[common] Fix classes logic (#112)

* Added metricRelabelings for service monitor

* Fixes

* Added end

* Changed chart version to 2.6.0

Co-authored-by: Jeff Billimek <jeff@billimek.com>

.github/workflows/release.yaml

@@ -36,7 +36,7 @@ jobs:
           ./get_helm.sh
       - name: Add dependency chart repos
         run: |
-          helm repo add stable https://kubernetes-charts.storage.googleapis.com/
+          helm repo add stable https://charts.helm.sh/stable
       - name: Run chart-releaser
         uses: helm/chart-releaser-action@v1.0.0
         with:

charts/adguard-home/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.102.0
 description: DNS proxy as ad-blocker for local network
 name: adguard-home
-version: 2.0.0
+version: 2.2.0
 keywords:
   - adguard-home
   - adguard

charts/adguard-home/templates/deployment.yaml

@@ -83,6 +83,11 @@ spec:
             - name: config
               mountPath: /opt/adguardhome/conf
               readOnly: false
+            {{- if .Values.tlsSecretName }}
+            - name: certs
+              mountPath: /certs
+              readOnly: false
+            {{- end }}
           ports:
             - name: http
               {{- if .Values.configAsCode.enabled }}
@@ -153,6 +158,11 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       volumes:
+      {{- if .Values.tlsSecretName }}
+      - name: certs
+        secret:
+          secretName: {{ .Values.tlsSecretName }}
+      {{- end }}
       {{- if .Values.configAsCode.enabled }}
       - name: configmap
         configMap:

charts/adguard-home/templates/service-dhcp.yaml

@@ -17,6 +17,14 @@ spec:
   {{- if .Values.serviceDHCP.loadBalancerIP }}
   loadBalancerIP: {{ .Values.serviceDHCP.loadBalancerIP }}
   {{- end }}
+  {{- if .Values.serviceDHCP.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.serviceDHCP.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.serviceDHCP.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.serviceDHCP.externalIPs | indent 4 }}
+  {{- end }}
   externalTrafficPolicy: {{ .Values.serviceDHCP.externalTrafficPolicy }}
   ports:
     - port: 67

charts/adguard-home/templates/service-dns-over-tls.yaml

@@ -17,6 +17,14 @@ spec:
   {{- if .Values.serviceDNSOverTLS.loadBalancerIP }}
   loadBalancerIP: {{ .Values.serviceDNSOverTLS.loadBalancerIP }}
   {{- end }}
+  {{- if .Values.serviceDNSOverTLS.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.serviceDNSOverTLS.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.serviceDNSOverTLS.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.serviceDNSOverTLS.externalIPs | indent 4 }}
+  {{- end }}
   externalTrafficPolicy: {{ .Values.serviceDNSOverTLS.externalTrafficPolicy }}
   ports:
     - port: 853

charts/adguard-home/templates/service-tcp.yaml

@@ -17,6 +17,14 @@ spec:
   {{- if .Values.serviceTCP.loadBalancerIP }}
   loadBalancerIP: {{ .Values.serviceTCP.loadBalancerIP }}
   {{- end }}
+  {{- if .Values.serviceTCP.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.serviceTCP.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.serviceTCP.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.serviceTCP.externalIPs | indent 4 }}
+  {{- end }}
   externalTrafficPolicy: {{ .Values.serviceTCP.externalTrafficPolicy }}
   ports:
     - port: 53

charts/adguard-home/templates/service-udp.yaml

@@ -17,6 +17,14 @@ spec:
   {{- if .Values.serviceUDP.loadBalancerIP }}
   loadBalancerIP: {{ .Values.serviceUDP.loadBalancerIP }}
   {{- end }}
+  {{- if .Values.serviceUDP.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.serviceUDP.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.serviceUDP.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.serviceUDP.externalIPs | indent 4 }}
+  {{- end }}
   externalTrafficPolicy: {{ .Values.serviceUDP.externalTrafficPolicy }}
   ports:
     - port: 53

charts/adguard-home/templates/service.yaml

@@ -16,6 +16,14 @@ spec:
   {{- if .Values.service.loadBalancerIP }}
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
   {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+  {{- if .Values.service.externalIPs }}
+  externalIPs:
+  {{ toYaml .Values.service.externalIPs | indent 4 }}
+  {{- end }}
   externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
   ports:
     - port: 3000

charts/adguard-home/values.yaml

@@ -165,6 +165,10 @@ configAsCode:
     verbose: false
     schema_version: 6
 
+tlsSecretName: ""
+# name of the secret that contains the tls cert and key.
+# this secret will be mounted inside the adguard container /certs path. e.g. works with cert-manager
+
 image:
   repository: adguard/adguardhome
   # Image tag is set via charts appVersion. If you want to override the tag, specify it here
@@ -224,8 +228,10 @@ probes:
 service:
   type: ClusterIP
   # externalTrafficPolicy: Local
+  # externalIPs: []
   # loadBalancerIP: ""
     # a fixed LoadBalancer IP
+  # loadBalancerSourceRanges: []
   annotations: {}
     # metallb.universe.tf/address-pool: network-services
     # metallb.universe.tf/allow-shared-ip: adguard-home-svc
@@ -234,8 +240,10 @@ serviceTCP:
   enabled: false
   type: NodePort
   # externalTrafficPolicy: Local
+  # externalIPs: []
   loadBalancerIP: ""
     # a fixed LoadBalancer IP
+  # loadBalancerSourceRanges: []
   annotations: {}
     # metallb.universe.tf/address-pool: network-services
     # metallb.universe.tf/allow-shared-ip: adguard-home-svc
@@ -244,8 +252,10 @@ serviceUDP:
   enabled: true
   type: NodePort
   # externalTrafficPolicy: Local
+  # externalIPs: []
   loadBalancerIP: ""
     # a fixed LoadBalancer IP
+  # loadBalancerSourceRanges: []
   annotations: {}
     # metallb.universe.tf/address-pool: network-services
     # metallb.universe.tf/allow-shared-ip: adguard-home-svc
@@ -255,8 +265,10 @@ serviceDNSOverTLS:
   ## Enable if you use AdGuard as a DNS over TLS/HTTPS server
   type: NodePort
   # externalTrafficPolicy: Local
+  # externalIPs: []
   loadBalancerIP: ""
     # a fixed LoadBalancer IP
+  # loadBalancerSourceRanges: []
   annotations: {}
     # metallb.universe.tf/address-pool: network-services
     # metallb.universe.tf/allow-shared-ip: adguard-home-svc
@@ -266,6 +278,7 @@ serviceDHCP:
   ## Enable if you use AdGuard as a DHCP Server
   type: NodePort
   # externalTrafficPolicy: Local
+  # externalIPs: []
   loadBalancerIP: ""
     # a fixed LoadBalancer IP
   annotations: {}

charts/common/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: common
+description: Function library for k8s-at-home charts
+type: library
+version: 1.0.2
+keywords:
+  - k8s-at-home
+  - common
+home: https://github.com/k8s-at-home/charts/tree/master/charts/common
+maintainers:
+  - name: BJW-S
+    email: me@juggels.online

charts/common/README.md

@@ -0,0 +1,30 @@
+# Library chart for k8s@home media charts
+## **THIS CHART IS NOT MEANT TO BE INSTALLED DIRECTLY**
+
+This is a [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between k8s@home charts.
+
+## Introduction
+
+This chart provides common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
+
+## TL;DR
+
+```yaml
+dependencies:
+  - name: common
+    version: 0.x.x
+    repository: https://k8s-at-home.com/charts/
+```
+
+```bash
+$ helm dependency update
+```
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" . }}
+data:
+  myvalue: "Hello World"
+```

charts/common/templates/_all.tpl

@@ -0,0 +1,24 @@
+{{- define "common.all" -}}
+  {{- /* Merge the local chart values and the common chart defaults */ -}}
+  {{- $defaultValues := .Values.common -}}
+  {{- $_ := deepCopy $defaultValues | merge .Values -}}
+  {{- $_ := unset .Values "common" -}}
+  
+  {{- /* Enable OpenVPN VPN add-on if required */ -}}
+  {{- if .Values.addons.vpn.enabled }}
+    {{- include "common.addon.vpn" . }}
+  {{- end -}}
+
+  {{- /* Build the templates */ -}}
+  {{- include "common.pvc" . }}
+  {{- print "---" | nindent 0 -}}
+  {{- if eq .Values.controllerType "statefulset" }}
+    {{- include "common.statefulset" . | nindent 0 }}
+  {{ else }}
+    {{- include "common.deployment" . | nindent 0 }}
+  {{- end -}}
+  {{- print "---" | nindent 0 -}}
+  {{ include "common.service" . | nindent 0 }}
+  {{- print "---" | nindent 0 -}}
+  {{ include "common.ingress" .  | nindent 0 }}
+{{- end -}}

charts/common/templates/_deployment.tpl

@@ -0,0 +1,55 @@
+{{- define "common.deployment" -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels:
+  {{- include "common.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+    {{- include "common.labels.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+      {{- include "common.labels.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.initContainers }}
+      initContainers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      {{- include "common.controller.mainContainer" . | nindent 6 }}
+      {{- with .Values.additionalContainers }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+
+      volumes:
+      {{- include "common.controller.volumes" . | nindent 6 }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+{{- end }}

charts/common/templates/_ingress.tpl

@@ -0,0 +1,25 @@
+{{- define "common.ingress" -}}
+  {{- if .Values.ingress.enabled -}}
+    {{- $svcPort := .Values.service.port.port -}}
+
+    {{- /* Generate primary ingress */ -}}
+    {{- $ingressValues := .Values.ingress -}}
+    {{- $_ := set $ingressValues "svcPort" $svcPort -}}
+    {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}}
+    {{- include "common.classes.ingress" . }}
+
+    {{- /* Generate additional ingresses as required */ -}}
+    {{- range $index, $extraIngress := .Values.ingress.additionalIngresses }}
+      {{- if $extraIngress.enabled -}}
+        {{- print ("---") | nindent 0 -}}
+        {{- $ingressValues := $extraIngress -}}
+        {{- $_ := set $ingressValues "svcPort" $svcPort -}}
+        {{- if not $ingressValues.nameSuffix -}}
+          {{- $_ := set $ingressValues "nameSuffix" $index -}}
+        {{ end -}}
+        {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}}
+        {{- include "common.classes.ingress" . -}}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/common/templates/_notes.tpl

