[oauth2-proxy] migrate oauth2-proxy chart (#179)

* Add jvmInitHeapSize and jvmMaxHeapSize which are passed on
  to the container as env vars

* Bump version, no change in default behaviour

* Update README.md with new configuration parameters

Signed-off-by: Thomas Ingvarsson <ingvarsson.thomas@gmail.com>

.github/workflows/lint-test.yaml

@@ -9,7 +9,7 @@ jobs:
       - name: Fetch history
         run: |
           git fetch --prune --unshallow;
-          echo ::set-env name=commitmsg::$(git log --format=%B -n 1 ${{ github.event.after }})
+          echo "commitmsg=$(git log --format=%B -n 1 ${{ github.event.after }})" >> $GITHUB_ENV
       - name: Run chart-testing (lint)
         id: lint
         uses: helm/chart-testing-action@v1.0.0

charts/bazarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.9.0.5
 description: Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements
 name: bazarr
-version: 4.0.1
+version: 4.4.0
 keywords:
   - bazarr
   - radarr
@@ -21,4 +21,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.5.0

charts/bazarr/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v0.9.0.5
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 6767

charts/common/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: Function library for k8s-at-home charts
 type: library
-version: 1.0.5
+version: 1.5.1
 keywords:
   - k8s-at-home
   - common

charts/common/templates/_all.tpl

@@ -1,8 +1,6 @@
 {{- define "common.all" -}}
   {{- /* Merge the local chart values and the common chart defaults */ -}}
-  {{- $defaultValues := .Values.common -}}
-  {{- $_ := deepCopy $defaultValues | merge .Values -}}
-  {{- $_ := unset .Values "common" -}}
+  {{- include "common.values.setup" . }}
   
   {{- /* Enable OpenVPN VPN add-on if required */ -}}
   {{- if .Values.addons.vpn.enabled }}

charts/common/templates/_deployment.tpl

@@ -4,9 +4,20 @@ kind: Deployment
 metadata:
   name: {{ template "common.names.fullname" . }}
   labels:
-  {{- include "common.labels" . | nindent 4 }}
+    {{- include "common.labels" . | nindent 4 }}
+    {{- with .Values.controllerLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.controllerAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.replicas }}
+  {{- with .Values.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   selector:
     matchLabels:
     {{- include "common.labels.selectorLabels" . | nindent 6 }}
@@ -42,14 +53,14 @@ spec:
 
       {{- with .Values.nodeSelector }}
       nodeSelector:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.affinity }}
       affinity:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.tolerations }}
       tolerations:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
 {{- end }}

charts/common/templates/_ingress.tpl

@@ -4,7 +4,6 @@
 
     {{- /* Generate primary ingress */ -}}
     {{- $ingressValues := .Values.ingress -}}
-    {{- $_ := set $ingressValues "svcPort" $svcPort -}}
     {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}}
     {{- include "common.classes.ingress" . }}
 
@@ -13,12 +12,11 @@
       {{- if $extraIngress.enabled -}}
         {{- print ("---") | nindent 0 -}}
         {{- $ingressValues := $extraIngress -}}
-        {{- $_ := set $ingressValues "svcPort" $svcPort -}}
         {{- if not $ingressValues.nameSuffix -}}
           {{- $_ := set $ingressValues "nameSuffix" $index -}}
         {{ end -}}
-        {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}}
-        {{- include "common.classes.ingress" . -}}
+        {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
+        {{- include "common.classes.ingress" $ -}}
       {{- end }}
     {{- end }}
   {{- end }}

charts/common/templates/_pvc.tpl

@@ -1,15 +1,14 @@
 {{- define "common.pvc" -}}
   {{- /* Generate pvc as required */ -}}
-  {{- $context := . -}}
   {{- range $index, $PVC := .Values.persistence }}
     {{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}}
       {{- $persistenceValues := $PVC -}}
       {{- if not $persistenceValues.nameSuffix -}}
         {{- $_ := set $persistenceValues "nameSuffix" $index -}}
       {{- end -}}
-      {{- $_ := set $context "ObjectValues" (dict "persistence" $persistenceValues) -}}
+      {{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}}
       {{- print ("---") | nindent 0 -}}
-      {{- include "common.classes.pvc" $context -}}
+      {{- include "common.classes.pvc" $ -}}
     {{- end }}
   {{- end }}
 {{- end }}

charts/common/templates/_service.tpl

@@ -1,5 +1,19 @@
 {{- define "common.service" -}}
   {{- if .Values.service.enabled -}}
+    {{- /* Generate primary service */ -}}
     {{- include "common.classes.service" . }}
+
+    {{- /* Generate additional services as required */ -}}
+    {{- range $index, $extraService := .Values.service.additionalServices }}
+      {{- if $extraService.enabled -}}
+        {{- print ("---") | nindent 0 -}}
+        {{- $serviceValues := $extraService -}}
+        {{- if not $serviceValues.nameSuffix -}}
+          {{- $_ := set $serviceValues "nameSuffix" $index -}}
+        {{ end -}}
+        {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
+        {{- include "common.classes.service" $ -}}
+      {{- end }}
+    {{- end }}
   {{- end }}
 {{- end }}

charts/common/templates/_statefulset.tpl

@@ -5,8 +5,19 @@ metadata:
   name: {{ template "common.names.fullname" . }}
   labels:
   {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.controllerLabels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.controllerAnnotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.replicas }}
+  {{- with .Values.strategy }}
+  updateStrategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   selector:
     matchLabels:
     {{- include "common.labels.selectorLabels" . | nindent 6 }}
@@ -43,14 +54,14 @@ spec:
 
       {{- with .Values.nodeSelector }}
       nodeSelector:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.affinity }}
       affinity:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.tolerations }}
       tolerations:
-        {{- toYaml . | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
 {{- end }}

charts/common/templates/addons/vpn/_volume.tpl

@@ -2,12 +2,12 @@
 The OpenVPN shared volume to be inserted
 */}}
 {{- define "common.addon.vpn.volume" -}}
-{{- if or .Values.addons.vpn.vpnConf .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
 name: vpnconfig
 configMap:
   name: {{ template "common.names.fullname" . }}-vpn
   items:
-    {{- if .Values.addons.vpn.vpnConf }}
+    {{- if .Values.addons.vpn.configFile }}
     - key: vpnConfigfile
       path: vpnConfigfile
     {{- end }}

charts/common/templates/addons/vpn/openvpn/_container.tpl

@@ -5,15 +5,15 @@ The OpenVPN container(s) to be inserted
 name: openvpn
 image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}"
 imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }}
+{{- with .Values.addons.vpn.securityContext }}
 securityContext:
-  capabilities:
-    add: 
-      - NET_ADMIN
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 {{- with .Values.addons.vpn.env }}
 env:
 {{- range $k, $v := . }}
   - name: {{ $k }}
-    value: {{ $v }}
+    value: {{ $v | quote }}
 {{- end }}
 {{- end }}  
 {{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }}
@@ -52,10 +52,10 @@ volumeMounts:
 {{- end }}
 {{- with .Values.addons.vpn.livenessProbe }}
 livenessProbe:
-  {{- toYaml . | nindent 4 }}
+  {{- toYaml . | nindent 2 }}
 {{- end -}}
 {{- with .Values.addons.vpn.resources }}
 resources:
-  {{- toYaml . | nindent 4 }}
+  {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- end -}}

charts/common/templates/addons/vpn/wireguard/_addon.tpl

@@ -3,7 +3,7 @@ Template to render Wireguard addon
 */}}
 {{- define "common.addon.wireguard" -}}
   {{/* Append the Wireguard container to the additionalContainers */}}
-  {{- $container := include "common.addon.wireguard.container" . | fromYaml -}}
+  {{- $container := fromYaml (include "common.addon.wireguard.container" .) -}}
   {{- if $container -}}
     {{- $additionalContainers := append .Values.additionalContainers $container -}}
     {{- $_ := set .Values "additionalContainers" $additionalContainers -}}

charts/common/templates/addons/vpn/wireguard/_container.tpl

@@ -5,24 +5,22 @@ The Wireguard container(s) to be inserted
 name: wireguard
 image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}"
 imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }}
+{{- with .Values.addons.vpn.securityContext }}
 securityContext:
-  privileged: true
-  capabilities:
-    add: 
-      - NET_ADMIN
-      - SYS_MODULE
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 {{- with .Values.addons.vpn.env }}
 env:
 {{- range $k, $v := . }}
   - name: {{ $k }}
-    value: {{ $v }}
+    value: {{ $v | quote }}
 {{- end }}
 {{- end }}
 {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
 volumeMounts:
 {{- if .Values.addons.vpn.configFile }}
   - name: vpnconfig
-    mountPath: /config/wg0.conf
+    mountPath: /etc/wireguard/wg0.conf
     subPath: vpnConfigfile
 {{- end }}
 {{- if .Values.addons.vpn.scripts.up }}
@@ -45,10 +43,10 @@ volumeMounts:
 {{- end }}
 {{- with .Values.addons.vpn.livenessProbe }}
 livenessProbe:
-  {{- toYaml . | nindent 4 }}
+  {{- toYaml . | nindent 2 }}
 {{- end -}}
 {{- with .Values.addons.vpn.resources }}
 resources:
-  {{- toYaml . | nindent 4 }}
+  {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- end -}}

charts/common/templates/classes/_ingress.tpl

@@ -9,7 +9,8 @@
 {{- if hasKey $values "nameSuffix" -}}
   {{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}}
 {{ end -}}
-{{- $svcPort := $values.svcPort -}}
+{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}}
+{{- $svcPort := $values.servicePort | default $.Values.service.port.port -}}
 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
@@ -39,7 +40,7 @@ spec:
           {{- range .paths }}
           - path: {{ .path }}
             backend:
-              serviceName: {{ $ingressName }}
+              serviceName: {{ $svcName }}
               servicePort: {{ $svcPort }}
           {{- end }}
   {{- end }}

