[oauth2-proxy] fixing home & source urls in chart.yaml (#187 )

Co-authored-by: ᗪєνιη ᗷυнʟ <onedr0p@users.noreply.github.com>
[common] 1.6.0 (#178 )
2020-11-23 08:00:34 -05:00 · 2020-11-23 07:55:12 -05:00 · 2020-11-21 15:36:48 -05:00 · 2020-11-19 23:18:11 -05:00 · 2020-11-19 15:18:48 +01:00 · 2020-11-19 08:07:44 -05:00
86 changed files with 1414 additions and 519 deletions
--- a/charts/common/Chart.yaml
+++ b/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: Function library for k8s-at-home charts
 type: library
-version: 1.5.1
+version: 1.6.0
 keywords:
  - k8s-at-home
  - common
--- a/charts/common/README.md
+++ b/charts/common/README.md
@@ -1,7 +1,10 @@
 # Library chart for k8s@home media charts
-## **THIS CHART IS NOT MEANT TO BE INSTALLED DIRECTLY**

-This is a [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between k8s@home charts.
+**WARNING: THIS CHART IS NOT MEANT TO BE INSTALLED DIRECTLY**
+
+This is a [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm). It's purpose is for grouping common logic between the k8s@home charts. 
+
+Since a lot of charts follow the same pattern this library was built to reduce maintenance cost between the charts that use it and try achieve a goal of being DRY.

 ## Introduction

@@ -9,22 +12,84 @@ This chart provides common template helpers which can be used to develop new cha

 ## TL;DR

+When using one of the many charts that uses this library be sure to view this [values.yaml](./values.yaml) for configuration options. Any setting here can be used to define what values your helm deployment will use.
+
+For example using the helm CLI tool
+
+```bash
+helm install node-red \
+  --set image.repository="nodered/node-red" \
+  --set image.tag="1.2.5" \
+  --set env.TZ="America/New_York" \
+  k8s-at-home/node-red
+```
+
+or
+
 ```yaml
-dependencies:
-  - name: common
-    version: 0.x.x
-    repository: https://k8s-at-home.com/charts/
+# node-red-values.yaml
+image:
+  repository: nodered/node-red
+  tag: 1.2.5
+env:
+  TZ: America/New_York
 ```

 ```bash
-$ helm dependency update
+helm install node-red \
+  --values=./node-red-values.yaml \
+  k8s-at-home/node-red
 ```

+## Creating a new chart
+
+First be sure to checkout the many charts that already use this like [qBittorrent](../qbittorrent/), [node-red](../node-red/) or the many others in this repository.
+
+Include this chart as a dependency in your `Chart.yaml` e.g.
+
 ```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.names.fullname" . }}
-data:
-  myvalue: "Hello World"
+# Chart.yaml
+dependencies:
+  - name: common
+    version: x.x.x
+    repository: https://k8s-at-home.com/charts/
+```
+
+Write a `values.yaml` with some basic defaults you want to present to the user e.g.
+
+```yaml
+# Default values for node-red.
+
+image:
+  repository: nodered/node-red
+  pullPolicy: IfNotPresent
+  tag: 1.2.5
+
+strategy:
+  type: Recreate
+
+# See more environment varaibles in the node-red documentation
+# https://nodered.org/docs/getting-started/docker
+env: {}
+  # TZ:
+  # NODE_OPTIONS:
+  # NODE_RED_ENABLE_PROJECTS:
+  # NODE_RED_ENABLE_SAFE_MODE:
+  # FLOWS:
+
+service:
+  port:
+    port: 1880
+
+persistence:
+  data:
+    enabled: false
+    emptyDir: false
+    mountPath: /data
+```
+
+If testing locally make sure you update the dependencies with:
+
+```bash
+helm dependency update
 ```
--- a/charts/common/templates/_all.tpl
+++ b/charts/common/templates/_all.tpl
@@ -1,3 +1,6 @@
+{{/*
+Main entrypoint for the common library chart. It will render all underlying templates based on the provided values.
+*/}}
 {{- define "common.all" -}}
  {{- /* Merge the local chart values and the common chart defaults */ -}}
  {{- include "common.values.setup" . }}
@@ -10,10 +13,16 @@
  {{- /* Build the templates */ -}}
  {{- include "common.pvc" . }}
  {{- print "---" | nindent 0 -}}
-  {{- if eq .Values.controllerType "statefulset" }}
-    {{- include "common.statefulset" . | nindent 0 }}
-  {{ else }}
+  {{- if .Values.serviceAccount.create -}}
+    {{- include "common.serviceAccount" . }}
+    {{- print "---" | nindent 0 -}}
+  {{- end -}}
+  {{- if eq .Values.controllerType "deployment" }}
    {{- include "common.deployment" . | nindent 0 }}
+  {{ else if eq .Values.controllerType "daemonset" }}
+    {{- include "common.daemonset" . | nindent 0 }}
+  {{ else if eq .Values.controllerType "statefulset"  }}
+    {{- include "common.statefulset" . | nindent 0 }}
  {{- end -}}
  {{- print "---" | nindent 0 -}}
  {{ include "common.service" . | nindent 0 }}
--- a/charts/common/templates/_daemonset.tpl
+++ b/charts/common/templates/_daemonset.tpl
@@ -0,0 +1,74 @@
+{{/*
+This template serves as the blueprint for the DaemonSet objects that are created 
+within the common library.
+*/}}
+{{- define "common.daemonset" -}}
+apiVersion: {{ include "common.capabilities.daemonset.apiVersion" . }}
+kind: DaemonSet
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+    {{- with .Values.controllerLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.controllerAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    matchLabels:
+    {{- include "common.labels.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+      {{- include "common.labels.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "common.names.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.hostNetwork }}
+      hostNetwork: {{ . }}
+      {{- end }}
+      {{- with .Values.dnsPolicy }}
+      dnsPolicy: {{ . }}
+      {{- end }}
+      {{- with .Values.initContainers }}
+      initContainers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      {{- include "common.controller.mainContainer" . | nindent 6 }}
+      {{- with .Values.additionalContainers }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      volumes:
+      {{- include "common.controller.volumes" . | trim | nindent 6 }}
+      {{- with .Values.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
--- a/charts/common/templates/_deployment.tpl
+++ b/charts/common/templates/_deployment.tpl
@@ -1,8 +1,12 @@
+{{/*
+This template serves as the blueprint for the Deployment objects that are created 
+within the common library.
+*/}}
 {{- define "common.deployment" -}}
 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
    {{- with .Values.controllerLabels }}
@@ -34,10 +38,17 @@ spec:
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      serviceAccountName: {{ include "common.names.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with .Values.hostNetwork }}
+      hostNetwork: {{ . }}
+      {{- end }}
+      {{- with .Values.dnsPolicy }}
+      dnsPolicy: {{ . }}
+      {{- end }}
      {{- with .Values.initContainers }}
      initContainers:
        {{- toYaml . | nindent 8 }}
@@ -51,6 +62,10 @@ spec:
      volumes:
      {{- include "common.controller.volumes" . | trim | nindent 6 }}