@@ -1,19 +1,25 @@
+{{/*
+Default NOTES.txt content.
+*/}}
+{{- define "common.notes.defaultNotes" -}}
+{{- $svcPort := .Values.service.port -}}
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range .Values.ingress.hosts }}
   http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "media-common.fullname" . }})
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "media-common.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "media-common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
+           You can watch the status of by running 'kubectl get svc -w {{ include "common.names.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ $svcPort }}
 {{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "media-common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
+  kubectl port-forward $POD_NAME 8080:{{ $svcPort }}
+{{- end }}
 {{- end }}

charts/common/templates/_pvc.tpl

@@ -0,0 +1,15 @@
+{{- define "common.pvc" -}}
+  {{- /* Generate pvc as required */ -}}
+  {{- $context := . -}}
+  {{- range $index, $PVC := .Values.persistence }}
+    {{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}}
+      {{- $persistenceValues := $PVC -}}
+      {{- if not $persistenceValues.nameSuffix -}}
+        {{- $_ := set $persistenceValues "nameSuffix" $index -}}
+      {{- end -}}
+      {{- $_ := set $context "ObjectValues" (dict "persistence" $persistenceValues) -}}
+      {{- print ("---") | nindent 0 -}}
+      {{- include "common.classes.pvc" $context -}}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/common/templates/_service.tpl

@@ -0,0 +1,5 @@
+{{- define "common.service" -}}
+  {{- if .Values.service.enabled -}}
+    {{- include "common.classes.service" . }}
+  {{- end }}
+{{- end }}

charts/common/templates/_statefulset.tpl

@@ -0,0 +1,56 @@
+{{- define "common.statefulset" -}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels:
+  {{- include "common.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+    {{- include "common.labels.selectorLabels" . | nindent 6 }}
+  serviceName: {{ include "common.names.fullname" . }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+      {{- include "common.labels.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.initContainers }}
+      initContainers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      {{- include "common.controller.mainContainer" . | nindent 6 }}
+      {{- with .Values.additionalContainers }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+
+      volumes:
+      {{- include "common.controller.volumes" . | nindent 6 }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | indent 8 }}
+      {{- end }}
+{{- end }}

charts/common/templates/addons/vpn/_configmap.tpl

@@ -0,0 +1,26 @@
+{{/*
+The OpenVPN configmaps to be included
+*/}}
+{{- define "common.addon.vpn.configmap" -}}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "common.names.fullname" . }}-vpn
+  labels:
+  {{- include "common.labels" . | nindent 4 }}
+data:
+{{- if .Values.addons.vpn.configFile }}
+  vpnConfigfile: |-
+    {{- .Values.addons.vpn.configFile | nindent 4}}
+{{- end }}
+{{- if .Values.addons.vpn.scripts.up }}
+  up.sh: |-
+    {{- .Values.addons.vpn.scripts.up | nindent 4}}
+{{- end }}
+{{- if .Values.addons.vpn.scripts.down }}
+  down.sh: |-
+    {{- .Values.addons.vpn.scripts.down | nindent 4}}
+{{- end }}
+{{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/_networkpolicy.tpl

@@ -0,0 +1,21 @@
+{{/*
+The OpenVPN networkpolicy to be included
+*/}}
+{{- define "common.addon.vpn.networkpolicy" -}}
+{{- if .Values.addons.vpn.networkPolicy.enabled -}}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ template "common.names.fullname" . }}
+spec:
+  podSelector:
+    matchLabels:
+    {{- include "common.labels.selectorLabels" . | nindent 6 }}
+  policyTypes:
+    - Egress
+  egress:
+  {{- if .Values.addons.vpn.networkPolicy.egress }} 
+    {{- .Values.addons.vpn.networkPolicy.egress | toYaml | nindent 4 }}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/_volume.tpl

@@ -0,0 +1,25 @@
+{{/*
+The OpenVPN shared volume to be inserted
+*/}}
+{{- define "common.addon.vpn.volume" -}}
+{{- if or .Values.addons.vpn.vpnConf .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
+name: vpnconfig
+configMap:
+  name: {{ template "common.names.fullname" . }}-vpn
+  items:
+    {{- if .Values.addons.vpn.vpnConf }}
+    - key: vpnConfigfile
+      path: vpnConfigfile
+    {{- end }}
+    {{- if .Values.addons.vpn.scripts.up }}
+    - key: up.sh
+      path: up.sh
+      mode: 0777
+    {{- end }}
+    {{- if .Values.addons.vpn.scripts.down }}
+    - key: down.sh
+      path: down.sh
+      mode: 0777
+    {{- end }}
+{{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/_vpn.tpl

@@ -0,0 +1,35 @@
+{{/*
+Template to render VPN addon
+*/}}
+{{- define "common.addon.vpn" -}}
+{{- if .Values.addons.vpn.enabled -}}
+  {{- if eq "openvpn" .Values.addons.vpn.type -}}
+    {{- include "common.addon.openvpn" . }}
+  {{- end -}}
+  
+  {{- if eq "wireguard" .Values.addons.vpn.type -}}
+    {{- include "common.addon.wireguard" . }}
+  {{- end -}}
+
+  {{/* Include the configmap if not empty */}}
+  {{- $configmap := include "common.addon.vpn.configmap" . -}}
+  {{- if $configmap -}}
+    {{- print "---" | nindent 0 -}}
+    {{- $configmap -}}
+  {{- end -}}
+
+  {{/* Append the vpn config volume to the additionalVolumes */}}
+  {{- $volume := include "common.addon.vpn.volume" . | fromYaml -}}
+  {{- if $volume -}}
+    {{- $additionalVolumes := append .Values.additionalVolumes $volume }}
+    {{- $_ := set .Values "additionalVolumes" $additionalVolumes -}}
+  {{- end -}}
+
+  {{/* Include the networkpolicy if not empty */}}
+  {{- $networkpolicy := include "common.addon.vpn.networkpolicy" . -}}
+  {{- if $networkpolicy -}}
+    {{- print "---" | nindent 0 -}}
+    {{- $networkpolicy -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/openvpn/_addon.tpl

@@ -0,0 +1,18 @@
+{{/*
+Template to render OpenVPN addon
+*/}}
+{{- define "common.addon.openvpn" -}}
+  {{/* Append the openVPN container to the additionalContainers */}}
+  {{- $container := include "common.addon.openvpn.container" . | fromYaml -}}
+  {{- if $container -}}
+    {{- $additionalContainers := append .Values.additionalContainers $container }}
+    {{- $_ := set .Values "additionalContainers" $additionalContainers -}}
+  {{- end -}}
+
+  {{/* Include the secret if not empty */}}
+  {{- $secret := include "common.addon.openvpn.secret" . -}}
+  {{- if $secret -}}
+    {{- print "---" | nindent 0 -}}
+    {{- $secret -}}
+  {{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/openvpn/_container.tpl

@@ -0,0 +1,57 @@
+{{/*
+The OpenVPN container(s) to be inserted
+*/}}
+{{- define "common.addon.openvpn.container" -}}
+name: openvpn
+image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}"
+imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }}
+securityContext:
+  capabilities:
+    add: 
+      - NET_ADMIN
+{{- if .Values.addons.vpn.env }}
+env:
+{{- range $k, $v := .Values.addons.vpn.env }}
+  - name: {{ $k }}
+    value: {{ $v }}
+{{- end }}
+{{- end }}  
+{{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }}
+envFrom:
+  - secretRef:
+    {{- if .Values.addons.vpn.openvpn.authSecret }}
+      name: {{ .Values.addons.vpn.openvpn.authSecret }}
+    {{- else }}
+      name: {{ template "common.names.fullname" . }}-openvpn
+    {{- end }}
+{{- end }}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
+volumeMounts:
+{{- if .Values.addons.vpn.configFile }}
+  - name: vpnconfig
+    mountPath: /vpn/vpn.conf
+    subPath: vpnConfigfile
+{{- end }}
+{{- if .Values.addons.vpn.scripts.up }}
+  - name: vpnconfig
+    mountPath: /vpn/up.sh
+    subPath: up.sh
+{{- end }}
+{{- if .Values.addons.vpn.scripts.down }}
+  - name: vpnconfig
+    mountPath: /vpn/down.sh
+    subPath: down.sh
+{{- end }}
+{{- if .Values.persistence.shared.enabled }}
+- mountPath: {{ .Values.persistence.shared.mountPath }}
+  name: shared
+{{- end }}
+{{- if .Values.addons.vpn.additionalVolumeMounts }}
+  {{- toYaml .Values.addons.vpn.additionalVolumeMounts | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- if .Values.addons.vpn.livenessProbe }}
+livenessProbe:
+  {{- toYaml .Values.addons.vpn.livenessProbe | nindent 4 }}
+{{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/openvpn/_secret.tpl

@@ -0,0 +1,15 @@
+{{/*
+The OpenVPN secrets to be included
+*/}}
+{{- define "common.addon.openvpn.secret" -}}
+{{- if .Values.addons.vpn.openvpn.auth -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "common.names.fullname" . }}-openvpn
+  labels:
+  {{- include "common.labels" . | nindent 4 }}
+data:
+  VPN_AUTH: {{ .Values.addons.vpn.openvpn.auth | b64enc }}
+{{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/wireguard/_addon.tpl