charts/common/templates/classes/_service.tpl

@@ -1,3 +1,6 @@
+{{/*
+service class: all services should adhere to this
+*/}}
 {{- define "common.classes.service" -}}
 {{- $values := .Values.service -}}
 {{- if hasKey . "ObjectValues" -}}
@@ -5,11 +8,15 @@
     {{- $values = . -}}
   {{- end -}}
 {{ end -}}
-{{- $svcType := $values.type -}}
+{{- $serviceName := include "common.names.fullname" . -}}
+{{- if hasKey $values "nameSuffix" -}}
+  {{- $serviceName = printf "%v-%v" $serviceName $values.nameSuffix -}}
+{{ end -}}
+{{- $svcType := $values.type | default "" -}}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "common.names.fullname" . }}
+  name: {{ $serviceName }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
   {{- if $values.labels }}
@@ -54,17 +61,7 @@ spec:
   {{- if $values.publishNotReadyAddresses }}
   publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }}
   {{- end }}
-  ports:
-    - port: {{ $values.port.port }}
-      targetPort: {{ $values.port.targetPort }}
-      protocol: {{ $values.port.protocol }}
-      name: {{ $values.port.name }}
-      {{- if (and (eq $svcType "NodePort") (not (empty $values.port.nodePort))) }}
-      nodePort: {{ $values.port.nodePort }}
-      {{ end }}
-    {{- with $values.additionalPorts }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}
+  {{- include "common.classes.service.ports" (dict "svcType" $svcType "values" $values ) | trim | nindent 2 }}
   selector:
     {{- include "common.labels.selectorLabels" . | nindent 4 }}
 {{- end }}

charts/common/templates/classes/_service_ports.tpl

@@ -0,0 +1,23 @@
+{{/*
+logic that lists the ports and additionalPorts for a service
+*/}}
+{{- define "common.classes.service.ports" -}}
+  {{- $ports := list -}}
+  {{- $values := .values -}}
+  {{- $ports = mustAppend $ports $values.port -}}
+  {{- range $_ := $values.additionalPorts -}}
+    {{- $ports = mustAppend $ports . -}}
+  {{- end }}
+  {{- if $ports -}}
+  ports:
+  {{- range $_ := $ports }}
+  - port: {{ .port }}
+    targetPort: {{ .targetPort | default .name }}
+    protocol: {{ .protocol | default "TCP" }}
+    name: {{ .name }}
+    {{- if (and (eq $.svcType "NodePort") (not (empty .nodePort))) }}
+    nodePort: {{ .nodePort }}
+    {{ end }}
+  {{- end -}}
+  {{- end -}}
+{{- end }}

charts/common/templates/lib/chart/_values.tpl

@@ -0,0 +1,9 @@
+{{- define "common.values.setup" -}}
+  {{- /* Merge the local chart values and the common chart defaults */ -}}
+  {{- if .Values.common -}}
+    {{- $defaultValues := deepCopy .Values.common -}}
+    {{- $userValues := deepCopy (omit .Values "common") -}}
+    {{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}}
+    {{- $_ := set . "Values" (deepCopy $mergedValues) -}}
+  {{- end }}  
+{{- end }}

charts/common/templates/lib/controller/_container.tpl

@@ -1,4 +1,6 @@
-{{- /* The main containter that will be included in the controller */ -}}
+{{- /*
+The main containter that will be included in the controller 
+*/ -}}
 {{- define "common.controller.mainContainer" -}}
 - name: {{ template "common.names.fullname" . }}
   image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -14,15 +16,7 @@
     value: {{ $value | quote }}
   {{- end }}
   {{- end }}
-  ports:
-  - name: {{ .Values.service.port.name }}
-    containerPort: {{ .Values.service.port.port }}
-    protocol: {{ .Values.service.port.protocol }}
-  {{- range $port := .Values.service.additionalPorts }}
-  - name: {{ $port.name }}
-    containerPort: {{ $port.port }}
-    protocol: {{ $port.protocol }}
-  {{- end }}
+  {{- include "common.controller.ports" . | trim | nindent 2 }}
   volumeMounts:
   {{- range $index, $PVC := .Values.persistence }}
   {{- if $PVC.enabled }}

charts/common/templates/lib/controller/_ports.tpl

@@ -0,0 +1,36 @@
+{{/*
+ports included by the controller
+*/}}
+{{- define "common.controller.ports" -}}
+  {{- $ports := list -}}
+  {{- with .Values.service -}}
+    {{- $serviceValues := deepCopy . -}}
+    {{/* append the ports for the main service */}}
+    {{- if .enabled -}}
+      {{- $ports = mustAppend $ports .port -}}
+      {{- range $_ := .additionalPorts -}}
+        {{/* append the additonalPorts for the main service */}}
+        {{- $ports = mustAppend $ports . -}}
+      {{- end }}
+    {{- end }}
+    {{/* append the ports for each additional service */}}
+    {{- range $_ := .additionalServices }}
+      {{- if .enabled -}}
+        {{- $ports = mustAppend $ports .port -}}
+        {{- range $_ := .additionalPorts -}}
+          {{/* append the additonalPorts for each additional service */}}
+          {{- $ports = mustAppend $ports . -}}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{/* export/render the list of ports */}}
+  {{- if $ports -}}
+  ports:
+  {{- range $_ := $ports }}
+  - name: {{ required "Missing port.name" .name }}
+    containerPort: {{ required "Missing port.port" .port }}
+    protocol: {{ .protocol | default "TCP" }}
+  {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/common/templates/lib/controller/_volumes.tpl

@@ -6,15 +6,15 @@ volumes included by the controller
 {{- if $persistence.enabled }}
 - name: {{ $index }}
 {{- if $persistence.existingClaim }}
-{{/* Always prefer an existingClaim if that is set */}}
+{{- /* Always prefer an existingClaim if that is set */}}
   persistentVolumeClaim:
     claimName: {{ $persistence.existingClaim }}
 {{- else -}}
   {{- if $persistence.emptyDir -}}
-  {{/* Always prefer an emptyDir next if that is set */}}
+  {{- /* Always prefer an emptyDir next if that is set */}}
   emptyDir: {}
   {{- else -}}
-  {{/* Otherwise refer to the PVC name */}}
+  {{- /* Otherwise refer to the PVC name */}}
   persistentVolumeClaim:
     {{- if $persistence.nameSuffix }}
     claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $persistence.nameSuffix }}

charts/common/values.yaml

@@ -1,5 +1,18 @@
 # type: options are statefulset or deployment
 controllerType: deployment
+# Set annotations on the deployment/statefulset
+controllerAnnotations: {}
+# Set labels on the deployment/statefulset
+controllerLabels: {}
+
+replicas: 1
+strategy:
+  ## For Deployments, valid values are Recreate and RollingUpdate
+  ## For StatefulSets, valid values are OnDelete and RollingUpdate
+  type: RollingUpdate
+
+# Set annotations on the pod
+podAnnotations: {}
 
 env: {}
 
@@ -30,7 +43,7 @@ service:
   type: ClusterIP
   # Specify the default port information
   port:
-    port: ""
+    port:
     name: http
     protocol: TCP
     targetPort: http
@@ -47,6 +60,21 @@ service:
   annotations: {}
   labels: {}
 
+  additionalServices: []
+  # - enabled: false
+  #   nameSuffix: api
+  #   type: ClusterIP
+  #   # Specify the default port information
+  #   port:
+  #     port: ""
+  #     name: http
+  #     protocol: TCP
+  #     targetPort: http
+  #     # nodePort:
+  #   additionalPorts: []
+  #   annotations: {}
+  #   labels: {}
+
 ingress:
   enabled: false
   annotations: {}
@@ -74,8 +102,8 @@ ingress:
   #     - host: chart-example.local
   #       paths:
   #         - path: /api
-  #          # Ignored if not kubeVersion >= 1.14-0
-  #          pathType: Prefix
+  #           # Ignored if not kubeVersion >= 1.14-0
+  #           pathType: Prefix
   #   tls: []
   #   #  - secretName: chart-example-tls
   #   #    hosts:
@@ -113,6 +141,12 @@ additionalVolumes: []
 
 additionalVolumeMounts: []
 
+nodeSelector: {}
+
+affinity: {}
+
+tolerations: []
+
 addons:
   vpn:
     enabled: false
@@ -132,14 +166,21 @@ addons:
       # under the VPN_AUTH key
       authSecret:  # my-vpn-secret
 
-    # OpenVPN specific configuration
+    # WireGuard specific configuration
     wireguard:
       image:
-        repository: linuxserver/wireguard
-        tag: version-v1.0.20200827
+        repository: k8sathome/wireguard
+        tag: 1.0.20200827
 
     imagePullPolicy: IfNotPresent
 
+    # Set the VPN container securityContext
+    securityContext:
+      capabilities:
+        add: 
+          - NET_ADMIN
+          - SYS_MODULE
+
     # All variables specified here will be added to the vpn sidecar container
     # See the documentation of the VPN image for all config values
     env: {}

charts/couchpotato/.helmignore

@@ -19,5 +19,6 @@
 .project
 .idea/
 *.tmproj
+.vscode
 # OWNERS file for Kubernetes
 OWNERS

charts/couchpotato/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v3.0.1
-description: couchpotato is a movie downloading client
+appVersion: latest
+description: CouchPotato (CP) is an automatic NZB and torrent downloader.
 name: couchpotato
-version: 2.0.1
+version: 3.0.0
 keywords:
   - couchpotato
   - usenet
@@ -13,5 +13,9 @@ sources:
   - https://hub.docker.com/r/linuxserver/couchpotato/
   - https://github.com/CouchPotato/CouchPotatoServer/
 maintainers:
-  - name: skaro13
-    email: simon.caron@protonmail.com
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.0

charts/couchpotato/README.md

@@ -1,6 +1,6 @@
-# couchpotato movie download client
+# Couchpotato
 
-This is a helm chart for [couchpotato](https://github.com/couchpotato/couchpotato/) leveraging the [Linuxserver.io image](https://hub.docker.com/r/linuxserver/couchpotato/)
+This is a helm chart for [couchpotato](https://github.com/CouchPotato/CouchPotatoServer).
 
