Update Helm chart common to v2.4.0 (#546)

Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl>

.github/stale.yml

@@ -1,18 +1,32 @@
-daysUntilStale: 60
-daysUntilClose: 7
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 45
+
+# Number of days of inactivity before a stale Issue or Pull Request is closed.
+daysUntilClose: 5
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
 exemptLabels:
+  - on-hold
   - pinned
-staleLabel: lifecycle/stale
-pulls:
-  markComment: >
-    This pull request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs. Thank you
-    for your contributions.
+
+# Label to use when marking as stale
+staleLabel: stale
+
 issues:
+  # Comment to post when marking as stale. Set to `false` to disable
   markComment: >
-    This issue request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs. Thank you
-    for your contributions.
-closeComment: false
-unmarkComment: >
-  /remove-lifecycle stale
+    This Issue has been automatically marked as "stale" because it has not had recent activity (for 45 days). It will be closed if no further activity occurs. Thanks for the feedback.
+  # Comment to post when closing a stale Issue or Pull Request.
+  closeComment: >
+    Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
+pulls:
+  # Comment to post when marking as stale. Set to `false` to disable
+  markComment: >
+    This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 45 days). It will be closed if no further activity occurs. Thank you for your contribution.
+  # Comment to post when closing a stale Issue or Pull Request.
+  closeComment: >
+    Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30

.github/workflows/charts-lint-test.yaml

@@ -1,6 +1,10 @@
-name: Lint and Test Charts
+name: "Charts: Lint and test"
 
-on: pull_request
+on:
+  pull_request:
+    paths:
+    - 'charts/**'
+    - '!charts/**/README.md'
 
 jobs:
   lint:
@@ -64,13 +68,13 @@ jobs:
       - name: Install Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7            
-  
+          ruby-version: 2.7
+
       - name: Install dependencies
         run: |
           export RUBYJQ_USE_SYSTEM_LIBRARIES=1
           bundle install
-      
+
       - name: Run tests
         run: |
           bundle exec m -r test/charts
@@ -101,7 +105,7 @@ jobs:
         if: needs.lint.outputs.changed == 'true' || needs.lint.outputs.common == 'true'
 
       - name: Run chart-testing (install)
-        run: ct install --config .github/ct.yaml
+        run: ct install --config .github/ct.yaml --excluded-charts ""
         if: needs.lint.outputs.changed == 'true'
 
       - name: Run chart-testing (common-test)

.github/workflows/charts-release.yaml

@@ -1,11 +1,12 @@
-name: Release Charts
+name: "Charts: Release"
 
 on:
   push:
     branches:
       - master
     paths:
-      - "charts/**"
+      - 'charts/**'
+      - '!charts/**/README.md'
 
 jobs:
   pre-release:

.gitignore

@@ -1,3 +1,6 @@
+# Developer dependencies
+.bin
+
 # IDE resources
 .vscode
 .idea
@@ -9,4 +12,5 @@ charts/*/charts
 
 # Other rsources
 .env
+.envrc
 Gemfile.lock

.taskfiles/Taskfile_chart.yml

@@ -0,0 +1,48 @@
+---
+version: '3'
+
+tasks:
+
+  create:
+    desc: create new chart
+    cmds:
+    - git checkout -b add-chart-{{.CHART}}
+    - cp -r {{.GIT_ROOT}}/templates/chart {{.GIT_ROOT}}/charts/{{.CHART}}
+    - ./.bin/go-replace -s '${CHARTNAME}' -r "{{.CHART}}" --path={{.GIT_ROOT}}/charts/{{.CHART}} --path-pattern='*.*'
+    - task: dependency
+    - echo "Congratulations, charts/{{.CHART}} successfully generated, you can now edit chart informations ( Chart.yaml and values.yaml )"
+    status:
+    - test -d {{.GIT_ROOT}}/charts/{{.CHART}}
+    deps:
+    - check-chart
+    silent: true
+
+
+  dependency:
+    cmds:
+    - test -d {{.GIT_ROOT}}/charts/{{.CHART}}/Chart.lock && rm {{.GIT_ROOT}}/charts/{{.CHART}}/Chart.lock || exit 0
+    - test -d {{.GIT_ROOT}}/charts/{{.CHART}}/tmpcharts && rm -rf {{.GIT_ROOT}}/charts/{{.CHART}}/tmpcharts || exit 0
+    - cd {{.GIT_ROOT}}/charts/{{.CHART}} && helm dependency update
+    silent: true
+
+  lint:
+    desc: lint your chart code
+    cmds:
+    - cd {{.GIT_ROOT}}/charts/{{.CHART}} && helm lint
+    deps:
+    - dependency
+    - check-chart
+
+  test:
+    desc: test your chart code
+    cmds:
+    - docker run --rm -it --user $(id -u):$(id -g) -e "HELM_CONFIG_HOME=/tmp/helm" -e "HELM_CACHE_HOME=/tmp/helm" -v {{.GIT_ROOT}}:/ci -w /ci quay.io/helmpack/chart-testing:latest ct lint --charts charts/{{.CHART}} --config /ci/.github/ct.yaml
+    deps:
+    - check-chart
+    - lint
+
+  # Checks Parameters
+  check-chart:
+    cmds:
+    - cmd: test ! -z "{{.CHART}}" || (echo "Please define CHART parameter"; exit 1)
+    silent: true

.taskfiles/Taskfile_darwin.yml

@@ -0,0 +1,41 @@
+---
+version: '3'
+
+# Todo: add all darwin requirements
+
+env:
+  URL_GOREPLACE: https://github.com/webdevops/go-replace/releases/download/1.1.2/gr-64-osx
+
+tasks:
+
+  install:
+    desc: Install all developer dependencies
+    deps:
+    - distrib-requirements
+    - go-replace
+
+  distrib-requirements:
+    desc: Check needed distribution packages
+    cmds:
+    - task deps:need BIN=wget
+    - task deps:need BIN=python3
+    - task deps:need BIN=docker
+    silent: true
+
+  need:
+    desc: Check needed binary is present
+    cmds:
+    - type {{.BIN}} 2>&1 >/dev/null || (echo "Please install {{.BIN}}"; exit 1)
+    silent: true
+
+  go-replace:
+    desc: Install go-replace
+    cmds:
+    - echo "Installing go-replace"
+    - mkdir -p ".bin"
+    - wget -q "https://github.com/webdevops/go-replace/releases/download/1.1.2/gr-64-osx" -O .bin/go-replace && chmod +x .bin/go-replace
+    status:
+    - test -e .bin/go-replace
+    deps:
+    - distrib-requirements
+    silent: true

.taskfiles/Taskfile_linux.yml

@@ -0,0 +1,64 @@
+---
+version: '3'
+
+env:
+  URL_GOREPLACE: https://github.com/webdevops/go-replace/releases/download/1.1.2/gr-64-linux
+  URL_HELM: https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+
+tasks:
+
+  install:
+    desc: Install all developer dependencies
+    deps:
+    - distrib-requirements
+    - helm
+    - pre-commit
+    - go-replace
+
+  distrib-requirements:
+    desc: Check needed distribution packages
+    cmds:
+    - task deps:need BIN=wget
+    - task deps:need BIN=python3
+    - task deps:need BIN=docker
+    silent: true
+
+  need:
+    desc: Check needed binary is present
+    cmds:
+    - type {{.BIN}} 2>&1 >/dev/null || (echo "Please install {{.BIN}}"; exit 1)
+    silent: true
+
+  helm:
+    desc: Install helm client
+    cmds:
+    - echo "Installing helm"
+    - wget -q -O - "$URL_HELM" | USE_SUDO=false HELM_INSTALL_DIR=.bin bash
+    status:
+    - test -e .bin/helm
+    deps:
+    - distrib-requirements
+    silent: true
+
+  pre-commit:
+    desc: Install a precommit pip package
+    cmds:
+    - echo "Installing pre-commit"
+    - python3 -m pip install --user pre-commit
+    status:
+    - type pre-commit
+    deps:
+    - distrib-requirements
+    silent: true
+
+  go-replace:
+    desc: Install go-replace
+    cmds:
+    - echo "Installing go-replace"
+    - mkdir -p ".bin"
+    - wget -q "$URL_GOREPLACE" -O .bin/go-replace && chmod +x .bin/go-replace
+    status:
+    - test -e .bin/go-replace
+    deps:
+    - distrib-requirements
+    silent: true

.taskfiles/Taskfile_windows.yml

@@ -0,0 +1,10 @@
+---
+version: '3'
+
+# Todo: add windows requirements
+
+tasks:
+  default:
+    cmds:
+    - task -l
+    silent: true

CONTRIBUTING.md

@@ -39,6 +39,23 @@ See `git help commit`:
 
 Once changes have been merged, the release job will automatically run to package and release changed charts.
 
+### Create new chart
+```
+# Clone
+git clone
+cd charts
+sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b .bin
+
+# Create chart
+PATH=$PATH:$PWD/.bin
+task chart:create CHART=chart_name
+# Don't forgot edit some chart informations in charts/char_name/Chart.yaml and charts/char_name/values.yaml
+
+# Lint & Test
+task chart:lint CHART=chart_name
+task chart:test CHART=chart_name
+```
+
 ### Immutability
 
 Chart releases must be immutable. Any change to a chart warrants a chart version bump even if it is only changed to the documentation.

README.md

@@ -1,9 +1,11 @@
 # k8s@Home collection of helm charts
 
-[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Discord](https://img.shields.io/badge/discord-chat-7289DA.svg)](https://discord.com/invite/7PbmHRK)
 [![](https://github.com/k8s-at-home/charts/workflows/Release%20Charts/badge.svg?branch=master)](https://github.com/k8s-at-home/charts/actions)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
-[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/k8s-at-home)](https://artifacthub.io/packages/search?repo=k8s-at-home)
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/k8s-at-home)](https://artifacthub.io/packages/search?repo=k8s-at-home)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+
 ## Usage
 
 [Helm](https://helm.sh) must be installed to use the charts.
@@ -19,7 +21,18 @@ You can then run `helm search repo k8s-at-home` to see the charts.
 
 ## Charts
 
-See [artifact hub](https://artifacthub.io/packages/search?org=k8s-at-home) for a complete list.
+See [Artifact Hub](https://artifacthub.io/packages/search?org=k8s-at-home) or [charts](./charts/) for a complete list.
+
+## Common Library
+
+The majority of the charts in this repository are using a common library we built. The reason we went with this pattern is a lot of applications are pretty similar in their requirements for Helm charts. Using a library makes maintaining much easier and keeps charts consistent in features. If contributing a new chart first try to make it using the library we built.
+
+More information can be found [here](https://github.com/k8s-at-home/charts/tree/master/charts/common).
+
+## Support
+
+- Having problems with a chart or have a feature request? Open a new [issue](https://github.com/k8s-at-home/charts/issues/new/choose).
+- New idea? Discuss [here](https://github.com/k8s-at-home/charts/discussions) or in our [Discord](https://discord.gg/sTMX7Vh) in the `#charts` channel.
 
 ## Contributing
 

Taskfile.yml

@@ -0,0 +1,16 @@
+---
+version: '3'
+
+vars:
+  GIT_ROOT:
+    sh: git rev-parse --show-toplevel
+
+includes:
+  deps: .taskfiles/Taskfile_{{OS}}.yml
+  chart: .taskfiles/Taskfile_chart.yml
+
+tasks:
+  default:
+    cmds:
+    - task -l
+    silent: true

charts/README.templates.md.gotmpl

@@ -14,7 +14,7 @@
     {{ template "repository.organization" . }}/{{ template "chart.name" . }}
 {{- end -}}
 {{- define "badge.artifactHub" -}}
-  [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/{{ template "chart.name" . }})](https://artifacthub.io/packages/helm/{{ template "chart.name" . }})
+  [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/{{ template "chart.name" . }})](https://artifacthub.io/packages/helm/k8s-at-home/{{ template "chart.name" . }})
 {{- end -}}
 {{- define "description.multiarch" -}}
 The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
@@ -69,4 +69,4 @@ For example,
 ```console
 helm install {{ template "chart.name" . }} {{ template "helm.path" . }} --values values.yaml
 ```
-{{- end -}}
+{{- end -}}

charts/alertmanager-bot/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.4.2
 description: Bot for Prometheus Alertmanager
 name: alertmanager-bot
-version: 2.3.0
+version: 2.4.0
 keywords:
   - alertmanager
   - telegram
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/appdaemon/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.5
 description: AppDaemon is a loosely coupled, multi-threaded, sandboxed python execution environment for writing automation apps for various types of Home Automation Software including Home Assistant and MQTT.
 name: appdaemon
-version: 2.3.0
+version: 2.4.0
 keywords:
   - appdaemon
   - home-automation
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/bazarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.9.0.5
 description: Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements
 name: bazarr
-version: 5.3.0
+version: 5.4.0
 keywords:
   - bazarr
   - radarr
@@ -21,4 +21,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/bitwardenrs/Chart.yaml

