impossible to manage it through this chart. The configuration options will be set as defaults on first run, and then copied to a writeable directory. It can be found in /data/configuration.yaml afterwards.
+... where a node with an attached zigbee controller USB device is labeled with `app: zigbee-controller`
 
 ## Uninstalling the Chart
 
@@ -47,28 +58,54 @@ helm delete my-release --purge
 
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
-## Configuration
-
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/zigbee2mqtt/values.yaml) file. It has several commented out suggested values.
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/zigbee2mqtt/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
 ```console
-helm install --name my-release \
-  --set config.mqtt.server="mqtt://mymqttbroker" \
+helm install my-release \
+  --set env.TZ="America/New_York" \
     k8s-at-home/zigbee2mqtt
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
 ```console
-helm install --name my-release -f values.yaml k8s-at-home/zigbee2mqtt
+helm install my-release k8s-at-home/zigbee2mqtt --values values.yaml 
 ```
 
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
 ## Upgrading an existing Release to a new major version
 
-A major chart version change (like 1.0.0 -> 2.0.0) indicates that there is an
-incompatible breaking change needing manual actions.
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+**Note:** _It may be wise to back up your existing data incase something unexpected happens_
+
+As of 3.0.0 this chart was migrated to a centralized [common](https://github.com/k8s-at-home/charts/tree/master/charts/common) library, some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the [common](https://github.com/k8s-at-home/charts/tree/master/charts/common) library for more configuration options.
 
 ### Upgrading from 1.x.x to 2.x.x
 

charts/zigbee2mqtt/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/zigbee2mqtt/templates/NOTES.txt

@@ -1,32 +1 @@
-{{- if not .Values.persistence.enabled }}
-WARNING: You have disabled persistence. Your pairings and settings will be lost on container restart!
-{{- else }}
-Your setting will be applied on first start, and cannot be managed from this chart
-  {{- if not .Values.config.advanced.network_key }}
-WARNING: You have not set a network key, which makes zigbee2mqtt run with a well-known network key. This is highly insecure.
-Please read https://www.zigbee2mqtt.io/how_tos/how_to_secure_network.html
-  {{- end }}
-{{- end }}
-{{- if and .Values.config.frontend .Values.config.experimental }}
-{{- if and .Values.config.frontend.port .Values.config.experimental.new_api }}
-Get the Zigbee2MQTT WebUI URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "zigbee2mqtt.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "zigbee2mqtt.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "zigbee2mqtt.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "zigbee2mqtt.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:5000 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 5000:80
-{{- end }}
-{{- end }}
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}

charts/zigbee2mqtt/templates/_helpers.tpl

@@ -1,63 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "zigbee2mqtt.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "zigbee2mqtt.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "zigbee2mqtt.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "zigbee2mqtt.labels" -}}
-helm.sh/chart: {{ include "zigbee2mqtt.chart" . }}
-{{ include "zigbee2mqtt.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "zigbee2mqtt.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "zigbee2mqtt.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "zigbee2mqtt.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "zigbee2mqtt.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

charts/zigbee2mqtt/templates/common.yaml

@@ -0,0 +1,31 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{/* Append the configMap to the additionalVolumes */}}
+{{- define "zigbee2mqtt.configmap.volume" -}}
+name: zigbee2mqtt-settings
+configMap:
+  name: {{ template "common.names.fullname" . }}-settings
+{{- end -}}
+
+{{- $volume := include "zigbee2mqtt.configmap.volume" . | fromYaml -}}
+{{- if $volume -}}
+    {{- $additionalVolumes := append .Values.additionalVolumes $volume }}
+    {{- $_ := set .Values "additionalVolumes" (deepCopy $additionalVolumes) -}}
+{{- end -}}
+
+{{/* Append the configMap volume to the additionalVolumeMounts */}}
+{{- define "zigbee2mqtt.configmap.volumeMount" -}}
+name: zigbee2mqtt-settings
+mountPath: /app/configuration.yaml
+subPath: configuration.yaml
+{{- end -}}
+
+{{- $volumeMount := include "zigbee2mqtt.configmap.volumeMount" . | fromYaml -}}
+{{- if $volumeMount -}}
+    {{- $additionalVolumeMounts := append .Values.additionalVolumeMounts $volumeMount }}
+    {{- $_ := set .Values "additionalVolumeMounts" (deepCopy $additionalVolumeMounts) -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "common.all" . }}

charts/zigbee2mqtt/templates/configmap.yaml

@@ -1,9 +1,9 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "zigbee2mqtt.fullname" . }}
+  name: {{ template "common.names.fullname" . }}-settings
   labels:
-{{ include "zigbee2mqtt.labels" . | indent 4 }}
+    {{- include "common.labels" . | nindent 4 }}
 data:
   configuration.yaml: |
 {{- with .Values.config }}

charts/zigbee2mqtt/templates/ingress.yaml

@@ -1,37 +0,0 @@
-{{- if and .Values.config.frontend .Values.config.experimental }}
-{{- if and .Values.config.frontend.port .Values.config.experimental.new_api }}
-{{- $fullName := include "zigbee2mqtt.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-{{ include "zigbee2mqtt.labels" . | indent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}
-{{- end }}

charts/zigbee2mqtt/templates/service.yaml

@@ -1,52 +0,0 @@
-{{- if and .Values.config.frontend .Values.config.experimental }}
-{{- if and .Values.config.frontend.port .Values.config.experimental.new_api }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "zigbee2mqtt.fullname" . }}
-  labels:
-{{ include "zigbee2mqtt.labels" . | indent 4 }}
-{{- if .Values.service.labels }}
-{{ toYaml .Values.service.labels | indent 4 }}
-{{- end }}
-{{- with .Values.service.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
-  type: ClusterIP
-  {{- if .Values.service.clusterIP }}
-  clusterIP: {{ .Values.service.clusterIP }}
-  {{end}}
-{{- else if eq .Values.service.type "LoadBalancer" }}
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-{{- else }}
-  type: {{ .Values.service.type }}
-{{- end }}
-{{- if .Values.service.externalIPs }}
-  externalIPs:
-{{ toYaml .Values.service.externalIPs | indent 4 }}
-{{- end }}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - name: http
-      port: {{ .Values.service.port }}
-      protocol: TCP
-      targetPort: http
-{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{.Values.service.nodePort}}
-{{ end }}
-  selector:
-    {{- include "zigbee2mqtt.selectorLabels" . | nindent 4 }}
-{{- end }}
-{{- end }}

charts/zigbee2mqtt/templates/serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "zigbee2mqtt.serviceAccountName" . }}
-  labels:
-    {{- include "zigbee2mqtt.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}

charts/zigbee2mqtt/templates/statefullset.yaml

@@ -1,131 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ include "zigbee2mqtt.fullname" . }}
-  labels:
-{{- include "zigbee2mqtt.labels" . | nindent 4 }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      {{- include "zigbee2mqtt.selectorLabels" . | nindent 6 }}
-  serviceName: {{ include "zigbee2mqtt.name" . }}
-  template:
-    metadata:
-    {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      labels:
-        {{- include "zigbee2mqtt.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "zigbee2mqtt.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-      - name: {{ .Chart.Name }}
-        securityContext:
-          {{- toYaml .Values.securityContext | nindent 12 }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        env:
-        - name: ZIGBEE2MQTT_DATA
-          value: "/data"
-        - name: TZ
-          value: {{ .Values.timezone }}
-        {{- if .Values.debug }}
-        - name: DEBUG
-          value: {{ .Values.debug }}
-        {{- end }}
-        {{- range $key, $value := .Values.extraEnv }}
-        - name: {{ $key | quote }}
-          value: {{ $value | quote }}
-        {{- end }}
-        {{- range $name, $opts := .Values.extraEnvSecrets }}
-        - name: {{ $name }}
-          valueFrom:
-            secretKeyRef:
-              name: {{ $opts.secret }}
-              key: {{ $opts.key }}
-        {{- end }}
-        envFrom:
-        {{- range .Values.extraSecretForEnvFrom }}
-          - secretRef:
-              name: {{ . }}
-        {{- end }}
-        {{- if and .Values.config.frontend .Values.config.experimental }}
-        {{- if and .Values.config.frontend.port .Values.config.experimental.new_api }}
-        ports:
-        - name: http
-          containerPort: {{ .Values.config.frontend.port }}
-          protocol: TCP
-        {{- end }}
-        {{- end }}
-        resources:
-          {{- toYaml .Values.resources | nindent 12 }}
-        volumeMounts:
-        - name: zigbee2mqtt
-          mountPath: /app/configuration.yaml
-          subPath: configuration.yaml
-        - name: data
-          mountPath: /data
-        - name: sniffer
-          mountPath: {{ .Values.config.serial.port }}
-        {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }}{{ end }}
-      volumes:
-      - name: zigbee2mqtt
-        configMap:
-          name: {{ include "zigbee2mqtt.fullname" . }}
-      - name: sniffer
-        hostPath:
-          path: {{ required "You must specify a path to your zigbee sniffer" .Values.config.serial.port }}
-      {{- if not .Values.persistence.enabled }}
-      - name: data
-        emptyDir: {}
-      {{- end }}
-      {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
-      - name: data
-        persistentVolumeClaim:
-          claimName: {{ .Values.persistence.existingClaim }}
-      {{- end }}
-      {{- if .Values.extraVolumes  }}{{ toYaml .Values.extraVolumes | trim | nindent 6 }}{{ end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-  volumeClaimTemplates:
-  {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-  - metadata:
-      name: data
-      labels:
-        app.kubernetes.io/name: {{ include "zigbee2mqtt.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    {{- if .Values.persistence.annotations }}
-      annotations:
-    {{ toYaml .Values.persistence.annotations | indent 4 }}
-    {{- end }}
-    spec:
-      accessModes: [ {{ .Values.persistence.accessMode | quote }} ]
-      resources:
-        requests:
-          storage: {{ .Values.persistence.size | quote }}
-    {{- if .Values.persistence.storageClass }}
-    {{- if (eq "-" .Values.persistence.storageClass) }}
-      storageClassName: ""
-    {{- else }}
-      storageClassName: {{ .Values.persistence.storageClass | quote }}
-    {{- end }}
-    {{- end }}
-  {{- end }}