 ## TL;DR;
 
@@ -28,81 +28,49 @@ helm delete my-release --purge
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
 ## Configuration
-
-The following tables lists the configurable parameters of the Sentry chart and their default values.
-
-| Parameter                  | Description                         | Default                                                 |
-|----------------------------|-------------------------------------|---------------------------------------------------------|
-| `image.repository`         | Image repository | `linuxserver/couchpotato` |
-| `image.tag`                | Image tag. Possible values listed [here](https://hub.docker.com/r/linuxserver/couchpotato/tags/).| `7260c12f-ls33`|
-| `image.pullPolicy`         | Image pull policy | `IfNotPresent` |
-| `strategyType`             | Specifies the strategy used to replace old Pods by new ones | `Recreate` |
-| `timezone`                 | Timezone the couchpotato instance should run as, e.g. 'America/New_York' | `UTC` |
-| `puid`                     | process userID the couchpotato instance should run as | `1001` |
-| `pgid`                     | process groupID the couchpotato instance should run as | `1001` |
-| `probes.liveness.initialDelaySeconds`  | Specify liveness `initialDelaySeconds` parameter for the deployment  | `60` |
-| `probes.liveness.failureThreshold`     | Specify liveness `failureThreshold` parameter for the deployment     | `5`  |
-| `probes.liveness.timeoutSeconds`       | Specify liveness `timeoutSeconds` parameter for the deployment       | `10` |
-| `probes.readiness.initialDelaySeconds` | Specify readiness `initialDelaySeconds` parameter for the deployment | `60` |
-| `probes.readiness.failureThreshold`    | Specify readiness `failureThreshold` parameter for the deployment    | `5`  |
-| `probes.readiness.timeoutSeconds`      | Specify readiness `timeoutSeconds` parameter for the deployment      | `10` |
-| `Service.type`          | Kubernetes service type for the couchpotato GUI | `ClusterIP` |
-| `Service.port`          | Kubernetes port where the couchpotato GUI is exposed| `5050` |
-| `Service.annotations`   | Service annotations for the couchpotato GUI | `{}` |
-| `Service.labels`        | Custom labels | `{}` |
-| `Service.loadBalancerIP` | Loadbalance IP for the couchpotato GUI | `{}` |
-| `Service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported)      | None
-| `ingress.enabled`              | Enables Ingress | `false` |
-| `ingress.annotations`          | Ingress annotations | `{}` |
-| `ingress.labels`               | Custom labels                       | `{}`
-| `ingress.path`                 | Ingress path | `/` |
-| `ingress.hosts`                | Ingress accepted hostnames | `chart-example.local` |
-| `ingress.tls`                  | Ingress TLS configuration | `[]` |
-| `persistence.config.enabled`      | Use persistent volume to store configuration data | `true` |
-| `persistence.config.size`         | Size of persistent volume claim | `1Gi` |
-| `persistence.config.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.config.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.config.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.config.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.downloads.enabled`      | Use persistent volume to store configuration data | `true` |
-| `persistence.downloads.size`         | Size of persistent volume claim | `10Gi` |
-| `persistence.downloads.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.downloads.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.downloads.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.downloads.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.movies.enabled`      | Use persistent volume to store configuration data | `true` |
-| `persistence.movies.size`         | Size of persistent volume claim | `10Gi` |
-| `persistence.movies.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.movies.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.movies.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.movies.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.extraExistingClaimMounts`  | Optionally add multiple existing claims | `[]` |
-| `resources`                | CPU/Memory resource requests/limits | `{}` |
-| `nodeSelector`             | Node labels for pod assignment | `{}` |
-| `tolerations`              | Toleration labels for pod assignment | `[]` |
-| `affinity`                 | Affinity settings for pod assignment | `{}` |
-| `podAnnotations`           | Key-value pairs to add as pod annotations  | `{}` |
-| `deploymentAnnotations`           | Key-value pairs to add as deployment annotations  | `{}` |
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/couchpotato/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
 ```console
-helm install --name my-release \
-  --set timezone="America/New York" \
+helm install couchpotato \
+  --set env.TZ="America/New_York" \
     k8s-at-home/couchpotato
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
 ```console
-helm install --name my-release -f values.yaml stable/couchpotato
+helm install couchpotato k8s-at-home/couchpotato --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
 ```
 
 ---
 **NOTE**
 
-If you get `Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...` it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
 
 ---
 
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/couchpotato/values.yaml) file. It has several commented out suggested values.
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.

charts/couchpotato/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/couchpotato/templates/NOTES.txt

@@ -1,19 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "couchpotato.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "couchpotato.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "couchpotato.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "couchpotato.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:5050
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}

charts/couchpotato/templates/_helpers.tpl

@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "couchpotato.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "couchpotato.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "couchpotato.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/couchpotato/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/couchpotato/templates/config-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.config.enabled (not .Values.persistence.config.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "couchpotato.fullname" . }}-config
-  {{- if .Values.persistence.config.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.config.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.size | quote }}
-{{- if .Values.persistence.config.storageClass }}
-{{- if (eq "-" .Values.persistence.config.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.config.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/couchpotato/templates/deployment.yaml

@@ -1,122 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "couchpotato.fullname" . }}
-  {{- if .Values.deploymentAnnotations }}
-  annotations:
-    {{- range $key, $value := .Values.deploymentAnnotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  strategy:
-    type: {{ .Values.strategyType }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-        {{- range $key, $value := .Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-      {{- end }}
-    spec:
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 5050
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          readinessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          env:
-            - name: TZ
-              value: "{{ .Values.timezone }}"
-            - name: PUID
-              value: "{{ .Values.puid }}"
-            - name: PGID
-              value: "{{ .Values.pgid }}"
-          volumeMounts:
-            - mountPath: /config
-              name: config
-            - mountPath: /downloads
-              name: downloads
-            {{- if .Values.persistence.downloads.subPath }}
-              subPath: {{ .Values.persistence.downloads.subPath }}
-            {{- end }}
-            - mountPath: /movies
-              name: movies
-            {{- if .Values.persistence.movies.subPath }}
-              subPath: {{ .Values.persistence.movies.subPath }}
-            {{- end }}
-            {{- range .Values.persistence.extraExistingClaimMounts }}
-            - name: {{ .name }}
-              mountPath: {{ .mountPath }}
-              readOnly: {{ .readOnly }}
-            {{- end }}
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-      volumes:
-      - name: config
-      {{- if .Values.persistence.config.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "couchpotato.fullname" . }}-config{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: downloads
-      {{- if .Values.persistence.downloads.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.downloads.existingClaim }}{{ .Values.persistence.downloads.existingClaim }}{{- else }}{{ template "couchpotato.fullname" . }}-downloads{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: movies
-      {{- if .Values.persistence.movies.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.movies.existingClaim }}{{ .Values.persistence.movies.existingClaim }}{{- else }}{{ template "couchpotato.fullname" . }}-movies{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      {{- range .Values.persistence.extraExistingClaimMounts }}
-      - name: {{ .name }}
-        persistentVolumeClaim:
-          claimName: {{ .existingClaim }}
-      {{- end }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}

charts/couchpotato/templates/downloads-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.downloads.enabled (not .Values.persistence.downloads.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "couchpotato.fullname" . }}-downloads
-  {{- if .Values.persistence.downloads.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.downloads.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.downloads.size | quote }}
-{{- if .Values.persistence.downloads.storageClass }}
-{{- if (eq "-" .Values.persistence.downloads.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.downloads.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/couchpotato/templates/ingress.yaml

@@ -1,41 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "couchpotato.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    {{- with .Values.ingress.labels -}}
-    {{ toYaml . | nindent 4 }}
-    {{- end -}}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}

charts/couchpotato/templates/movies-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.movies.enabled (not .Values.persistence.movies.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "couchpotato.fullname" . }}-movies
-  {{- if .Values.persistence.movies.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.movies.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.movies.size | quote }}
-{{- if .Values.persistence.movies.storageClass }}
-{{- if (eq "-" .Values.persistence.movies.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.movies.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/couchpotato/templates/service.yaml

@@ -1,52 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "couchpotato.fullname" . }}
-  labels:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    helm.sh/chart: {{ include "couchpotato.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- if .Values.service.labels }}
-{{ toYaml .Values.service.labels | indent 4 }}
-{{- end }}
-{{- with .Values.service.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
-  type: ClusterIP
-  {{- if .Values.service.clusterIP }}
-  clusterIP: {{ .Values.service.clusterIP }}
-  {{end}}
-{{- else if eq .Values.service.type "LoadBalancer" }}
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-{{- else }}
-  type: {{ .Values.service.type }}
-{{- end }}
-{{- if .Values.service.externalIPs }}
-  externalIPs:
-{{ toYaml .Values.service.externalIPs | indent 4 }}
-{{- end }}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - name: http
-      port: {{ .Values.service.port }}
-      protocol: TCP
-      targetPort: http
-{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{.Values.service.nodePort}}
-{{ end }}
-  selector:
-    app.kubernetes.io/name: {{ include "couchpotato.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/couchpotato/values.yaml

@@ -1,151 +1,40 @@
-# Default values for couchpotato.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+# Default values for Couchpotato.
 
 image:
   repository: linuxserver/couchpotato
-  tag: 7260c12f-ls42
-  pullPolicy: IfNotPresent
+  pullPolicy: Always
+  tag: latest
 
-# upgrade strategy type (e.g. Recreate or RollingUpdate)
-strategyType: Recreate
-
-# Probes configuration
-probes:
-  liveness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-
-nameOverride: ""
-fullnameOverride: ""
-
-timezone: UTC
-puid: 1001
-pgid: 1001
+strategy:
+  type: Recreate
 
 service:
-  type: ClusterIP
-  port: 5050
-  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  # nodePort:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  ## Use loadBalancerIP to request a specific static IP,
-  ## otherwise leave blank
-  ##
-  loadBalancerIP:
-  # loadBalancerSourceRanges: []
-  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
-  # externalTrafficPolicy: Cluster
+  port:
+    port: 5050
 
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  labels: {}
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+env: {}
+  # TZ: UTC
+  # PUID: 1001
+  # PGID: 1001
 
 persistence:
   config:
-    enabled: true
-    ## couchpotato configuration data Persistent Volume Storage Class
+    enabled: false
+    emptyDir: false
+
+  media:
+    enabled: false
+    emptyDir: false
+    mountPath: /media
+    ## Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
     ## If undefined (the default) or set to null, no storageClassName spec is
     ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
     ##   GKE, AWS & OpenStack)
-    ##
     # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    accessMode: ReadWriteOnce
-    size: 1Gi
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
     ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  downloads:
-    enabled: true
-    ## couchpotato downloads volume configuration
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  movies:
-    enabled: true
-    ## Directory where movies are persisted
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  extraExistingClaimMounts: []
-    # - name: external-mount
-    #   mountPath: /srv/external-mount
-    ## A manually managed Persistent Volume and Claim
-    ## If defined, PVC must be created manually before volume will be bound
-    #   existingClaim:
-    #   readOnly: true
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}
-
-deploymentAnnotations: {}
+    # skipuninstall: false
+    # existingClaim: ""

charts/ddclient/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/ddclient/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+appVersion: 3.9.1
+description: Perl client used to update dynamic DNS entries for accounts on Dynamic DNS Network Service Providers
+name: ddclient
+version: 1.0.0
+keywords:
+  - ddclient
+  - dns
+home: https://github.com/ddclient/ddclient
+icon: https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/ddclient-logo.png
+sources:
+  - https://github.com/ddclient/ddclient
+  - https://hub.docker.com/r/linuxserver/ddclient
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.1

charts/ddclient/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- billimek
+reviewers:
+- billimek

charts/ddclient/README.md

@@ -0,0 +1,59 @@
+# ddclient
+
+This is a helm chart for [ddclient](https://github.com/ddclient/ddclient).
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/ddclient
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/ddclient
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/ddclient/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install ddclient \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/ddclient
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install ddclient k8s-at-home/ddclient --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.

charts/ddclient/ci/ct-values.yaml

@@ -0,0 +1,7 @@
+service:
+  enabled: false
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false

charts/ddclient/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/ddclient/templates/common.yaml

@@ -0,0 +1,31 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{/* Append the configMap to the additionalVolumes */}}
+{{- define "ddclient.configmap.volume" -}}
+name: ddclient-settings
+configMap:
+  name: {{ template "common.names.fullname" . }}-settings
+{{- end -}}
+
+{{- $volume := include "ddclient.configmap.volume" . | fromYaml -}}
+{{- if $volume -}}
+    {{- $additionalVolumes := append .Values.additionalVolumes $volume }}
+    {{- $_ := set .Values "additionalVolumes" (deepCopy $additionalVolumes) -}}
+{{- end -}}
+
+{{/* Append the configMap volume to the additionalVolumeMounts */}}
+{{- define "ddclient.configmap.volumeMount" -}}
+name: ddclient-settings
+mountPath: /defaults/ddclient.conf
+subPath: ddclient.conf
+{{- end -}}
+
+{{- $volumeMount := include "ddclient.configmap.volumeMount" . | fromYaml -}}
+{{- if $volumeMount -}}
+    {{- $additionalVolumeMounts := append .Values.additionalVolumeMounts $volumeMount }}
+    {{- $_ := set .Values "additionalVolumeMounts" (deepCopy $additionalVolumeMounts) -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "common.all" . }}

charts/ddclient/templates/configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "common.names.fullname" . }}-settings
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+data:
+  ddclient.conf: |
+{{ .Values.config | indent 4 }}

charts/ddclient/values.yaml

@@ -0,0 +1,37 @@
+# Default values for ddclient.
+
+image:
+  repository: linuxserver/ddclient
+  pullPolicy: IfNotPresent
+  tag: version-v3.9.1
+
+env: {}
+  # TZ:
+  # PUID:
+  # PGID:
+
+service:
+  enabled: false
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+
+strategy:
+  type: Recreate
+
+config: |
+  # This is the configuration for ddclient
+  # Inorder for it to function you need to set it up
+  # e.g. this is the config for Cloudflare
+  use=web
+  web=dynamicdns.park-your-domain.com/getip
+  protocol=cloudflare
+  ssl=yes
+  ttl=1
+  login=${CF_EMAIL}
+  password=${CF_GLOBAL_APIKEY}
+  zone=${DOMAIN}.${TLD}
+  ${DOMAIN}.${TLD}

charts/deconz/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: deconz
 description: A Helm chart for deploying deCONZ
-version: 2.0.0
+version: 2.0.1
 appVersion: 2.05.80
 keywords:
   - deconz

charts/deconz/README.md

@@ -79,6 +79,7 @@ Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master
 | `persistence.existingClaim`                 | Use an existing PVC to persist data                                                          | `nil`                                          |
 | `persistence.accessMode`                    | Persistence access mode                                                                      | `ReadWriteOnce`                                |
 | `persistence.size`                          | Size of persistent volume claim                                                              | `1Gi`                                          |
+| `persistence.subPath`                       | Mount a sub dir of the persistent volume                                                     | `nil`                                          |
 | `extraVolumes`                              | Optionally add additional Volumes                                                            | `[]`                                           |
 | `resources`                                 | CPU/Memory resource requests/limits                                                          | `{}`                                           |
 | `nodeSelector`                              | Node labels for pod assignment                                                               | `{}`                                           |

charts/deconz/templates/statefulset.yaml

@@ -77,6 +77,9 @@ spec:
             {{- end }}
             - name: config
               mountPath: /root/.local/share/dresden-elektronik/deCONZ
+              {{- if .Values.persistence.subPath }}
+              subPath: {{ .Values.persistence.subPath }}
+              {{- end }}
             {{- include "deconz.extraVolumeMounts" . | nindent 12 }}
           {{- if .Values.probes.liveness.enabled }}
           livenessProbe:

charts/deconz/values.yaml

@@ -79,6 +79,8 @@ persistence:
   # existingClaim: deconz-data
   accessMode: ReadWriteOnce
   size: 1Gi
+  ## When mounting the data volume you may specify a subPath
+  # subPath: /configs/deconz
 
 # Any extra volumes to define for the pod
 # Volumes will be mounted to the folder specified under mountPath

charts/home-assistant/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.116.1
 description: Home Assistant
 name: home-assistant
-version: 2.6.0
+version: 2.7.0
 keywords:
 - home-assistant
 - hass

charts/home-assistant/README.md

@@ -68,6 +68,7 @@ The following tables lists the configurable parameters of the Home Assistant cha
 | `service.publishNotReadyAddresses`              | Set to true if the editors (vscode or configurator) should be reachable when home assistant does not run                                                                                                                                  | `false`                                |
 | `service.externalTrafficPolicy`                 | Loadbalancer externalTrafficPolicy                                                                                                                                                                                                        | ``                                     |
 | `hostNetwork`                                   | Enable hostNetwork - might be needed for discovery to work                                                                                                                                                                                | `false`                                |
+| `hostAliases`                                   | Define custom entries in /etc/hosts                                                                                                                                                                                                       | `[]`                                   |
 | `service.nodePort`                              | nodePort to listen on for the home-assistant GUI                                                                                                                                                                                          | ``                                     |
 | `ingress.enabled`                               | Enables Ingress                                                                                                                                                                                                                           | `false`                                |
 | `ingress.annotations`                           | Ingress annotations                                                                                                                                                                                                                       | `{}`                                   |
@@ -234,7 +235,7 @@ kubectl create secret generic git-creds --from-file=id_rsa=git/k8s_id_rsa --from
 
 ## git-crypt support
 
-When using Git sync it is possible to specify a file called `git-crypt-key` in the secret referred to in `git.secret`. When this file is present, `git-crypt unlock` will automatically be executed after the repo has been synced. 
+When using Git sync it is possible to specify a file called `git-crypt-key` in the secret referred to in `git.secret`. When this file is present, `git-crypt unlock` will automatically be executed after the repo has been synced.
 
 **Note:** `git-crypt` is not installed by default in the other images! If you wish to push changes from the VS Code or Configurator containers, you will have to make sure that it is installed.
 

charts/home-assistant/templates/deployment.yaml

@@ -37,6 +37,10 @@ spec:
       {{- if .Values.hostNetwork }}
       hostNetwork: {{ .Values.hostNetwork }}
       dnsPolicy: ClusterFirstWithHostNet
+      {{- end }}
+      {{- if .Values.hostAliases }}
+      hostAliases:
+{{ toYaml .Values.hostAliases | indent 8 }}
       {{- end }}
       initContainers:
       {{- if .Values.git.enabled }}
@@ -56,7 +60,7 @@ spec:
           then
             git -C "{{ .Values.git.syncPath }}" pull || true;
           else
-            if [ "$(ls -A {{ .Values.git.syncPath }})" ]; 
+            if [ "$(ls -A {{ .Values.git.syncPath }})" ];
             then
               git clone --depth 2 "{{ .Values.git.repo }}" /tmp/repo;
               cp -rf /tmp/repo/.git "{{ .Values.git.syncPath }}";

charts/home-assistant/values.yaml

@@ -65,6 +65,14 @@ ingress:
 
 hostNetwork: false
 
+hostAliases: []
+  # Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  # - ip: "192.168.1.100"
+  #   hostnames:
+  #   - "example.com"
+  #   - "www.example.com"
+
 persistence:
   enabled: true
   ## home-assistant data Persistent Volume Storage Class

charts/homebridge/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 appVersion: 3.1.0
-version: 1.0.1
+version: 1.0.2
 name: homebridge
 description: A lightweight NodeJS server that emulates the iOS HomeKit API
 type: application