@@ -2,15 +2,15 @@ apiVersion: v2
 name: bitwardenrs
 description: Unofficial Bitwarden compatible server written in Rust
 type: application
-version: 1.0.1
-appVersion: 1.16.3
+version: 2.0.0
+appVersion: 1.18.0
 keywords:
   - bitwarden
   - bitwardenrs
   - bitwarden_rs
   - password
   - rust
-home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwarden_rs
+home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwardenrs
 sources:
   - https://github.com/dani-garcia/bitwarden_rs
 maintainers:

charts/bitwardenrs/README.md

@@ -46,3 +46,13 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 ```console
 helm install bitwarden k8s-at-home/bitwardenrs  --values values.yaml 
 ```
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 1.1.1 -> 2.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 1.x.x to 2.x.x
+
+Chart version 2.0.0 introduces external database support.
+ * No actions required to continue with the default sqlite backend.
+ * Refer to the `bitwardenrs.externalDatabase` section of [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/bitwardenrs/values.yaml) to configure MySQL or PostgreSQL database backends.

charts/bitwardenrs/templates/_database.tpl

@@ -0,0 +1,38 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Generate environment variables for external database
+*/}}
+{{- define "bitwardenrs.externalDatabaseConfigMap" -}}
+{{- with .Values.bitwardenrs.externalDatabase }}
+{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
+{{- if and (not .existingSecret.enabled) .user }}
+DATABASE_USER: {{ .user | quote }}
+{{- end }}
+{{- if and (not .existingSecret.enabled) .password }}
+DATABASE_PASSWORD: {{ .password | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "bitwardenrs.externalDatabaseEnv" -}}
+{{- with .Values.bitwardenrs.externalDatabase }}
+{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
+{{- if .existingSecret.enabled }}
+- name: DATABASE_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ .existingSecret.name | quote }}
+      key: {{ .existingSecret.userKey | quote }}
+- name: DATABASE_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .existingSecret.name | quote }}
+      key: {{ .existingSecret.passwordKey | quote }}
+{{- end }}
+{{- $dbport := not (empty .port) | ternary (printf ":%v" .port) "" }}
+- name: DATABASE_URL
+  value: {{ printf "%v://$(DATABASE_USER):$(DATABASE_PASSWORD)@%v%v/%v" .type .host $dbport .database }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/bitwardenrs/templates/configmap.yaml

@@ -12,8 +12,8 @@ data:
   WEBSOCKET_ENABLED: {{ .Values.bitwardenrs.websockets.enabled | quote }}
   {{- if and .Values.bitwardenrs.admin.enabled .Values.bitwardenrs.admin.disableAdminToken }}
   DISABLE_ADMIN_TOKEN: "true"
-    {{- end }}
-    {{- with .Values.bitwardenrs.smtp }}
+  {{- end }}
+  {{- with .Values.bitwardenrs.smtp }}
   {{- if .enabled }}
   SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .host | quote }}
   SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .from | quote }}
@@ -31,6 +31,20 @@ data:
   {{- end }}
   {{- end }}
   {{- end }}
+  {{- with .Values.bitwardenrs.yubico }}
+  {{- if .enabled }}
+  {{- if .server }}
+  YUBICO_SERVER: {{ .server | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .clientId }}
+  YUBICO_CLIENT_ID: {{ .clientId | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .secretKey }}
+  YUBICO_SECRET_KEY: {{ .secretKey | quote }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- include "bitwardenrs.externalDatabaseConfigMap" . | nindent 2 }}
   {{- if .Values.env }}
   {{- toYaml .Values.env | nindent 2 }}
   {{- end }}

charts/bitwardenrs/templates/deployment.yaml

@@ -54,11 +54,11 @@ spec:
                   {{- else }}
                   name: {{ $fullName }}
                   key: admin-token
-                {{- end }}
-                {{- end }}
-                {{- end }}
-                {{- with .Values.bitwardenrs.smtp }}
-                {{- if eq .enabled true }}
+                  {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.smtp }}
+            {{- if eq .enabled true }}
             {{- if and .existingSecret.enabled (not .user) }}
             - name: SMTP_USERNAME
               valueFrom:
@@ -70,12 +70,27 @@ spec:
                 secretKeyRef:
                   name: {{ .existingSecret.name | quote }}
                   key: {{ .existingSecret.passwordKey | quote }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.yubico }}
+            {{- if and .enabled .existingSecret.enabled }}
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.clientIdKey | quote }}
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.secretKeyKey | quote }}
+            {{- end }}
+            {{- end }}
+            {{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
           ports:
             - name: http
-              containerPort: 80
+              containerPort: {{ .Values.bitwardenrs.gui.port }}
               protocol: TCP
             {{- if .Values.bitwardenrs.websockets.enabled }}
             - name: websocket

charts/bitwardenrs/templates/ingress.yaml

@@ -1,6 +1,7 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "bitwardenrs.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
+{{- $websockets := .Values.bitwardenrs.websockets -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
@@ -36,6 +37,16 @@ spec:
             backend:
               serviceName: {{ $fullName }}
               servicePort: {{ $svcPort }}
+          {{- if $websockets.enabled }}
+          - path: {{ . | trimSuffix "/" }}/notifications/hub
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $websockets.port }}
+          - path: {{ . | trimSuffix "/" }}/notifications/hub/negotiate
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort}}
+          {{- end }}
           {{- end }}
     {{- end }}
   {{- end }}

charts/bitwardenrs/templates/statefulset.yaml

@@ -55,11 +55,11 @@ spec:
                   {{- else }}
                   name: {{ $fullName }}
                   key: admin-token
-                {{- end }}
-                {{- end }}
-                {{- end }}
-                {{- with .Values.bitwardenrs.smtp }}
-                {{- if eq .enabled true }}
+                  {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.smtp }}
+            {{- if eq .enabled true }}
             {{- if and .existingSecret.enabled (not .user) }}
             - name: SMTP_USERNAME
               valueFrom:
@@ -71,12 +71,27 @@ spec:
                 secretKeyRef:
                   name: {{ .existingSecret.name | quote }}
                   key: {{ .existingSecret.passwordKey | quote }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.yubico }}
+            {{- if and .enabled .existingSecret.enabled }}
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.clientIdKey | quote }}
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.secretKeyKey | quote }}
+            {{- end }}
+            {{- end }}
+            {{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
           ports:
             - name: http
-              containerPort: 80
+              containerPort: {{ .Values.bitwardenrs.gui.port }}
               protocol: TCP
             {{- if .Values.bitwardenrs.websockets.enabled }}
             - name: websocket

charts/bitwardenrs/values.yaml

@@ -14,6 +14,9 @@ fullnameOverride: ""
 bitwardenrs:
   domain: ""
   signupsAllowed: false
+  gui:
+    # If you set a different port here, you must also provide it under env
+    port: 80
   websockets:
     enabled: true
     port: 3012
@@ -24,6 +27,31 @@ bitwardenrs:
       enabled: false
       name: ""
       tokenKey: ""
+  # External database configuration.
+  # Requires bitwardenrs/server >= 1.17.0 or bitwardenrs/server-{mysql,postgres} images
+  # ref: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-MySQL-Backend
+  #      https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-PostgreSQL-Backend
+  externalDatabase:
+    enabled: false
+    # Supported values: 'mysql', 'postgresql'.
+    type: ""
+    # Database host. Required if external database is enabled.
+    host: ""
+    # Database port. Optional, default value is specific to the database backend.
+    port: ""
+    # Database name.
+    database: ""
+    # Database user.
+    user: ""
+    # Database password. Special characters must be escaped with percent encoding.
+    password: ""
+    # Use existing secret for database credentials.
+    existingSecret:
+      enabled: false
+      name: ""
+      userKey: ""
+      # Special characters in the password value must be escaped with percent encoding.
+      passwordKey: ""
   # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
   smtp:
     enabled: false
@@ -47,8 +75,26 @@ bitwardenrs:
       name: ""
       userKey: ""
       passwordKey: ""
+  # Enable Yubikey 2FA: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
+  yubico:
+    enabled: false
+    # OTP verification server. Will use the default YubiCloud servers if not specified
+    server: ""
+    # API Client ID for OTP server. Ignored if existingSecret is provided.
+    clientId: ""
+    # API Secret Key for OTP server. Required if clientId is specified, ignored when using existingSecret.
+    secretKey: ""
+    # Use existing secret for API keys
+    existingSecret:
+      enabled: false
+      name: ""
+      clientIdKey: ""
+      secretKeyKey: ""
 
 env: {}
+# If you plan to run the WebUI on a port other than port 80, specify that here:
+# For example, if running the container as a non-root user.
+#  ROCKET_PORT: "80"
 
 persistence:
   type: statefulset

charts/blocky/Chart.yaml

@@ -1,11 +1,12 @@
 apiVersion: v2
-appVersion: v0.11
+appVersion: v0.12
 description: DNS proxy as ad-blocker for local network
 name: blocky
-version: 4.1.1
+version: 5.0.0
 keywords:
   - blocky
-  - dbs
+  - adblock
+  - dns
 home: https://github.com/k8s-at-home/charts/tree/master/charts/blocky
 icon: https://github.com/0xERR0R/blocky/raw/master/docs/blocky.svg?sanitize=true
 sources:

charts/blocky/README.md

@@ -47,6 +47,8 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 helm install --name blocky -f values.yaml k8s-at-home/blocky
 ```
 
+---
+
 ## Upgrading an existing Release to a new major version
 
 A major chart version change (like 2.2.2 -> 3.0.0) indicates that there is an
@@ -72,3 +74,6 @@ kubectl delete svc/blocky
 
 This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on blocky for DNS
 
+### Upgrading from 4.x.x to 5.x.x
+
+Configuration inside `config` is no longer a yaml object, it is now a multiline string

charts/blocky/templates/configmap.yaml

@@ -9,12 +9,5 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
-{{- if .Values.config }}
-{{ $root := . }}
   config.yml: |
-{{ tpl (toYaml .Values.config | indent 4) $root }}
-{{- end }}
-{{- range $name, $value := .Values.extraLists }}
-  {{ $name }}: |-
-{{ $value | indent 4}}
-{{- end }}
+{{ .Values.config | indent 4 }}

charts/blocky/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- $blockyConfig := .Values.config | fromYaml }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -45,9 +46,9 @@ spec:
               subPath: {{ $name }}
               readOnly: true
             {{- end }}
-            {{- if .Values.config.queryLog }}
+            {{- if hasKey $blockyConfig "queryLog" }}
             - name: data
-              mountPath: {{ .Values.config.queryLog.dir }}
+              mountPath: {{ $blockyConfig.queryLog.dir }}
               {{- if .Values.persistence.subPath }}
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
@@ -96,7 +97,7 @@ spec:
                     - key: {{ $name }}
                       path: {{ $name }}
                   {{- end }}
-        {{- if .Values.config.queryLog }}
+        {{- if hasKey $blockyConfig "queryLog" }}
         - name: data
           {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

charts/blocky/values.yaml

@@ -1,6 +1,6 @@
 image:
   repository: spx01/blocky
-  tag: v0.11
+  tag: v0.12
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -10,29 +10,30 @@ replicas: 1
 
 timeZone: "UTC"
 
-# blocky configuration - will translate to config.yml file inside the pod
-config:
+# Blocky configuration, for a full list of options see
+# https://github.com/0xERR0R/blocky/blob/master/docs/config.yml
+config: |
   upstream:
     # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
-    # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
+    # format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
     externalResolvers:
-      - udp:8.8.8.8
-      - udp:8.8.4.4
-      - udp:1.1.1.1
-      - tcp-tls:1.0.0.1:853
-      - https://cloudflare-dns.com/dns-query
+      - 46.182.19.48
+      - 80.241.218.68
+      - tcp-tls:fdns1.dismail.de:853
+      - https://dns.digitale-gesellschaft.ch/dns-query
 
   # optional: custom IP address for domain name (with all sub-domains)
   # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
-  # customDNS:
-  #   mapping:
-  #     printer.lan: 192.168.178.3
+  customDNS:
+    mapping:
+      printer.lan: 192.168.178.3
 
-  # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains).
+  # optional: definition, which DNS resolver(s) should be used for queries to the domain (with all sub-domains). Multiple resolvers must be separated by comma
   # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name
-  # conditional:
-  #   mapping:
-  #     fritz.box: udp:192.168.178.1
+  conditional:
+    mapping:
+      fritz.box: udp:192.168.178.1
+      lan.net: udp:192.168.178.1,udp:192.168.178.2
 
   # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
   blocking:
@@ -46,77 +47,95 @@ config:
         - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
         - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
       special:
-        - https://hosts-file.net/ad_servers.txt
-    # definition of whitelist groups. Attention: if the same group has black and whitelists,
-    # whitelists will be used to disable particular blacklist entries. If a group has only
-    # whitelist entries -> this means only domains from this list are allowed,
-    # all other domains will be blocked.
-    # Also see the extraLists section below to add your own in-line whitelists
-    # whiteLists:
-    #   ads:
-    #     - whitelist.txt
+        - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
+    # definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked
+    whiteLists:
+      ads:
+        - whitelist.txt
     # definition: which groups should be applied for which client
     clientGroupsBlock:
       # default will be used, if no special definition for a client name exists
       default:
         - ads
         - special
-      # use client name or ip address
-      # laptop.fritz.box:
-      #   - ads
-
+      # use client name (with wildcard support: * - sequence of any characters, [0-9] - range)
+      # or single ip address / client subnet as CIDR notation
+      laptop*:
+        - ads
+      192.168.178.1/24:
+        - special
     # which response will be sent, if query is blocked:
-    #   zeroIp: 0.0.0.0 will be returned (default)
-    #   nxDomain: return NXDOMAIN as return code
-    # blockType: zeroIp
-
+    # zeroIp: 0.0.0.0 will be returned (default)
+    # nxDomain: return NXDOMAIN as return code
+    # comma separated list of destination IP adresses (for example: 192.100.100.15, 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). Should contain ipv4 and ipv6 to cover all query types. Useful with running web server on this address to display the "blocked" page.
+    blockType: zeroIp
     # optional: automatically list refresh period in minutes. Default: 4h.
     # Negative value -> deactivate automatically refresh.
     # 0 value -> use default
-    # refreshPeriod: 1
+    refreshPeriod: 0
 
   # optional: configuration for caching of DNS responses
-  # caching:
-  #   # amount in minutes, how long a response must be cached (min value).
-  #   # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
-  #   # Default: 0
-  #   minTime: 40
-  #   # amount in minutes, how long a response must be cached (max value).
-  #   # If <0, do not cache responses
-  #   # If 0, use TTL
-  #   # If > 0, use this value, if TTL is greater
-  #   # Default: 0
-  #   maxTime: -1
+  caching:
+    # amount in minutes, how long a response must be cached (min value).
+    # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
+    # Default: 0
+    minTime: 5
+    # amount in minutes, how long a response must be cached (max value).
+    # If <0, do not cache responses
+    # If 0, use TTL
+    # If > 0, use this value, if TTL is greater
+    # Default: 0
+    maxTime: -1
+    # if true, will preload DNS results for often used queries (names queried more than 5 times in a 2 hour time window)
+    # this improves the response time for often used queries, but significantly increases external traffic
+    # default: false
+    prefetching: true
 
   # optional: configuration of client name resolution
-  # clientLookup:
-  #   # this DNS resolver will be used to perform reverse DNS lookup (typically local router)
-  #   upstream: udp:192.168.178.1
-  #   # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
-  #   # Example: take second name if present, if not take first name
-  #   singleNameOrder:
-  #     - 2
-  #     - 1
+  clientLookup:
+    # optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router)
+    upstream: udp:192.168.178.1
+    # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
+    # Example: take second name if present, if not take first name
+    singleNameOrder:
+      - 2
+      - 1
+    # optional: custom mapping of client name to IP addresses. Useful if reverse DNS does not work properly or just to have custom client names.
+    clients:
+      laptop:
+        - 192.168.178.29
+
   # optional: configuration for prometheus metrics endpoint
-  prometheus:
-    # enabled if true
-    enable: true
-    # url path, optional (default '/metrics')
-    path: /metrics
+  # prometheus:
+  #   # enabled if true
+  #   enable: true
+  #   # url path, optional (default '/metrics')
+  #   path: /metrics
 
   # optional: write query information (question, answer, client, duration etc) to daily csv file
   # queryLog:
-  #     # directory (will be mounted as volume in the pod)
-  #     dir: /logs
-  #     # if true, write one file per client. Writes all queries to single file otherwise
-  #     perClient: true
-  #     # if > 0, deletes log files which are older than ... days
-  #     logRetentionDays: 7
+  #   # directory (should be mounted as volume in docker)
+  #   dir: /logs
+  #   # if true, write one file per client. Writes all queries to single file otherwise
+  #   perClient: true
+  #   # if > 0, deletes log files which are older than ... days
+  #   logRetentionDays: 7
 
-  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ...
+  # optional: DNS listener port and bind ip address, default 53 (UDP and TCP). Example: 53, :53, 127.0.0.1:53
+  port: 53
+  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH ...
   httpPort: 4000
+  # optional: HTTPS listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH...
+  #httpsPort: 443
+  # mandatory, if https port > 0: path to cert and key file for SSL encryption
+  #httpsCertFile: server.crt
+  #httpsKeyFile: server.key
+  # optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured and blocky needs to resolve a host name. Format net:IP:port, net must be udp or tcp
+  bootstrapDns: tcp:1.1.1.1
   # optional: Log level (one from debug, info, warn, error). Default: info
   logLevel: info
+  # optional: Log format (text or json). Default: text
+  logFormat: text
 
 ## Add persistence for query logs (if enabled)
 persistence:

charts/booksonic-air/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2009.1.0
 description: Booksonic is a platform for accessing the audibooks you own wherever you are
 name: booksonic-air
-version: 2.3.0
+version: 2.4.0
 keywords:
   - booksonic
   - audiobook
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/calibre-web/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.6.9
 description: Calibre-Web is a web app providing a clean interface for browsing, reading and downloading eBooks using an existing Calibre database.
 name: calibre-web
-version: 4.3.0
+version: 4.4.0
 keywords:
   - calibre
   - ebook
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/common/CHANGELOG.md

@@ -4,6 +4,37 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.4.0]
+
+### Added
+
+- Allow setting environment variables from Downward API via `envValueFrom`. See [the Kubernetes docs](https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/) for more information.
+
+## [2.3.0]
+
+### Added
+
+- Allow overriding the main container command.
+- Allow setting Helm templates as environment variables via `envTpl`. The given value is parsed through Helm's `tpl` function, allowing for powerful variable substitution.
+- Support for defining volumeClaimTemplates for StatefulSet.
+- Allow the following Pod spec fields to be configurable:
+  - `priorityClassName`
+  - `schedulerName`
+  - `hostname`
+
+### Fixed
+
+- `values.yaml` now contains the following sections, these were already functional but were previously undocumented:
+  - `podSecurityContext`
+  - `securityContext`
+  - `resources`
+
+## [2.2.1]
+
+### Fixed
+
+- Made explicit that `service.port.targetPort` cannot be a named port.
+
 ## [2.2.0]
 
 ### Added
@@ -53,6 +84,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 This is the last version before starting this changelog. All sorts of cool stuff was changed, but only `git log` remembers what that was :slightly_frowning_face:
 
+[2.4.0]: https://github.com/k8s-at-home/charts/tree/common-2.4.0/charts/common
+
+[2.3.0]: https://github.com/k8s-at-home/charts/tree/common-2.3.0/charts/common
+
+[2.2.1]: https://github.com/k8s-at-home/charts/tree/common-2.2.1/charts/common
+
 [2.2.0]: https://github.com/k8s-at-home/charts/tree/common-2.2.0/charts/common
 
 [2.1.0]: https://github.com/k8s-at-home/charts/tree/common-2.1.0/charts/common

charts/common/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: Function library for k8s-at-home charts
 type: library
-version: 2.2.0
+version: 2.4.0
 keywords:
   - k8s-at-home
   - common

charts/common/templates/_statefulset.tpl

@@ -36,4 +36,18 @@ spec:
       {{- include "common.labels.selectorLabels" . | nindent 8 }}
     spec:
       {{- include "common.controller.pod" . | nindent 6 }}
+  volumeClaimTemplates:
+  {{- range $index, $vct := .Values.volumeClaimTemplates }}
+  - metadata:
+      name: {{ $vct.name }}
+    spec:
+      accessModes: 
+        - {{ required (printf "accessMode is required for vCT %v" $vct.name) $vct.accessMode  | quote }}
+      resources:
+        requests:
+          storage: {{ required (printf "size is required for PVC %v" $vct.name) $vct.size | quote }}
+      {{- if $vct.storageClass }}
+      storageClassName: {{ if (eq "-" $vct.storageClass) }}""{{- else }}{{ $vct.storageClass | quote }}{{- end }}
+      {{- end }}
+{{- end }}
 {{- end }}

charts/common/templates/lib/controller/_container.tpl

@@ -5,6 +5,9 @@ The main container included in the controller.
 - name: {{ include "common.names.fullname" . }}
   image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
   imagePullPolicy: {{ .Values.image.pullPolicy }}
+  {{- with .Values.command }}
+  command: {{ . }}
+  {{- end }}
   {{- with .Values.args }}
   args: {{ . }}
   {{- end }}
@@ -12,12 +15,21 @@ The main container included in the controller.
   securityContext:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  {{- if .Values.env }}
+  {{- if or .Values.env .Values.envTpl .Values.envValueFrom }}
   env:
   {{- range $key, $value := .Values.env }}
   - name: {{ $key }}
     value: {{ $value | quote }}
   {{- end }}
+  {{- range $key, $value := .Values.envTpl }}
+  - name: {{ $key }}
+    value: {{ tpl $value $ | quote }}
+  {{- end }}
+  {{- range $key, $value := .Values.envValueFrom }}
+  - name: {{ $key }}
+    valueFrom: 
+      {{- $value | toYaml | nindent 6 }}
+  {{- end }}
   {{- end }}
   {{- with .Values.envFrom }}
   envFrom:
@@ -37,6 +49,15 @@ The main container included in the controller.
   {{- if .Values.additionalVolumeMounts }}
     {{- toYaml .Values.additionalVolumeMounts | nindent 2 }}
   {{- end }}
+  {{- if eq .Values.controllerType "statefulset"  }}
+  {{- range $index, $vct := .Values.volumeClaimTemplates }}
+  - mountPath: {{ $vct.mountPath }}
+    name: {{ $vct.name }}
+  {{- if $vct.subPath }}
+    subPath: {{ $vct.subPath }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
   {{- include "common.controller.probes" . | nindent 2 }}
   {{- with .Values.resources }}
   resources:

charts/common/templates/lib/controller/_pod.tpl

@@ -11,9 +11,18 @@ serviceAccountName: {{ include "common.names.serviceAccountName" . }}
 securityContext:
   {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- with .Values.priorityClassName }}
+priorityClassName: {{ . }}
+{{- end }}
+{{- with .Values.schedulerName }}
+schedulerName: {{ . }}
+{{- end }}
 {{- with .Values.hostNetwork }}
 hostNetwork: {{ . }}
 {{- end }}
+{{- with .Values.hostname }}
+hostname: {{ . }}
+{{- end }}
 {{- with .Values.dnsPolicy }}
 dnsPolicy: {{ . }}
 {{- end }}

charts/common/templates/lib/controller/_ports.tpl

@@ -32,6 +32,9 @@ Ports included by the controller.
 ports:
 {{- range $_ := $ports }}
 - name: {{ .name }}
+  {{- if and .targetPort (kindIs "string" .targetPort) }}
+  {{- fail (printf "Our charts do not support named ports for targetPort. (port name %s, targetPort %s)" .name .targetPort) }}
+  {{- end }}
   containerPort: {{ .targetPort | default .port }}
   protocol: {{ .protocol | default "TCP" }}
 {{- end -}}

charts/common/values.yaml

@@ -12,6 +12,8 @@ strategy:
   ## DaemonSets ignore this
   type: RollingUpdate
 
+# Override the default command
+command: []
 # Override the default args
 args: []
 
@@ -31,7 +33,19 @@ serviceAccount:
   name: ""
 
 env: {}
-# TZ: UTC
+  # TZ: UTC
+
+## Variables with values set from templates, example
+## With a release name of: demo, the example env value will be: demo-admin
+envTpl: {}
+  # TEMPLATE_VALUE: "{{ .Release.Name }}-admin"
+
+## Variables with values from (for example) the Downward API
+## See https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
+envValueFrom: {}
+  # NODE_NAME:
+  #   fieldRef:
+  #     fieldPath: spec.nodeName
 
 envFrom: []
 # - configMapRef:
@@ -39,6 +53,15 @@ envFrom: []
 # - secretRef:
 #     name: secret-name
 
+# Custom priority class for different treatment by the scheduler
+# priorityClassName: system-node-critical
+
+# Allow specifying a custom scheduler name
+# schedulerName: awkward-dangerous-scheduler
+
+# Allow specifying explicit hostname setting
+# hostname:
+
 # When using hostNetwork make sure you set dnsPolicy to ClusterFirstWithHostNet
 hostNetwork: false
 
@@ -56,6 +79,12 @@ dnsPolicy: ClusterFirst
 # for more information.
 enableServiceLinks: true
 
+# Configure the Security Context for the Pod
+podSecurityContext: {}
+
+# Configure the Security Context for the main container
+securityContext: {}
+
 initContainers: []
 
 additionalContainers: []
@@ -107,8 +136,9 @@ service:
     ## name defaults to http
     name:
     protocol: TCP
-    ## targetPort defaults to the service name. If targetPort is specified, this port number
-    ## is used in the container definition instead of service.port.port.
+    ## Specify a service targetPort if you wish to differ the service port from the application port.
+    ## If targetPort is specified, this port number is used in the container definition instead of
+    ## service.port.port. Therefore named ports are not supported for this field.
     targetPort:
     ## Specify the nodePort value for the LoadBalancer and NodePort service types.
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
@@ -206,6 +236,19 @@ additionalVolumes: []
 
 additionalVolumeMounts: []
 