+      {{- with .Values.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
--- a/charts/common/templates/_ingress.tpl
+++ b/charts/common/templates/_ingress.tpl
@@ -1,3 +1,7 @@
+{{/*
+Renders the Ingress objects required by the chart by returning a concatinated list
+of the main Ingress and any additionalIngresses.
+*/}}
 {{- define "common.ingress" -}}
  {{- if .Values.ingress.enabled -}}
    {{- $svcPort := .Values.service.port.port -}}
--- a/charts/common/templates/_pvc.tpl
+++ b/charts/common/templates/_pvc.tpl
@@ -1,3 +1,7 @@
+{{/*
+Renders the PersistentVolumeClaim objects required by the chart by returning a concatinated list
+of all the entries of the persistence key.
+*/}}
 {{- define "common.pvc" -}}
  {{- /* Generate pvc as required */ -}}
  {{- range $index, $PVC := .Values.persistence }}
--- a/charts/common/templates/_service.tpl
+++ b/charts/common/templates/_service.tpl
@@ -1,3 +1,7 @@
+{{/*
+Renders the Service objects required by the chart by returning a concatinated list
+of the main Service and any additionalServices.
+*/}}
 {{- define "common.service" -}}
  {{- if .Values.service.enabled -}}
    {{- /* Generate primary service */ -}}
--- a/charts/common/templates/_serviceaccount.tpl
+++ b/charts/common/templates/_serviceaccount.tpl
@@ -0,0 +1,15 @@
+{{/*
+The ServiceAccount object to be created.
+*/}}
+{{- define "common.serviceAccount" -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.names.serviceAccountName" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
--- a/charts/common/templates/_statefulset.tpl
+++ b/charts/common/templates/_statefulset.tpl
@@ -1,8 +1,12 @@
+{{/*
+This template serves as the blueprint for the StatefulSet objects that are created 
+within the common library.
+*/}}
 {{- define "common.statefulset" -}}
 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
 kind: StatefulSet
 metadata:
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
  labels:
  {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.controllerLabels }}
@@ -35,6 +39,7 @@ spec:
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      serviceAccountName: {{ include "common.names.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
--- a/charts/common/templates/addons/vpn/_configmap.tpl
+++ b/charts/common/templates/addons/vpn/_configmap.tpl
@@ -1,12 +1,12 @@
 {{/*
-The OpenVPN configmaps to be included
+The VPN config and scripts to be included.
 */}}
 {{- define "common.addon.vpn.configmap" -}}
 {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "common.names.fullname" . }}-vpn
+  name: {{ include "common.names.fullname" . }}-vpn
  labels:
  {{- include "common.labels" . | nindent 4 }}
 data:
--- a/charts/common/templates/addons/vpn/_networkpolicy.tpl
+++ b/charts/common/templates/addons/vpn/_networkpolicy.tpl
@@ -1,12 +1,12 @@
 {{/*
-The OpenVPN networkpolicy to be included
+Blueprint for the NetworkPolicy object that can be included in the addon.
 */}}
 {{- define "common.addon.vpn.networkpolicy" -}}
 {{- if .Values.addons.vpn.networkPolicy.enabled -}}
 kind: NetworkPolicy
 apiVersion: networking.k8s.io/v1
 metadata:
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
 spec:
  podSelector:
    matchLabels:
--- a/charts/common/templates/addons/vpn/_volume.tpl
+++ b/charts/common/templates/addons/vpn/_volume.tpl
@@ -1,11 +1,11 @@
 {{/*
-The OpenVPN shared volume to be inserted
+The volume (referencing VPN config and scripts) to be inserted into additionalVolumes.
 */}}
 {{- define "common.addon.vpn.volume" -}}
 {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
 name: vpnconfig
 configMap:
-  name: {{ template "common.names.fullname" . }}-vpn
+  name: {{ include "common.names.fullname" . }}-vpn
  items:
    {{- if .Values.addons.vpn.configFile }}
    - key: vpnConfigfile
--- a/charts/common/templates/addons/vpn/_vpn.tpl
+++ b/charts/common/templates/addons/vpn/_vpn.tpl
@@ -1,5 +1,6 @@
 {{/*
 Template to render VPN addon
+It will include / inject the required templates based on the given values.
 */}}
 {{- define "common.addon.vpn" -}}
 {{- if .Values.addons.vpn.enabled -}}
--- a/charts/common/templates/addons/vpn/openvpn/_addon.tpl
+++ b/charts/common/templates/addons/vpn/openvpn/_addon.tpl
@@ -1,5 +1,6 @@
 {{/*
-Template to render OpenVPN addon
+Template to render OpenVPN addon. It will add the container to the list of additionalContainers
+and add a credentials secret if speciffied.
 */}}
 {{- define "common.addon.openvpn" -}}
  {{/* Append the openVPN container to the additionalContainers */}}
--- a/charts/common/templates/addons/vpn/openvpn/_container.tpl
+++ b/charts/common/templates/addons/vpn/openvpn/_container.tpl
@@ -1,5 +1,5 @@
 {{/*
-The OpenVPN container(s) to be inserted
+The OpenVPN sidecar container to be inserted.
 */}}
 {{- define "common.addon.openvpn.container" -}}
 name: openvpn
@@ -22,7 +22,7 @@ envFrom:
    {{- if .Values.addons.vpn.openvpn.authSecret }}
      name: {{ .Values.addons.vpn.openvpn.authSecret }}
    {{- else }}
-      name: {{ template "common.names.fullname" . }}-openvpn
+      name: {{ include "common.names.fullname" . }}-openvpn
    {{- end }}
 {{- end }}
 {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
--- a/charts/common/templates/addons/vpn/openvpn/_secret.tpl
+++ b/charts/common/templates/addons/vpn/openvpn/_secret.tpl
@@ -1,12 +1,12 @@
 {{/*
-The OpenVPN secrets to be included
+The OpenVPN credentials secrets to be included.
 */}}
 {{- define "common.addon.openvpn.secret" -}}
 {{- with .Values.addons.vpn.openvpn.auth -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "common.names.fullname" $ }}-openvpn
+  name: {{ include "common.names.fullname" $ }}-openvpn
  labels:
  {{- include "common.labels" $ | nindent 4 }}
 data:
--- a/charts/common/templates/addons/vpn/wireguard/_addon.tpl
+++ b/charts/common/templates/addons/vpn/wireguard/_addon.tpl
@@ -1,5 +1,6 @@
 {{/*
-Template to render Wireguard addon
+Template to render Wireguard addon. It will add the container to the list of additionalContainers.
+*/}}
 */}}
 {{- define "common.addon.wireguard" -}}
  {{/* Append the Wireguard container to the additionalContainers */}}
--- a/charts/common/templates/addons/vpn/wireguard/_container.tpl
+++ b/charts/common/templates/addons/vpn/wireguard/_container.tpl
@@ -1,5 +1,5 @@
 {{/*
-The Wireguard container(s) to be inserted
+The Wireguard sidecar container to be inserted.
 */}}
 {{- define "common.addon.wireguard.container" -}}
 name: wireguard
--- a/charts/common/templates/classes/_ingress.tpl
+++ b/charts/common/templates/classes/_ingress.tpl
@@ -1,3 +1,7 @@
+{{/*
+This template serves as a blueprint for all Ingress objects that are created 
+within the common library.
+*/}}
 {{- define "common.classes.ingress" -}}
 {{- $ingressName := include "common.names.fullname" . -}}
 {{- $values := .Values.ingress -}}
--- a/charts/common/templates/classes/_pvc.tpl
+++ b/charts/common/templates/classes/_pvc.tpl
@@ -1,3 +1,7 @@
+{{/*
+This template serves as a blueprint for all PersistentVolumeClaim objects that are created 
+within the common library.
+*/}}
 {{- define "common.classes.pvc" -}}
 {{- $values := .Values.persistence -}}
 {{- if hasKey . "ObjectValues" -}}
--- a/charts/common/templates/classes/_service.tpl
+++ b/charts/common/templates/classes/_service.tpl
@@ -1,5 +1,6 @@
 {{/*
-service class: all services should adhere to this
+This template serves as a blueprint for all Service objects that are created 
+within the common library.
 */}}
 {{- define "common.classes.service" -}}
 {{- $values := .Values.service -}}
--- a/charts/common/templates/classes/_service_ports.tpl
+++ b/charts/common/templates/classes/_service_ports.tpl
@@ -1,5 +1,5 @@
 {{/*
-logic that lists the ports and additionalPorts for a service
+Render all the ports and additionalPorts for a Service object.
 */}}
 {{- define "common.classes.service.ports" -}}
  {{- $ports := list -}}
@@ -12,9 +12,9 @@ logic that lists the ports and additionalPorts for a service
  ports:
  {{- range $_ := $ports }}
  - port: {{ .port }}
-    targetPort: {{ .targetPort | default .name }}
+    targetPort: {{ .targetPort | default "http" }}
    protocol: {{ .protocol | default "TCP" }}
-    name: {{ .name }}
+    name: {{ .name | default "http" }}
    {{- if (and (eq $.svcType "NodePort") (not (empty .nodePort))) }}
    nodePort: {{ .nodePort }}
    {{ end }}
--- a/charts/common/templates/lib/chart/_capabilities.tpl
+++ b/charts/common/templates/lib/chart/_capabilities.tpl
@@ -1,5 +1,16 @@
 {{/*
-Return the appropriate apiVersion for deployment.
+Return the appropriate apiVersion for DaemonSet objects.
+*/}}
+{{- define "common.capabilities.daemonset.apiVersion" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for Deployment objects.
 */}}
 {{- define "common.capabilities.deployment.apiVersion" -}}
 {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -10,7 +21,7 @@ Return the appropriate apiVersion for deployment.
 {{- end -}}

 {{/*
-Return the appropriate apiVersion for statefulset.
+Return the appropriate apiVersion for StatefulSet objects.
 */}}
 {{- define "common.capabilities.statefulset.apiVersion" -}}
 {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -21,7 +32,7 @@ Return the appropriate apiVersion for statefulset.
 {{- end -}}