charts/homebridge/templates/deployment.yaml

@@ -6,6 +6,8 @@ metadata:
     {{- include "homebridge.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: {{ .Values.strategyType }}
   selector:
     matchLabels:
       {{- include "homebridge.selectorLabels" . | nindent 6 }}

charts/homebridge/values.yaml

@@ -12,6 +12,9 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+# upgrade strategy type (e.g. Recreate or RollingUpdate)
+strategyType: Recreate
+
 timezone: "UTC"
 puid: 1000
 pgid: 1000

charts/jackett/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.16.2106
 description: API Support for your favorite torrent trackers
 name: jackett
-version: 5.0.3
+version: 5.4.0
 keywords:
   - jackett
   - torrent
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.5.0

charts/jackett/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v0.16.2106
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 9117

charts/jellyfin/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/jellyfin/Chart.yaml

@@ -1,16 +1,21 @@
 apiVersion: v2
-appVersion: 10.6.3
+appVersion: 10.6.4
 description: Jellyfin is a Free Software Media System
 name: jellyfin
-version: 2.0.1
+version: 3.0.0
 keywords:
-  - Jellyfin
-  - mediaplayer
+  - jellyfin
+  - plex
+  - emby
 home: https://github.com/k8s-at-home/charts/tree/master/charts/Jellyfin
 icon: https://github.com/jellyfin/jellyfin-ux/blob/master/branding/SVG/icon-solid-black.svg
 sources:
   - https://hub.docker.com/r/linuxserver/Jellyfin/
-  - https://github.com/Jellyfin/Jellyfin
+  - https://github.com/jellyfin/jellyfin
 maintainers:
-  - name: skaro13
-    email: simon.caron@protonmail.com
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: ^1.5.0

charts/jellyfin/README.md

@@ -1,6 +1,6 @@
-# Jellyfin Media Player
+# Jellyfin
 
-This is a helm chart for [Jellyfin](https://github.com/jellyfin/jellyfin) leveraging the [Linuxserver.io image](https://hub.docker.com/r/linuxserver/jellyfin/)
+This is a helm chart for [Jellyfin](https://github.com/jellyfin/jellyfin).
 
 ## TL;DR;
 
@@ -28,82 +28,50 @@ helm delete my-release --purge
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 
 ## Configuration
-
-The following tables lists the configurable parameters of the Sentry chart and their default values.
-
-| Parameter                  | Description                         | Default                                                 |
-|----------------------------|-------------------------------------|---------------------------------------------------------|
-| `image.repository`         | Image repository | `linuxserver/jellyfin` |
-| `image.tag`                | Image tag. Possible values listed [here](https://hub.docker.com/r/linuxserver/jellyfin/tags/).| `v10.5.3-ls45`|
-| `image.pullPolicy`         | Image pull policy | `IfNotPresent` |
-| `strategyType`             | Specifies the strategy used to replace old Pods by new ones | `Recreate` |
-| `timezone`                 | Timezone the jellyfin instance should run as, e.g. 'America/New_York' | `UTC` |
-| `puid`                     | process userID the jellyfin instance should run as | `1001` |
-| `pgid`                     | process groupID the jellyfin instance should run as | `1001` |
-| `umaskSet`                     | for umask setting of Jellyfin | `022` |
-| `probes.liveness.initialDelaySeconds`  | Specify liveness `initialDelaySeconds` parameter for the deployment  | `60` |
-| `probes.liveness.failureThreshold`     | Specify liveness `failureThreshold` parameter for the deployment     | `5`  |
-| `probes.liveness.timeoutSeconds`       | Specify liveness `timeoutSeconds` parameter for the deployment       | `10` |
-| `probes.readiness.initialDelaySeconds` | Specify readiness `initialDelaySeconds` parameter for the deployment | `60` |
-| `probes.readiness.failureThreshold`    | Specify readiness `failureThreshold` parameter for the deployment    | `5`  |
-| `probes.readiness.timeoutSeconds`      | Specify readiness `timeoutSeconds` parameter for the deployment      | `10` |
-| `Service.type`          | Kubernetes service type for the jellyfin GUI | `ClusterIP` |
-| `Service.port`          | Kubernetes port where the jellyfin GUI is exposed| `8096` |
-| `Service.annotations`   | Service annotations for the jellyfin GUI | `{}` |
-| `Service.labels`        | Custom labels | `{}` |
-| `Service.loadBalancerIP` | Loadbalance IP for the jellyfin GUI | `{}` |
-| `Service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported)      | None
-| `ingress.enabled`              | Enables Ingress | `false` |
-| `ingress.annotations`          | Ingress annotations | `{}` |
-| `ingress.labels`               | Custom labels                       | `{}`
-| `ingress.path`                 | Ingress path | `/` |
-| `ingress.hosts`                | Ingress accepted hostnames | `chart-example.local` |
-| `ingress.tls`                  | Ingress TLS configuration | `[]` |
-| `persistence.config.enabled`      | Use persistent volume to store configuration data | `true` |
-| `persistence.config.size`         | Size of persistent volume claim | `1Gi` |
-| `persistence.config.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.config.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.config.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.config.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.tvshows.enabled`      | Use persistent volume to store tvshows data | `true` |
-| `persistence.tvshows.size`         | Size of persistent volume claim | `10Gi` |
-| `persistence.tvshows.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.tvshows.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.tvshows.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.tvshows.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.movies.enabled`      | Use persistent volume to store movies data | `true` |
-| `persistence.movies.size`         | Size of persistent volume claim | `10Gi` |
-| `persistence.movies.existingClaim`| Use an existing PVC to persist data | `nil` |
-| `persistence.movies.storageClass` | Type of persistent volume claim | `-` |
-| `persistence.movies.accessMode`  | Persistence access mode | `ReadWriteOnce` |
-| `persistence.movies.skipuninstall`  | Do not delete the pvc upon helm uninstall | `false` |
-| `persistence.extraExistingClaimMounts`  | Optionally add multiple existing claims | `[]` |
-| `resources`                | CPU/Memory resource requests/limits | `{}` |
-| `nodeSelector`             | Node labels for pod assignment | `{}` |
-| `tolerations`              | Toleration labels for pod assignment | `[]` |
-| `affinity`                 | Affinity settings for pod assignment | `{}` |
-| `podAnnotations`           | Key-value pairs to add as pod annotations  | `{}` |
-| `deploymentAnnotations`           | Key-value pairs to add as deployment annotations  | `{}` |
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/jellyfin/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
 ```console
-helm install --name my-release \
-  --set timezone="America/New York" \
+helm install jellyfin \
+  --set env.TZ="America/New_York" \
     k8s-at-home/jellyfin
 ```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
 ```console
-helm install --name my-release -f values.yaml stable/jellyfin
+helm install jellyfin k8s-at-home/jellyfin --values values.yaml 
+```
+
+These values will be nested as it is a dependency, for example
+```yaml
+image:
+  tag: ...
 ```
 
 ---
 **NOTE**
 
-If you get `Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...` it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
 
 ---
 
-Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/jellyfin/values.yaml) file. It has several commented out suggested values.
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 2.x.x to 3.x.x
+
+Due to migrating to a centralized common library some values in `values.yaml` have changed.
+
+Examples:
+
+* `service.port` has been moved to `service.port.port`.
+* `persistence.type` has been moved to `controllerType`.
+
+Refer to the library values.yaml for more configuration options.

charts/jellyfin/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/jellyfin/templates/NOTES.txt

@@ -1,19 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "jellyfin.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "jellyfin.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "jellyfin.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "jellyfin.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:8096
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}

charts/jellyfin/templates/_helpers.tpl

@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "jellyfin.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "jellyfin.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "jellyfin.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/jellyfin/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/jellyfin/templates/config-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.config.enabled (not .Values.persistence.config.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "jellyfin.fullname" . }}-config
-  {{- if .Values.persistence.config.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.config.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.size | quote }}
-{{- if .Values.persistence.config.storageClass }}
-{{- if (eq "-" .Values.persistence.config.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.config.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/jellyfin/templates/deployment.yaml

@@ -1,124 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "jellyfin.fullname" . }}
-  {{- if .Values.deploymentAnnotations }}
-  annotations:
-    {{- range $key, $value := .Values.deploymentAnnotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  strategy:
-    type: {{ .Values.strategyType }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-      {{- if .Values.podAnnotations }}
-      annotations:
-        {{- range $key, $value := .Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-      {{- end }}
-    spec:
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 8096
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
-          readinessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
-          env:
-            - name: TZ
-              value: "{{ .Values.timezone }}"
-            - name: PUID
-              value: "{{ .Values.puid }}"
-            - name: PGID
-              value: "{{ .Values.pgid }}"
-            - name: UMASK_SET
-              value: "{{ .Values.umaskSet }}"
-          volumeMounts:
-            - mountPath: /config
-              name: config
-            - mountPath: /data/tvshows
-              name: tvshows
-            {{- if .Values.persistence.tvshows.subPath }}
-              subPath: {{ .Values.persistence.tvshows.subPath }}
-            {{- end }}
-            - mountPath: /data/movies
-              name: movies
-            {{- if .Values.persistence.movies.subPath }}
-              subPath: {{ .Values.persistence.movies.subPath }}
-            {{- end }}
-            {{- range .Values.persistence.extraExistingClaimMounts }}
-            - name: {{ .name }}
-              mountPath: {{ .mountPath }}
-              readOnly: {{ .readOnly }}
-            {{- end }}
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-      volumes:
-      - name: config
-      {{- if .Values.persistence.config.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "jellyfin.fullname" . }}-config{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: tvshows
-      {{- if .Values.persistence.tvshows.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.tvshows.existingClaim }}{{ .Values.persistence.tvshows.existingClaim }}{{- else }}{{ template "jellyfin.fullname" . }}-tvshows{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: movies
-      {{- if .Values.persistence.movies.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ if .Values.persistence.movies.existingClaim }}{{ .Values.persistence.movies.existingClaim }}{{- else }}{{ template "jellyfin.fullname" . }}-movies{{- end }}
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      {{- range .Values.persistence.extraExistingClaimMounts }}
-      - name: {{ .name }}
-        persistentVolumeClaim:
-          claimName: {{ .existingClaim }}
-      {{- end }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}

charts/jellyfin/templates/ingress.yaml

@@ -1,41 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "jellyfin.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    {{- with .Values.ingress.labels -}}
-    {{ toYaml . | nindent 4 }}
-    {{- end -}}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-{{- end }}

charts/jellyfin/templates/movies-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.movies.enabled (not .Values.persistence.movies.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "jellyfin.fullname" . }}-movies
-  {{- if .Values.persistence.movies.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.movies.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.movies.size | quote }}
-{{- if .Values.persistence.movies.storageClass }}
-{{- if (eq "-" .Values.persistence.movies.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.movies.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/jellyfin/templates/service.yaml

@@ -1,52 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "jellyfin.fullname" . }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- if .Values.service.labels }}
-{{ toYaml .Values.service.labels | indent 4 }}
-{{- end }}
-{{- with .Values.service.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
-  type: ClusterIP
-  {{- if .Values.service.clusterIP }}
-  clusterIP: {{ .Values.service.clusterIP }}
-  {{end}}
-{{- else if eq .Values.service.type "LoadBalancer" }}
-  type: {{ .Values.service.type }}
-  {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  {{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
-  {{- end -}}
-{{- else }}
-  type: {{ .Values.service.type }}
-{{- end }}
-{{- if .Values.service.externalIPs }}
-  externalIPs:
-{{ toYaml .Values.service.externalIPs | indent 4 }}
-{{- end }}
-  {{- if .Values.service.externalTrafficPolicy }}
-  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
-  {{- end }}
-  ports:
-    - name: http
-      port: {{ .Values.service.port }}
-      protocol: TCP
-      targetPort: http
-{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
-      nodePort: {{.Values.service.nodePort}}
-{{ end }}
-  selector:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/jellyfin/templates/tvshows-pvc.yaml

@@ -1,29 +0,0 @@
-
-{{- if and .Values.persistence.tvshows.enabled (not .Values.persistence.tvshows.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ template "jellyfin.fullname" . }}-tvshows
-  {{- if .Values.persistence.tvshows.skipuninstall }}
-  annotations:
-    "helm.sh/resource-policy": keep
-  {{- end }}
-  labels:
-    app.kubernetes.io/name: {{ include "jellyfin.name" . }}
-    helm.sh/chart: {{ include "jellyfin.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.tvshows.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.tvshows.size | quote }}
-{{- if .Values.persistence.tvshows.storageClass }}
-{{- if (eq "-" .Values.persistence.tvshows.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.tvshows.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}

charts/jellyfin/values.yaml

@@ -1,152 +1,35 @@
 # Default values for jellyfin.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
 
 image:
   repository: linuxserver/jellyfin
-  tag: 10.6.3-1-ls70
   pullPolicy: IfNotPresent
+  tag: version-10.6.4-1
 
-# upgrade strategy type (e.g. Recreate or RollingUpdate)
-strategyType: Recreate
-
-# Probes configuration
-probes:
-  liveness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-  readiness:
-    initialDelaySeconds: 60
-    failureThreshold: 5
-    timeoutSeconds: 10
-
-nameOverride: ""
-fullnameOverride: ""
-
-timezone: UTC
-puid: 1001
-pgid: 1001
-umaskSet: "022"
+strategy:
+  type: Recreate
 
 service:
-  type: ClusterIP
-  port: 8096
-  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  # nodePort:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  ## Use loadBalancerIP to request a specific static IP,
-  ## otherwise leave blank
-  ##
-  loadBalancerIP:
-  # loadBalancerSourceRanges: []
-  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
-  # externalTrafficPolicy: Cluster
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  labels: {}
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
+  port:
+    port: 8096
 
 persistence:
   config:
-    enabled: true
-    ## jellyfin configuration data Persistent Volume Storage Class
+    enabled: false
+    emptyDir: false
+
+  media:
+    enabled: false
+    emptyDir: false
+    mountPath: /media
+    ## Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
     ## If undefined (the default) or set to null, no storageClassName spec is
     ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
     ##   GKE, AWS & OpenStack)
-    ##
     # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    accessMode: ReadWriteOnce
-    size: 1Gi
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
     ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  tvshows:
-    enabled: true
-    ## jellyfin tv volume configuration
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  movies:
-    enabled: true
-    ## jellyfin movie volume configuration
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    # storageClass: "-"
-    ##
-    ## If you want to reuse an existing claim, you can pass the name of the PVC using
-    ## the existingClaim variable
-    # existingClaim: your-claim
-    # subPath: some-subpath
-    accessMode: ReadWriteOnce
-    size: 10Gi
-    ## Do not delete the pvc upon helm uninstall
-    skipuninstall: false
-  extraExistingClaimMounts: []
-    # - name: external-mount
-    #   mountPath: /srv/external-mount
-    ## A manually managed Persistent Volume and Claim
-    ## If defined, PVC must be created manually before volume will be bound
-    #   existingClaim:
-    #   readOnly: true
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}
-
-deploymentAnnotations: {}
+    # skipuninstall: false
+    # existingClaim: ""

charts/lidarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.8.0.1886
 description: Looks and smells like Sonarr but made for music
 name: lidarr
-version: 5.0.1
+version: 5.4.0
 keywords:
   - lidarr
   - torrent
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.5.0

charts/lidarr/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-0.8.0.1886
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 8686

charts/node-red/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.0.6-12
 description: Node-RED is low-code programming for event-driven applications
 name: node-red
-version: 3.1.0
+version: 3.3.0
 keywords:
   - nodered
   - node-red

charts/node-red/README.md

@@ -36,46 +36,59 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following tables lists the configurable parameters of the Node-RED chart and their default values.
 
-| Parameter                          | Description                                                             | Default                   |
-|:---------------------------------- |:----------------------------------------------------------------------- |:------------------------- |
-| `image.repository`                 | node-red image                                                          | `nodered/node-red`        |
-| `image.tag`                        | node-red image tag                                                      | `1.0.6-12-minimal`        |
-| `image.pullPolicy`                 | node-red image pull policy                                              | `IfNotPresent`            |
-| `strategyType`                     | Specifies the strategy used to replace old Pods by new ones             | `Recreate`                |
-| `serviceAccountName`               | Service account to run the pod as                                       | ``                        |
-| `livenessProbePath`                | Default livenessProbe path                                              | `/`                       |
-| `readinessProbePath`               | Default readinessProbe path                                             | `/`                       |
-| `flows`                            | Default flows configuration                                             | `flows.json`              |
-| `safeMode`                         | Setting to true starts Node-RED in safe (not running) mode              | `false`                   |
-| `enableProjects`                   | setting to true starts Node-RED with the projects feature enabled       | `false`                   |
-| `nodeOptions`                      | Node.js runtime arguments                                               | ``                        |
-| `extraEnvs`                        | Extra environment variables which will be appended to the env           | `[]`                      |
-| `timezone`                         | Default timezone                                                        | `UTC`                     |
-| `service.type`                     | Kubernetes service type for the GUI                                     | `ClusterIP`               |
-| `service.port`                     | Kubernetes port where the GUI is exposed                                | `1880`                    |
-| `service.nodePort`                 | Kubernetes nodePort where the GUI is exposed                            | ``                        |
-| `service.annotations`              | Service annotations for the GUI                                         | `{}`                      |
-| `service.labels`                   | Custom labels                                                           | `{}`                      |
-| `service.loadBalancerIP`           | Loadbalance IP for the GUI                                              | `{}`                      |
-| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported)         | None                      |
-| `service.externalTrafficPolicy`    | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster`                 |
-| `ingress.enabled`                  | Enables Ingress                                                         | `false`                   |
-| `ingress.annotations`              | Ingress annotations                                                     | `{}`                      |
-| `ingress.path`                     | Ingress path                                                            | `/`                       |
-| `ingress.hosts`                    | Ingress accepted hostnames                                              | `chart-example.local`     |
-| `ingress.tls`                      | Ingress TLS configuration                                               | `[]`                      |
-| `persistence.enabled`              | Use persistent volume to store data                                     | `false`                   |
-| `persistence.size`                 | Size of persistent volume claim                                         | `5Gi`                     |
-| `persistence.existingClaim`        | Use an existing PVC to persist data                                     | `nil`                     |
-| `persistence.storageClass`         | Type of persistent volume claim                                         | `-`                       |
-| `persistence.accessModes`          | Persistence access modes                                                | `ReadWriteOnce`           |
-| `persistence.subPath`              | Mount a sub dir of the persistent volume                                | `nil`                     |
-| `resources`                        | CPU/Memory resource requests/limits                                     | `{}`                      |
-| `nodeSelector`                     | Node labels for pod assignment                                          | `{}`                      |
-| `tolerations`                      | Toleration labels for pod assignment                                    | `[]`                      |
-| `affinity`                         | Affinity settings for pod assignment                                    | `{}`                      |
-| `podAnnotations`                   | Key-value pairs to add as pod annotations                               | `{}`                      |
-| `deploymentAnnotations`            | Key-value pairs to add as deployment annotations                        | `{}`                      |
+| Parameter                             | Description                                                             | Default                   |
+|:------------------------------------- |:----------------------------------------------------------------------- |:------------------------- |
+| `image.repository`                    | node-red image                                                          | `nodered/node-red`        |
+| `image.tag`                           | node-red image tag                                                      | `1.0.6-12-minimal`        |
+| `image.pullPolicy`                    | node-red image pull policy                                              | `IfNotPresent`            |
+| `strategyType`                        | Specifies the strategy used to replace old Pods by new ones             | `Recreate`                |
+| `serviceAccountName`                  | Service account to run the pod as                                       | ``                        |
+| `probes.liveness.enabled`             | Enable/ disable livenessProbe                                           | `true`                    |
+| `probes.liveness.probePath`           | Set livenessProbe path                                                  | `/`                       |
+| `probes.liveness.initialDelaySeconds` | Set livenessProbe initial delay                                         | 60                        |
+| `probes.liveness.failureThreshold`    | Set livenessProbe failure threshold                                     | 5                         |
+| `probes.liveness.timeoutSeconds`      | Set livenessProbe timeout                                               | 10                        |
+| `probes.readiness.enabled`            | Enable/ disable readinessProbe                                          | `true`                    |
+| `probes.readiness.probePath`          | Set readinessProbe path                                                 | `/`                       |
+| `probes.readiness.initialDelaySeconds`| Set readinessProbe initial delay                                        | 60                        |
+| `probes.readiness.failureThreshold`   | Set readinessProbe failure threshold                                    | 5                         |
+| `probes.readiness.timeoutSeconds`     | Set readinessProbe timeout                                              | 10                        |
+| `probes.startup.enabled`              | Enable/ disable readinessProbe                                          | `false`                   |
+| `probes.startup.probePath`            | Set startupProbe path                                                   | `/`                       |
+| `probes.startup.failureThreshold`     | Set startupProbe failure threshold                                      | 30                        |
+| `probes.startup.periodSeconds`        | Set startupProbe period                                                 | 10                        |
+| `flows`                               | Default flows configuration                                             | `flows.json`              |
+| `safeMode`                            | Setting to true starts Node-RED in safe (not running) mode              | `false`                   |
+| `enableProjects`                      | setting to true starts Node-RED with the projects feature enabled       | `false`                   |
+| `nodeOptions`                         | Node.js runtime arguments                                               | ``                        |
+| `extraEnvs`                           | Extra environment variables which will be appended to the env           | `[]`                      |
+| `timezone`                            | Default timezone                                                        | `UTC`                     |
+| `service.type`                        | Kubernetes service type for the GUI                                     | `ClusterIP`               |
+| `service.port`                        | Kubernetes port where the GUI is exposed                                | `1880`                    |
+| `service.nodePort`                    | Kubernetes nodePort where the GUI is exposed                            | ``                        |
+| `service.annotations`                 | Service annotations for the GUI                                         | `{}`                      |
+| `service.labels`                      | Custom labels                                                           | `{}`                      |
+| `service.loadBalancerIP`              | Loadbalance IP for the GUI                                              | `{}`                      |
+| `service.loadBalancerSourceRanges`    | List of IP CIDRs allowed access to load balancer (if supported)         | None                      |
+| `service.externalTrafficPolicy`       | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster`                 |
+| `ingress.enabled`                     | Enables Ingress                                                         | `false`                   |
+| `ingress.annotations`                 | Ingress annotations                                                     | `{}`                      |
+| `ingress.path`                        | Ingress path                                                            | `/`                       |
+| `ingress.hosts`                       | Ingress accepted hostnames                                              | `chart-example.local`     |
+| `ingress.tls`                         | Ingress TLS configuration                                               | `[]`                      |
+| `persistence.enabled`                 | Use persistent volume to store data                                     | `false`                   |
+| `persistence.size`                    | Size of persistent volume claim                                         | `5Gi`                     |
+| `persistence.existingClaim`           | Use an existing PVC to persist data                                     | `nil`                     |
+| `persistence.storageClass`            | Type of persistent volume claim                                         | `-`                       |
+| `persistence.accessModes`             | Persistence access modes                                                | `ReadWriteOnce`           |
+| `persistence.subPath`                 | Mount a sub dir of the persistent volume                                | `nil`                     |
+| `resources`                           | CPU/Memory resource requests/limits                                     | `{}`                      |
+| `nodeSelector`                        | Node labels for pod assignment                                          | `{}`                      |
+| `tolerations`                         | Toleration labels for pod assignment                                    | `[]`                      |
+| `affinity`                            | Affinity settings for pod assignment                                    | `{}`                      |
+| `podAnnotations`                      | Key-value pairs to add as pod annotations                               | `{}`                      |
+| `deploymentAnnotations`               | Key-value pairs to add as deployment annotations                        | `{}`                      |
+| `hostAliases`                         | Specify /etc/hosts entries                                              | `[]`                      |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

charts/node-red/templates/deployment.yaml

@@ -44,14 +44,32 @@ spec:
             - name: http
               containerPort: 1880
               protocol: TCP
+          {{- if .Values.probes.liveness.enabled }}
           livenessProbe:
             httpGet:
-              path: {{ .Values.livenessProbePath }}
+              path: {{ .Values.probes.liveness.probePath }}
               port: http
+            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.probes.readiness.enabled }}
           readinessProbe:
             httpGet:
-              path: {{ .Values.readinessProbePath }}
+              path: {{ .Values.probes.readiness.probePath }}
               port: http
+            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.probes.startup.enabled }}
+          startupProbe:
+            httpGet:
+              path: {{ .Values.probes.startup.probePath }}
+              port: http
+            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
+          {{- end }}
           env:
             - name: FLOWS
               value: "{{ .Values.flows }}"
@@ -82,6 +100,10 @@ spec:
         {{- else }}
           emptyDir: {}
         {{ end }}
+    {{- if .Values.hostAliases }}
+      hostAliases:
+{{ toYaml .Values.hostAliases | indent 8 }}
+    {{- end }}
     {{- with .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml . | indent 8 }}

charts/node-red/values.yaml

@@ -15,8 +15,31 @@ fullnameOverride: ""
 
 serviceAccountName: ""
 
-livenessProbePath: /
-readinessProbePath: /
+# Probes configuration
+# ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+probes:
+  liveness:
+    # Indicates whether the container is running. If the liveness probe fails, the kubelet kills the container
+    # and the container is subjected to its restart policy.
+    enabled: true
+    probePath: /
+    initialDelaySeconds: 60
+    failureThreshold: 5
+    timeoutSeconds: 10
+  readiness:
+    # Indicates whether the container is ready to respond to requests.
+    enabled: true
+    probePath: /
+    initialDelaySeconds: 60
+    failureThreshold: 5
+    timeoutSeconds: 10
+  startup:
+    # Indicates whether the application within the container is started.
+    # All other probes are disabled if a startup probe is provided, until it succeeds.
+    enabled: false
+    probePath: /
+    failureThreshold: 30
+    periodSeconds: 10
 
 flows: "flows.json"
 safeMode: "false"
@@ -46,6 +69,14 @@ service:
   ## Set the externalTrafficPolicy in the Service to either Cluster or Local
   # externalTrafficPolicy: Cluster
 
+hostAliases: []
+  # Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  # - ip: "192.168.1.100"
+  #   hostnames:
+  #   - "example.com"
+  #   - "www.example.com"
+
 ingress:
   enabled: false
   annotations: {}

charts/nzbget/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v21.0
 description: NZBGet is a Usenet downloader client
 name: nzbget
-version: 6.0.0
+version: 6.4.0
 keywords:
   - nzbget
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.5.0

charts/nzbget/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v21.0
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 6789

charts/nzbhydra2/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v3.4.3
 description: Usenet meta search
 name: nzbhydra2
-version: 4.0.1
+version: 4.4.0
 keywords:
   - nzbhydra2
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.5.0

charts/nzbhydra2/values.yaml

@@ -5,6 +5,9 @@ image:
   pullPolicy: IfNotPresent
   tag: version-v3.4.3
 
+strategy:
+  type: Recreate
+
 service:
   port:
     port: 5076

charts/oauth2-proxy/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+OWNERS

charts/oauth2-proxy/Chart.yaml

@@ -0,0 +1,20 @@
+name: oauth2-proxy
+version: 4.0.0
+apiVersion: v1
+appVersion: 5.1.0
+home: https://pusher.github.io/oauth2_proxy/
+description: A reverse proxy that provides authentication with Google, Github or other providers
+keywords:
+- kubernetes
+- oauth
+- oauth2
+- authentication
+- google
+- github
+sources:
+- https://github.com/pusher/oauth2_proxy
+engine: gotpl
+kubeVersion: ">=1.9.0-0"
+maintainers:
+  - name: carpenike
+    email: ryan@ryanholt.net

charts/oauth2-proxy/README.md

@@ -0,0 +1,170 @@
+# oauth2-proxy
+
+[oauth2-proxy](https://github.com/pusher/oauth2_proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
+
+## TL;DR;
+
+```console
+$ helm install stable/oauth2-proxy
+```
+
+## Introduction
+
+This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install stable/oauth2-proxy --name my-release
+```
+
+The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 1.0.0
+
+This version upgrade oauth2-proxy to v4.0.0. Please see the [changelog](https://github.com/pusher/oauth2_proxy/blob/v4.0.0/CHANGELOG.md#v400) in order to upgrade.
+
+### To 2.0.0
+
+Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`.  See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
+
+Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade`of this chart from versions earlier than 2.0.0.
+
+### To 3.0.0
+
+Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart.  This is a breaking change since the service account is enabled by default.  To disable this behaviour set `serviceAccount.enabled` to `false`
+
+### To 4.0.0
+
+This is a breaking change as the chart was moved to k8s-at-home. No other change on top of the 3.x.x branch.
+
+## Configuration
+
+The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`affinity` | node/pod affinities | None
+`authenticatedEmailsFile.enabled` | Enables authorize individual email addresses | `false`
+`authenticatedEmailsFile.template` | Name of the configmap that is handled outside of that chart | `""`
+`authenticatedEmailsFile.restricted_access` | [email addresses](https://github.com/pusher/oauth2_proxy#email-authentication) list config | `""`
+`config.clientID` | oauth client ID | `""`
+`config.clientSecret` | oauth client secret | `""`
+`config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 | head -c 32 | base64` | `""`
+`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/secret.yaml) for the required values | `nil`
+`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/pusher/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example) contents for settings not overridable via environment nor command line | `""`
+`config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/configmap.yaml) for the required values | `nil`
+`config.google.adminEmail` | user impersonated by the google service account | `""`