+volumeClaimTemplates: []
+# Used in statefulset to create individual disks for each instance
+# - name: data
+#   mountPath: /data
+#   accessMode: "ReadWriteOnce"
+#   size: 1Gi
+# - name: backup
+#   mountPath: /backup
+#   subPath: theSubPath
+#   accessMode: "ReadWriteOnce"
+#   size: 2Gi
+#   storageClass: cheap-storage-class
+
 nodeSelector: {}
 
 affinity: {}
@@ -220,6 +263,18 @@ hostAliases: []
 #   - "example.com"
 #   - "www.example.com"
 
+resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
 addons:
 
   # Enable running a VPN in the pod to route traffic through a VPN

charts/couchpotato/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: latest
 description: CouchPotato (CP) is an automatic NZB and torrent downloader.
 name: couchpotato
-version: 4.3.0
+version: 4.4.0
 keywords:
   - couchpotato
   - usenet
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/dashmachine/Chart.yaml

@@ -1,16 +0,0 @@
-apiVersion: v2
-appVersion: v0.5-4
-description: DashMachine is another web application bookmark dashboard, with fun features.
-icon: https://github.com/rmountjoy92/DashMachine/raw/master/dashmachine/static/images/logo/logo.png
-home: https://github.com/rmountjoy92/DashMachine
-name: dashmachine
-version: 3.3.0
-sources:
-  - https://github.com/rmountjoy92/DashMachine
-maintainers:
-  - name: carpenike
-    email: ryan@ryanholt.net
-dependencies:
-  - name: common
-    version: 2.2.0
-    repository: https://k8s-at-home.com/charts/

charts/dashmachine/OWNERS

@@ -1,4 +0,0 @@
-approvers:
-- carpenike
-reviewers:
-- carpenike

charts/ddclient/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 3.9.1
 description: Perl client used to update dynamic DNS entries for accounts on Dynamic DNS Network Service Providers
 name: ddclient
-version: 2.3.0
+version: 2.4.0
 keywords:
   - ddclient
   - dns
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/deluge/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.0.3-2201906121747
 description: Deluge is a torrent download client
 name: deluge
-version: 1.1.0
+version: 1.2.0
 keywords:
   - deluge
   - torrent
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/dsmr-reader/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v4.9.0
 description: DSMR-protocol reader, telegram data storage and energy consumption visualizer.
 name: dsmr-reader
-version: 1.1.0
+version: 1.2.0
 keywords:
 - dsmr-reader
 - energy
@@ -17,7 +17,7 @@ maintainers:
 dependencies:
 - name: common
   repository: https://k8s-at-home.com/charts/
-  version: 2.2.0
+  version: 2.4.0
 - name: postgresql
   version: 10.2.0
   repository: https://charts.bitnami.com/bitnami

charts/esphome/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.15.3
 description: ESPHome is a system to control your ESP8266/ESP32 by simple yet powerful configuration files and control them remotely through Home Automation systems.
 name: esphome
-version: 4.3.0
+version: 4.4.0
 keywords:
   - esphome
   - home-automation
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/flaresolverr/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+appVersion: v1.2.3
+description: FlareSolverr is a proxy server to bypass Cloudflare protection
+name: flaresolverr
+version: 1.1.0
+keywords:
+  - flaresolverr
+  - jackett
+home: https://github.com/k8s-at-home/charts/tree/master/charts/flaresolverr
+sources:
+  - https://github.com/FlareSolverr/FlareSolverr
+  - https://hub.docker.com/r/flaresolverr/flaresolverr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.4.0

charts/flaresolverr/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/flaresolverr/README.md

@@ -1,6 +1,6 @@
-# Dashmachine
+# FlareSolverr
 
-This is a helm chart for [DashMachine](https://github.com/rmountjoy92/DashMachine).
+This is a helm chart for [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr).
 
 **This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
 
@@ -8,7 +8,7 @@ This is a helm chart for [DashMachine](https://github.com/rmountjoy92/DashMachin
 
 ```shell
 $ helm repo add k8s-at-home https://k8s-at-home.com/charts/
-$ helm install k8s-at-home/dashmachine
+$ helm install k8s-at-home/flaresolverr
 ```
 
 ## Installing the Chart
@@ -16,7 +16,7 @@ $ helm install k8s-at-home/dashmachine
 To install the chart with the release name `my-release`:
 
 ```console
-helm install --name my-release k8s-at-home/dashmachine
+helm install --name my-release k8s-at-home/flaresolverr
 ```
 
 ## Uninstalling the Chart
@@ -30,20 +30,20 @@ helm delete my-release --purge
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
 ## Configuration
-Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/dashmachine/values.yaml)
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/flaresolverr/values.yaml)
 file. It has several commented out suggested values.
 Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 ```console
-helm install dashmachine \
+helm install flaresolverr \
   --set env.TZ="America/New_York" \
-    k8s-at-home/dashmachine
+    k8s-at-home/flaresolverr
 ```
 Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
 chart. For example,
 ```console
-helm install dashmachine k8s-at-home/dashmachine --values values.yaml 
+helm install flaresolverr k8s-at-home/flaresolverr --values values.yaml 
 ```
 
 ```yaml
@@ -65,5 +65,3 @@ it may be because you uninstalled the chart with `skipuninstall` enabled, you ne
 ## Upgrading an existing Release to a new major version
 
 A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
-
-Refer to the library values.yaml for more configuration options.

charts/flaresolverr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/flaresolverr/values.yaml

@@ -0,0 +1,16 @@
+# Default values for FlareSolverr.
+
+image:
+  repository: flaresolverr/flaresolverr
+  pullPolicy: IfNotPresent
+  tag: v1.2.3
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 8191
+
+env: {}
+  # LOG_LEVEL: UTC

charts/flood/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.1.1
 description: Flood is a monitoring service for various torrent clients
 name: flood
-version: 2.3.0
+version: 2.4.0
 keywords:
   - flood
   - rtorrent
@@ -19,4 +19,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/freshrss/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.17.0
 description: FreshRSS is a self-hosted RSS feed aggregator
 name: freshrss
-version: 2.3.0
+version: 2.4.0
 keywords:
   - freshrss
   - rss
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/frigate/Chart.yaml

@@ -1,18 +0,0 @@
-apiVersion: v2
-appVersion: "0.6.0"
-description: Realtime object detection on RTSP cameras with the Google Coral
-name: frigate
-version: 4.0.1
-keywords:
-  - tensorflow
-  - coral
-  - ml
-home: https://github.com/k8s-at-home/charts/tree/master/charts/frigate
-icon: https://upload.wikimedia.org/wikipedia/commons/a/a4/Lutine1.jpg
-sources:
-  - https://github.com/blakeblackshear/frigate
-maintainers:
-  - name: billimek
-    email: jeff@billimek.com
-  - name: blakeblackshear
-    email: blakeb@blakeshome.com

charts/frigate/README.md

@@ -1,99 +0,0 @@
-# frigate: Realtime object detection on RTSP cameras with the Google Coral
-
-This is a helm chart for [frigate](https://github.com/blakeblackshear/frigate)
-
-## TL;DR;
-
-```shell
-$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
-$ helm install k8s-at-home/frigate
-```
-
-## Installing the Chart
-
-To install the chart with the release name `my-release`:
-
-```console
-helm install --name my-release k8s-at-home/frigate
-```
-
-~~**IMPORTANT NOTE:** the [Google Coral USB Accelerator](https://coral.withgoogle.com/products/accelerator/) must be accessible on the node where this pod runs, in order for this chart to function properly.~~
-
-The Coral USB device is now optional
-
-A way to achieve this can be with nodeAffinity rules, for example:
-
-```yaml
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: tpu
-          operator: In
-          values:
-          - google-coral
-```
-
-... where a node with an attached Coral USB device is labeled with `tpu: google-coral`
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```console
-helm delete my-release --purge
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-## Configuration
-
-The following tables lists the configurable parameters of the Frigate chart and their default values.
-
-| Parameter                  | Description                         | Default                                                 |
-|----------------------------|-------------------------------------|---------------------------------------------------------|
-| `image.repository`         | Image repository | `blakeblackshear/frigate` |
-| `image.tag`                | Image tag. Possible values listed [here](https://hub.docker.com/r/blakeblackshear/frigate/tags/).| `0.5.1`|
-| `image.pullPolicy`         | Image pull policy | `IfNotPresent` |
-| `strategyType`             | Specifies the strategy used to replace old Pods by new ones | `Recreate` |
-| `timezone`                 | Timezone the frigate instance should run as, e.g. 'America/New_York' | `UTC` |
-| `rtspPassword`             | Password to use for RTSP cameras | `password` |
-| `extraSecretForEnvFrom`    | Secrets containing env variables for  | `[]` |
-| `coral.enabled`            | Use the Coral USB device | `false` |
-| `coral.hostPath`           | Host Path to reference USB device location (on the host) | `/dev/bus/usb` |
-| `masksConfigMap`           | Reference to existing ConfigMap that contains camera masks - [more info](https://github.com/blakeblackshear/frigate#masks-and-limiting-detection-to-a-certain-area) | `{}` |
-| `shmSize`                  | Shared memory size for processing | `1Gi` |
-| `config`                   | frigate configuration - see [config.yaml](https://github.com/blakeblackshear/frigate/blob/master/config/config.yml) for example  | `{}` |
-| `Service.type`          | Kubernetes service type for the frigate GUI | `ClusterIP` |
-| `Service.port`          | Kubernetes port where the frigate GUI is exposed| `5000` |
-| `Service.annotations`   | Service annotations for the frigate GUI | `{}` |
-| `Service.labels`        | Custom labels | `{}` |
-| `Service.loadBalancerIP` | Loadbalance IP for the frigate GUI | `{}` |
-| `Service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported)      | None
-| `ingress.enabled`              | Enables Ingress | `false` |
-| `ingress.annotations`          | Ingress annotations | `{}` |
-| `ingress.labels`               | Custom labels                       | `{}`
-| `ingress.path`                 | Ingress path | `/` |
-| `ingress.hosts`                | Ingress accepted hostnames | `chart-example.local` |
-| `ingress.tls`                  | Ingress TLS configuration | `[]` |
-| `resources`                | CPU/Memory resource requests/limits | `{}` |
-| `nodeSelector`             | Node labels for pod assignment | `{}` |
-| `tolerations`              | Toleration labels for pod assignment | `[]` |
-| `affinity`                 | Affinity settings for pod assignment | `{}` |
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```console
-helm install --name my-release \
-  --set rtspPassword="nosecrets" \
-    k8s-at-home/frigate
-```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
-```console
-helm install --name my-release -f values.yaml stable/frigate
-```
-
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/frigate/values.yaml) file. It has several commented out suggested values.

charts/frigate/ci/ci-values.yaml

@@ -1,8 +0,0 @@
-# Probes configuration
-probes:
-  liveness:
-    enabled: false
-  readiness:
-    enabled: false
-  startup:
-    enabled: false

charts/frigate/templates/NOTES.txt

@@ -1,19 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "frigate.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "frigate.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "frigate.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "frigate.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:5000 to use your application"
-  kubectl port-forward $POD_NAME 5000:5000
-{{- end }}

charts/frigate/templates/_helpers.tpl

@@ -1,45 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "frigate.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "frigate.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "frigate.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "frigate.labels" -}}
-app.kubernetes.io/name: {{ include "frigate.name" . }}
-helm.sh/chart: {{ include "frigate.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}

charts/frigate/templates/configmap.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "frigate.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ include "frigate.name" . }}
-    helm.sh/chart: {{ include "frigate.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-data:
-  config.yml: |
-{{ .Values.config | indent 4 }}