@@ -0,0 +1,11 @@
+{{/*
+Template to render Wireguard addon
+*/}}
+{{- define "common.addon.wireguard" -}}
+  {{/* Append the Wireguard container to the additionalContainers */}}
+  {{- $container := include "common.addon.wireguard.container" . | fromYaml -}}
+  {{- if $container -}}
+    {{- $additionalContainers := append .Values.additionalContainers $container }}
+    {{- $_ := set .Values "additionalContainers" $additionalContainers -}}
+  {{- end -}}
+{{- end -}}

charts/common/templates/addons/vpn/wireguard/_container.tpl

@@ -0,0 +1,50 @@
+{{/*
+The Wireguard container(s) to be inserted
+*/}}
+{{- define "common.addon.wireguard.container" -}}
+name: wireguard
+image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}"
+imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }}
+securityContext:
+  privileged: true
+  capabilities:
+    add: 
+      - NET_ADMIN
+      - SYS_MODULE
+{{- if .Values.addons.vpn.env }}
+env:
+{{- range $k, $v := .Values.addons.vpn.env }}
+  - name: {{ $k }}
+    value: {{ $v }}
+{{- end }}
+{{- end }}  
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
+volumeMounts:
+{{- if .Values.addons.vpn.configFile }}
+  - name: vpnconfig
+    mountPath: /config/wg0.conf
+    subPath: vpnConfigfile
+{{- end }}
+{{- if .Values.addons.vpn.scripts.up }}
+  - name: vpnconfig
+    mountPath: /config/up.sh
+    subPath: up.sh
+{{- end }}
+{{- if .Values.addons.vpn.scripts.down }}
+  - name: vpnconfig
+    mountPath: /config/down.sh
+    subPath: down.sh
+{{- end }}
+{{- if .Values.persistence.shared.enabled }}
+- mountPath: {{ .Values.persistence.shared.mountPath }}
+  name: shared
+{{- end }}
+{{- if .Values.addons.vpn.additionalVolumeMounts }}
+  {{- toYaml .Values.addons.vpn.additionalVolumeMounts | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- if .Values.addons.vpn.livenessProbe }}
+livenessProbe:
+  {{- toYaml .Values.addons.vpn.livenessProbe | nindent 4 }}
+{{- end -}}
+{{- end -}}

charts/common/templates/classes/_ingress.tpl

@@ -0,0 +1,64 @@
+{{- define "common.classes.ingress" -}}
+{{- $apiv1 := .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}}
+{{- $apiv1beta1 := .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+{{- $ingressName := include "common.names.fullname" . -}}
+{{- $values := .Values.ingress -}}
+{{- if hasKey . "ObjectValues" -}}
+  {{- with .ObjectValues.ingress -}}
+    {{- $values = . -}}
+  {{- end -}}
+{{ end -}}
+{{- if hasKey $values "nameSuffix" -}}
+  {{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}}
+{{ end -}}
+{{- $svcPort := $values.svcPort -}}
+{{- if $apiv1 -}}
+apiVersion: networking.k8s.io/v1
+{{- else if $apiv1beta1 -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ $ingressName }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with $values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if $values.tls }}
+  tls:
+    {{- range $values.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+  {{- range $values.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if or $apiv1beta1 $apiv1 }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if $apiv1 }}
+              service:
+                name: {{ $ingressName }}
+                port:
+                  name: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $ingressName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+  {{- end }}
+{{- end }}

charts/common/templates/classes/_pvc.tpl

@@ -0,0 +1,36 @@
+{{- define "common.classes.pvc" -}}
+{{- $values := .Values.persistence -}}
+{{- if hasKey . "ObjectValues" -}}
+  {{- with .ObjectValues.persistence -}}
+    {{- $values = . -}}
+  {{- end -}}
+{{ end -}}
+{{- $pvcName := include "common.names.fullname" . -}}
+{{- if hasKey $values "nameSuffix" -}}
+  {{- $pvcName = printf "%v-%v" $pvcName $values.nameSuffix -}}
+{{ end -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ $pvcName }}
+  {{- if or $values.skipuninstall $values.annotations }}
+  annotations:
+    {{- if $values.skipuninstall }}
+    "helm.sh/resource-policy": keep
+    {{- end }}
+    {{- with $values.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  labels:
+  {{- include "common.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - {{ required (printf "accessMode is required for PVC %v" $pvcName) $values.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ required (printf "size is required for PVC %v" $pvcName) $values.size | quote }}
+  {{- if $values.storageClass }}
+  storageClassName: {{ if (eq "-" $values.storageClass) }}""{{- else }}{{ $values.storageClass | quote }}{{- end }}
+  {{- end }}
+{{- end -}}

charts/common/templates/classes/_service.tpl

@@ -0,0 +1,70 @@
+{{- define "common.classes.service" -}}
+{{- $values := .Values.service -}}
+{{- if hasKey . "ObjectValues" -}}
+  {{- with .ObjectValues.service -}}
+    {{- $values = . -}}
+  {{- end -}}
+{{ end -}}
+{{- $svcType := $values.type -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- if $values.labels }}
+    {{ toYaml $values.labels | nindent 4 }}
+  {{- end }}
+  {{- with $values.annotations }}
+  annotations:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if (or (eq $svcType "ClusterIP") (empty $svcType)) }}
+  type: ClusterIP
+  {{- if $values.clusterIP }}
+  clusterIP: {{ $values.clusterIP }}
+  {{end}}
+  {{- else if eq $svcType "LoadBalancer" }}
+  type: {{ $svcType }}
+  {{- if $values.loadBalancerIP }}
+  loadBalancerIP: {{ $values.loadBalancerIP }}
+  {{- end }}
+  {{- if $values.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ $values.externalTrafficPolicy }}
+  {{- end }}
+  {{- if $values.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+    {{ toYaml $values.loadBalancerSourceRanges | nindent 4 }}
+  {{- end -}}
+  {{- else }}
+  type: {{ $svcType }}
+  {{- end }}
+  {{- if $values.sessionAffinity }}
+  sessionAffinity: {{ $values.sessionAffinity }}
+  {{- if $values.sessionAffinityConfig }}
+  sessionAffinityConfig:
+    {{ toYaml $values.sessionAffinityConfig | nindent 4 }}
+  {{- end -}}
+  {{- end }}
+  {{- with $values.externalIPs }}
+  externalIPs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if $values.publishNotReadyAddresses }}
+  publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }}
+  {{- end }}
+  ports:
+    - port: {{ $values.port.port }}
+      targetPort: {{ $values.port.targetPort }}
+      protocol: {{ $values.port.protocol }}
+      name: {{ $values.port.name }}
+      {{- if (and (eq $svcType "NodePort") (not (empty $values.port.nodePort))) }}
+      nodePort: {{ $values.port.nodePort }}
+      {{ end }}
+    {{- with $values.additionalPorts }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  selector:
+    {{- include "common.labels.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/common/templates/lib/chart/_labels.tpl

@@ -0,0 +1,19 @@
+{{/*
+Common labels
+*/}}
+{{- define "common.labels" -}}
+helm.sh/chart: {{ include "common.names.chart" . }}
+{{ include "common.labels.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "common.labels.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/common/templates/lib/chart/_names.tpl

@@ -0,0 +1,42 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "common.names.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "common.names.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "common.names.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "common.names.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "k8s-at-home.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/common/templates/lib/controller/_container.tpl

@@ -0,0 +1,43 @@
+{{- /* The main containter that will be included in the controller */ -}}
+{{- define "common.controller.mainContainer" -}}
+- name: {{ template "common.names.fullname" . }}
+  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+  imagePullPolicy: {{ .Values.image.pullPolicy }}
+  {{- with .Values.securityContext }}
+  securityContext:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.env }}
+  env:
+  {{- range $key, $value := .Values.env }}
+  - name: {{ $key }}
+    value: {{ $value | quote }}
+  {{- end }}
+  {{- end }}
+  ports:
+  - name: {{ .Values.service.port.name }}
+    containerPort: {{ .Values.service.port.port }}
+    protocol: {{ .Values.service.port.protocol }}
+  {{- range $port := .Values.service.additionalPorts }}
+  - name: {{ $port.name }}
+    containerPort: {{ $port.port }}
+    protocol: {{ $port.protocol }}
+  {{- end }}
+  volumeMounts:
+  {{- range $index, $PVC := .Values.persistence }}
+  {{- if $PVC.enabled }}
+  - mountPath: {{- $PVC.mountPath }}
+    name: {{- $index }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.additionalVolumeMounts }}
+    {{- toYaml .Values.additionalVolumeMounts | nindent 2 }}
+  {{- end }}
+
+  {{- include "common.controller.probes.tcpSocket" . | nindent 2 }}
+
+  {{- with .Values.resources }}
+  resources:
+    {{- toYaml . | nindent 12 }}
+  {{- end }}
+{{- end -}}

charts/common/templates/lib/controller/_probes.tpl

@@ -0,0 +1,29 @@
+{{/*
+Default liveness/readiness/startup probes
+*/}}
+{{- define "common.controller.probes.tcpSocket" -}}
+{{- if .Values.probes.liveness.enabled -}}
+livenessProbe:
+  tcpSocket:
+    port: {{ .Values.service.port.name }}
+  initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+  failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+  timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
+{{- end }}
+{{- if .Values.probes.readiness.enabled }}
+readinessProbe:
+  tcpSocket:
+    port: {{ .Values.service.port.name }}
+  initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+  failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+  timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
+{{- end }}
+{{- if .Values.probes.startup.enabled }}
+startupProbe:
+  tcpSocket:
+    port: {{ .Values.service.port.name }}
+  initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
+  failureThreshold: {{ .Values.probes.startup.failureThreshold }}
+  periodSeconds: {{ .Values.probes.startup.periodSeconds }}
+{{- end }}
+{{- end }}

charts/common/templates/lib/controller/_volumes.tpl

@@ -0,0 +1,33 @@
+{{/*
+volumes included by the controller
+*/}}
+{{- define "common.controller.volumes" -}}
+{{/* Store the context to refer in later scope */}}
+{{- $context := . -}}
+{{/* Determine the PVC name */}}
+{{- range $index, $PVC := .Values.persistence }}
+{{- if $PVC.enabled }}
+
+{{- $claimName := "" -}}
+{{- if $PVC.existingClaim -}}
+  {{- $claimName = $PVC.existingClaim -}}
+{{- else }}
+  {{- if $PVC.nameSuffix -}}
+    {{- $claimName = printf "%s-%s" (include "common.names.fullname" $context) $PVC.nameSuffix -}}
+  {{- else }}
+    {{- $claimName = printf "%s-%s" (include "common.names.fullname" $context) $index -}}
+  {{- end -}}
+{{- end -}}
+- name: {{ $index }}
+  {{- if not $PVC.emptyDir }}
+  persistentVolumeClaim:
+    claimName: {{ $claimName }}
+  {{- else }}
+  emptyDir: {}
+  {{- end }}
+{{ end }}
+{{- end }}
+{{- if .Values.additionalVolumes }}
+  {{- toYaml .Values.additionalVolumes | nindent 0 }}
+{{- end }}
+{{- end }}