+`config.google.serviceAccountJson` | google service account json contents | `""`
+`config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil`
+`extraArgs` | key:value list of extra arguments to give the binary | `{}`
+`extraEnv` | key:value list of extra environment variables to give the binary | `[]`
+`extraVolumes` | list of extra volumes | `[]`
+`extraVolumeMounts` | list of extra volumeMounts | `[]`
+`htpasswdFile.enabled` | enable htpasswd-file option | `false`
+`htpasswdFile.entries` | list of [SHA encrypted user:passwords](https://pusher.github.io/oauth2_proxy/configuration#command-line-options) | `{}`
+`htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""`
+`httpScheme` | `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http`
+`image.pullPolicy` | Image pull policy | `IfNotPresent`
+`image.repository` | Image repository | `quay.io/pusher/oauth2_proxy`
+`image.tag` | Image tag | `v5.1.0`
+`imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods)
+`ingress.enabled` | Enable Ingress | `false`
+`ingress.path` | Ingress accepted path | `/`
+`ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`
+`ingress.annotations` | Ingress annotations | `nil`
+`ingress.hosts` | Ingress accepted hostnames | `nil`
+`ingress.tls` | Ingress TLS configuration | `nil`
+`livenessProbe.enabled`  | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`livenessProbe.initialDelaySeconds` | number of seconds | 0
+`livenessProbe.timeoutSeconds` | number of seconds | 1
+`nodeSelector` | node labels for pod assignment | `{}`
+`podAnnotations` | annotations to add to each pod | `{}`
+`podLabels` | additional labesl to add to each pod | `{}`
+`podDisruptionBudget.enabled`| Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true
+`podDisruptionBudget.minAvailable`| minAvailable parameter for PodDisruptionBudget | 1
+`podSecurityContext` | Kubernetes security context to apply to pod | `{}`
+`priorityClassName` | priorityClassName | `nil`
+`readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`readinessProbe.initialDelaySeconds` | number of seconds | 0
+`readinessProbe.timeoutSeconds` | number of seconds | 1
+`readinessProbe.periodSeconds` | number of seconds | 10
+`readinessProbe.successThreshold` | number of successes | 1
+`replicaCount` | desired number of pods | `1`
+`resources` | pod resource requests & limits | `{}`
+`service.port` | port for the service | `80`
+`service.type` | type of service | `ClusterIP`
+`service.clusterIP` | cluster ip address | `nil`
+`service.loadBalancerIP` | ip of load balancer | `nil`
+`service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil`
+`serviceAccount.enabled` | create a service account | `true`
+`serviceAccount.name` | the service account name | ``
+`serviceAccount.annotations` | (optional) annotations for the service account | `{}`
+`tolerations` | list of node taints to tolerate | `[]`
+`securityContext.enabled` | enable Kubernetes security context on container | `false`
+`securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
+`proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install stable/oauth2-proxy --name my-release \
+  --set=image.tag=v0.0.2,resources.limits.cpu=200m
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install stable/oauth2-proxy --name my-release -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## SSL Configuration
+
+See: [SSL Configuration](https://pusher.github.io/oauth2_proxy/tls-configuration).
+Use ```values.yaml``` like:
+
+```yaml
+...
+extraArgs:
+  tls-cert: /path/to/cert.pem
+  tls-key: /path/to/cert.key
+
+extraVolumes:
+  - name: ssl-cert
+    secret:
+      secretName: my-ssl-secret
+
+extraVolumeMounts:
+  - mountPath: /path/to/
+    name: ssl-cert
+...
+```
+
+With a secret called `my-ssl-secret`:
+
+```yaml
+...
+data:
+  cert.pem: AB..==
+  cert.key: CD..==
+```

charts/oauth2-proxy/ci/default-values.yaml

@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.

charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml

@@ -0,0 +1,6 @@
+ingress:
+  extraPaths:
+  - path: /*
+    backend:
+      serviceName: ssl-redirect
+      servicePort: use-annotation

charts/oauth2-proxy/ci/pdb-values.yaml

@@ -0,0 +1 @@
+replicaCount: 2  # Enables PodDisruptionBudget which is disabled when replicaCount is 1

charts/oauth2-proxy/ci/pod-security-context-values.yaml

@@ -0,0 +1,4 @@
+# Allocate a FSGroup that owns the pod’s volumes via podSecurityContext
+---
+podSecurityContext:
+  fsGroup: 2000

charts/oauth2-proxy/default-values.yaml

@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.

charts/oauth2-proxy/pdb-values.yaml

@@ -0,0 +1,2 @@
+# Will trigger creation of pdb
+replicaCount: 2

charts/oauth2-proxy/templates/NOTES.txt

@@ -0,0 +1,3 @@
+To verify that oauth2-proxy has started, run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.fullname" . }}"

charts/oauth2-proxy/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "unifi-poller.name" -}}
+{{- define "oauth2-proxy.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "unifi-poller.fullname" -}}
+{{- define "oauth2-proxy.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,29 +27,27 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "unifi-poller.chart" -}}
+{{- define "oauth2-proxy.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{/*
-Common labels
+Get the secret name.
 */}}
-{{- define "unifi-poller.labels" -}}
-app.kubernetes.io/name: {{ include "unifi-poller.name" . }}
-helm.sh/chart: {{ include "unifi-poller.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- define "oauth2-proxy.secretName" -}}
+{{- if .Values.config.existingSecret -}}
+{{- printf "%s" .Values.config.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "oauth2-proxy.fullname" .) -}}
+{{- end -}}
 {{- end -}}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "unifi-poller.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "unifi-poller.fullname" .) .Values.serviceAccount.name }}
+{{- define "oauth2-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+    {{ default (include "oauth2-proxy.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}

charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.authenticatedEmailsFile.enabled }}
+{{- if .Values.authenticatedEmailsFile.restricted_access }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+data:
+  restricted_user_access: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/templates/configmap-htpasswd-file.yaml

@@ -0,0 +1,17 @@
+{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+type: Opaque
+stringData:
+  users.txt: |-
+    {{- range $entries := .Values.htpasswdFile.entries }}
+    {{ $entries }}
+    {{- end -}}
+{{- end }}

charts/oauth2-proxy/templates/configmap.yaml

@@ -0,0 +1,15 @@
+{{- if not .Values.config.existingConfig }}
+{{- if .Values.config.configFile }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+data:
+  oauth2_proxy.cfg: {{ .Values.config.configFile | quote }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/templates/deployment.yaml

@@ -0,0 +1,206 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "oauth2-proxy.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }}
+{{- if .Values.htpasswdFile.enabled }}
+        checksum/htpasswd: {{ include (print $.Template.BasePath "/configmap-htpasswd-file.yaml") . | sha256sum }}
+{{- end }}
+    {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+    {{- end }}
+      labels:
+        app: {{ template "oauth2-proxy.name" . }}
+        release: "{{ .Release.Name }}"
+      {{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+    {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --http-address=0.0.0.0:4180
+        {{- range $key, $value := .Values.extraArgs }}
+          {{- if $value }}
+          - --{{ $key }}={{ $value }}
+          {{- else }}
+          - --{{ $key }}
+          {{- end }}
+        {{- end }}
+        {{- if or .Values.config.existingConfig .Values.config.configFile }}
+          - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
+        {{- end }}
+        {{- if .Values.authenticatedEmailsFile.enabled }}
+        {{- if .Values.authenticatedEmailsFile.template }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }}
+        {{- else }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list
+        {{- end }}
+        {{- end }}
+        {{- with .Values.config.google }}
+        {{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+          - --google-admin-email={{ .adminEmail }}
+          - --google-service-account-json=/google/service-account.json
+        {{- end }}
+        {{- end }}
+        {{- if .Values.htpasswdFile.enabled }}
+          - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt
+        {{- end }}
+        env:
+        {{- if .Values.proxyVarsAsSecrets }}
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-id
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-secret
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: cookie-secret
+        {{- end }}
+        {{- if .Values.extraEnv }}
+{{ toYaml .Values.extraEnv | indent 8 }}
+        {{- end }}
+        ports:
+          - containerPort: 4180
+            name: {{ .Values.httpScheme }}
+            protocol: TCP
+{{- if .Values.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+{{- end }}
+{{- if .Values.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.readinessProbe.successThreshold }}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+{{- end }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        volumeMounts:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+        - name: google-secret
+          mountPath: /google
+          readOnly: true
+{{- end }}
+{{- end }}
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+        - mountPath: /etc/oauth2_proxy
+          name: configmain
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+        - mountPath: /etc/oauth2-proxy
+          name: configaccesslist
+          readOnly: true
+{{- end }}
+{{- if .Values.htpasswdFile.enabled }}
+        - mountPath: /etc/oauth2_proxy/htpasswd
+          name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+          readOnly: true
+{{- end }}
+{{- if ne (len .Values.extraVolumeMounts) 0 }}
+{{ toYaml .Values.extraVolumeMounts | indent 8 }}
+{{- end }}
+{{- if .Values.securityContext.enabled }}
+        securityContext:
+          runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
+{{- end}}
+      volumes:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+      - name: google-secret
+        secret:
+          secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" $ }}{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.htpasswdFile.enabled }}
+      - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+        secret:
+          secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }}
+{{- end }}
+
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+      - configMap:
+          defaultMode: 420
+          name: {{ if .Values.config.existingConfig }}{{ .Values.config.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}{{ end }}
+        name: configmain
+{{- end }}
+{{- if ne (len .Values.extraVolumes) 0 }}
+{{ toYaml .Values.extraVolumes | indent 6 }}
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+      - configMap:
+{{- if .Values.authenticatedEmailsFile.template }}
+          name: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+          name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+          items:
+          - key: restricted_user_access
+{{- if .Values.authenticatedEmailsFile.template }}
+            path: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+            path: authenticated-emails-list
+{{- end }}
+        name: configaccesslist
+{{- end }}
+
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
+    {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+    {{- end }}
+    {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+    {{- end }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}

charts/oauth2-proxy/templates/google-secret.yaml

@@ -0,0 +1,14 @@
+{{- if and .Values.config.google (not .Values.config.google.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}-google
+type: Opaque
+data:
+  service-account.json: {{ .serviceAccountJson }}
+{{- end -}}

charts/oauth2-proxy/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "oauth2-proxy.fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  rules:
+    {{- range $host := .Values.ingress.hosts }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+    {{- end -}}
+  {{- if .Values.ingress.tls }}
+  tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+  {{- end -}}
+{{- end -}}

charts/oauth2-proxy/templates/poddisruptionbudget.yaml

@@ -0,0 +1,17 @@
+{{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    chart: {{ template "oauth2-proxy.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "oauth2-proxy.name" . }}
+      release: {{ .Release.Name }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}