charts/frigate/templates/deployment.yaml

@@ -1,149 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "frigate.fullname" . }}
-  labels:
-{{ include "frigate.labels" . | indent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  revisionHistoryLimit: 3
-  strategy:
-    type: {{ .Values.strategyType }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "frigate.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "frigate.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-        {{- range $key, $value := .Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-      {{- end }}
-    spec:
-    {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      initContainers:
-        - name: config
-          securityContext:
-            readOnlyRootFilesystem: true
-          image: "{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}"
-          imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
-          volumeMounts:
-            - mountPath: /frigate-config
-              name: configmap
-            - mountPath: /masks
-              name: masks
-            - mountPath: /config
-              name: config
-              readOnly: false
-          command: ['sh', '-c']
-          args:
-            - cp /frigate-config/* /config;
-              {{- if .Values.masksConfigMap }}
-              cp /masks/* /config;
-              {{- end }}
-
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          securityContext:
-            privileged: true
-          ports:
-            - name: http
-              containerPort: 5000
-              protocol: TCP
-          {{- if .Values.probes.liveness.enabled }}
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-              scheme: HTTP
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.probes.readiness.enabled }}
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
-              scheme: HTTP
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.probes.startup.enabled }}
-          startupProbe:
-            httpGet:
-              path: /
-              port: http
-              scheme: HTTP
-            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
-            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
-          {{- end }}
-          env:
-            {{- if .Values.timezone }}
-            - name: TZ
-              value: "{{ .Values.timezone }}"
-            {{- end }}
-            - name: FRIGATE_RTSP_PASSWORD
-              value: "{{ .Values.rtspPassword }}"
-          envFrom:
-          {{- range .Values.extraSecretForEnvFrom }}
-            - secretRef:
-                name: {{ . }}
-          {{- end }}
-          volumeMounts:
-            {{- if .Values.coral.enabled }}
-            - mountPath: /dev/bus/usb
-              name: usb
-            {{- end }}
-            - mountPath: /config
-              name: config
-            - name: dshm
-              mountPath: /dev/shm
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      volumes:
-        - name: config
-          emptyDir: {}
-        - name: configmap
-          configMap:
-            name: {{ template "frigate.fullname" . }}
-        - name: masks
-          {{- if .Values.masksConfigMap }}
-          configMap:
-            name: {{ .Values.masksConfigMap }}
-          {{- else }}
-          emptyDir:
-            {}
-          {{- end }}
-        {{- if .Values.coral.enabled }}
-        - name: usb
-          hostPath:
-            path: {{ .Values.coral.hostPath }}
-        {{- end }}
-        - name: dshm
-          emptyDir:
-            medium: Memory
-            sizeLimit: {{ .Values.shmSize }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}

charts/frigate/templates/ingress.yaml

@@ -1,35 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "frigate.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-{{ include "frigate.labels" . | indent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}

charts/frigate/templates/service.yaml

@@ -1,49 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "frigate.fullname" . }}
-  labels:
-{{ include "frigate.labels" . | indent 4 }}
-{{- if .Values.service.labels }}
-{{ toYaml .Values.service.labels | indent 4 }}
-{{- end }}
-{{- with .Values.service.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
-  type: ClusterIP
-  {{- if .Values.service.clusterIP }}
-  clusterIP: {{ .Values.service.clusterIP }}
-  {{end}}
-{{- else if eq .Values.service.type "LoadBalancer" }}
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-{{- else }}
-  type: {{ .Values.service.type }}
-{{- end }}
-{{- if .Values.service.externalIPs }}
-  externalIPs:
-{{ toYaml .Values.service.externalIPs | indent 4 }}
-{{- end }}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - name: http
-      port: {{ .Values.service.port }}
-      protocol: TCP
-      targetPort: http
-{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{.Values.service.nodePort}}
-{{ end }}
-  selector:
-    app.kubernetes.io/name: {{ include "frigate.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/frigate/values.yaml

@@ -1,251 +0,0 @@
-# Default values for frigate.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-# upgrade strategy type (e.g. Recreate or RollingUpdate)
-strategyType: Recreate
-
-image:
-  repository: blakeblackshear/frigate
-  tag: 0.6.0
-  pullPolicy: IfNotPresent
-
-rtspPassword: password
-
-# secret name containing environment variables for frigate
-extraSecretForEnvFrom: []
-
-coral:
-  enabled: false
-  hostPath: /dev/bus/usb
-
-# Specify image that generates the config folder containing the Frigate config file, masks (if specified), etc.
-initContainer:
-  image:
-    repository: busybox
-    tag: latest
-    pullPolicy: Always
-
-# reference to configMap that contains the binary data of the masks to be copied into the container
-# this requires that generateConfigFolder.enabled = true
-# see https://github.com/blakeblackshear/frigate#masks-and-limiting-detection-to-a-certain-area for more info
-masksConfigMap: {}
-
-shmSize: 1Gi
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-# frigate configuration - see https://github.com/blakeblackshear/frigate/blob/master/config/config.yml for example
-config: |
-  web_port: 5000
-
-  mqtt:
-    host: test.mosquitto.org
-    topic_prefix: frigate
-    # client_id: frigate # Optional -- set to override default client id of 'frigate' if running multiple instances
-    # user: username # Optional
-    #################
-    ## Environment variables that begin with 'FRIGATE_' may be referenced in {}.
-    ##   password: '{FRIGATE_MQTT_PASSWORD}'
-    #################
-    # password: password # Optional
-
-  #################
-  # Default ffmpeg args. Optional and can be overwritten per camera.
-  # Should work with most RTSP cameras that send h264 video
-  # Built from the properties below with:
-  # "ffmpeg" + global_args + input_args + "-i" + input + output_args
-  #################
-  # ffmpeg:
-  #   global_args:
-  #     - -hide_banner
-  #     - -loglevel
-  #     - panic
-  #   hwaccel_args: []
-  #   input_args:
-  #     - -avoid_negative_ts
-  #     - make_zero
-  #     - -fflags
-  #     - nobuffer
-  #     - -flags
-  #     - low_delay
-  #     - -strict
-  #     - experimental
-  #     - -fflags
-  #     - +genpts+discardcorrupt
-  #     - -vsync
-  #     - drop
-  #     - -rtsp_transport
-  #     - tcp
-  #     - -stimeout
-  #     - '5000000'
-  #     - -use_wallclock_as_timestamps
-  #     - '1'
-  #   output_args:
-  #     - -f
-  #     - rawvideo
-  #     - -pix_fmt
-  #     - rgb24
-
-  ####################
-  # Global object configuration. Applies to all cameras
-  # unless overridden at the camera levels.
-  # Keys must be valid labels. By default, the model uses coco (https://dl.google.com/coral/canned_models/coco_labels.txt).
-  # All labels from the model are reported over MQTT. These values are used to filter out false positives.
-  # min_area (optional): minimum width*height of the bounding box for the detected person
-  # max_area (optional): maximum width*height of the bounding box for the detected person
-  # threshold (optional): The minimum decimal percentage (50% hit = 0.5) for the confidence from tensorflow
-  ####################
-  objects:
-    track:
-      - person
-      - car
-      - truck
-    filters:
-      person:
-        min_area: 5000
-        max_area: 100000
-        threshold: 0.5
-
-  cameras:
-    back:
-      ffmpeg:
-        ################
-        # Source passed to ffmpeg after the -i parameter. Supports anything compatible with OpenCV and FFmpeg.
-        # Environment variables that begin with 'FRIGATE_' may be referenced in {}
-        ################
-        input: rtsp://viewer:{FRIGATE_RTSP_PASSWORD}@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
-        #################
-        # These values will override default values for just this camera
-        #################
-        # global_args: []
-        # hwaccel_args: []
-        # input_args: []
-        # output_args: []
-
-      ################
-      ## Optionally specify the resolution of the video feed. Frigate will try to auto detect if not specified
-      ################
-      # height: 1280
-      # width: 720
-
-      ################
-      ## Optional mask. Must be the same aspect ratio as your video feed.
-      ##
-      ## The mask works by looking at the bottom center of the bounding box for the detected
-      ## person in the image. If that pixel in the mask is a black pixel, it ignores it as a
-      ## false positive. In my mask, the grass and driveway visible from my backdoor camera
-      ## are white. The garage doors, sky, and trees (anywhere it would be impossible for a
-      ## person to stand) are black.
-      ##
-      ## Masked areas are also ignored for motion detection.
-      ################
-      # mask: back-mask.bmp
-
-      ################
-      # Allows you to limit the framerate within frigate for cameras that do not support
-      # custom framerates. A value of 1 tells frigate to look at every frame, 2 every 2nd frame,
-      # 3 every 3rd frame, etc.
-      ################
-      take_frame: 1
-
-      ################
-      # The expected framerate for the camera. Frigate will try and ensure it maintains this framerate
-      # by dropping frames as necessary. Setting this lower than the actual framerate will allow frigate
-      # to process every frame at the expense of realtime processing.
-      ################
-      fps: 5
-
-      ################
-      # Configuration for the snapshots in the debug view and mqtt
-      ################
-      snapshots:
-        show_timestamp: True
-
-      ################
-      # Camera level object config. This config is merged with the global config above.
-      ################
-      objects:
-        track:
-          - person
-        filters:
-          person:
-            min_area: 5000
-            max_area: 100000
-            threshold: 0.5
-
-
-# Probes configuration
-probes:
-  liveness:
-    enabled: true
-    initialDelaySeconds: 30
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    enabled: true
-    initialDelaySeconds: 30
-    failureThreshold: 5
-    timeoutSeconds: 10
-  startup:
-    enabled: false
-    failureThreshold: 30
-    periodSeconds: 10
-
-service:
-  type: ClusterIP
-  port: 5000
-  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  # nodePort:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  ## Use loadBalancerIP to request a specific static IP,
-  ## otherwise leave blank
-  ##
-  loadBalancerIP:
-  # loadBalancerSourceRanges: []
-  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
-  # externalTrafficPolicy: Cluster
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}

charts/gaps/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: latest
 description: Gaps searches through your Plex Server or local folders for all movies, then queries for known movies in the same collection.
 name: gaps
-version: 1.1.0
+version: 1.2.0
 keywords:
   - plex
   - plex-media-server
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/gonic/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/gonic/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+appVersion: v0.12.0
+description: Music streaming server / subsonic server API implementation
+name: gonic
+version: 2.1.0
+keywords:
+  - music
+  - subsonic
+home: https://github.com/k8s-at-home/charts/tree/master/charts/gonic
+icon: https://raw.githubusercontent.com/sentriz/gonic/master/.github/logo.png
+sources:
+  - https://github.com/sentriz/gonic
+  - https://hub.docker.com/r/sentriz/gonic
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.4.0

charts/gonic/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/gonic/README.md

@@ -0,0 +1,67 @@
+# Gonic
+
+This is a helm chart for [Gonic](https://github.com/sentriz/gonic).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/gonic
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/gonic
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/gonic/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install gonic \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/gonic
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install gonic k8s-at-home/gonic --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/gonic/ci/ct-values.yaml

@@ -0,0 +1,21 @@
+env:
+  GONIC_MUSIC_PATH: "/music"
+  GONIC_PODCAST_PATH: "/podcasts"
+  GONIC_CACHE_PATH: "/cache"
+persistence:
+  data:
+    enabled: true
+    emptyDir: true
+    mountPath: /data
+  podcasts:
+    enabled: true
+    emptyDir: true
+    mountPath: /podcasts
+  cache:
+    enabled: true
+    emptyDir: true
+    mountPath: /cache
+  music:
+    enabled: true
+    emptyDir: true
+    mountPath: /music

charts/gonic/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/gonic/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/gonic/values.yaml

@@ -0,0 +1,51 @@
+# Default values for Gonic.
+
+image:
+  repository: sentriz/gonic
+  pullPolicy: IfNotPresent
+  tag: v0.12.0
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 80
+
+# # See more environment variables in the gonic documentation
+# https://github.com/sentriz/gonic#configuration-options
+env: {}
+  # TZ:
+  # GONIC_MUSIC_PATH:
+  # GONIC_PODCAST_PATH:
+  # GONIC_CACHE_PATH:
+
+persistence:
+  data:
+    enabled: false
+    emptyDir: false
+
+  podcasts:
+    enabled: false
+    emptyDir: false
+
+  cache:
+    enabled: false
+    emptyDir: false
+
+  music:
+    enabled: false
+    emptyDir: false
+    mountPath: /music
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""

charts/grocy/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.7.1
 description: ERP beyond your fridge - grocy is a web-based self-hosted groceries & household management solution for your home
 name: grocy
-version: 4.3.0
+version: 4.4.0
 keywords:
   - grocy
 home: https://github.com/k8s-at-home/charts/tree/master/charts/grocy
@@ -14,5 +14,5 @@ maintainers:
     email: jeff@billimek.com
 dependencies:
   - name: common
-    version: 2.2.0
+    version: 2.4.0
     repository: https://k8s-at-home.com/charts/

charts/heimdall/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.2.2
 description: An Application dashboard and launcher
 name: heimdall
-version: 4.2.0
+version: 4.3.0
 keywords:
   - heimdall
 home: https://github.com/k8s-at-home/charts/tree/master/charts/heimdall
@@ -15,5 +15,5 @@ maintainers:
     email: jeff@billimek.com
 dependencies:
   - name: common
-    version: 2.2.0
+    version: 2.4.0
     repository: https://k8s-at-home.com/charts/

charts/home-assistant/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 2020.12.1
+appVersion: 2021.1.5
 description: Home Assistant
 name: home-assistant
-version: 5.4.0
+version: 5.5.0
 keywords:
 - home-assistant
 - hass
@@ -19,7 +19,7 @@ maintainers:
 dependencies:
 - name: common
   repository: https://k8s-at-home.com/charts/
-  version: 2.2.0
+  version: 2.4.0
 - name: postgresql
   version: 10.2.0
   repository: https://charts.bitnami.com/bitnami

charts/home-assistant/values.yaml

@@ -1,9 +1,9 @@
-# Default values for zwave2mqtt.
+# Default values for home-assistant.
 