charts/common/values.yaml

@@ -0,0 +1,196 @@
+# type: options are statefulset or deployment
+controllerType: deployment
+
+env: {}
+
+initContainers: []
+
+additionalContainers: []
+
+# Probes configuration
+probes:
+  liveness:
+    enabled: true
+    initialDelaySeconds: 30
+    failureThreshold: 5
+    timeoutSeconds: 10
+  readiness:
+    enabled: true
+    initialDelaySeconds: 30
+    failureThreshold: 5
+    timeoutSeconds: 10
+  startup:
+    enabled: false
+    initialDelaySeconds: 5
+    failureThreshold: 30
+    periodSeconds: 10
+
+service:
+  enabled: true
+  type: ClusterIP
+  # Specify the default port information
+  port:
+    portNumber: ""
+    name: http
+    protocol: TCP
+    targetPort: http
+    ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+    ##
+    # nodePort:
+  additionalPorts: []
+
+  ## Provide any additional annotations which may be required. This can be used to
+  ## set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  annotations: {}
+  labels: {}
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  labels: {}
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          # Ignored if not kubeVersion >= 1.14-0
+          pathType: Prefix
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+  additionalIngresses: []
+  # - enabled: false
+  #   nameSuffix: "api"
+  #   annotations: {}
+  #   # kubernetes.io/ingress.class: nginx
+  #   # kubernetes.io/tls-acme: "true"
+  #   labels: {}
+  #   hosts:
+  #     - host: chart-example.local
+  #       paths:
+  #         - path: /api
+  #          # Ignored if not kubeVersion >= 1.14-0
+  #          pathType: Prefix
+  #   tls: []
+  #   #  - secretName: chart-example-tls
+  #   #    hosts:
+  #   #      - chart-example.local
+
+persistence:
+  config:
+    enabled: false
+    mountPath: /config
+    ## configuration data Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    ##
+    # storageClass: "-"
+    ##
+    ## If you want to reuse an existing claim, you can pass the name of the PVC using
+    ## the existingClaim variable
+    # existingClaim: your-claim
+    # subPath: some-subpath
+    accessMode: ReadWriteOnce
+    size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    skipuninstall: false
+
+  # Create an emptyDir volume to share between all containers
+  shared:
+    enabled: false
+    emptyDir: true
+    mountPath: /shared
+
+additionalVolumes: []
+
+additionalVolumeMounts: []
+
+addons:
+  vpn:
+    enabled: false
+
+    # VPN type: options are openvpn or wireguard
+    type: openvpn
+
+    # OpenVPN specific configuration
+    openvpn:
+      image:
+        repository: dperson/openvpn-client
+        tag: latest
+
+      # Credentials to connect to the VPN Service (used with -a)
+      auth:  # "user;password"
+      # OR specify an existing secret that contains the credentials. Credentials should be stored
+      # under the VPN_AUTH key
+      authSecret:  # my-vpn-secret
+
+    # OpenVPN specific configuration
+    wireguard:
+      image:
+        repository: linuxserver/wireguard
+        tag: version-v1.0.20200827
+
+    imagePullPolicy: IfNotPresent
+
+    # All variables specified here will be added to the vpn sidecar container
+    # See the documentation of the VPN image for all config values
+    env: {}
+    # TZ: UTC
+
+    # Provide a customized vpn configuration file to be used by the VPN.
+    configFile:  # |-
+      # Some Example Config
+      # remote greatvpnhost.com 8888
+      # auth-user-pass
+      # Cipher AES
+
+    # Provide custom up/down scripts that can be used by the vpnConf
+    scripts:
+      up:  # |-
+        # #!/bin/bash
+        # echo "connected" > /shared/vpnstatus
+      down:  # |-
+        # #!/bin/bash
+        # echo "disconnected" > /shared/vpnstatus
+
+    additionalVolumeMounts: []
+
+    # Optionally specify a livenessProbe, e.g. to check if the connection is still
+    # being protected by the VPN
+    livenessProbe: {}
+    # exec:
+    #    command:
+    #      - sh
+    #      - -c
+    #      - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi
+    #  initialDelaySeconds: 30
+    #  periodSeconds: 60
+    #  failureThreshold: 1
+
+    # If set to true, will deploy a network policy that blocks all outbound
+    # traffic except traffic specified as allowed
+    networkPolicy:
+      enabled: false
+
+      # The egress configuration for your network policy, All outbound traffic
+      # From the pod will be blocked unless specified here. Your cluster must
+      # have a CNI that supports network policies (Canal, Calico, etc...)
+      # https://kubernetes.io/docs/concepts/services-networking/network-policies/
+      # https://github.com/ahmetb/kubernetes-network-policy-recipes
+      egress:
+        # - to:
+        #   - ipBlock:
+        #       cidr: 0.0.0.0/0
+        #   ports:
+        #   - port: 53
+        #     protocol: UDP
+        #   - port: 53
+        #     protocol: TCP

charts/esphome/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 1.15.2
+appVersion: 1.15.3
 description: ESPHome
 name: esphome
-version: 2.2.0
+version: 2.3.0
 keywords:
 - esphome
 home: https://github.com/k8s-at-home/charts/tree/master/charts/esphome

charts/esphome/values.yaml

@@ -4,7 +4,7 @@
 
 image:
   repository: esphome/esphome
-  tag: 1.15.2
+  tag: 1.15.3
   pullPolicy: IfNotPresent
   pullSecrets: []
 

charts/frigate/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "0.5.2"
+appVersion: "0.6.0"
 description: Realtime object detection on RTSP cameras with the Google Coral
 name: frigate
-version: 4.0.0
+version: 4.0.1
 keywords:
   - tensorflow
   - coral

charts/frigate/values.yaml

@@ -9,7 +9,7 @@ strategyType: Recreate
 
 image:
   repository: blakeblackshear/frigate
-  tag: 0.5.2
+  tag: 0.6.0
   pullPolicy: IfNotPresent
 
 rtspPassword: password

charts/home-assistant/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 0.115.2
+appVersion: 0.116.1
 description: Home Assistant
 name: home-assistant
-version: 2.4.0
+version: 2.6.0
 keywords:
 - home-assistant
 - hass
@@ -22,7 +22,7 @@ maintainers:
 dependencies:
 - name: esphome
   repository: https://k8s-at-home.com/charts/
-  version: ~1.0.0
+  version: ~2.2.0
   condition: esphome.enabled
 - name: postgresql
   version: 9.1.2

charts/home-assistant/README.md

@@ -135,6 +135,7 @@ The following tables lists the configurable parameters of the Home Assistant cha
 | `vscode.vscodePath`                             | Base path of the VS Code configuration files                                                                                                                                                                                              | `/config/.vscode`                      |
 | `vscode.password`                               | If this is set, will require a password to access the VS Code Server UI                                                                                                                                                                   | ``                                     |
 | `vscode.extraEnv`                               | Extra ENV vars to pass to the configuration UI                                                                                                                                                                                            | `{}`                                   |
+| `vscode.args`                                   | Optional arguments to pass into vscode image. Defaulting to "-" uses default arguments.         | `-`                                   |
 | `vscode.ingress.enabled`                        | Enables Ingress for the VS Code UI                                                                                                                                                                                                        | `false`                                |
 | `vscode.ingress.annotations`                    | Ingress annotations for the VS Code UI                                                                                                                                                                                                    | `{}`                                   |
 | `vscode.ingress.hosts`                          | Ingress accepted hostnames for the VS Code UI                                                                                                                                                                                             | `chart-example.local`                  |
@@ -190,6 +191,7 @@ The following tables lists the configurable parameters of the Home Assistant cha
 | `monitoring.serviceMonitor.labels`              | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator                                                                                                                                           | `{}`                                   |
 | `monitoring.serviceMonitor.bearerTokenFile`     | Set bearerTokenFile for home-assistant auth (use long lived access tokens)                                                                                                                                                                | `nil`                                  |
 | `monitoring.serviceMonitor.bearerTokenSecret`   | Set bearerTokenSecret for home-assistant auth (use long lived access tokens)                                                                                                                                                              | `nil`                                  |
+| `monitoring.serviceMonitor.metricRelabelings`   | Add metricRelabelings [Documentation](https://coreos.com/operators/prometheus/docs/latest/api.html#relabelconfig)                                                                                                                         | `{}`                                   |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

charts/home-assistant/templates/_helpers.tpl

@@ -30,3 +30,24 @@ Create chart name and version as used by the chart label.
 {{- define "home-assistant.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Create argument list for vscode image.
+*/}}
+{{- define "home-assistant.vscode.args" -}}
+{{- if empty .Values.vscode.args -}}
+{{- "" -}}
+{{- else if (eq (typeOf .Values.vscode.args) "string") -}}
+- --port={{ .Values.vscode.service.port }}
+{{- if not (.Values.vscode.password) }}
+- --auth=none
+{{- end }}
+{{- if .Values.vscode.vscodePath }}
+- --extensions-dir={{ .Values.vscode.vscodePath }}
+- --user-data-dir={{ .Values.vscode.vscodePath }}
+- {{ .Values.vscode.hassConfig }}
+{{- end }}
+{{- else -}}
+{{ toYaml .Values.vscode.args }}
+{{- end -}}
+{{- end -}}

charts/home-assistant/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- $args := include "home-assistant.vscode.args" . -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -273,15 +274,9 @@ spec:
           imagePullPolicy: {{ .Values.vscode.image.pullPolicy }}
           workingDir: {{ .Values.vscode.hassConfig }}
           args:
-            - --port={{ .Values.vscode.service.port }}
-            {{- if not (.Values.vscode.password) }}
-            - --auth=none
-            {{- end }}
-            {{- if .Values.vscode.vscodePath }}
-            - --extensions-dir={{ .Values.vscode.vscodePath }}
-            - --user-data-dir={{ .Values.vscode.vscodePath }}
-            - {{ .Values.vscode.hassConfig }}
-            {{- end }}
+{{- with $args }}
+{{ . | indent 12 }}
+{{- end }}
           ports:
             - name: vscode
               containerPort: {{ .Values.vscode.service.port }}

charts/home-assistant/templates/servicemonitor.yaml

@@ -27,6 +27,10 @@ spec:
       {{- if .Values.monitoring.serviceMonitor.bearerTokenSecret.optional }}
       optional: {{ .Values.monitoring.serviceMonitor.bearerTokenSecret.optional }}
       {{- end }}
+{{- end }}
+{{- if .Values.monitoring.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+{{ toYaml .Values.monitoring.serviceMonitor.metricRelabelings | indent 4 }}
 {{- end }}
   jobLabel: {{ template "home-assistant.fullname" . }}-prometheus-exporter
   namespaceSelector:

charts/home-assistant/values.yaml

@@ -4,7 +4,7 @@
 
 image:
   repository: homeassistant/home-assistant
-  tag: 0.115.2
+  tag: 0.116.1
   pullPolicy: IfNotPresent
   pullSecrets: []
 