 {{/*
-Return the appropriate apiVersion for ingress.
+Return the appropriate apiVersion for Ingress objects.
 */}}
 {{- define "common.capabilities.ingress.apiVersion" -}}
 {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
--- a/charts/common/templates/lib/chart/_labels.tpl
+++ b/charts/common/templates/lib/chart/_labels.tpl
@@ -1,5 +1,5 @@
 {{/*
-Common labels
+Common labels shared across objects.
 */}}
 {{- define "common.labels" -}}
 helm.sh/chart: {{ include "common.names.chart" . }}
@@ -11,7 +11,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}

 {{/*
-Selector labels
+Selector labels shared across objects.
 */}}
 {{- define "common.labels.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "common.names.name" . }}
--- a/charts/common/templates/lib/chart/_names.tpl
+++ b/charts/common/templates/lib/chart/_names.tpl
@@ -31,12 +31,12 @@ Create chart name and version as used by the chart label.
 {{- end }}

 {{/*
-Create the name of the service account to use
+Create the name of the ServiceAccount to use.
 */}}
 {{- define "common.names.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "k8s-at-home.fullname" .) .Values.serviceAccount.name }}
+    {{- default (include "common.names.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+    {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/charts/common/templates/lib/chart/_values.tpl
+++ b/charts/common/templates/lib/chart/_values.tpl
@@ -1,5 +1,7 @@
+{{/* 
+Merge the local chart values and the common chart defaults.
+*/}}
 {{- define "common.values.setup" -}}
-  {{- /* Merge the local chart values and the common chart defaults */ -}}
  {{- if .Values.common -}}
    {{- $defaultValues := deepCopy .Values.common -}}
    {{- $userValues := deepCopy (omit .Values "common") -}}
--- a/charts/common/templates/lib/controller/_container.tpl
+++ b/charts/common/templates/lib/controller/_container.tpl
@@ -1,8 +1,8 @@
 {{- /*
-The main containter that will be included in the controller 
+The main container included in the controller.
 */ -}}
 {{- define "common.controller.mainContainer" -}}
- name: {{ template "common.names.fullname" . }}
+- name: {{ include "common.names.fullname" . }}
  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
  imagePullPolicy: {{ .Values.image.pullPolicy }}
  {{- with .Values.securityContext }}
--- a/charts/common/templates/lib/controller/_ports.tpl
+++ b/charts/common/templates/lib/controller/_ports.tpl
@@ -1,5 +1,5 @@
 {{/*
-ports included by the controller
+Ports included by the controller.
 */}}
 {{- define "common.controller.ports" -}}
  {{- $ports := list -}}
--- a/charts/common/templates/lib/controller/_probes.tpl
+++ b/charts/common/templates/lib/controller/_probes.tpl
@@ -1,5 +1,5 @@
 {{/*
-Default liveness/readiness/startup probes
+Liveness/readiness/startup probes based on tcpSocket checks.
 */}}
 {{- define "common.controller.probes.tcpSocket" -}}
 {{- if .Values.probes.liveness.enabled -}}
--- a/charts/common/templates/lib/controller/_volumes.tpl
+++ b/charts/common/templates/lib/controller/_volumes.tpl
@@ -1,5 +1,5 @@
 {{/*
-volumes included by the controller
+Volumes included by the controller.
 */}}
 {{- define "common.controller.volumes" -}}
 {{- range $index, $persistence := .Values.persistence }}
--- a/charts/common/values.yaml
+++ b/charts/common/values.yaml
@@ -1,21 +1,36 @@
-# type: options are statefulset or deployment
+# type: options are deployment, daemonset or statefulset
 controllerType: deployment
-# Set annotations on the deployment/statefulset
+# Set annotations on the deployment/statefulset/daemonset
 controllerAnnotations: {}
-# Set labels on the deployment/statefulset
+# Set labels on the deployment/statefulset/daemonset
 controllerLabels: {}

 replicas: 1
 strategy:
  ## For Deployments, valid values are Recreate and RollingUpdate
  ## For StatefulSets, valid values are OnDelete and RollingUpdate
+  ## DaemonSets ignore this
  type: RollingUpdate

 # Set annotations on the pod
 podAnnotations: {}

+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
 env: {}

+# When using hostNetwork make sure you set dnsPolicy to ClusterFirstWithHostNet
+hostNetwork: false
+
+dnsPolicy: Default
+
 initContainers: []

 additionalContainers: []
@@ -44,9 +59,11 @@ service:
  # Specify the default port information
  port:
    port:
-    name: http
+    # name defaults to http
+    name:
    protocol: TCP
-    targetPort: http
+    # targetPort defaults to http
+    targetPort:
    ## Specify the nodePort value for the LoadBalancer and NodePort service types.
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
@@ -66,10 +83,12 @@ service:
  #   type: ClusterIP
  #   # Specify the default port information
  #   port:
-  #     port: ""
-  #     name: http
+  #     port: 
+  #     # name defaults to http
+  #     name:
  #     protocol: TCP
-  #     targetPort: http
+  #     # targetPort defaults to http
+  #     targetPort:
  #     # nodePort:
  #   additionalPorts: []
  #   annotations: {}
@@ -147,6 +166,14 @@ affinity: {}

 tolerations: []

+hostAliases: []
+# Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
+# ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+# - ip: "192.168.1.100"
+#   hostnames:
+#   - "example.com"
+#   - "www.example.com"
+
 addons:
  vpn:
    enabled: false
--- a/charts/flood/.helmignore
+++ b/charts/flood/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
--- a/charts/flood/Chart.yaml
+++ b/charts/flood/Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v2
+appVersion: 4.1.1
+description: Flood is a monitoring service for various torrent clients
+name: flood
+version: 1.0.1
+keywords:
+  - flood
+  - rtorrent
+  - qbittorrent
+  - transmission
+home: https://github.com/k8s-at-home/charts/tree/master/charts/flood
+icon: https://raw.githubusercontent.com/jesec/flood/master/flood.svg
+sources:
+  - https://github.com/jesec/flood
+  - https://hub.docker.com/r/jesec/flood
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.1
--- a/charts/flood/OWNERS
+++ b/charts/flood/OWNERS
@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek
--- a/charts/flood/README.md
+++ b/charts/flood/README.md
@@ -0,0 +1,59 @@
+# flood
+
+This is a helm chart for [flood](https://github.com/jesec/flood).
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/flood
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/flood
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/flood/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install flood \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/flood
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install flood k8s-at-home/flood --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
--- a/charts/flood/ci/ct-values.yaml
+++ b/charts/flood/ci/ct-values.yaml
@@ -0,0 +1,7 @@
+ingress:
+  enabled: true
+persistence:
+  data:
+    enabled: true
+    emptyDir: true
+    mountPath: /data
--- a/charts/flood/templates/NOTES.txt
+++ b/charts/flood/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}
--- a/charts/flood/templates/common.yaml
+++ b/charts/flood/templates/common.yaml
@@ -0,0 +1 @@
+{{ include "common.all" . }}
--- a/charts/flood/values.yaml
+++ b/charts/flood/values.yaml
@@ -0,0 +1,36 @@
+# Default values for flood.
+
+image:
+  repository: jesec/flood
+  pullPolicy: IfNotPresent
+  tag: 4.1.1
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 3000
+
+# Other environment variables that can be configure can be seen at
+# https://github.com/jesec/flood/blob/master/config.cli.js
+env:
+  FLOOD_OPTION_RUNDIR: /data
+
+persistence:
+  data:
+    enabled: false
+    emptyDir: false
+    mountPath: /data
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""
--- a/charts/node-red/.helmignore
+++ b/charts/node-red/.helmignore
@@ -19,5 +19,6 @@
 .project
 .idea/
 *.tmproj
+.vscode/
 # OWNERS file for Kubernetes
 OWNERS
--- a/charts/node-red/Chart.yaml
+++ b/charts/node-red/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 1.0.6-12
+appVersion: 1.2.5
 description: Node-RED is low-code programming for event-driven applications
 name: node-red
-version: 3.3.0
+version: 4.0.0
 keywords:
  - nodered
  - node-red
@@ -14,5 +14,7 @@ sources:
 maintainers:
  - name: billimek
    email: jeff@billimek.com
-  - name: batazor
-    email: batazor111@gmail.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.1
--- a/charts/node-red/OWNERS
+++ b/charts/node-red/OWNERS
@@ -1,6 +1,4 @@
 approvers:
 - billimek
- batazor
 reviewers:
 - billimek
- batazor
--- a/charts/node-red/README.md
+++ b/charts/node-red/README.md
@@ -1,107 +1,79 @@
-# Node-RED
+# Node-Red

-Low-code programming for event-driven applications
+This is a helm chart for [Node-Red](https://nodered.org/).

 **This chart is not maintained by the Node-RED project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new)**

 ## TL;DR;

 ```shell
-helm repo add k8s-at-home https://k8s-at-home.com/charts/
-helm install k8s-at-home/node-red
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/node-red
 ```

-## Introduction
-
-This code is adopted from the [official node-red docker image](https://hub.docker.com/r/nodered/node-red/) which runs the [Node-RED application](https://nodered.org/)
-
 ## Installing the Chart

 To install the chart with the release name `my-release`:

-```shell
+```console
 helm install --name my-release k8s-at-home/node-red
 ```
+
 ## Uninstalling the Chart

 To uninstall/delete the `my-release` deployment:

-```shell
+```console
 helm delete my-release --purge
 ```

 The command removes all the Kubernetes components associated with the chart and deletes the release.

 ## Configuration
-
-The following tables lists the configurable parameters of the Node-RED chart and their default values.
-
-| Parameter                             | Description                                                             | Default                   |
-|:------------------------------------- |:----------------------------------------------------------------------- |:------------------------- |
-| `image.repository`                    | node-red image                                                          | `nodered/node-red`        |
-| `image.tag`                           | node-red image tag                                                      | `1.0.6-12-minimal`        |
-| `image.pullPolicy`                    | node-red image pull policy                                              | `IfNotPresent`            |
-| `strategyType`                        | Specifies the strategy used to replace old Pods by new ones             | `Recreate`                |
-| `serviceAccountName`                  | Service account to run the pod as                                       | ``                        |
-| `probes.liveness.enabled`             | Enable/ disable livenessProbe                                           | `true`                    |
-| `probes.liveness.probePath`           | Set livenessProbe path                                                  | `/`                       |
-| `probes.liveness.initialDelaySeconds` | Set livenessProbe initial delay                                         | 60                        |
-| `probes.liveness.failureThreshold`    | Set livenessProbe failure threshold                                     | 5                         |
-| `probes.liveness.timeoutSeconds`      | Set livenessProbe timeout                                               | 10                        |
-| `probes.readiness.enabled`            | Enable/ disable readinessProbe                                          | `true`                    |
-| `probes.readiness.probePath`          | Set readinessProbe path                                                 | `/`                       |
-| `probes.readiness.initialDelaySeconds`| Set readinessProbe initial delay                                        | 60                        |
-| `probes.readiness.failureThreshold`   | Set readinessProbe failure threshold                                    | 5                         |
-| `probes.readiness.timeoutSeconds`     | Set readinessProbe timeout                                              | 10                        |
-| `probes.startup.enabled`              | Enable/ disable readinessProbe                                          | `false`                   |
-| `probes.startup.probePath`            | Set startupProbe path                                                   | `/`                       |
-| `probes.startup.failureThreshold`     | Set startupProbe failure threshold                                      | 30                        |
-| `probes.startup.periodSeconds`        | Set startupProbe period                                                 | 10                        |
-| `flows`                               | Default flows configuration                                             | `flows.json`              |
-| `safeMode`                            | Setting to true starts Node-RED in safe (not running) mode              | `false`                   |
-| `enableProjects`                      | setting to true starts Node-RED with the projects feature enabled       | `false`                   |
-| `nodeOptions`                         | Node.js runtime arguments                                               | ``                        |
-| `extraEnvs`                           | Extra environment variables which will be appended to the env           | `[]`                      |
-| `timezone`                            | Default timezone                                                        | `UTC`                     |
-| `service.type`                        | Kubernetes service type for the GUI                                     | `ClusterIP`               |
-| `service.port`                        | Kubernetes port where the GUI is exposed                                | `1880`                    |
-| `service.nodePort`                    | Kubernetes nodePort where the GUI is exposed                            | ``                        |
-| `service.annotations`                 | Service annotations for the GUI                                         | `{}`                      |
-| `service.labels`                      | Custom labels                                                           | `{}`                      |
-| `service.loadBalancerIP`              | Loadbalance IP for the GUI                                              | `{}`                      |
-| `service.loadBalancerSourceRanges`    | List of IP CIDRs allowed access to load balancer (if supported)         | None                      |
-| `service.externalTrafficPolicy`       | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster`                 |
-| `ingress.enabled`                     | Enables Ingress                                                         | `false`                   |
-| `ingress.annotations`                 | Ingress annotations                                                     | `{}`                      |
-| `ingress.path`                        | Ingress path                                                            | `/`                       |
-| `ingress.hosts`                       | Ingress accepted hostnames                                              | `chart-example.local`     |
-| `ingress.tls`                         | Ingress TLS configuration                                               | `[]`                      |
-| `persistence.enabled`                 | Use persistent volume to store data                                     | `false`                   |
-| `persistence.size`                    | Size of persistent volume claim                                         | `5Gi`                     |
-| `persistence.existingClaim`           | Use an existing PVC to persist data                                     | `nil`                     |
-| `persistence.storageClass`            | Type of persistent volume claim                                         | `-`                       |
-| `persistence.accessModes`             | Persistence access modes                                                | `ReadWriteOnce`           |
-| `persistence.subPath`                 | Mount a sub dir of the persistent volume                                | `nil`                     |
-| `resources`                           | CPU/Memory resource requests/limits                                     | `{}`                      |
-| `nodeSelector`                        | Node labels for pod assignment                                          | `{}`                      |
-| `tolerations`                         | Toleration labels for pod assignment                                    | `[]`                      |
-| `affinity`                            | Affinity settings for pod assignment                                    | `{}`                      |
-| `podAnnotations`                      | Key-value pairs to add as pod annotations                               | `{}`                      |
-| `deploymentAnnotations`               | Key-value pairs to add as deployment annotations                        | `{}`                      |
-| `hostAliases`                         | Specify /etc/hosts entries                                              | `[]`                      |
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/node-red/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.