 image:
   repository: homeassistant/home-assistant
   pullPolicy: IfNotPresent
-  tag: 2020.12.1
+  tag: 2021.1.5
 
 strategy:
   type: Recreate

charts/homer/Chart.yaml

@@ -4,7 +4,7 @@ description: A dead simple static HOMepage for your servER to keep your services
 icon: https://raw.githubusercontent.com/bastienwirtz/homer/main/public/logo.png
 home: https://github.com/bastienwirtz/homer
 name: homer
-version: 2.3.0
+version: 2.4.0
 sources:
   - https://github.com/bastienwirtz/homer
 maintainers:
@@ -12,5 +12,5 @@ maintainers:
     email: jeff@billimek.com
 dependencies:
   - name: common
-    version: 2.2.0
+    version: 2.4.0
     repository: https://k8s-at-home.com/charts/

charts/hyperion-ng/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.0.0-alpha9
 description: Hyperion is an opensource Bias or Ambient Lighting implementation
 name: hyperion-ng
-version: 1.1.0
+version: 1.2.0
 keywords:
   - hyperion-ng
   - hyperion
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/icantbelieveitsnotvaletudo/README.md

@@ -1,6 +1,6 @@
 # I can't belive it's not Valetudo
 
-Map generation companion service for [Valetudo](valetudo.cloud)
+Map generation companion service for [Valetudo](https://valetudo.cloud/)
 
 ## TL;DR;
 

charts/jackett/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.16.2106
 description: API Support for your favorite torrent trackers
 name: jackett
-version: 6.3.0
+version: 6.4.0
 keywords:
   - jackett
   - torrent
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/jellyfin/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 10.6.4
 description: Jellyfin is a Free Software Media System
 name: jellyfin
-version: 4.3.0
+version: 4.4.0
 keywords:
   - jellyfin
   - plex
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/lazylibrarian/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: lazylibrarian
 description: A Helm chart for deploying LazyLibrarian
-version: 2.0.1
+version: 3.1.0
 appVersion: 1.7.2
 keywords:
   - lazylibrarian
@@ -14,3 +14,7 @@ sources:
 maintainers:
   - name: billimek
     email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.4.0

charts/lazylibrarian/README.md

@@ -1,6 +1,8 @@
-# LazyLibrarian helm chart
+# LazyLibrarian
 
-This is a helm chart for [LazyLibrarian](https://gitlab.com/LazyLibrarian/LazyLibrarian.git) based on the [container image provided by LinuxServer.io](https://hub.docker.com/r/linuxserver/lazylibrarian/).
+This is a helm chart for [LazyLibrarian](https://gitlab.com/LazyLibrarian/LazyLibrarian.git).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
 
 ## TL;DR
 
@@ -13,89 +15,67 @@ $ helm install k8s-at-home/lazylibrarian
 
 To install the chart with the release name `my-release`:
 
-```shell
-helm install my-release k8s-at-home/lazylibrarian
+```console
+helm install --name my-release k8s-at-home/lazylibrarian
 ```
 
 ## Uninstalling the Chart
 
 To uninstall/delete the `my-release` deployment:
 
-```shell
+```console
 helm delete my-release --purge
 ```
 