@@ -123,7 +123,7 @@ git:
 
   image:
     repository: k8sathome/git-crypt
-    tag: 2020.09.07
+    tag: 2020.09.28
     pullPolicy: IfNotPresent
 
   ## Specify the command that runs in the git-sync container to pull in configuration.
@@ -224,7 +224,18 @@ monitoring:
     # bearerTokenFile:
     # Set bearerTokenSecret for home assistant auth (use long lived access tokens)
     # bearerTokenSecret:
-
+    # Relabel metrics if needed example removes pod and instance labels from metrics beginning with hass
+    # metricRelabelings: []
+    #  - regex: hass.*
+    #    replacement: ""
+    #    sourceLabels:
+    #     - __name__
+    #    targetLabel: pod
+    #  - regex: hass_.*
+    #    replacement: ""
+    #    sourceLabels:
+    #     - __name__
+    #    targetLabel: instance
 
 vscode:
   enabled: false
@@ -250,6 +261,10 @@ vscode:
   ##
   extraEnv: {}
 
+  ## Set to "-" to use default argument list
+  ## Otherwise convert to list of arguments
+  args: "-"
+
   ingress:
     enabled: false
     annotations: {}

charts/intel-gpu-plugin/.helmignore

@@ -14,10 +14,10 @@
 *.swp
 *.bak
 *.tmp
+*.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
-# OWNERS file for Kubernetes
-OWNERS
+.vscode/

charts/intel-gpu-plugin/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v2
+name: intel-gpu-plugin
+version: 1.0.0
+appVersion: 0.18.1
+description: The Intel GPU plugin facilitates offloading the processing of computation intensive workloads to GPU hardware
+keywords:
+  - kubernetes
+  - cluster
+  - hardware
+  - gpu
+home: https://github.com/k8s-at-home/charts/tree/master/charts/intel-gpu-plugin
+icon: https://avatars0.githubusercontent.com/u/17888862?s=400&v=4
+sources:
+  - https://github.com/intel/intel-device-plugins-for-kubernetes/blob/master/cmd/gpu_plugin
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com

charts/intel-gpu-plugin/README.md

@@ -0,0 +1,73 @@
+# intel-gpu-plugin helm chart
+
+This is a helm chart that will deploy [intel-gpu-plugin](https://github.com/intel/intel-device-plugins-for-kubernetes/blob/master/cmd/gpu_plugin) as a DaemonSet.
+
+The GPU plugin facilitates offloading the processing of computation intensive workloads to GPU hardware.
+
+## TL;DR
+
+```shell
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm install k8s-at-home/intel-gpu-plugin
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```shell
+helm install my-release k8s-at-home/intel-gpu-plugin
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```shell
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following tables lists the configurable parameters of the Sentry chart and their default values.
+Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/intel-gpu-plugin/values.yaml) file. It has several commented out suggested values.
+
+| Parameter                                   | Description                                                                                  | Default                                               |
+| ------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------- |
+| `image.repository`                          | Image repository                                                                             | `intel/intel-gpu-plugin` |
+| `image.tag`                                 | Image tag. Possible values listed [here](https://hub.docker.com/r/intel/intel-gpu-plugin/tags).     | `0.18.1`                         |
+| `image.pullPolicy`                          | Image pull policy                                                                            | `IfNotPresent`                                        |
+| `strategyType`                              | Specifies the strategy used to replace old Pods by new ones                                  | `Recreate`                                            |
+| `podAnnotations`                            | Key-value pairs to add as pod annotations                                                    | `{}`                                                  |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```shell
+helm install my-release \
+  --set image.pullPolicy="Always" \
+    k8s-at-home/intel-gpu-plugin
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```shell
+helm install my-release -f values.yaml k8s-at-home/intel-gpu-plugin
+```
+
+### Node Feature Discovery
+
+If your cluster runs [Node Feature Discovery](https://github.com/k8s-at-home/charts/blob/master/charts/node-feature-discovery), you can deploy the device plugin only on nodes with Intel GPU by specifying the desired `nodeSelector` or `affinity` in your values. For example (make sure to update to your exact feature label):
+
+```yaml
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: feature.node.kubernetes.io/pci-0300_8086.present
+              operator: In
+              values:
+                - "true"
+```

charts/intel-gpu-plugin/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "intel-gpu-plugin.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "intel-gpu-plugin.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "intel-gpu-plugin.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "intel-gpu-plugin.labels" -}}
+helm.sh/chart: {{ include "intel-gpu-plugin.chart" . }}
+{{ include "intel-gpu-plugin.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "intel-gpu-plugin.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "intel-gpu-plugin.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "intel-gpu-plugin.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "intel-gpu-plugin.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/intel-gpu-plugin/templates/daemonset.yaml

@@ -0,0 +1,71 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "intel-gpu-plugin.fullname" . }}
+  labels:
+    {{- include "intel-gpu-plugin.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "intel-gpu-plugin.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+    {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      labels:
+        {{- include "intel-gpu-plugin.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "intel-gpu-plugin.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: devfs
+              mountPath: /dev/dri
+              readOnly: true
+            - name: sysfs
+              mountPath: /sys/class/drm
+              readOnly: true
+            - name: kubeletsockets
+              mountPath: /var/lib/kubelet/device-plugins
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        - name: devfs
+          hostPath:
+            path: /dev/dri
+        - name: sysfs
+          hostPath:
+            path: /sys/class/drm
+        - name: kubeletsockets
+          hostPath:
+            path: /var/lib/kubelet/device-plugins
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/intel-gpu-plugin/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "intel-gpu-plugin.serviceAccountName" . }}
+  labels:
+    {{- include "intel-gpu-plugin.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/intel-gpu-plugin/values.yaml

@@ -0,0 +1,50 @@
+# Default values for intel-gpu-plugin.
+
+image:
+  repository: intel/intel-gpu-plugin
+  pullPolicy: IfNotPresent
+  tag: 0.18.1
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

charts/jackett/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.16.1045
 description: API Support for your favorite torrent trackers
 name: jackett
-version: 4.0.0
+version: 4.0.1
 keywords:
   - jackett
   - torrent

charts/lidarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: lidarr
 description: Looks and smells like Sonarr but made for music
 type: application
-version: 4.0.1
+version: 4.0.2
 appVersion: 0.7.1.1785-ls18
 keywords:
   - lidarr

charts/media-common-openvpn/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: media-common-openvpn
-description: OpenVPN add-on for `media-common`-based charts
-type: library
-keywords:
-  - media-common
-  - openvpn
-home: https://github.com/k8s-at-home/charts/tree/master/charts/media-common-openvpn
-maintainers:
-  - name: bjw-s
-    email: bjw-s@users.noreply.github.com
-version: 1.0.1

charts/media-common-openvpn/README.md

@@ -1,16 +0,0 @@
-# Add-on chart for k8s@home media charts
-
-This chart provides a single maintainable OpenVPN add-on to the `meda-common` chart.
-
-## Configuration
-
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/media-common-openvpn/values.yaml) file.
-It has several commented out suggested values.
-
-These values will normally be nested as it is a dependency, for example:
-```yaml
-radarr:
-  openvpn:
-    enabled: true
-    <values>
-```

charts/media-common-openvpn/templates/_configmap.tpl

@@ -1,24 +0,0 @@
-{{/*
-The OpenVPN configmaps to be inserted
-*/}}
-{{- define "media-common.openvpn.configmap" -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "media-common.fullname" . }}-openvpn
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-data:
-{{- if .Values.openvpn.vpnConf }}
-  vpnConf: |-
-    {{- .Values.openvpn.vpnConf | nindent 4}}
-{{- end }}
-{{ if .Values.openvpn.scripts.up }}
-  up.sh: |-
-    {{- .Values.openvpn.scripts.up | nindent 4}}
-{{- end }}
-{{- if .Values.openvpn.scripts.down }}
-  down.sh: |-
-    {{- .Values.openvpn.scripts.down | nindent 4}}
-{{- end }}
-{{- end -}}

charts/media-common-openvpn/templates/_container.tpl

@@ -1,48 +0,0 @@
-{{/*
-The OpenVPN container(s) to be inserted
-*/}}
-{{- define "media-common.openvpn.container" -}}
-- name: openvpn
-  image: "{{ .Values.openvpn.image.repository }}:{{ .Values.openvpn.image.tag }}"
-  imagePullPolicy: {{ .Values.openvpn.image.pullPolicy }}
-  securityContext:
-    capabilities:
-      add: ["NET_ADMIN"]
-  {{- if .Values.openvpn.env }}
-  env:
-  {{- range $k, $v := .Values.openvpn.env }}
-  - name: {{ $k }}
-    value: {{ $v }}
-  {{- end }}
-  {{- end }}  
-  envFrom:
-  {{- if or .Values.openvpn.auth .Values.openvpn.authSecret }}
-  - secretRef:
-    {{- if .Values.openvpn.authSecret }}
-      name: {{ .Values.openvpn.authSecret }}
-    {{- else }}
-      name: {{ template "media-common.fullname" . }}-openvpn
-    {{- end }}
-  {{- end }}
-  volumeMounts:
-  {{- if .Values.openvpn.vpnConf }}
-  - name: openvpnconf
-    mountPath: /vpn/vpn.conf
-    subPath: vpnConf
-  {{- end }}
-  {{- if .Values.openvpn.scripts.up }}
-  - name: openvpnconf
-    mountPath: /vpn/up.sh
-    subPath: up.sh
-  {{- end }}
-  {{- if .Values.openvpn.scripts.down }}
-  - name: openvpnconf
-    mountPath: /vpn/down.sh
-    subPath: down.sh
-  {{- end }}
-  {{- if .Values.openvpn.additionalVolumeMounts }}
-  {{- toYaml .Values.openvpn.additionalVolumeMounts | nindent 2 }}
-  {{- end }}
-  livenessProbe:
-    {{- toYaml .Values.openvpn.livenessProbe | nindent 4 }}
-{{- end -}}

charts/media-common-openvpn/templates/_networkpolicy.tpl

@@ -1,22 +0,0 @@
-{{/*
-The OpenVPN networkpolicy to be inserted
-*/}}
-{{- define "media-common.openvpn.networkpolicy" -}}
-{{- if .Values.openvpn.networkPolicy.enabled -}}
-kind: NetworkPolicy
-apiVersion: networking.k8s.io/v1
-metadata:
-  name: {{ template "media-common.fullname" . }}-deny-all-netpol
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "media-common.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  policyTypes:
-  - Egress
-  egress:
-  {{- if .Values.openvpn.networkPolicy.egress }} 
-  {{- .Values.openvpn.networkPolicy.egress | toYaml | nindent 4 }}
-  {{- end -}}
-{{- end -}}
-{{- end -}}

charts/media-common-openvpn/templates/_secret.tpl

@@ -1,15 +0,0 @@
-{{/*
-The OpenVPN secrets to be inserted
-*/}}
-{{- define "media-common.openvpn.secret" -}}
-{{- if .Values.openvpn.auth -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "media-common.fullname" . }}-openvpn
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-data:
-  VPN_AUTH: {{ .Values.openvpn.auth | b64enc }}
-{{- end -}}
-{{- end -}}

charts/media-common-openvpn/templates/_volume.tpl

@@ -1,25 +0,0 @@
-{{/*
-The OpenVPN volumes to be inserted
-*/}}
-{{- define "media-common.openvpn.volume" -}}
-{{- if or .Values.openvpn.vpnConf .Values.openvpn.scripts.up .Values.openvpn.scripts.down -}}
-- name: openvpnconf
-  configMap:
-    name: {{ template "media-common.fullname" . }}-openvpn
-    items:
-      {{- if .Values.openvpn.vpnConf }}
-      - key: vpnConf
-        path: vpnConf
-      {{- end }}
-      {{- if .Values.openvpn.scripts.up }}
-      - key: up.sh
-        path: up.sh
-        mode: 0777
-      {{- end }}
-      {{- if .Values.openvpn.scripts.down }}
-      - key: down.sh
-        path: down.sh
-        mode: 0777
-      {{- end }}
-{{- end -}}
-{{- end -}}

charts/media-common-openvpn/values.yaml

@@ -1,67 +0,0 @@
-# Default values for media-common-openvpn.
-
-image:
-  repository: dperson/openvpn-client
-  tag: latest
-  pullPolicy: IfNotPresent
-
-# All variables specified here will be added to the openvpn sidecar container
-# Ref https://hub.docker.com/r/dperson/openvpn-client for all config values
-env: []
-# TZ: UTC
-
-# Provide a customized vpn.conf file to be used by openvpn.
-vpnConf:  # |-
-  # Some Example Config
-  # remote greatvpnhost.com 8888
-  # auth-user-pass
-  # Cipher AES
-
-# Provide custom up/down scripts that can be used by the vpnConf
-scripts:
-  up:  # |-
-    # #!/bin/bash
-    # echo "connected" > /shared/vpnstatus
-  down:  # |-
-    # #!/bin/bash
-    # echo "disconnected" > /shared/vpnstatus
-
-# Credentials to connect to the VPN Service (used with -a)
-auth:  # "user;password"
-# OR specify an existing secret that contains the credentials. Credentials should be stored
-# under the VPN_AUTH key
-authSecret:  # my-vpn-secret
-
-additionalVolumeMounts: []
-
-# Optionally specify a livenessProbe, e.g. to check if the connection is still
-# being protected by the VPN
-livenessProbe: {}
-# exec:
-#    command:
-#      - sh
-#      - -c
-#      - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi
-#  initialDelaySeconds: 30
-#  periodSeconds: 60
-#  failureThreshold: 1
-
-# If set to true, will deploy a network policy that blocks all outbound
-# traffic except traffic specified as allowed
-networkPolicy:
-  enabled: false
-
-  # The egress configuration for your network policy, All outbound traffic
-  # From the pod will be blocked unless specified here. Your cluster must
-  # have a CNI that supports network policies (Canal, Calico, etc...)
-  # https://kubernetes.io/docs/concepts/services-networking/network-policies/
-  # https://github.com/ahmetb/kubernetes-network-policy-recipes
-  egress:
-    # - to:
-    #   - ipBlock:
-    #       cidr: 0.0.0.0/0
-    #   ports:
-    #   - port: 53
-    #     protocol: UDP
-    #   - port: 53
-    #     protocol: TCP

charts/media-common/Chart.yaml

@@ -1,17 +0,0 @@
-apiVersion: v2
-name: media-common
-description: Common dependancy chart for media ecosystem containers
-type: application
-version: 1.3.0
-keywords:
-  - media-common
-home: https://github.com/k8s-at-home/charts/tree/master/charts/media-common
-maintainers:
-  - name: DirtyCajunRice
-    email: nick@cajun.pro
-dependencies:
-  - name: media-common-openvpn
-    repository: https://k8s-at-home.com/charts/
-    version: ^1.0.0
-    condition: openvpn.enabled
-    alias: openvpn

charts/media-common/OWNERS

@@ -1,4 +0,0 @@
-approvers:
-- DirtyCajunRice
-reviewers:
-- DirtyCajunRice

charts/media-common/README.md

@@ -1,30 +0,0 @@
-# Shared base chart for k8s@home media charts
-
-Many containers have no environmentally configurable settings. This chart allows a single maintainable
-base with umbrella charts for container-specific differences. This chart does not have a default
-repository or tag, and not designed to be deployed directly.
-
-## Known Parent Charts
-
-* [k8s-at-home/radarr](https://github.com/k8s-at-home/charts/tree/master/charts/radarr)
-* [k8s-at-home/sonarr](https://github.com/k8s-at-home/charts/tree/master/charts/sonarr)
-* [k8s-at-home/lidarr](https://github.com/k8s-at-home/charts/tree/master/charts/lidarr)
-* [k8s-at-home/tautulli](https://github.com/k8s-at-home/charts/tree/master/charts/tautulli)
-* [k8s-at-home/ombi](https://github.com/k8s-at-home/charts/tree/master/charts/ombi)
-* [k8s-at-home/organizr](https://github.com/k8s-at-home/charts/tree/master/charts/organizr)
-
-## Configuration
-
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/media-common/values.yaml) file.
-It has several commented out suggested values.
-
-These values will normally be nested as it is a dependency, for example:
-```yaml
-radarr:
-  <values>
-```
-
-## Add-ons
-
-### OpenVPN
-It is possible to enable an OpenVPN add-on by setting `openvpn.enabled: true`. For more information refer to [k8s-at-home/media-common-openvpn](https://github.com/k8s-at-home/charts/tree/master/charts/media-common-openvpn)

charts/media-common/ci/ct-values.yaml

@@ -1,35 +0,0 @@
----
-image:
-  organization: linuxserver
-  repository: radarr
-  tag: latest
-service:
-  port: 7878
-
-openvpn:
-  enabled: true
-
-  image:
-    repository: dperson/openvpn-client
-    tag: latest
-    pullPolicy: IfNotPresent
-
-  auth: user;pass
-
-  env:
-    TZ: UTC
-
-  scripts:
-    up:
-    down:
-
-  networkPolicy:
-    enabled: false
-
-  livenessProbe:
-    initialDelaySeconds: 10
-    periodSeconds: 10
-    exec:
-      command:
-        - echo
-        - success

charts/media-common/templates/_helpers.tpl

@@ -1,85 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "media-common.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "media-common.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "media-common.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "media-common.labels" -}}
-helm.sh/chart: {{ include "media-common.chart" . }}
-{{ include "media-common.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "media-common.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "media-common.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Init Containers
-*/}}
-{{- define "media-common.initContainers" -}}
-{{- if .Values.initContainers }}
-{{- toYaml .Values.initContainers }}
-{{- end }}
-{{- end -}}
-
-{{/*
-Additional Containers
-*/}}
-{{- define "media-common.additionalContainers" -}}
-{{- if .Values.additionalContainers }}
-{{- toYaml .Values.additionalContainers }}
-{{- end }}
-{{- if .Values.openvpn.enabled }}
-{{ include "media-common.openvpn.container" . }}
-{{- end }}
-{{- end -}}
-
-{{/*
-Additional Volumes
-*/}}
-{{- define "media-common.additionalVolumes" -}}
-{{- if .Values.additionalVolumes }}
-{{- toYaml .Values.additionalVolumes }}
-{{- end }}
-{{- if .Values.openvpn.enabled }}
-{{ include "media-common.openvpn.volume" . }}
-{{- end }}
-{{- end -}}

charts/media-common/templates/addon-openvpn.yaml

@@ -1,8 +0,0 @@
-{{- if .Values.openvpn.enabled -}}
----
-{{ include "media-common.openvpn.configmap" . }}
----
-{{ include "media-common.openvpn.secret" . }}
----
-{{ include "media-common.openvpn.networkpolicy" . }}
-{{- end -}}

charts/media-common/templates/configmap.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "media-common.fullname" . }}
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-{{- if .Values.env }}
-data:
-  {{- toYaml .Values.env | nindent 2 }}
-{{- end }}

charts/media-common/templates/deployment.yaml

@@ -1,108 +0,0 @@
-{{- if eq .Values.persistence.type "deployment" }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "media-common.fullname" . }}
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-  {{- include "media-common.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-      {{- include "media-common.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.podSecurityContext }}
-      securityContext:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.initContainers }}
-      initContainers:
-        {{- include "media-common.initContainers" . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ template "media-common.fullname" . }}
-          {{- with .Values.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 8 }}
-          {{- end }}
-          image: "{{ .Values.image.organization }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          envFrom:
-            - configMapRef:
-                name: {{ template "media-common.fullname" . }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          readinessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          volumeMounts:
-            - mountPath: {{ .Values.configPath }}
-              name: config
-              {{- if .Values.persistence.config.subPath }}
-              subPath: {{ .Values.persistence.config.subPath }}
-              {{- end }}
-            {{- if .Values.persistence.media.enabled }}
-            - mountPath: /media
-              name: media
-              {{- if .Values.persistence.media.subPath }}
-              subPath: {{ .Values.persistence.media.subPath }}
-              {{- end }}
-            {{- end }}
-          {{- if .Values.additionalVolumeMounts }}
-          {{- toYaml .Values.additionalVolumeMounts | nindent 12 }}
-          {{- end }}
-          {{- with .Values.resources }}
-          resources:
-          {{- toYaml . | nindent 12 }}
-          {{- end }}
-        {{- include "media-common.additionalContainers" . | nindent 8 }}
-      volumes:
-        - name: config
-          {{- if .Values.persistence.config.enabled }}
-          persistentVolumeClaim:
-            claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "media-common.fullname" . }}{{- end }}
-          {{- else }}
-          emptyDir: {}
-          {{- end }}
-        {{- if .Values.persistence.media.enabled }}
-        - name: media
-          persistentVolumeClaim:
-            claimName: {{ if .Values.persistence.media.existingClaim }}{{ .Values.persistence.media.existingClaim }}{{- else }}{{ template "media-common.fullname" . }}-media{{- end }}
-        {{- end }}
-        {{- include "media-common.additionalVolumes" . | nindent 8 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-      {{ toYaml . | indent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-      {{ toYaml . | indent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-      {{ toYaml . | indent 8 }}
-      {{- end }}
-{{- end }}

charts/media-common/templates/ingress.yaml

@@ -1,106 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-  {{- $kubeVersion := .Capabilities.KubeVersion.GitVersion -}}
-  {{- $fullName := include "media-common.fullname" . -}}
-  {{- $svcPort := .Values.service.port -}}
-  {{- if semverCompare ">= 1.19-0" $kubeVersion -}}
-apiVersion: networking.k8s.io/v1
-  {{- else if semverCompare ">= 1.14-0 < 1.19-0" $kubeVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-  {{- else -}}
-apiVersion: extensions/v1beta1
-  {{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- if semverCompare ">= 1.14-0" $kubeVersion}}
-            pathType: {{ .pathType }}
-            {{- end }}
-            backend:
-              {{- if semverCompare ">= 1.19-0" $kubeVersion}}
-              service:
-                name: {{ $fullName }}
-                port:
-                  name: http
-              {{- else }}
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-              {{- end }}
-          {{- end }}
-  {{- end }}
-  {{- range $index, $ingress := .Values.ingress.extraIngresses }}
----
-  {{- if semverCompare ">= 1.19-0" $kubeVersion -}}
-apiVersion: networking.k8s.io/v1
-  {{- else if semverCompare ">= 1.14-0 < 1.19-0" $kubeVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-  {{- else -}}
-apiVersion: extensions/v1beta1
-    {{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}-{{ $ingress.nameSuffix | default $index }}
-  labels:
-    {{- include "media-common.labels" . | nindent 4 }}
-    {{- with $ingress.annotations }}
-  annotations:
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if $ingress.tls }}
-  tls:
-    {{- range $ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-  {{- end }}
-  rules:
-    {{- range $ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- if semverCompare ">= 1.14-0" $kubeVersion}}
-            pathType: {{ .pathType }}
-            {{- end }}
-            backend:
-              {{- if semverCompare ">= 1.19-0" $kubeVersion}}
-              service:
-                name: {{ $fullName }}
-                port:
-                  name: http
-              {{- else }}
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-              {{- end }}
-          {{- end }}
-    {{- end }}
-  {{- end }}
-{{- end }}

charts/media-common/templates/pvc.yaml

@@ -1,44 +0,0 @@
-{{- if and .Values.persistence.config.enabled (not .Values.persistence.config.existingClaim) -}}
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "media-common.fullname" . }}
-  {{- if .Values.persistence.config.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.config.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.size | quote }}
-  {{- if .Values.persistence.config.storageClass }}
-  storageClassName: {{ if (eq "-" .Values.persistence.config.storageClass) }}""{{- else }}{{ .Values.persistence.config.storageClass | quote }}{{- end }}
-  {{- end }}
-{{- end -}}
-{{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }}
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "media-common.fullname" . }}-media
-  {{- if .Values.persistence.media.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.media.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.media.size | quote }}
-  {{- if .Values.persistence.media.storageClass }}
-  storageClassName: {{ if (eq "-" .Values.persistence.media.storageClass) }}""{{- else }}{{ .Values.persistence.media.storageClass | quote}}{{- end }}
-  {{- end }}
-{{- end -}}

charts/media-common/templates/service.yaml

@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "media-common.fullname" . }}
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-  {{- if .Values.service.labels }}
-  {{ toYaml .Values.service.labels | indent 4 }}
-  {{- end }}
-  {{- with .Values.service.annotations }}
-  annotations:
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - name: http
-      port: {{ .Values.service.port }}
-      protocol: TCP
-      targetPort: http
-      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{ .Values.service.nodePort }}
-      {{- end }}
-  {{- with .Values.service.additionalSpec }}
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-  selector:
-  {{- include "media-common.selectorLabels" . | nindent 4 }}

charts/media-common/templates/statefulset.yaml

@@ -1,109 +0,0 @@
-{{- if eq .Values.persistence.type "statefulset" }}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ template "media-common.fullname" . }}
-  labels:
-  {{- include "media-common.labels" . | nindent 4 }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-  {{- include "media-common.selectorLabels" . | nindent 6 }}
-  serviceName: {{ include "media-common.fullname" . }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-      {{- include "media-common.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.initContainers }}
-      initContainers:
-        {{- include "media-common.initContainers" . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ template "media-common.fullname" . }}
-          {{- with .Values.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 8 }}
-          {{- end }}
-          image: "{{ .Values.image.organization }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          envFrom:
-          - configMapRef:
-              name: {{ template "media-common.fullname" . }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          readinessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          volumeMounts:
-            - mountPath: {{ .Values.configPath }}
-              name: config
-              {{- if .Values.persistence.config.subPath }}
-              subPath: {{ .Values.persistence.config.subPath }}
-              {{- end }}
-            {{- if .Values.persistence.media.enabled }}
-            - mountPath: /media
-              name: media
-              {{- if .Values.persistence.media.subPath }}
-              subPath: {{ .Values.persistence.media.subPath }}
-              {{- end }}
-            {{- end }}
-          {{- if .Values.additionalVolumeMounts }}
-          {{- toYaml .Values.additionalVolumeMounts | nindent 12 }}
-          {{- end }}
-          {{- with .Values.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-        {{- include "media-common.additionalContainers" . | nindent 8 }}
-      volumes:
-        - name: config
-          {{- if .Values.persistence.config.enabled }}
-          persistentVolumeClaim:
-            claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "media-common.fullname" . }}{{- end }}
-          {{- else }}
-          emptyDir: {}
-          {{- end }}
-        {{- if .Values.persistence.media.enabled }}
-        - name: media
-          persistentVolumeClaim:
-            claimName: {{ if .Values.persistence.media.existingClaim }}{{ .Values.persistence.media.existingClaim }}{{- else }}{{ template "media-common.fullname" . }}-media{{- end }}
-        {{- end }}
-        {{- include "media-common.additionalVolumes" . | nindent 8 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-      {{ toYaml . | indent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-      {{ toYaml . | indent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-      {{ toYaml . | indent 8 }}
-      {{- end }}
-{{- end }}

charts/media-common/values.yaml

@@ -1,162 +0,0 @@
-# Default values for media-common.
-
-image:
-  organization: ""
-  repository: ""
-  pullPolicy: IfNotPresent
-  tag: ""
-
-# Probes configuration
-probes:
-  liveness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-configPath: /config
-
-env:
-  TZ: UTC
-
-service:
-  type: ClusterIP
-  port: ""
-  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  # nodePort:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  additionalSpec: {}
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  labels: {}
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          # Ignored if not kubeVersion >= 1.14-0
-          pathType: Prefix
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-  extraIngresses:
-  # - enabled: false
-  #   nameSuffix: "api"
-  #   annotations: {}
-  #   # kubernetes.io/ingress.class: nginx
-  #   # kubernetes.io/tls-acme: "true"
-  #   labels: {}
-  #   hosts:
-  #     - host: chart-example.local
-  #       paths:
-  #         - path: /api
-  #          # Ignored if not kubeVersion >= 1.14-0
-  #          pathType: Prefix
-  #   tls: []
-  #   #  - secretName: chart-example-tls
-  #   #    hosts:
-  #   #      - chart-example.local
-
-persistence:
-  # type: options are statefulset or deployment
-  type: statefulset
-  config:
-    enabled: true
-    ## media-common configuration data Persistent Volume Storage Class
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 1Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  media:
-    enabled: false
-    ## media-common media volume configuration
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-
-initContainers: []
-
-additionalContainers: []
-
-additionalVolumes: []
-
-additionalVolumeMounts: []
-
-# Enable the OpenVPN add-on here
-# See https://github.com/k8s-at-home/charts/tree/master/charts/media-common-openvpn for more details
-openvpn:
-  enabled: false
-
-podSecurityContext: {}
-# fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-# runAsUser: 1000
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}

charts/mosquitto/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.6.12"
 description: Eclipse Mosquitto - An open source MQTT broker
 name: mosquitto
-version: 0.3.3
+version: 0.4.0
 keywords:
   - message queue
   - MQTT

charts/mosquitto/templates/statefullset.yaml

@@ -44,6 +44,7 @@ spec:
               mountPath: /mosquitto/config
             - name: data
               mountPath: /mosquitto/data
+            {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 12 }}{{ end }}
       volumes:
         - name: configmap
           configMap:
@@ -57,6 +58,7 @@ spec:
           persistentVolumeClaim:
             claimName: {{ .Values.persistence.existingClaim }}
         {{- end }}
+        {{- if .Values.extraVolumes  }}{{ toYaml .Values.extraVolumes | trim | nindent 8 }}{{ end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/mosquitto/values.yaml

@@ -74,3 +74,15 @@ persistence:
   size: 5Gi
 
 # customConfig:
+
+# Any extra volumes to define for the pod
+extraVolumes: []
+  # - name: example-name
+  #   hostPath:
+  #     path: /path/on/host
+  #     type: DirectoryOrCreate
+
+# Any extra volume mounts to define for the containers
+extraVolumeMounts: []
+#   - name: example-name
+#     mountPath: /path/in/container

charts/nzbget/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v21.0
 description: NZBGet is a Usenet downloader client
 name: nzbget
-version: 5.0.0
+version: 5.0.1
 keywords:
   - nzbget
   - usenet

charts/ombi/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: ombi
 description: Want a Movie or TV Show on Plex or Emby? Use Ombi!
 type: application
-version: 4.0.1
+version: 4.0.2
 appVersion: 4.0.471
 keywords:
   - ombi

charts/organizr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: organizr
 description: HTPC/Homelab Services Organizer - Written in PHP
 type: application
-version: 1.0.1
+version: 1.0.2
 appVersion: latest
 keywords:
   - organizr

charts/piaware/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v3.8.1
 description: Program for forwarding ADS-B data to FlightAware
 name: piaware
-version: 2.0.1
+version: 2.1.0
 keywords:
   - piaware
   - flight-aware

charts/piaware/README.md

@@ -17,6 +17,15 @@ To install the chart with the release name `my-release`:
 helm install --name my-release k8s-at-home/piaware
 ```
 
+### Configuration
+There are two main options for this chart, either use a UBB device on the node where the pod runs or use 
+[readsb](https://hub.docker.com/r/mikenye/readsb) with beast
+
+#### USB
+Set the value 
+
+    device: "/dev/bus/usb/001/004"
+
 **IMPORTANT NOTE:** a flight-aware USB device must be accessible on the node where this pod runs, in order for this chart to function properly.
 
 A way to achieve this can be with nodeAffinity rules, for example:
@@ -35,6 +44,12 @@ affinity:
 
 ... where a node with an attached flight-aware USB device is labeled with `app: flight-aware`
 
+#### Beast
+Use this together with the [readsb](https://hub.docker.com/r/mikenye/readsb) 
+Set the value
+
+    beastHost: <host running readsb>
+
 ## Uninstalling the Chart
 
 To uninstall/delete the `my-release` deployment:
@@ -53,12 +68,12 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
 
 ```console
 helm install --name my-release \
-  --set rtspPassword="nosecrets" \
+  --set feederId="nosecrets" \
     k8s-at-home/piaware
 ```
 
 Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
 
 ```console
-helm install --name my-release -f values.yaml stable/piaware
+helm install --name my-release -f values.yaml k8s-at-home/piaware
 ```

charts/piaware/templates/deployment.yaml

@@ -33,8 +33,10 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.device }}
           securityContext:
             privileged: true
+          {{- end }}
           ports:
             - name: http
               containerPort: 8080
@@ -56,15 +58,27 @@ spec:
             - name: FEEDER_ID
               value: "{{ .Values.feederId }}"
             {{- end }}
+            {{- if .Values.beastHost }}
+            - name: BEASTHOST
+              value: "{{ .Values.beastHost }}"
+            {{- end }}
+            {{- if .Values.beastPort }}
+            - name: BEASTPORT
+              value: "{{ .Values.beastPort }}"
+            {{- end }}
+          {{- if .Values.device }}
           volumeMounts:
             - mountPath: {{ .Values.device }}
               name: usb
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+      {{- if .Values.device }}
       volumes:
         - name: usb
           hostPath:
             path: {{ .Values.device }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/piaware/values.yaml

@@ -21,7 +21,10 @@ image:
 # longitude: "30.66783"
 
 # device where the flight-aware device can be accessed
-device: "/dev/bus/usb/001/004"
+# device: "/dev/bus/usb/001/004"
+
+# beastHost: 10.0.1.88
+# beastPort: 30005
 
 imagePullSecrets: []
 nameOverride: ""

charts/plex/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 1.20.1.3252
+appVersion: 1.20.2.3402
 description: Plex Media Server
 name: plex
-version: 2.0.3
+version: 2.0.4
 keywords:
   - plex
 home: https://plex.tv/

charts/plex/values.yaml

@@ -6,7 +6,7 @@
 
 image:
   repository: plexinc/pms-docker
-  tag: 1.20.1.3252-a78fef9a9
+  tag: 1.20.2.3402-0fec14d92
   pullPolicy: IfNotPresent
 
 #####   START  --> Official PLEX container environment variables

charts/qbittorrent/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.2.5
 description: qBittorrent is a cross-platform free and open-source BitTorrent client
 name: qbittorrent
-version: 5.0.0
+version: 5.0.1
 keywords:
   - qbittorrent
   - torrrent

charts/radarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: radarr
 description: A fork of Sonarr to work with movies à la Couchpotato
 type: application
-version: 6.0.1
+version: 6.0.2
 appVersion: 3.0.0.3591
 keywords:
   - radarr

charts/sonarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: sonarr
 description: Smart PVR for newsgroup and bittorrent users
 type: application
-version: 6.0.1
+version: 6.0.2
 appVersion: 3.0.3.913
 keywords:
   - sonarr

charts/tautulli/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: tautulli
 description: A Python based monitoring and tracking tool for Plex Media Server
 type: application
-version: 4.0.1
+version: 4.0.2
 appVersion: v2.5.4
 keywords:
   - tautulli

charts/teslamate/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.19.3
+appVersion: v1.20.0
 description: A self-hosted data logger for your Tesla 🚘
 name: teslamate
-version: 3.0.1
+version: 3.0.2
 keywords:
   - teslamate
   - tesla
@@ -12,8 +12,8 @@ sources:
   - https://github.com/adriankumpf/teslamate
 dependencies:
 - name: postgresql
-  version: 8.1.0
-  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 9.1.2
+  repository: https://charts.bitnami.com/bitnami
   condition: postgresql.enabled
 maintainers:
   - name: billimek

charts/teslamate/values.yaml

@@ -2,7 +2,7 @@ replicaCount: 1
 
 image:
   repository: teslamate/teslamate
-  tag: 1.19.3
+  tag: 1.20.0
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -81,54 +81,21 @@ tolerations: []
 
 affinity: {}
 
-## Configuration values for the postgresql dependency.
-## Ref: https://github.com/helm/charts/blob/master/stable/postgresql/README.md
+# Configuration values for the postgresql dependency.
+# ... for more options see https://github.com/bitnami/charts/tree/master/bitnami/postgresql
 postgresql:
+  enabled: true
+  postgresqlUsername: teslamate
+  postgresqlPassword: teslamate
+  postgresqlDatabase: teslamate
   image:
     repository: postgres
     tag: 12.1
   postgresqlDataDir: "/data/pgdata"
-
-  ### PostgreSQL User to create.
-  ##
-  postgresqlUsername: teslamate
-
-  ## PostgreSQL Password for the new user.
-  ## If not set, a random 10 characters password will be used.
-  ##
-  postgresqlPassword: teslamate
-
-  ## PostgreSQL Database to create.
-  ##
-  postgresqlDatabase: teslamate
-
-  ## Persistent Volume Storage configuration for PostgreSQL.
-  ##
-  ## Ref: https://kubernetes.io/docs/user-guide/persistent-volumes
-  ##
   persistence:
-    ## Enable PostgreSQL persistence using Persistent Volume Claims.
-    ##
     enabled: true
-
-    ## Persistent Volume Storage Class to be used by PersistentVolumes created
-    ## for PostgreSQL.
-    ##
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
     storageClass:
-
-    ## Persistent Volume Access Mode.
-    ##
     accessModes:
       - ReadWriteOnce
-
-    ## Persistent Volume Storage Size.
-    ##
     size: 8Gi
-
     mountPath: "/data/"

charts/uptimerobot-prometheus/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: uptimerobot-prometheus
 description: Prometheus Exporter for the official uptimerobot CLI
 type: application
-version: 2.0.0
+version: 2.0.1
 appVersion: 0.0.1
 keywords:
 - uptimerobot

charts/uptimerobot-prometheus/templates/service.yaml

@@ -4,6 +4,10 @@ metadata:
   name: {{ include "uptimerobot-prometheus.fullname" . }}
   labels:
     {{- include "uptimerobot-prometheus.labels" . | nindent 4 }}
+{{- if .Values.service.annotations }}
+  annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

charts/uptimerobot-prometheus/values.yaml

@@ -29,6 +29,10 @@ securityContext: {}
 service:
   type: ClusterIP
   port: 9705
+  # Sometimes you may need to add annotations to the service
+  # to integrate with external operators
+  # annotations:
+    # prometheus.io/scrape: "true"
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious

charts/zigbee2mqtt/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: zigbee2mqtt
 type: application
 description: Bridges events and allows you to control your Zigbee devices via MQTT
-appVersion: 1.14.1
-version: 1.0.0
+appVersion: 1.15.0
+version: 2.1.0
 keywords:
   - zigbee
   - mqtt

charts/zigbee2mqtt/README.md

@@ -64,3 +64,21 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 ```console
 helm install --name my-release -f values.yaml k8s-at-home/zigbee2mqtt
 ```
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 1.0.0 -> 2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### Upgrading from 1.x.x to 2.x.x
+
+Zigbee2MQTT has gained a native full-feature WebUI. Because of this, Zigbee2MQTTAssistant was dropped from the chart
+
+You should delete the assistant config from your values.yaml. If you wish to use the new UI, make sure you have
+```
+frontend:
+  port: 8080
+experimental:
+  new_api: true
+```
+in the config section, and enable the ingress in values.yaml. Because of the way this chart works, you'll need to add this section to your configuration.yaml in zigbee2mqtt manually if you want to upgrade in-place