 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```shell
-helm install --name my-release \
-  --set config.timezone="America/New_York" \
+```console
+helm install node-red \
+  --set env.TZ="America/New_York" \
    k8s-at-home/node-red
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
-```shell
-helm install --name my-release -f values.yaml k8s-at-home/node-red
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install node-red k8s-at-home/node-red --values values.yaml 
 ```

-Read through the [values.yaml](values.yaml) file. It has several commented out suggested values.
+These values will be nested as it is a dependency, for example
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 3.x.x to 4.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.
--- a/charts/node-red/ci/ct-values.yaml
+++ b/charts/node-red/ci/ct-values.yaml
@@ -0,0 +1,2 @@
+ingress:
+  enabled: true
--- a/charts/node-red/templates/NOTES.txt
+++ b/charts/node-red/templates/NOTES.txt
@@ -1,19 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "node-red.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "node-red.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "node-red.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "node-red.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}
--- a/charts/node-red/templates/common.yaml
+++ b/charts/node-red/templates/common.yaml
@@ -0,0 +1 @@
+{{ include "common.all" . }}
--- a/charts/node-red/templates/deployment.yaml
+++ b/charts/node-red/templates/deployment.yaml
@@ -1,120 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "node-red.fullname" . }}
-  {{- if .Values.deploymentAnnotations }}
-  annotations:
-    {{- range $key, $value := .Values.deploymentAnnotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    helm.sh/chart: {{ include "node-red.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  replicas: 1
-  strategy:
-    type: {{ .Values.strategyType }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "node-red.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "node-red.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-        {{- range $key, $value := .Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-      {{- end }}
-    spec:
-    {{- if .Values.serviceAccountName }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-    {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 1880
-              protocol: TCP
-          {{- if .Values.probes.liveness.enabled }}
-          livenessProbe:
-            httpGet:
-              path: {{ .Values.probes.liveness.probePath }}
-              port: http
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.probes.readiness.enabled }}
-          readinessProbe:
-            httpGet:
-              path: {{ .Values.probes.readiness.probePath }}
-              port: http
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.probes.startup.enabled }}
-          startupProbe:
-            httpGet:
-              path: {{ .Values.probes.startup.probePath }}
-              port: http
-            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
-            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
-          {{- end }}
-          env:
-            - name: FLOWS
-              value: "{{ .Values.flows }}"
-            - name: NODE_RED_ENABLE_SAFE_MODE
-              value: "{{ .Values.safeMode }}"
-            - name: NODE_RED_ENABLE_PROJECTS
-              value: "{{ .Values.enableProjects }}"
-            - name: NODE_OPTIONS
-              value: "{{ .Values.nodeOptions }}"
-            - name: TZ
-              value: "{{ .Values.timezone }}"
-          {{- with .Values.extraEnvs }}
-{{ toYaml . | indent 12 }}
-          {{- end }}
-          volumeMounts:
-            - name: data
-              mountPath: /data
-{{- if .Values.persistence.subPath }}
-              subPath: {{ .Values.persistence.subPath }}
-{{- end }}
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-      volumes:
-        - name: data
-        {{- if .Values.persistence.enabled }}
-          persistentVolumeClaim:
-            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "node-red.fullname" . }}{{- end }}
-        {{- else }}
-          emptyDir: {}
-        {{ end }}
-    {{- if .Values.hostAliases }}
-      hostAliases:
-{{ toYaml .Values.hostAliases | indent 8 }}
-    {{- end }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-      securityContext:
-        fsGroup: 1001
--- a/charts/node-red/templates/ingress.yaml
+++ b/charts/node-red/templates/ingress.yaml
@@ -1,38 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "node-red.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    helm.sh/chart: {{ include "node-red.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}
--- a/charts/node-red/templates/pvc.yaml
+++ b/charts/node-red/templates/pvc.yaml
@@ -1,24 +0,0 @@
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "node-red.fullname" . }}
-  labels:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    helm.sh/chart: {{ include "node-red.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size | quote }}
-{{- if .Values.persistence.storageClass }}
-{{- if (eq "-" .Values.persistence.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}
--- a/charts/node-red/templates/service.yaml
+++ b/charts/node-red/templates/service.yaml
@@ -1,42 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "node-red.fullname" . }}
-  {{- if .Values.service.annotations }}
-  annotations:
-    {{- toYaml .Values.service.annotations | nindent 4 }}
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    helm.sh/chart: {{ include "node-red.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
-  type: ClusterIP
-{{- else if eq .Values.service.type "LoadBalancer" }}
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-{{- else }}
-  type: {{ .Values.service.type }}
-{{- end }}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{.Values.service.nodePort}}
-{{ end }}
-  selector:
-    app.kubernetes.io/name: {{ include "node-red.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
--- a/charts/node-red/values.yaml
+++ b/charts/node-red/values.yaml
@@ -1,132 +1,28 @@
 # Default values for node-red.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# upgrade strategy type (e.g. Recreate or RollingUpdate)
-strategyType: Recreate

 image:
  repository: nodered/node-red
-  tag: 1.0.6-12-minimal
  pullPolicy: IfNotPresent
+  tag: 1.2.5

-nameOverride: ""
-fullnameOverride: ""
+strategy:
+  type: Recreate

-serviceAccountName: ""
-
-# Probes configuration
-# ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-probes:
-  liveness:
-    # Indicates whether the container is running. If the liveness probe fails, the kubelet kills the container
-    # and the container is subjected to its restart policy.
-    enabled: true
-    probePath: /
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    # Indicates whether the container is ready to respond to requests.
-    enabled: true
-    probePath: /
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  startup:
-    # Indicates whether the application within the container is started.
-    # All other probes are disabled if a startup probe is provided, until it succeeds.
-    enabled: false
-    probePath: /
-    failureThreshold: 30
-    periodSeconds: 10
-
-flows: "flows.json"
-safeMode: "false"
-enableProjects: "false"
-# nodeOptions: ""
-extraEnvs: []
-timezone: "UTC"
+# See more environment varaibles in the node-red documentation
+# https://nodered.org/docs/getting-started/docker
+env: {}
+  # TZ:
+  # NODE_OPTIONS:
+  # NODE_RED_ENABLE_PROJECTS:
+  # NODE_RED_ENABLE_SAFE_MODE:
+  # FLOWS:

 service:
-  type: ClusterIP
-  port: 1880
-  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  # nodePort:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  ## Use loadBalancerIP to request a specific static IP,
-  ## otherwise leave blank
-  ##
-  loadBalancerIP:
-  # loadBalancerSourceRanges: []
-  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
-  # externalTrafficPolicy: Cluster
-
-hostAliases: []
-  # Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
-  # ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
-  # - ip: "192.168.1.100"
-  #   hostnames:
-  #   - "example.com"
-  #   - "www.example.com"
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+  port:
+    port: 1880

 persistence:
-  enabled: false
-  ## node-red data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-  # storageClass: "-"
-  ##
-  ## If you want to reuse an existing claim, you can pass the name of the PVC using
-  ## the existingClaim variable
-  # existingClaim: your-claim
-  accessMode: ReadWriteOnce
-  size: 5Gi
-  ## When mounting the data volume you may specify a subPath
-  # subPath: /configs/node-red
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}
-
-deploymentAnnotations: {}
+  data:
+    enabled: false
+    emptyDir: false
+    mountPath: /data
--- a/charts/oauth2-proxy/.helmignore
+++ b/charts/oauth2-proxy/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+OWNERS
--- a/charts/oauth2-proxy/Chart.yaml
+++ b/charts/oauth2-proxy/Chart.yaml
@@ -0,0 +1,20 @@
+name: oauth2-proxy
+version: 4.0.1
+apiVersion: v1
+appVersion: 5.1.0
+home: https://oauth2-proxy.github.io/oauth2-proxy/
+description: A reverse proxy that provides authentication with Google, Github or other providers
+keywords:
+- kubernetes
+- oauth
+- oauth2
+- authentication
+- google
+- github
+sources:
+- https://github.com/oauth2-proxy/oauth2-proxy
+engine: gotpl
+kubeVersion: ">=1.9.0-0"
+maintainers:
+  - name: carpenike
+    email: ryan@ryanholt.net
--- a/charts/oauth2-proxy/README.md
+++ b/charts/oauth2-proxy/README.md
@@ -0,0 +1,170 @@
+# oauth2-proxy
+
+[oauth2-proxy](https://github.com/pusher/oauth2_proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
+
+## TL;DR;
+
+```console
+$ helm install stable/oauth2-proxy
+```
+
+## Introduction
+
+This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install stable/oauth2-proxy --name my-release
+```
+
+The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 1.0.0
+
+This version upgrade oauth2-proxy to v4.0.0. Please see the [changelog](https://github.com/pusher/oauth2_proxy/blob/v4.0.0/CHANGELOG.md#v400) in order to upgrade.
+
+### To 2.0.0
+
+Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`.  See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
+
+Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade`of this chart from versions earlier than 2.0.0.
+
+### To 3.0.0
+
+Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart.  This is a breaking change since the service account is enabled by default.  To disable this behaviour set `serviceAccount.enabled` to `false`
+
+### To 4.0.0
+
+This is a breaking change as the chart was moved to k8s-at-home. No other change on top of the 3.x.x branch.
+
+## Configuration
+
+The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`affinity` | node/pod affinities | None
+`authenticatedEmailsFile.enabled` | Enables authorize individual email addresses | `false`
+`authenticatedEmailsFile.template` | Name of the configmap that is handled outside of that chart | `""`
+`authenticatedEmailsFile.restricted_access` | [email addresses](https://github.com/pusher/oauth2_proxy#email-authentication) list config | `""`
+`config.clientID` | oauth client ID | `""`
+`config.clientSecret` | oauth client secret | `""`
+`config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 | head -c 32 | base64` | `""`
+`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/secret.yaml) for the required values | `nil`
+`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/pusher/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example) contents for settings not overridable via environment nor command line | `""`
+`config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/configmap.yaml) for the required values | `nil`
+`config.google.adminEmail` | user impersonated by the google service account | `""`
+`config.google.serviceAccountJson` | google service account json contents | `""`
+`config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil`
+`extraArgs` | key:value list of extra arguments to give the binary | `{}`
+`extraEnv` | key:value list of extra environment variables to give the binary | `[]`
+`extraVolumes` | list of extra volumes | `[]`
+`extraVolumeMounts` | list of extra volumeMounts | `[]`
+`htpasswdFile.enabled` | enable htpasswd-file option | `false`
+`htpasswdFile.entries` | list of [SHA encrypted user:passwords](https://pusher.github.io/oauth2_proxy/configuration#command-line-options) | `{}`
+`htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""`
+`httpScheme` | `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http`
+`image.pullPolicy` | Image pull policy | `IfNotPresent`
+`image.repository` | Image repository | `quay.io/pusher/oauth2_proxy`
+`image.tag` | Image tag | `v5.1.0`
+`imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods)
+`ingress.enabled` | Enable Ingress | `false`
+`ingress.path` | Ingress accepted path | `/`
+`ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`
+`ingress.annotations` | Ingress annotations | `nil`
+`ingress.hosts` | Ingress accepted hostnames | `nil`
+`ingress.tls` | Ingress TLS configuration | `nil`
+`livenessProbe.enabled`  | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`livenessProbe.initialDelaySeconds` | number of seconds | 0
+`livenessProbe.timeoutSeconds` | number of seconds | 1
+`nodeSelector` | node labels for pod assignment | `{}`
+`podAnnotations` | annotations to add to each pod | `{}`
+`podLabels` | additional labesl to add to each pod | `{}`
+`podDisruptionBudget.enabled`| Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true
+`podDisruptionBudget.minAvailable`| minAvailable parameter for PodDisruptionBudget | 1
+`podSecurityContext` | Kubernetes security context to apply to pod | `{}`
+`priorityClassName` | priorityClassName | `nil`
+`readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`readinessProbe.initialDelaySeconds` | number of seconds | 0
+`readinessProbe.timeoutSeconds` | number of seconds | 1
+`readinessProbe.periodSeconds` | number of seconds | 10
+`readinessProbe.successThreshold` | number of successes | 1
+`replicaCount` | desired number of pods | `1`
+`resources` | pod resource requests & limits | `{}`
+`service.port` | port for the service | `80`
+`service.type` | type of service | `ClusterIP`
+`service.clusterIP` | cluster ip address | `nil`
+`service.loadBalancerIP` | ip of load balancer | `nil`
+`service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil`
+`serviceAccount.enabled` | create a service account | `true`
+`serviceAccount.name` | the service account name | ``
+`serviceAccount.annotations` | (optional) annotations for the service account | `{}`
+`tolerations` | list of node taints to tolerate | `[]`
+`securityContext.enabled` | enable Kubernetes security context on container | `false`
+`securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
+`proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install stable/oauth2-proxy --name my-release \
+  --set=image.tag=v0.0.2,resources.limits.cpu=200m
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install stable/oauth2-proxy --name my-release -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## SSL Configuration
+
+See: [SSL Configuration](https://pusher.github.io/oauth2_proxy/tls-configuration).
+Use ```values.yaml``` like:
+
+```yaml
+...
+extraArgs:
+  tls-cert: /path/to/cert.pem
+  tls-key: /path/to/cert.key
+
+extraVolumes:
+  - name: ssl-cert
+    secret:
+      secretName: my-ssl-secret
+
+extraVolumeMounts:
+  - mountPath: /path/to/
+    name: ssl-cert
+...
+```
+
+With a secret called `my-ssl-secret`:
+
+```yaml
+...
+data:
+  cert.pem: AB..==
+  cert.key: CD..==
+```
--- a/charts/oauth2-proxy/ci/default-values.yaml
+++ b/charts/oauth2-proxy/ci/default-values.yaml
@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
--- a/charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml
+++ b/charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml
@@ -0,0 +1,6 @@
+ingress:
+  extraPaths:
+  - path: /*
+    backend:
+      serviceName: ssl-redirect
+      servicePort: use-annotation
--- a/charts/oauth2-proxy/ci/pdb-values.yaml
+++ b/charts/oauth2-proxy/ci/pdb-values.yaml
@@ -0,0 +1 @@
+replicaCount: 2  # Enables PodDisruptionBudget which is disabled when replicaCount is 1
--- a/charts/oauth2-proxy/ci/pod-security-context-values.yaml
+++ b/charts/oauth2-proxy/ci/pod-security-context-values.yaml
@@ -0,0 +1,4 @@
+# Allocate a FSGroup that owns the pod’s volumes via podSecurityContext
+---
+podSecurityContext:
+  fsGroup: 2000
--- a/charts/oauth2-proxy/default-values.yaml
+++ b/charts/oauth2-proxy/default-values.yaml
@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
--- a/charts/oauth2-proxy/pdb-values.yaml
+++ b/charts/oauth2-proxy/pdb-values.yaml
@@ -0,0 +1,2 @@
+# Will trigger creation of pdb
+replicaCount: 2
--- a/charts/oauth2-proxy/templates/NOTES.txt
+++ b/charts/oauth2-proxy/templates/NOTES.txt
@@ -0,0 +1,3 @@
+To verify that oauth2-proxy has started, run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.fullname" . }}"
--- a/charts/oauth2-proxy/templates/_helpers.tpl
+++ b/charts/oauth2-proxy/templates/_helpers.tpl
@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "node-red.name" -}}
+{{- define "oauth2-proxy.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "node-red.fullname" -}}
+{{- define "oauth2-proxy.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,6 +27,28 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "node-red.chart" -}}
+{{- define "oauth2-proxy.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Get the secret name.
+*/}}
+{{- define "oauth2-proxy.secretName" -}}
+{{- if .Values.config.existingSecret -}}
+{{- printf "%s" .Values.config.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "oauth2-proxy.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "oauth2-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+    {{ default (include "oauth2-proxy.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
--- a/charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
+++ b/charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.authenticatedEmailsFile.enabled }}
+{{- if .Values.authenticatedEmailsFile.restricted_access }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+data:
+  restricted_user_access: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
+{{- end }}
+{{- end }}
--- a/charts/oauth2-proxy/templates/configmap-htpasswd-file.yaml
+++ b/charts/oauth2-proxy/templates/configmap-htpasswd-file.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+type: Opaque
+stringData:
+  users.txt: |-
+    {{- range $entries := .Values.htpasswdFile.entries }}
+    {{ $entries }}
+    {{- end -}}
+{{- end }}
--- a/charts/oauth2-proxy/templates/configmap.yaml
+++ b/charts/oauth2-proxy/templates/configmap.yaml
@@ -0,0 +1,15 @@
+{{- if not .Values.config.existingConfig }}
+{{- if .Values.config.configFile }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+data:
+  oauth2_proxy.cfg: {{ .Values.config.configFile | quote }}
+{{- end }}
+{{- end }}
--- a/charts/oauth2-proxy/templates/deployment.yaml
+++ b/charts/oauth2-proxy/templates/deployment.yaml
@@ -0,0 +1,206 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "oauth2-proxy.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }}
+{{- if .Values.htpasswdFile.enabled }}
+        checksum/htpasswd: {{ include (print $.Template.BasePath "/configmap-htpasswd-file.yaml") . | sha256sum }}
+{{- end }}
+    {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+    {{- end }}
+      labels:
+        app: {{ template "oauth2-proxy.name" . }}
+        release: "{{ .Release.Name }}"
+      {{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+    {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --http-address=0.0.0.0:4180
+        {{- range $key, $value := .Values.extraArgs }}
+          {{- if $value }}
+          - --{{ $key }}={{ $value }}
+          {{- else }}
+          - --{{ $key }}
+          {{- end }}
+        {{- end }}
+        {{- if or .Values.config.existingConfig .Values.config.configFile }}
+          - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
+        {{- end }}
+        {{- if .Values.authenticatedEmailsFile.enabled }}
+        {{- if .Values.authenticatedEmailsFile.template }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }}
+        {{- else }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list
+        {{- end }}
+        {{- end }}
+        {{- with .Values.config.google }}
+        {{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+          - --google-admin-email={{ .adminEmail }}
+          - --google-service-account-json=/google/service-account.json
+        {{- end }}
+        {{- end }}
+        {{- if .Values.htpasswdFile.enabled }}
+          - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt
+        {{- end }}
+        env:
+        {{- if .Values.proxyVarsAsSecrets }}
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-id
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-secret
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: cookie-secret
+        {{- end }}
+        {{- if .Values.extraEnv }}
+{{ toYaml .Values.extraEnv | indent 8 }}
+        {{- end }}
+        ports:
+          - containerPort: 4180
+            name: {{ .Values.httpScheme }}
+            protocol: TCP
+{{- if .Values.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+{{- end }}
+{{- if .Values.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.readinessProbe.successThreshold }}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+{{- end }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        volumeMounts:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+        - name: google-secret
+          mountPath: /google
+          readOnly: true
+{{- end }}
+{{- end }}
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+        - mountPath: /etc/oauth2_proxy
+          name: configmain
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+        - mountPath: /etc/oauth2-proxy
+          name: configaccesslist
+          readOnly: true
+{{- end }}
+{{- if .Values.htpasswdFile.enabled }}
+        - mountPath: /etc/oauth2_proxy/htpasswd
+          name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+          readOnly: true
+{{- end }}
+{{- if ne (len .Values.extraVolumeMounts) 0 }}
+{{ toYaml .Values.extraVolumeMounts | indent 8 }}
+{{- end }}
+{{- if .Values.securityContext.enabled }}
+        securityContext:
+          runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
+{{- end}}
+      volumes:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+      - name: google-secret
+        secret:
+          secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" $ }}{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.htpasswdFile.enabled }}
+      - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+        secret:
+          secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }}
+{{- end }}
+
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+      - configMap:
+          defaultMode: 420
+          name: {{ if .Values.config.existingConfig }}{{ .Values.config.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}{{ end }}
+        name: configmain
+{{- end }}
+{{- if ne (len .Values.extraVolumes) 0 }}
+{{ toYaml .Values.extraVolumes | indent 6 }}
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+      - configMap:
+{{- if .Values.authenticatedEmailsFile.template }}
+          name: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+          name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+          items:
+          - key: restricted_user_access
+{{- if .Values.authenticatedEmailsFile.template }}
+            path: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+            path: authenticated-emails-list
+{{- end }}
+        name: configaccesslist
+{{- end }}
+
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+    {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+    {{- end }}
+    {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+    {{- end }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
--- a/charts/oauth2-proxy/templates/google-secret.yaml
+++ b/charts/oauth2-proxy/templates/google-secret.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.config.google (not .Values.config.google.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-google
+type: Opaque
+data:
+  service-account.json: {{ .serviceAccountJson }}
+{{- end -}}
--- a/charts/oauth2-proxy/templates/ingress.yaml
+++ b/charts/oauth2-proxy/templates/ingress.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "oauth2-proxy.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  rules:
+    {{- range $host := .Values.ingress.hosts }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+    {{- end -}}
+  {{- if .Values.ingress.tls }}
+  tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+  {{- end -}}
+{{- end -}}
--- a/charts/oauth2-proxy/templates/poddisruptionbudget.yaml
+++ b/charts/oauth2-proxy/templates/poddisruptionbudget.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "oauth2-proxy.name" . }}
+      release: {{ .Release.Name }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}
--- a/charts/oauth2-proxy/templates/secret.yaml
+++ b/charts/oauth2-proxy/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{- if and (not .Values.config.existingSecret) (.Values.proxyVarsAsSecrets) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+type: Opaque
+data:
+  cookie-secret: {{ .Values.config.cookieSecret | b64enc | quote }}
+  client-secret: {{ .Values.config.clientSecret | b64enc | quote }}
+  client-id: {{ .Values.config.clientID | b64enc | quote }}
+{{- end -}}
--- a/charts/oauth2-proxy/templates/service.yaml
+++ b/charts/oauth2-proxy/templates/service.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- if .Values.service.annotations }}
+  annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+  type: ClusterIP
+  {{- if .Values.service.clusterIP }}
+  clusterIP: {{ .Values.service.clusterIP }}
+  {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+{{- else }}
+  type: {{ .Values.service.type }}
+{{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.httpScheme }}
+      protocol: TCP
+      name: {{ .Values.httpScheme }}
+  selector:
+    app: {{ template "oauth2-proxy.name" . }}
+    release: {{ .Release.Name }}
--- a/charts/oauth2-proxy/templates/serviceaccount.yaml
+++ b/charts/oauth2-proxy/templates/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if or .Values.serviceAccount.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- end -}}
--- a/charts/oauth2-proxy/values.yaml
+++ b/charts/oauth2-proxy/values.yaml
@@ -0,0 +1,184 @@
+# Oauth client configuration specifics
+config:
+  # OAuth client ID
+  clientID: "XXXXXXX"
+  # OAuth client secret
+  clientSecret: "XXXXXXXX"
+  # Create a new secret with the following command
+  # openssl rand -base64 32 | head -c 32 | base64
+  # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
+  # Example:
+  # existingSecret: secret
+  cookieSecret: "XXXXXXXXXX"
+  google: {}
+    # adminEmail: xxxx
+    # serviceAccountJson: xxxx
+    # Alternatively, use an existing secret (see google-secret.yaml for required fields)
+    # Example:
+    # existingSecret: google-secret
+  # Default configuration, to be overridden
+  configFile: |-
+    email_domains = [ "*" ]
+    upstreams = [ "file:///dev/null" ]
+  # Custom configuration file: oauth2_proxy.cfg
+  # configFile: |-
+  #   pass_basic_auth = false
+  #   pass_access_token = true
+  # Use an existing config map (see configmap.yaml for required fields)
+  # Example:
+  # existingConfig: config
+
+image:
+  repository: "quay.io/pusher/oauth2_proxy"
+  tag: "v5.1.0"
+  pullPolicy: "IfNotPresent"
+
+# Optionally specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+# imagePullSecrets:
+  # - name: myRegistryKeySecretName
+
+extraArgs: {}
+extraEnv: []
+
+# To authorize individual email addresses
+# That is part of extraArgs but since this needs special treatment we need to do a separate section
+authenticatedEmailsFile:
+  enabled: false
+  # template is the name of the configmap what contains the email user list but has been configured without this chart.
+  # It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service.
+  # Be aware the value name in the extern config map in data needs to be named to "restricted_user_access".
+  template: ""
+  # One email per line
+  # example:
+  # restricted_access: |-
+  #   name1@domain
+  #   name2@domain
+  # If you override the config with restricted_access it will configure a user list within this chart what takes care of the
+  # config map resource.
+  restricted_access: ""
+
+service:
+  type: ClusterIP
+  # when service.type is ClusterIP ...
+  # clusterIP: 192.0.2.20
+  # when service.type is LoadBalancer ...
+  # loadBalancerIP: 198.51.100.40
+  # loadBalancerSourceRanges: 203.0.113.0/24
+  port: 80
+  annotations: {}
+  # foo.io/bar: "true"
+
+## Create or use ServiceAccount
+serviceAccount:
+  ## Specifies whether a ServiceAccount should be created
+  enabled: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  name:
+  annotations: {}
+
+ingress:
+  enabled: false
+  path: /
+  # Used to create an Ingress record.
+  # hosts:
+    # - chart-example.local
+  # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
+  # extraPaths:
+  # - path: /*
+  #   backend:
+  #     serviceName: ssl-redirect
+  #     servicePort: use-annotation
+  # annotations:
+  #   kubernetes.io/ingress.class: nginx
+  #   kubernetes.io/tls-acme: "true"
+  # tls:
+    # Secrets must be manually created in the namespace.
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
+
+resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 300Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 300Mi
+
+extraVolumes: []
+  # - name: ca-bundle-cert
+  #   secret:
+  #     secretName: <secret-name>
+
+extraVolumeMounts: []
+  # - mountPath: /etc/ssl/certs/
+  #   name: ca-bundle-cert
+
+priorityClassName: ""
+
+# Affinity for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+# affinity: {}
+
+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
+proxyVarsAsSecrets: true
+
+# Configure Kubernetes liveness and readiness probes.
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 0
+  timeoutSeconds: 1
+
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 0
+  timeoutSeconds: 1
+  periodSeconds: 10
+  successThreshold: 1
+
+# Configure Kubernetes security context for container
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext:
+  enabled: false
+  runAsNonRoot: true
+
+podAnnotations: {}
+podLabels: {}
+replicaCount: 1
+
+## PodDisruptionBudget settings
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+podDisruptionBudget:
+  enabled: true
+  minAvailable: 1
+
+# Configure Kubernetes security context for pod
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+podSecurityContext: {}
+
+# whether to use http or https
+httpScheme: http
+
+# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption.
+# Alternatively supply an existing secret which contains the required information.
+htpasswdFile:
+  enabled: false
+  existingSecret: ""
+  entries: {}
+  # One row for each user
+  # example:
+  # entries:
+  #  - testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv
--- a/charts/plex/Chart.yaml
+++ b/charts/plex/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.20.2.3402
 description: Plex Media Server
 name: plex
-version: 2.0.5
+version: 2.1.0
 keywords:
  - plex
 home: https://plex.tv/
--- a/charts/plex/templates/deployment.yaml
+++ b/charts/plex/templates/deployment.yaml
@@ -241,6 +241,9 @@ spec:
          {{- else }}
          - mountPath: /{{ .name }}
          {{- end }}
+          {{- if .subPath }}
+            subPath: {{ .subPath }}
+          {{ end }}
            name: {{ .name }}
          {{- end }}
          - name: shared
@@ -303,9 +306,11 @@ spec:
 {{- end }}
 {{- end }}
 {{- range .Values.persistence.extraMounts }}
+  {{- if .claimName }}
      - name: {{ .name }}
        persistentVolumeClaim:
          claimName: {{ .claimName }}
+  {{- end }}        
 {{- end }}
      - name: shared
        emptyDir: {}
--- a/charts/plex/values.yaml
+++ b/charts/plex/values.yaml
@@ -218,8 +218,11 @@ persistence:
  ## Claim will me mounted as /{mountPath} if specified. If no {mountPath} is given,
  ## mountPath will default to {name}
  # - name: video
-  #   claimName: video-claim
+  #   # if claimName is specified the a new volume will mounted, if omitted the mount will be considered to be associated with one of the standard volumes (e.g data, config, transcode).
+  #   # This useful to mount data to a different subPath
+  #   claimName: optional-claim
  #   mountPath: /mnt/path/in/pod
+  #   subPath: optional/sub/path

  config:
    # Optionally specify claimName to manually override the PVC to be used for
--- a/charts/traefik-forward-auth/Chart.yaml
+++ b/charts/traefik-forward-auth/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: traefik-forward-auth
 description: A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer
 type: application
-version: 1.0.1
+version: 1.0.2
 appVersion: 2.2.0
 keywords:
  - traefik
--- a/charts/traefik-forward-auth/templates/middleware.yaml
+++ b/charts/traefik-forward-auth/templates/middleware.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Values.middleware.name | default "traefik-forward-auth" }}
 spec:
  forwardAuth:
-    address: "http://{{ include "traefik-forward-auth.fullname" . }}:{{ .Values.service.port }}"
+    address: "http://{{ include "traefik-forward-auth.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}"
    authResponseHeaders:
      - X-Forwarded-User
-  {{- end }}
+  {{- end }}
--- a/charts/unifi/Chart.yaml
+++ b/charts/unifi/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 5.14.23
 description: Ubiquiti Network's Unifi Controller
 name: unifi
-version: 1.2.0
+version: 1.3.1
 keywords:
  - ubiquiti
  - unifi
--- a/charts/unifi/README.md
+++ b/charts/unifi/README.md
@@ -141,6 +141,8 @@ The following tables lists the configurable parameters of the Unifi chart and th
 | `persistence.accessModes`                       | `[]`                         | Persistence access modes                                                                                               |
 | `extraConfigFiles`                              | `{}`                         | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples)       |
 | `extraJvmOpts`                                  | `[]`                         | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]`                        |
+| `jvmInitHeapSize`                               | ``                           | Java Virtual Machine (JVM) initial, and minimum, heap size.                                                            |
+| `jvmMaxHeapSize`                                | `1024M`                      | Java Virtual Machine (JVM) maximum heap size.                                                                          |
 | `resources`                                     | `{}`                         | CPU/Memory resource requests/limits                                                                                    |
 | `livenessProbe.enabled`                         | `true`                       | Turn on and off liveness probe                                                                                         |
 | `livenessProbe.initialDelaySeconds`             | `30`                         | Delay before liveness probe is initiated                                                                               |
--- a/charts/unifi/templates/deployment.yaml
+++ b/charts/unifi/templates/deployment.yaml
@@ -68,17 +68,17 @@ spec:
            - name: syslog
              containerPort: 5514
              protocol: UDP
-              {{ if .Values.captivePortalService.enabled }}
+            {{- if .Values.captivePortalService.enabled }}
            - name: captive-http
              containerPort: 8880
              protocol: TCP
            - name: captive-https
              containerPort: 8843
              protocol: TCP
+            {{- end }}
            - name: speedtest
              containerPort: 6789
              protocol: TCP
-              {{ end }}
          {{- if not .Values.runAsRoot }}
          securityContext:
            capabilities:
@@ -126,6 +126,14 @@ spec:
            - name: JVM_EXTRA_OPTS
              value: "{{- join " " .Values.extraJvmOpts }}"
            {{- end }}
+            {{- if .Values.jvmInitHeapSize }}
+            - name: JVM_INIT_HEAP_SIZE
+              value: "{{ .Values.jvmInitHeapSize }}"
+            {{- end }}
+            {{- if .Values.jvmMaxHeapSize }}
+            - name: JVM_MAX_HEAP_SIZE
+              value: "{{ .Values.jvmMaxHeapSize }}"
+            {{- end }}
            {{- if .Values.mongodb.enabled }}
            - name: DB_URI
              value: "{{ .Values.mongodb.dbUri }}"
--- a/charts/unifi/values.yaml
+++ b/charts/unifi/values.yaml
@@ -300,6 +300,15 @@ extraJvmOpts: []
  # - "-Dlog4j.configurationFile=file:/configmap/log4j2.xml"
  # - "-Dsystem_ip=1.2.3.4"

+## Java Virtual Machine (JVM) initial, and minimum, heap size
+## Unset value means there is no lower limit
+jvmInitHeapSize:
+
+## Java Virtual Machine (JVM) maximum heap size
+## For larger installations a larger value is recommended.
+## For memory constrained system this value can be lowered.
+jvmMaxHeapSize: 1024M
+
 extraConfigFiles: {}
  ## Specify additional config files which are mounted to /configmap
  ## Here is an example for a custom log4j config:
--- a/charts/zigbee2mqtt/Chart.yaml
+++ b/charts/zigbee2mqtt/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.16.1
 description: Bridges events and allows you to control your Zigbee devices via MQTT
 name: zigbee2mqtt
-version: 3.0.0
+version: 3.0.1
 keywords:
  - zigbee
  - mqtt
@@ -19,4 +19,4 @@ maintainers:
 dependencies:
  - name: common
    repository: https://k8s-at-home.com/charts/
-    version: ^1.5.0
+    version: ^1.5.1
--- a/charts/zigbee2mqtt/ci/ct-values.yaml
+++ b/charts/zigbee2mqtt/ci/ct-values.yaml
@@ -1,2 +1,7 @@
 ingress:
  enabled: true
+persistence:
+  data:
+    enabled: true
+    emptyDir: true
+    mountPath: /data
--- a/charts/zigbee2mqtt/values.yaml
+++ b/charts/zigbee2mqtt/values.yaml
@@ -8,8 +8,8 @@ image:
 strategy:
  type: Recreate

-env: {}
-  # TZ
+env:
+  ZIGBEE2MQTT_DATA: /data

 service:
  port:
Author	SHA1	Message	Date
André Bauer	8bc2923281	[oauth2-proxy] fixing home & source urls in chart.yaml (#187 ) Co-authored-by: ᗪєνιη ᗷυнʟ <onedr0p@users.noreply.github.com>	2020-11-23 08:00:34 -05:00
ᗪєνιη ᗷυнʟ	5f17e040e8	[common] 1.6.0 (#178 ) Co-authored-by: Bernd Schörgers <bernd@bjws.nl> Co-authored-by: bjws <bernd@bjws.nl>	2020-11-23 07:55:12 -05:00
Marco Kilchhofer	158674fc45	[unifi] Fix speedtest container port (#186 )	2020-11-21 15:36:48 -05:00
ᗪєνιη ᗷυнʟ	8a2859285c	[flood] fix data dir (#185 )	2020-11-19 23:18:11 -05:00
ᗪєνιη ᗷυнʟ	79e40ecd76	[zigbee2mqtt] set ZIGBEE2MQTT_DATA envar (#182 )	2020-11-19 15:18:48 +01:00
Mark McWhirter	e3c38e70eb	[traefik-forward-auth] Use namespace in the middleware (#181 ) Co-authored-by: ᗪєνιη ᗷυнʟ <onedr0p@users.noreply.github.com>	2020-11-19 08:07:44 -05:00
ᗪєνιη ᗷυнʟ	c4ba55abe2	[flood] new chart (#184 )	2020-11-18 18:46:04 -05:00
ᗪєνιη ᗷυнʟ	0c6be064e3	[node-red] migrate to common library (#180 )	2020-11-18 13:54:50 -05:00
Ryan Holt	e2eca4851b	[oauth2-proxy] migrate oauth2-proxy chart (#179 )	2020-11-17 17:03:15 -05:00
Thomas Ingvarsson	0f318cb980	[unifi] Add jvmInitHeapSize and jvmMaxHeapSize configuration (#175 ) * Add jvmInitHeapSize and jvmMaxHeapSize which are passed on to the container as env vars * Bump version, no change in default behaviour * Update README.md with new configuration parameters Signed-off-by: Thomas Ingvarsson <ingvarsson.thomas@gmail.com>	2020-11-17 09:39:37 -05:00
Mike K	e6cdf79352	[Deconz] - Add option for a persistence.subpath (#172 ) Co-authored-by: Mike Knell <mike.knell@lifecycle-software.com> Co-authored-by: ᗪєνιη ᗷυнʟ <onedr0p@users.noreply.github.com>	2020-11-16 19:12:29 -05:00
Carlos Ravelo	e4528a12c7	[Plex] - Allow claimName to not be specified for extra mounts and add subPath (#168 ) Co-authored-by: ᗪєνιη ᗷυнʟ <onedr0p@users.noreply.github.com>	2020-11-16 18:34:22 -05:00
				`@@ -0,0 +1 @@`
				`{{- include "common.notes.defaultNotes" . -}}`
				`@@ -0,0 +1 @@`
				`# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.`
				`@@ -0,0 +1 @@`
				`replicaCount: 2 # Enables PodDisruptionBudget which is disabled when replicaCount is 1`