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
 ## Configuration
-
-The following tables lists the configurable parameters of the LazyLibrarian chart and their default values.
-
-| Parameter                                   | Description                                                                                         | Default                                        |
-| ------------------------------------------- | --------------------------------------------------------------------------------------------------- | ---------------------------------------------- |
-| `image.repository`                          | Image repository                                                                                    | `linuxserver/lazylibrarian`                    |
-| `image.tag`                                 | Image tag. Possible values listed [here](https://hub.docker.com/r/linuxserver/lazylibrarian/tags/). | `581cdfb3-ls23`                                |
-| `image.pullPolicy`                          | Image pull policy                                                                                   | `IfNotPresent`                                 |
-| `strategyType`                              | Specifies the strategy used to replace old Pods by new ones                                         | `Recreate`                                     |
-| `timezone`                                  | Timezone the instance should run as, e.g. 'America/New_York'                                        | `UTC`                                          |
-| `puid`                                      | process userID the instance should run as                                                           | `1001`                                         |
-| `pgid`                                      | process groupID the instance should run as                                                          | `1001`                                         |
-| `dockerMods.calibre.enabled`                | Enable optional calibre conversion feature. refer [here](https://github.com/linuxserver/docker-lazylibrarian#application-setup) | `false`            |
-| `dockerMods.calibre.image.repository`       | DockerMod image repository                                                                          | `linuxserver/calibre-web`                      |
-| `dockerMods.calibre.image.tag`              | DockerMod image tag. Can be found [here](https://hub.docker.com/r/linuxserver/calibre-web/tags/)    | `calibre`                                      |
-| `dockerMods.ffmpeg.enabled`                 | Enable optional ffmpeg conversion feature. refer [here](https://github.com/linuxserver/docker-lazylibrarian#application-setup) | `false`             |
-| `dockerMods.ffmpeg.image.repository`        | DockerMod image repository                                                                          | `linuxserver/mods`                             |
-| `dockerMods.ffmpeg.image.tag`               | DockerMod image tag.                                                                                | `lazylibrarian-ffmpeg`                         |
-| `probes.liveness.enabled`                   | Enables liveness probe for the main container                                                       | `true`                                         |
-| `probes.liveness.initialDelaySeconds`       | Specify liveness `initialDelaySeconds` parameter for the main container                             | `60`                                           |
-| `probes.liveness.failureThreshold`          | Specify liveness `failureThreshold` parameter for the main container                                | `5`                                            |
-| `probes.liveness.timeoutSeconds`            | Specify liveness `timeoutSeconds` parameter for the main container                                  | `10`                                           |
-| `probes.readiness.enabled`                  | Enables readiness probe for the main container                                                      | `true`                                         |
-| `probes.readiness.initialDelaySeconds`      | Specify readiness `initialDelaySeconds` parameter for the main container                            | `60`                                           |
-| `probes.readiness.failureThreshold`         | Specify readiness `failureThreshold` parameter for the main container                               | `5`                                            |
-| `probes.readiness.timeoutSeconds`           | Specify readiness `timeoutSeconds` parameter for the main container                                 | `10`                                           |
-| `probes.startup.enabled`                    | Enables startup probe for the main container                                                        | `false`                                        |
-| `probes.startup.failureThreshold`           | Specify startup `failureThreshold` parameter for the main container                                 | `30`                                           |
-| `probes.startup.timeoutSeconds`             | Specify startup `periodSeconds` parameter for the main container                                    | `10`                                           |
-| `service.type`                              | Kubernetes service type for the GUI                                                                 | `ClusterIP`                                    |
-| `service.port`                              | Kubernetes port where the GUI is exposed                                                            | `5299`                                         |
-| `service.annotations`                       | Service annotations for the GUI                                                                     | `{}`                                           |
-| `service.labels`                            | Custom labels                                                                                       | `{}`                                           |
-| `service.loadBalancerIP`                    | Loadbalancer IP for the GUI                                                                         | `{}`                                           |
-| `service.loadBalancerSourceRanges`          | List of IP CIDRs allowed access to load balancer (if supported)                                     | None                                           |
-| `ingress.enabled`                           | Enables Ingress                                                                                     | `false`                                        |
-| `ingress.annotations`                       | Ingress annotations                                                                                 | `{}`                                           |
-| `ingress.labels`                            | Custom labels                                                                                       | `{}`                                           |
-| `ingress.path`                              | Ingress path                                                                                        | `/`                                            |
-| `ingress.hosts`                             | Ingress accepted hostnames                                                                          | `chart-example.local`                          |
-| `ingress.tls`                               | Ingress TLS configuration                                                                           | `[]`                                           |
-| `persistence.enabled`                       | Use persistent volume to store configuration data                                                   | `true`                                         |
-| `persistence.size`                          | Size of persistent volume claim                                                                     | `1Gi`                                          |
-| `persistence.existingClaim`                 | Use an existing PVC to persist data                                                                 | `nil`                                          |
-| `persistence.storageClass`                  | Type of persistent volume claim                                                                     | `-`                                            |
-| `persistence.subPath`                       | Mount a sub directory if set                                                                        | `nil          `                                |
-| `persistence.accessMode`                    | Persistence access mode                                                                             | `ReadWriteOnce`                                |
-| `persistence.extraVolumes`                  | Optionally add multiple additional volumes                                                          | `[]`                                           |
-| `resources`                                 | CPU/Memory resource requests/limits                                                                 | `{}`                                           |
-| `nodeSelector`                              | Node labels for pod assignment                                                                      | `{}`                                           |
-| `tolerations`                               | Toleration labels for pod assignment                                                                | `[]`                                           |
-| `affinity`                                  | Affinity settings for pod assignment                                                                | `{}`                                           |
-| `podAnnotations`                            | Key-value pairs to add as pod annotations                                                           | `{}`                                           |
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/lazylibrarian/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
 ```console
-helm install my-release \
-  --set timezone="Europe/Amsterdam" \
+helm install lazylibrarian \
+  --set env.TZ="America/New_York" \
     k8s-at-home/lazylibrarian
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
 ```console
-helm install my-release -f values.yaml k8s-at-home/lazylibrarian
+helm install lazylibrarian k8s-at-home/lazylibrarian --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
 ```
 
 ---
+**NOTE**
 
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/lazylibrarian/values.yaml) file. It has several commented out suggested values.
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `pguid` has been moved to `env`
+* `pgid` has been moved to `env`
+* All dockermods have been moved to `env`
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.

charts/lazylibrarian/templates/NOTES.txt

@@ -1,21 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "lazylibrarian.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "lazylibrarian.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "lazylibrarian.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "lazylibrarian.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:{{ .Values.service.port }}
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}

charts/lazylibrarian/templates/_helpers.tpl

@@ -1,107 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "lazylibrarian.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "lazylibrarian.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "lazylibrarian.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "lazylibrarian.labels" -}}
-helm.sh/chart: {{ include "lazylibrarian.chart" . }}
-{{ include "lazylibrarian.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "lazylibrarian.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "lazylibrarian.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "lazylibrarian.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "lazylibrarian.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Determine the addons to be installed
-*/}}
-{{- define "lazylibrarian.enabledAddons" -}}
-{{- $enabledAddons := list -}}
-{{- if .Values.dockerMods.calibre.enabled }}
-{{- $enabledAddons = printf "%s:%s" .Values.dockerMods.calibre.image.repository .Values.dockerMods.calibre.image.tag | append $enabledAddons -}}
-{{- end -}}
-{{- if .Values.dockerMods.ffmpeg.enabled }}
-{{- $enabledAddons = printf "%s:%s" .Values.dockerMods.ffmpeg.image.repository .Values.dockerMods.ffmpeg.image.tag | append $enabledAddons -}}
-{{- end -}}
-{{- join "|" $enabledAddons | quote -}}
-{{- end -}}
-
-{{/*
-Get the additional volumes
-*/}}
-{{- define "lazylibrarian.extraVolumes" -}}
-{{- if .Values.persistence.extraVolumes }}
-{{- $extraVolumes := .Values.persistence.extraVolumes -}}
-{{- range $extraVolumes }}
-{{- $_ := unset . "mountPath" }}
-{{- end }}
-{{- toYaml $extraVolumes }}
-{{- end }}
-{{- end }}
-
-{{/*
-Get the additional volumeMounts
-*/}}
-{{- define "lazylibrarian.extraVolumeMounts" -}}
-{{- if .Values.persistence.extraVolumes }}
-{{- $extraVolumeMounts := list -}}
-{{- range .Values.persistence.extraVolumes }}
-{{- if .mountPath }}
-{{- $extraVolumeMounts = dict "name" .name "mountPath" .mountPath | append $extraVolumeMounts -}}
-{{- else }}
-{{- $extraVolumeMounts = dict "name" .name "mountPath" (printf "/mnt/%s" .name) | append $extraVolumeMounts -}}
-{{- end }}
-{{- end }}
-{{- toYaml $extraVolumeMounts }}
-{{- end }}
-{{- end }}

charts/lazylibrarian/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/lazylibrarian/templates/hpa.yaml

@@ -1,15 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "lazylibrarian.fullname" . }}
-  labels:
-  {{- include "lazylibrarian.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: StatefulSet
-    name: {{ include "lazylibrarian.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-{{- end }}

charts/lazylibrarian/templates/ingress.yaml

@@ -1,41 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "lazylibrarian.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    {{- include "lazylibrarian.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ . }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-          {{- end }}
-    {{- end }}
-  {{- end }}

charts/lazylibrarian/templates/service.yaml

@@ -1,32 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "lazylibrarian.fullname" . }}
-  labels:
-    {{- include "lazylibrarian.labels" . | nindent 4 }}
-  {{- if .Values.service.annotations }}
-  annotations:
-  {{ toYaml .Values.service.annotations | indent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.load }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "lazylibrarian.selectorLabels" . | nindent 4 }}

charts/lazylibrarian/templates/serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "lazylibrarian.serviceAccountName" . }}
-  labels:
-    {{- include "lazylibrarian.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}

charts/lazylibrarian/templates/statefulset.yaml

@@ -1,132 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ include "lazylibrarian.fullname" . }}
-  labels:
-  {{- include "lazylibrarian.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-  {{- include "lazylibrarian.selectorLabels" . | nindent 6 }}
-  serviceName: {{ include "lazylibrarian.name" . }}
-  template:
-    metadata:
-    {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      labels:
-        {{- include "lazylibrarian.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "lazylibrarian.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          env:
-            - name: TZ
-              value: {{ .Values.timezone }}
-            - name: PUID
-              value: {{ .Values.puid | quote }}
-            - name: PGID
-              value: {{ .Values.pgid | quote }}
-            - name: DOCKER_MODS
-              value: {{ include "lazylibrarian.enabledAddons" . }}
-          volumeMounts:
-            - name: config
-              mountPath: /config
-            {{- include "lazylibrarian.extraVolumeMounts" . | nindent 12 }}
-          {{- if .Values.probes.liveness.enabled }}
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-              scheme: {{ .Values.probes.liveness.scheme }}
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.probes.readiness.enabled }}
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
-              scheme: {{ .Values.probes.readiness.scheme }}
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.probes.startup.enabled }}
-          startupProbe:
-            httpGet:
-              path: /
-              port: http
-              scheme: {{ .Values.probes.startup.scheme }}
-            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
-            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-
-      volumes:
-        {{- if not .Values.persistence.enabled }}
-        - name: config
-          emptyDir: {}
-        {{- end }}
-        {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
-        - name: config
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.existingClaim }}
-        {{- end }}
-        {{- include "lazylibrarian.extraVolumes" . | nindent 8 }}
-
-  volumeClaimTemplates:
-    {{- if and .Values.persistence.enabled ( not .Values.persistence.existingClaim ) }}
-    - metadata:
-        name: config
-        labels:
-        {{- include "lazylibrarian.labels" . | nindent 10 }}
-        {{- if .Values.persistence.annotations  }}
-        annotations:
-        {{- toYaml .Values.persistence.annotations | nindent 10 }}
-      {{- end }}
-      spec:
-        accessModes: [ {{ .Values.persistence.accessMode | quote }} ]
-        resources:
-          requests:
-            storage: {{ .Values.persistence.size | quote }}
-        {{- if .Values.persistence.storageClass }}
-        {{- if (eq "-" .Values.persistence.storageClass) }}
-        storageClassName: ""
-        {{- else }}
-        storageClassName: {{ .Values.persistence.storageClass | quote }}
-        {{- end }}
-  {{- end }}
-  {{- end }}

charts/lazylibrarian/values.yaml

@@ -1,153 +1,43 @@
-# Default values for lazylibrarian.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 1
+# Default values for LazyLibrarian.
 
 image:
   repository: linuxserver/lazylibrarian
   pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: 2551a8bc-ls25
+  tag: version-047f91af
 
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-timezone: UTC
-puid: 1001
-pgid: 1001
-
-# Linuxserver.io additional layers.
-# Enables additional features for the image, at the cost of increased size and
-# possible incompatabilities with certain architectures. Disabled by default.
-#
-# To enable, set enabled to true, and follow the guide at: https://github.com/linuxserver/docker-lazylibrarian#application-setup
-# to configure the application.
-dockerMods:
-  # Enable the Calibre Docker Mod to allow Calibredb import
-  calibre:
-    enabled: false
-    image:
-      repository: linuxserver/calibre-web
-      tag: calibre
-  # Enable the FFMpeg Docker Mod. This allows using the audiobook conversion features of LazyLibrarian.
-  ffmpeg:
-    enabled: false
-    image:
-      repository: linuxserver/mods
-      tag: lazylibrarian-ffmpeg
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-persistence:
-  enabled: false
-  annotations: {}
-  ## lazylibrarian data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-  # storageClass: "-"
-
-  ## If you want to reuse an existing claim, you can pass the name of the PVC using
-  ## the existingClaim variable
-  ##
-  # existingClaim: lazylibrarian-config
-  accessMode: ReadWriteOnce
-  size: 1Gi
-
-  # Any extra volumes to define for the pod
-  # Volumes will be mounted to the folder specified under mountPath
-  # If no mountPath is set it will be mounted to /mnt/<name>
-  extraVolumes: []
-  #  - name: example-name
-  #    hostPath:
-  #      path: /path/on/host
-  #    type: DirectoryOrCreate
-  #    mountPath: "/mnt/test"
+strategy:
+  type: Recreate
 
 service:
-  type: ClusterIP
-  port: 5299
-  # externalTrafficPolicy: Local
-  # loadBalancerIP: ""
-  # loadBalancerSourceRanges: []
-  annotations: {}
+  port:
+    port: 5299
 
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths: []
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+env: {}
+  # TZ: UTC
+  # PUID: 1001
+  # PGID: 1001
+  ## Docker Mods are not actively tested and might not work as expected.
+  # DOCKER_MODS=linuxserver/mods:lazylibrarian-ffmpeg
+  # DOCKER_MODS=linuxserver/calibre-web:calibre
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-probes:
-  liveness:
-    enabled: true
-    scheme: HTTP
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    enabled: true
-    scheme: HTTP
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  startup:
+persistence:
+  config:
     enabled: false
-    scheme: HTTP
-    failureThreshold: 30
-    periodSeconds: 10
+    emptyDir: false
 
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
+  media:
+    enabled: false
+    emptyDir: false
+    mountPath: /media
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""

charts/lidarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.8.0.1886
 description: Looks and smells like Sonarr but made for music
 name: lidarr
-version: 6.3.0
+version: 6.4.0
 keywords:
   - lidarr
   - torrent
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/lychee/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.8
 description: Lychee is a free photo-management tool, which runs on your server or web-space
 name: lychee
-version: 2.3.0
+version: 2.4.0
 keywords:
   - lychee
   - photo
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0

charts/monica/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.19.1
 description: A Personal Relationship Management tool to help you organize your social life
 name: monica
-version: 2.4.0
+version: 2.5.0
 keywords:
   - crm
 home: https://www.monicahq.com/
@@ -16,7 +16,7 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: 2.2.0
+    version: 2.4.0
   - name: mariadb
     version: 9.2.0
     repository: https://charts.bitnami.com/bitnami

charts/mosquitto/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: "1.6.12"
+appVersion: "2.0.4"
 description: Eclipse Mosquitto - An open source MQTT broker
 name: mosquitto
-version: 0.5.0
+version: 0.7.0
 keywords:
   - message queue
   - MQTT

charts/mosquitto/templates/NOTES.txt

@@ -1,6 +1,6 @@
 ** Please be patient while the chart is being deployed **
 
-Mosquitto can be accessed within the cluster on port 1883 at {{ template "mosquitto.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+Mosquitto can be accessed within the cluster on port {{ .Values.service.port }} at {{ template "mosquitto.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
 
 To access for outside the cluster, perform the following steps:
 
@@ -26,13 +26,13 @@ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
 
 To Access the Moquitto port:
 
-    echo "URL : mqtt://$SERVICE_IP:1883/"
+    echo "URL : mqtt://$SERVICE_IP:{{ .Values.service.port }}/"
 
 {{- else if contains "ClusterIP"  .Values.service.type }}
 
 To Access the Mosquitto MQTT port:
 
-    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mosquitto.fullname" . }} 1883:1883
-    echo "URL : mqtt://127.0.0.1:1883/"
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mosquitto.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }}
+    echo "URL : mqtt://127.0.0.1:{{ .Values.service.port }}/"
 
 {{- end }}

charts/mosquitto/templates/configmap.yaml

@@ -40,20 +40,6 @@ data:
     #per_listener_settings false
 
 
-    # If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
-    # and foo/+/baz , then MQTT expects that when the broker receives a message on
-    # a topic that matches both subscriptions, such as foo/bar/baz, then the client
-    # should only receive the message once.
-    # Mosquitto keeps track of which clients a message has been sent to in order to
-    # meet this requirement. The allow_duplicate_messages option allows this
-    # behaviour to be disabled, which may be useful if you have a large number of
-    # clients subscribed to the same set of topics and are very concerned about
-    # minimising memory usage.
-    # It can be safely set to true if you know in advance that your clients will
-    # never have overlapping subscriptions, otherwise your clients must be able to
-    # correctly deal with duplicate messages even when then have QoS=2.
-    #allow_duplicate_messages false
-
     # This option controls whether a client is allowed to connect with a zero
     # length client id or not. This option only affects clients using MQTT v3.1.1
     # and later. If set to false, clients connecting with a zero length client id
@@ -120,12 +106,16 @@ data:
     # be queued until the first limit is reached.
     #max_queued_bytes 0
 
+    # Set the maximum QoS supported. Clients publishing at a QoS higher than
+    # specified here will be disconnected.
+    #max_qos 2
+
     # The maximum number of QoS 1 and 2 messages to hold in a queue per client
-    # above those that are currently in-flight.  Defaults to 100. Set
+    # above those that are currently in-flight.  Defaults to 1000. Set
     # to 0 for no maximum (not recommended).
     # See also queue_qos0_messages.
     # See also max_queued_bytes.
-    #max_queued_messages 100
+    #max_queued_messages 1000
     #
     # This option sets the maximum number of heap memory bytes that the broker will
     # allocate, and hence sets a hard limit on memory use by the broker.  Memory
@@ -164,7 +154,7 @@ data:
 
     # Write process id to a file. Default is a blank string which means
     # a pid file shouldn't be written.
-    # This should be set to /var/run/mosquitto.pid if mosquitto is
+    # This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is
     # being run automatically on boot with an init script and
     # start-stop-daemon or similar.
     #pid_file
@@ -201,171 +191,15 @@ data:
     # When run as root, drop privileges to this user and its primary
     # group.
     # Set to root to stay as root, but this is not recommended.
+    # If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
+    # then it will drop privileges to the "nobody" user instead.
     # If run as a non-root user, this setting has no effect.
-    # Note that on Windows this has no effect and so mosquitto should
-    # be started by the user you wish it to run as.
+    # Note that on Windows this has no effect and so mosquitto should be started by
+    # the user you wish it to run as.
     #user mosquitto
 
     # =================================================================
-    # Default listener
-    # =================================================================
-
-    # IP address/hostname to bind the default listener to. If not
-    # given, the default listener will not be bound to a specific
-    # address and so will be accessible to all network interfaces.
-    # bind_address ip-address/host name
-    #bind_address
-
-    # Port to use for the default listener.
-    #port 1883
-
-    # Bind the listener to a specific interface. This is similar to
-    # bind_address above but is useful when an interface has multiple addresses or
-    # the address may change. It is valid to use this with the bind_address option,
-    # but take care that the interface you are binding to contains the address you
-    # are binding to, otherwise you will not be able to connect.
-    # Example: bind_interface eth0
-    #bind_interface
-
-    # When a listener is using the websockets protocol, it is possible to serve
-    # http data as well. Set http_dir to a directory which contains the files you
-    # wish to serve. If this option is not specified, then no normal http
-    # connections will be possible.
-    #http_dir
-
-    # The maximum number of client connections to allow. This is
-    # a per listener setting.
-    # Default is -1, which means unlimited connections.
-    # Note that other process limits mean that unlimited connections
-    # are not really possible. Typically the default maximum number of
-    # connections possible is around 1024.
-    #max_connections -1
-
-    # Choose the protocol to use when listening.
-    # This can be either mqtt or websockets.
-    # Websockets support is currently disabled by default at compile time.
-    # Certificate based TLS may be used with websockets, except that
-    # only the cafile, certfile, keyfile and ciphers options are supported.
-    #protocol mqtt
-
-    # Set use_username_as_clientid to true to replace the clientid that a client
-    # connected with with its username. This allows authentication to be tied to
-    # the clientid, which means that it is possible to prevent one client
-    # disconnecting another by using the same clientid.
-    # If a client connects with no username it will be disconnected as not
-    # authorised when this option is set to true.
-    # Do not use in conjunction with clientid_prefixes.
-    # See also use_identity_as_username.
-    #use_username_as_clientid
-
-    # -----------------------------------------------------------------
-    # Certificate based SSL/TLS support
-    # -----------------------------------------------------------------
-    # The following options can be used to enable SSL/TLS support for
-    # this listener. Note that the recommended port for MQTT over TLS
-    # is 8883, but this must be set manually.
-    #
-    # See also the mosquitto-tls man page.
-
-    # At least one of cafile or capath must be defined. They both
-    # define methods of accessing the PEM encoded Certificate
-    # Authority certificates that have signed your server certificate
-    # and that you wish to trust.
-    # cafile defines the path to a file containing the CA certificates.
-    # capath defines a directory that will be searched for files
-    # containing the CA certificates. For capath to work correctly, the
-    # certificate files must have ".crt" as the file ending and you must run
-    # "openssl rehash <path to capath>" each time you add/remove a certificate.
-    #cafile
-    #capath
-
-    # Path to the PEM encoded server certificate.
-    #certfile
-
-    # Path to the PEM encoded keyfile.
-    #keyfile
-
-
-    # If you have require_certificate set to true, you can create a certificate
-    # revocation list file to revoke access to particular client certificates. If
-    # you have done this, use crlfile to point to the PEM encoded revocation file.
-    #crlfile
-
-    # If you wish to control which encryption ciphers are used, use the ciphers
-    # option. The list of available ciphers can be obtained using the "openssl
-    # ciphers" command and should be provided in the same format as the output of
-    # that command.
-    # If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
-    #ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
-
-    # To allow the use of ephemeral DH key exchange, which provides forward
-    # security, the listener must load DH parameters. This can be specified with
-    # the dhparamfile option. The dhparamfile can be generated with the command
-    # e.g. "openssl dhparam -out dhparam.pem 2048"
-    #dhparamfile
-
-    # By default a TLS enabled listener will operate in a similar fashion to a
-    # https enabled web server, in that the server has a certificate signed by a CA
-    # and the client will verify that it is a trusted certificate. The overall aim
-    # is encryption of the network traffic. By setting require_certificate to true,
-    # the client must provide a valid certificate in order for the network
-    # connection to proceed. This allows access to the broker to be controlled
-    # outside of the mechanisms provided by MQTT.
-    #require_certificate false
-
-    # This option defines the version of the TLS protocol to use for this listener.
-    # The default value allows all of v1.3, v1.2 and v1.1. The valid values are
-    # tlsv1.3 tlsv1.2 and tlsv1.1.
-    #tls_version
-
-    # If require_certificate is true, you may set use_identity_as_username to true
-    # to use the CN value from the client certificate as a username. If this is
-    # true, the password_file option will not be used for this listener.
-    # This takes priority over use_subject_as_username.
-    # See also use_subject_as_username.
-    #use_identity_as_username false
-
-    # If require_certificate is true, you may set use_subject_as_username to true
-    # to use the complete subject value from the client certificate as a username.
-    # If this is true, the password_file option will not be used for this listener.
-    # See also use_identity_as_username
-    #use_subject_as_username false
-
-    # -----------------------------------------------------------------
-    # Pre-shared-key based SSL/TLS support
-    # -----------------------------------------------------------------
-    # The following options can be used to enable PSK based SSL/TLS support for
-    # this listener. Note that the recommended port for MQTT over TLS is 8883, but
-    # this must be set manually.
-    #
-    # See also the mosquitto-tls man page and the "Certificate based SSL/TLS
-    # support" section. Only one of certificate or PSK encryption support can be
-    # enabled for any listener.
-
-    # The psk_hint option enables pre-shared-key support for this listener and also
-    # acts as an identifier for this listener. The hint is sent to clients and may
-    # be used locally to aid authentication. The hint is a free form string that
-    # doesn't have much meaning in itself, so feel free to be creative.
-    # If this option is provided, see psk_file to define the pre-shared keys to be
-    # used or create a security plugin to handle them.
-    #psk_hint
-
-    # When using PSK, the encryption ciphers used will be chosen from the list of
-    # available PSK ciphers. If you want to control which ciphers are available,
-    # use the "ciphers" option.  The list of available ciphers can be obtained
-    # using the "openssl ciphers" command and should be provided in the same format
-    # as the output of that command.
-    #ciphers
-
-    # Set use_identity_as_username to have the psk identity sent by the client used
-    # as its username. Authentication will be carried out using the PSK rather than
-    # the MQTT username/password and so password_file will not be used for this
-    # listener.
-    #use_identity_as_username false
-
-
-    # =================================================================
-    # Extra listeners
+    # Listeners
     # =================================================================
 
     # Listen on a port/ip address combination. By using this variable
@@ -379,8 +213,28 @@ data:
     # interface. By default, mosquitto will listen on all interfaces.
     # Note that for a websockets listener it is not possible to bind to a host
     # name.
-    # listener port-number [ip address/host name]
-    #listener
+    #
+    # On systems that support Unix Domain Sockets, it is also possible
+    # to create a # Unix socket rather than opening a TCP socket. In
+    # this case, the port number should be set to 0 and a unix socket
+    # path must be provided, e.g.
+    # listener 0 /tmp/mosquitto.sock
+    #
+    # listener port-number [ip address/host name/unix socket path]
+    listener {{ .Values.service.port }}
+
+    # By default, a listener will attempt to listen on all supported IP protocol
+    # versions. If you do not have an IPv4 or IPv6 interface you may wish to
+    # disable support for either of those protocol versions. In particular, note
+    # that due to the limitations of the websockets library, it will only ever
+    # attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail
+    # if IPv6 is not available.
+    #
+    # Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to
+    # force the listener to only use IPv6. If you want support for both IPv4 and
+    # IPv6, then do not use the socket_domain option.
+    #
+    #socket_domain
 
     # Bind the listener to a specific interface. This is similar to
     # the [ip address/host name] part of the listener definition, but is useful
@@ -416,7 +270,7 @@ data:
     # Choose the protocol to use when listening.
     # This can be either mqtt or websockets.
     # Certificate based TLS may be used with websockets, except that only the
-    # cafile, certfile, keyfile and ciphers options are supported.
+    # cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported.
     #protocol mqtt
 
     # Set use_username_as_clientid to true to replace the clientid that a client
@@ -447,17 +301,8 @@ data:
     # support" section. Only one of certificate or PSK encryption support can be
     # enabled for any listener.
 
-    # At least one of cafile or capath must be defined to enable certificate based
-    # TLS encryption. They both define methods of accessing the PEM encoded
-    # Certificate Authority certificates that have signed your server certificate
-    # and that you wish to trust.
-    # cafile defines the path to a file containing the CA certificates.
-    # capath defines a directory that will be searched for files
-    # containing the CA certificates. For capath to work correctly, the
-    # certificate files must have ".crt" as the file ending and you must run
-    # "openssl rehash <path to capath>" each time you add/remove a certificate.
-    #cafile
-    #capath
+    # Both of certfile and keyfile must be defined to enable certificate based
+    # TLS encryption.
 
     # Path to the PEM encoded server certificate.
     #certfile
@@ -465,13 +310,17 @@ data:
     # Path to the PEM encoded keyfile.
     #keyfile
 
-
     # If you wish to control which encryption ciphers are used, use the ciphers
     # option. The list of available ciphers can be optained using the "openssl
     # ciphers" command and should be provided in the same format as the output of
-    # that command.
+    # that command. This applies to TLS 1.2 and earlier versions only. Use
+    # ciphers_tls1.3 for TLS v1.3.
     #ciphers
 
+    # Choose which TLS v1.3 ciphersuites are used for this listener.
+    # Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+    #ciphers_tls1.3
+
     # If you have require_certificate set to true, you can create a certificate
     # revocation list file to revoke access to particular client certificates. If
     # you have done this, use crlfile to point to the PEM encoded revocation file.
@@ -492,6 +341,18 @@ data:
     # outside of the mechanisms provided by MQTT.
     #require_certificate false
 
+    # cafile and capath define methods of accessing the PEM encoded
+    # Certificate Authority certificates that will be considered trusted when
+    # checking incoming client certificates.
+    # cafile defines the path to a file containing the CA certificates.
+    # capath defines a directory that will be searched for files
+    # containing the CA certificates. For capath to work correctly, the
+    # certificate files must have ".crt" as the file ending and you must run
+    # "openssl rehash <path to capath>" each time you add/remove a certificate.
+    #cafile
+    #capath
+
+
     # If require_certificate is true, you may set use_identity_as_username to true
     # to use the CN value from the client certificate as a username. If this is
     # true, the password_file option will not be used for this listener.
@@ -566,9 +427,9 @@ data:
     # the path.
     #persistence_file mosquitto.db
 
-    # Location for persistent database. Must include trailing /
+    # Location for persistent database.
     # Default is an empty string (current directory).
-    # Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or
+    # Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or
     # similar.
     #persistence_location
     {{- if .Values.persistence.enabled }}
@@ -582,7 +443,7 @@ data:
 
     # Places to log to. Use multiple log_dest lines for multiple
     # logging destinations.
-    # Possible destinations are: stdout stderr syslog topic file
+    # Possible destinations are: stdout stderr syslog topic file dlt
     #
     # stdout and stderr log to the console on the named output.
     #
@@ -600,6 +461,9 @@ data:
     # closed and reopened when the broker receives a HUP signal. Only a single file
     # destination may be configured.
     #
+    # The dlt destination is for the automotive `Diagnostic Log and Trace` tool.
+    # This requires that Mosquitto has been compiled with DLT support.
+    #
     # Note that if the broker is running as a Windows service it will default to
     # "log_dest none" and neither stdout nor stderr logging is available.
     # Use "log_dest none" if you wish to disable logging.
@@ -661,12 +525,11 @@ data:
     # false then a password file should be created (see the
     # password_file option) to control authenticated client access.
     #
-    # Defaults to true if no other security options are set. If `password_file` or
-    # `psk_file` is set, or if an authentication plugin is loaded which implements
-    # username/password or TLS-PSK checks, then `allow_anonymous` defaults to
-    # false.
-    #
-    #allow_anonymous true
+    # Defaults to false, unless there are no listeners defined in the configuration
+    # file, in which case it is set to true, but connections are only allowed from
+    # the local machine.
+    #allow_anonymous false
+    allow_anonymous true
 
     # -----------------------------------------------------------------
     # Default authentication and topic access control
@@ -701,13 +564,17 @@ data:
     # comment.
     # Topic access is added with lines of the format:
     #
-    # topic [read|write|readwrite] <topic>
+    # topic [read|write|readwrite|deny] <topic>
     #
-    # The access type is controlled using "read", "write" or "readwrite". This
-    # parameter is optional (unless <topic> contains a space character) - if not
-    # given then the access is read/write.  <topic> can contain the + or #
+    # The access type is controlled using "read", "write", "readwrite" or "deny".
+    # This parameter is optional (unless <topic> contains a space character) - if
+    # not given then the access is read/write.  <topic> can contain the + or #
     # wildcards as in subscriptions.
     #
+    # The "deny" option can used to explicity deny access to a topic that would
+    # otherwise be granted by a broader read/write/readwrite statement. Any "deny"
+    # topics are handled before topics that grant read/write access.
+    #
     # The first set of topics are applied to anonymous clients, assuming
     # allow_anonymous is true. User specific topic ACLs are added after a
     # user line as follows:
@@ -811,6 +678,10 @@ data:
     #address <host>[:<port>] [<host>[:<port>]]
     #topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
 
+    # If you need to have the bridge connect over a particular network interface,
+    # use bridge_bind_address to tell the bridge which local IP address the socket
+    # should bind to, e.g. `bridge_bind_address 192.168.1.10`
+    #bridge_bind_address
 
     # If a bridge has topics that have "out" direction, the default behaviour is to
     # send an unsubscribe request to the remote broker on that topic. This means
@@ -821,7 +692,7 @@ data:
     #bridge_attempt_unsubscribe true
 
     # Set the version of the MQTT protocol to use with for this bridge. Can be one
-    # of mqttv311 or mqttv11. Defaults to mqttv311.
+    # of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311.
     #bridge_protocol_version mqttv311
 
     # Set the clean session variable for this bridge.
@@ -939,6 +810,23 @@ data:
     # properly.
     #try_private true
 
+    # Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism
+    # for brokers to tell clients that they do not support retained messages, but
+    # this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a
+    # v3.1.1 or v3.1 broker that does not support retained messages, set the
+    # bridge_outgoing_retain option to false. This will remove the retain bit on
+    # all outgoing messages to that bridge, regardless of any other setting.
+    #bridge_outgoing_retain true
+
+    # If you wish to restrict the size of messages sent to a remote bridge, use the
+    # bridge_max_packet_size option. This sets the maximum number of bytes for
+    # the total message, including headers and payload.
+    # Note that MQTT v5 brokers may provide their own maximum-packet-size property.
+    # In this case, the smaller of the two limits will be used.
+    # Set to 0 for "unlimited".
+    #bridge_max_packet_size 0
+
+
     # -----------------------------------------------------------------
     # Certificate based SSL/TLS support
     # -----------------------------------------------------------------

charts/mosquitto/templates/service.yaml

@@ -17,11 +17,11 @@ spec:
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
   {{- end }}
   ports:
-    - port: 1883
+    - port: {{ .Values.service.port }}
       targetPort: default
       protocol: TCP
       name: default
-    - port: 9001
+    - port: {{ .Values.service.websocketPort }}
       targetPort: websocket
       protocol: TCP
       name: websocket

charts/mosquitto/values.yaml

@@ -34,6 +34,8 @@ securityContext: {}
 service:
   annotations: {}
   type: ClusterIP
+  port: 1883
+  websocketPort: 9001
   # externalTrafficPolicy:
   # loadBalancerIP: