chore: Auto-update chart README [skip ci]

feat: add chart for scrypted (#1409 )
Co-authored-by: Casey Vockrodt <vockrodc@nro.mil>
2022-02-10 22:39:36 +00:00 · 2022-02-10 17:39:09 -05:00 · 2022-02-09 18:56:46 +00:00 · 2022-02-09 19:56:18 +01:00 · 2022-02-09 09:30:11 +00:00 · 2022-02-09 10:29:43 +01:00
55 changed files with 1554 additions and 963 deletions
--- a/.github/workflows/charts-lint.yaml
+++ b/.github/workflows/charts-lint.yaml
@@ -18,14 +18,16 @@ jobs:
          fetch-depth: 0
          ref: ${{ inputs.checkoutCommit }}

-      - name: Install Helm
-        uses: azure/setup-helm@v1
+      - name: Install Kubernetes tools
+        uses: yokawasa/action-setup-kube-tools@v0.8.0
        with:
-          version: v3.6.3
+          setup-tools: |
+            helmv3
+          helm: "3.8.0"

      - uses: actions/setup-python@v2
        with:
-          python-version: 3.7
+          python-version: "3.10"

      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.1.0
--- a/.github/workflows/charts-release.yaml
+++ b/.github/workflows/charts-release.yaml
@@ -33,7 +33,7 @@ jobs:
          setup-tools: |
            helmv3
            yq
-          helm: 3.6.3
+          helm: "3.8.0"
          yq: "4.16.2"

      - name: Install helm-docs
--- a/.github/workflows/charts-test.yaml
+++ b/.github/workflows/charts-test.yaml
@@ -23,7 +23,7 @@ jobs:
        with:
          setup-tools: |
            helmv3
-          helm: 3.6.3
+          helm: "3.8.0"

      - name: Install Ruby
        uses: ruby/setup-ruby@v1
@@ -95,11 +95,11 @@ jobs:
        with:
          setup-tools: |
            helmv3
-          helm: 3.6.3
+          helm: "3.6.3"

      - uses: actions/setup-python@v2
        with:
-          python-version: 3.7
+          python-version: "3.10"

      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.1.0
--- a/charts/incubator/dendrite/Chart.yaml
+++ b/charts/incubator/dendrite/Chart.yaml
@@ -1,9 +1,9 @@
 ---
 apiVersion: v2
-appVersion: 0.6.0
+appVersion: 0.6.2
 description: Dendrite Matrix Homeserver
 name: dendrite
-version: 2.0.0
+version: 3.0.0
 kubeVersion: ">=1.16.0-0"
 keywords:
  - dendrite
@@ -11,6 +11,7 @@ keywords:
  - homeserver
  - monolith
  - federation
+  - polylith
 home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/dendrite
 sources:
  - https://github.com/matrix-org/dendrite
@@ -30,9 +31,73 @@ dependencies:
    version: 0.12.1
    repository: https://nats-io.github.io/k8s/helm/charts/
    condition: nats.enabled
+  # Client API
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: clientapi
+    condition: dendrite.polylithEnabled
+  # Media API
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: mediaapi
+    condition: dendrite.polylithEnabled
+  # Sync API
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: syncapi
+    condition: dendrite.polylithEnabled
+  # Room Server
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: roomserver
+    condition: dendrite.polylithEnabled
+  # EDU Server
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: eduserver
+    condition: dendrite.polylithEnabled
+  # Federation API
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: federationapi
+    condition: dendrite.polylithEnabled
+  # Key Server
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: keyserver
+    condition: dendrite.polylithEnabled
+  # User API
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: userapi
+    condition: dendrite.polylithEnabled
+  # App Service API
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+    alias: appserviceapi
+    condition: dendrite.polylithEnabled
 annotations:
  artifacthub.io/changes: |
    - kind: changed
-      description: NATS is now used instead of Kafka
+      description: Refactored values for polylith mode
    - kind: changed
-      description: App version bumped to v0.6.0
+      description: Split out volume template defintions into separate file
+    - kind: fix
+      description: NAT subchart indentation
+    - kind: fix
+      description: MSC's config and updated config version
+    - kind: changed
+      description: Bumped app version to v0.6.2
+    - kind: added
+      description: Support for polylith deployment
+    - kind: changed
+      description: Rename secret fields for consistency
--- a/charts/incubator/dendrite/README.md
+++ b/charts/incubator/dendrite/README.md
@@ -1,6 +1,6 @@
 # dendrite

-![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
+![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![AppVersion: 0.6.2](https://img.shields.io/badge/AppVersion-0.6.2-informational?style=flat-square)

 Dendrite Matrix Homeserver

@@ -21,6 +21,15 @@ Kubernetes: `>=1.16.0-0`
 |------------|------|---------|
 | https://charts.bitnami.com/bitnami | postgresql | 10.14.4 |
 | https://library-charts.k8s-at-home.com | common | 4.3.0 |
+| https://library-charts.k8s-at-home.com | federationapi(common) | 4.3.0 |
+| https://library-charts.k8s-at-home.com | clientapi(common) | 4.3.0 |
+| https://library-charts.k8s-at-home.com | mediaapi(common) | 4.3.0 |
+| https://library-charts.k8s-at-home.com | syncapi(common) | 4.3.0 |
+| https://library-charts.k8s-at-home.com | roomserver(common) | 4.3.0 |
+| https://library-charts.k8s-at-home.com | eduserver(common) | 4.3.0 |
+| https://library-charts.k8s-at-home.com | keyserver(common) | 4.3.0 |
+| https://library-charts.k8s-at-home.com | userapi(common) | 4.3.0 |
+| https://library-charts.k8s-at-home.com | appserviceapi(common) | 4.3.0 |
 | https://nats-io.github.io/k8s/helm/charts/ | nats | 0.12.1 |

 ## TL;DR
@@ -70,7 +79,14 @@ helm install dendrite k8s-at-home/dendrite -f values.yaml

 ## Custom configuration

-N/A
+### Polylith Ingress
+
+Due to the complexity of setting up ingress for each individual component it
+is left up to the individual to add the necessary ingress fields to polylith deployments.
+
+For more information see:
+- https://github.com/matrix-org/dendrite/blob/master/docs/INSTALL.md#nginx-or-other-reverse-proxy
+- and https://github.com/matrix-org/dendrite/blob/master/docs/nginx/polylith-sample.conf

 ## Values

@@ -78,17 +94,20 @@ N/A

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| appserviceapi | object | See values.yaml | Configure the app service api. For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| appserviceapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| appserviceapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| appserviceapi.image.tag | string | `"v0.6.2"` | image tag |
+| clientapi | object | See values.yaml | Configuration for the client api component. For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| clientapi.config.captcha | object | See values.yaml | Configure captcha for registration |
+| clientapi.config.rate_limiting | object | values.yaml | Configure rate limiting. |
+| clientapi.config.registration_disabled | bool | `false` | Enable or disable registration for this homeserver. |
+| clientapi.config.registration_shared_secret | string | `""` | Shared secret that allows registration, despite registration_disabled. |
+| clientapi.config.turn | object | See values.yaml | Configure TURN |
+| clientapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| clientapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| clientapi.image.tag | string | `"v0.6.2"` | image tag |
 | dendrite | object | See values.yaml | Configuration for Dendrite. For more information see [the sample denrite-config.yaml](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
-| dendrite.components | object | See values.yaml | Configure the dendrite components. |
-| dendrite.components.app_service_api | object | See values.yaml | Configure the App Service API |
-| dendrite.components.client_api | object | `{"captcha":{"enabled":false,"recaptcha_bypass_secret":"","recaptcha_private_key":"","recaptcha_public_key":"","recaptcha_siteverify_api":""},"rate_limiting":{"cooloff_ms":500,"enabled":true,"threshold":5},"registration_disabled":false,"registration_shared_secret":"","turn":{"turn_password":"","turn_shared_secret":"","turn_uris":[],"turn_user_lifetime":"","turn_username":""}}` | Configure the Client API |
-| dendrite.components.client_api.captcha | object | See values.yaml | Configure captcha for registration |
-| dendrite.components.client_api.rate_limiting | object | values.yaml | Configure rate limiting. |
-| dendrite.components.client_api.registration_disabled | bool | `false` | Enable or disable registration for this homeserver. |
-| dendrite.components.client_api.registration_shared_secret | string | `""` | Shared secret that allows registration, despite registration_disabled. |
-| dendrite.components.client_api.turn | object | See values.yaml | Configure TURN |
-| dendrite.components.federation_api | object | values.yaml | Configure the Federation API |
-| dendrite.components.media_api | object | values.yaml | Configure the Media API |
 | dendrite.database | object | See values.yaml | Configure database connection parameters. |
 | dendrite.global | object | See values.yaml | Configure the global settings for dendrite. |
 | dendrite.global.dns_cache | object | See values.yaml | Configure DNS cache. |
@@ -96,21 +115,42 @@ N/A
 | dendrite.global.key_validity_period | string | `"168h0m0s"` | Configure the key_validity period |
 | dendrite.global.metrics | object | See values.yaml | Configure prometheus metrics collection for dendrite. |
 | dendrite.global.metrics.enabled | bool | See values.yaml | If enabled, metrics collection will be enabled |
+| dendrite.global.mscs | list | `[]` | Configure experimental MSC's |
 | dendrite.global.server_name | string | `"localhost"` | (required) Configure the server name for the dendrite instance. |
 | dendrite.global.trusted_third_party_id_servers | list | `["matrix.org","vector.im"]` | Configure the list of domains the server will trust as identity servers |
 | dendrite.global.well_known_server_name | string | `""` | Configure the well-known server name and optional port |
 | dendrite.logging | list | See values.yaml | Configure logging. |
-| dendrite.matrix_key_secret | object | See values.yaml | If enabled, use an existing secret for matrix_key.pem. Otherwise a matrix_key.pem must be mounted to `/etc/dendrite`. |
+| dendrite.matrix_key_secret.create | bool | `false` | Create matrix_key secret using the keyBody below. |
+| dendrite.matrix_key_secret.existingSecret | string | `""` | Use an existing secret |
+| dendrite.matrix_key_secret.keyBody | string | `""` | New Key Body |
+| dendrite.matrix_key_secret.secretPath | string | `"matrix_key.pem"` | Field in the secret to get the key from |
+| dendrite.polylithEnabled | bool | `false` | Enable polylith deployment |
 | dendrite.tls_secret | object | See values.yaml | If enabled, use an existing secrets for the TLS certificate and key. Otherwise, to enable TLS a `server.crt` and `server.key` must be mounted at `/etc/dendrite`. |
 | dendrite.tracing | object | See values.yaml | Configure opentracing. |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"matrixdotorg/dendrite-monolith","tag":"v0.5.1"}` |  IMPORTANT NOTE This chart inherits from our common library chart. You can check the default values/options here: https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml |
+| eduserver | object | values.yaml | Configure the edu server For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| eduserver.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| eduserver.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| eduserver.image.tag | string | `"v0.6.2"` | image tag |
+| federationapi | object | values.yaml | Configure the Federation API For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| federationapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| federationapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| federationapi.image.tag | string | `"v0.6.2"` | image tag |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"matrixdotorg/dendrite-monolith","tag":"v0.6.2"}` |  IMPORTANT NOTE This chart inherits from our common library chart. You can check the default values/options here: https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml |
 | image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
 | image.repository | string | `"matrixdotorg/dendrite-monolith"` | image repository |
-| image.tag | string | `"v0.5.1"` | image tag |
+| image.tag | string | `"v0.6.2"` | image tag |
 | ingress.main | object | See values.yaml | Enable and configure ingress settings for the chart under this key. |
+| keyserver | object | See values.yaml | Configure the key server. For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| keyserver.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| keyserver.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| keyserver.image.tag | string | `"v0.6.2"` | image tag |
+| mediaapi | object | values.yaml | Configure the Media API For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| mediaapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| mediaapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| mediaapi.image.tag | string | `"v0.6.2"` | image tag |
 | nats.enabled | bool | See value.yaml | Enable and configure NATS for dendrite. Can be disabled for monolith deployments - an internal NATS server will be used in its place. |
-| nats.image | string | `"nats:2.7.1-alpine"` |  |
-| nats.jetstream.enabled | bool | `true` |  |
+| nats.nats.image | string | `"nats:2.7.1-alpine"` |  |
+| nats.nats.jetstream.enabled | bool | `true` |  |
 | persistence | object | See values.yaml | Configure persistence settings for the chart under this key. |
 | persistence.jetstream | object | See values.yaml | Configure Jetsream persistence. This is highly recommended in production. |
 | postgresql.enabled | bool | See value.yaml | Enable and configure postgres as the database for dendrite. |
@@ -121,22 +161,36 @@ N/A
 | postgresql.postgresqlDatabase | string | `"dendrite"` |  |
 | postgresql.postgresqlPassword | string | `"changeme"` |  |
 | postgresql.postgresqlUsername | string | `"dendrite"` |  |
+| roomserver | object | values.yaml | Configure the Room Server For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| roomserver.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| roomserver.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| roomserver.image.tag | string | `"v0.6.2"` | image tag |
 | service | object | See values.yaml | If added dendrite will start a HTTP and HTTPS listener args:   - "--tls-cert=server.crt"   - "--tls-key=server.key" -- Configures service settings for the chart. |
 | service.main.ports.http | object | See values.yaml | Configures the default HTTP listener for dendrite |
 | service.main.ports.https | object | See values.yaml | Configures the HTTPS listener for dendrite |
+| syncapi | object | values.yaml | Configure the Sync API For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| syncapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| syncapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| syncapi.image.tag | string | `"v0.6.2"` | image tag |
+| userapi | object | values.yaml | Configure the User API For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml) |
+| userapi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| userapi.image.repository | string | `"matrixdotorg/dendrite-polylith"` | image repository |
+| userapi.image.tag | string | `"v0.6.2"` | image tag |

 ## Changelog

-### Version 2.0.0
+### Version 3.0.0

 #### Added

-N/A
+* Support for polylith deployment

 #### Changed

-* NATS is now used instead of Kafka
-* App version bumped to v0.6.0
+* Refactored values for polylith mode
+* Split out volume template defintions into separate file
+* Bumped app version to v0.6.2
+* Rename secret fields for consistency

 #### Fixed

--- a/charts/incubator/dendrite/README_CONFIG.md.gotmpl
+++ b/charts/incubator/dendrite/README_CONFIG.md.gotmpl
@@ -5,5 +5,13 @@
 {{- define "custom.custom.configuration" -}}
 {{ template "custom.custom.configuration.header" . }}

-N/A
+### Polylith Ingress
+
+Due to the complexity of setting up ingress for each individual component it
+is left up to the individual to add the necessary ingress fields to polylith deployments.
+
+For more information see:
+- https://github.com/matrix-org/dendrite/blob/master/docs/INSTALL.md#nginx-or-other-reverse-proxy
+- and https://github.com/matrix-org/dendrite/blob/master/docs/nginx/polylith-sample.conf
+
 {{- end -}}
--- a/charts/incubator/dendrite/ci/ct-values.yaml
+++ b/charts/incubator/dendrite/ci/ct-values.yaml
@@ -1,11 +1,10 @@
 ---
 dendrite:
  matrix_key_secret:
-    enabled: true
-secret:
-  matrix_key.pem: |
-    -----BEGIN MATRIX PRIVATE KEY-----
-    Key-ID: ed25519:P8gZqV
+    create: true
+    keyBody: |
+      -----BEGIN MATRIX PRIVATE KEY-----
+      Key-ID: ed25519:P8gZqV

-    qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU=
-    -----END MATRIX PRIVATE KEY-----
+      qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU=
+      -----END MATRIX PRIVATE KEY-----
--- a/charts/incubator/dendrite/ci/nats-values.yaml
+++ b/charts/incubator/dendrite/ci/nats-values.yaml
@@ -0,0 +1,12 @@
+---
+dendrite:
+  matrix_key_secret:
+    create: true
+    keyBody: |
+      -----BEGIN MATRIX PRIVATE KEY-----
+      Key-ID: ed25519:P8gZqV
+
+      qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU=
+      -----END MATRIX PRIVATE KEY-----
+nats:
+  enabled: true
--- a/charts/incubator/dendrite/ci/polylith-basic-values.yaml
+++ b/charts/incubator/dendrite/ci/polylith-basic-values.yaml
@@ -0,0 +1,13 @@
+---
+dendrite:
+  polylithEnabled: true
+  matrix_key_secret:
+    create: true
+    keyBody: |
+      -----BEGIN MATRIX PRIVATE KEY-----
+      Key-ID: ed25519:P8gZqV
+
+      qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU=
+      -----END MATRIX PRIVATE KEY-----
+nats:
+  enabled: true
--- a/charts/incubator/dendrite/ci/polylith-full-values.yaml
+++ b/charts/incubator/dendrite/ci/polylith-full-values.yaml
@@ -0,0 +1,18 @@
+---
+dendrite:
+  polylithEnabled: true
+  matrix_key_secret:
+    create: true
+    keyBody: |
+      -----BEGIN MATRIX PRIVATE KEY-----
+      Key-ID: ed25519:P8gZqV
+
+      qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU=
+      -----END MATRIX PRIVATE KEY-----
+nats:
+  enabled: true
+persistence:
+  jetstream:
+    enabled: true
+postgresql:
+  enabled: true
--- a/charts/incubator/dendrite/ci/postresql-values.yaml
+++ b/charts/incubator/dendrite/ci/postresql-values.yaml
@@ -0,0 +1,12 @@
+---
+dendrite:
+  matrix_key_secret:
+    create: true
+    keyBody: |
+      -----BEGIN MATRIX PRIVATE KEY-----
+      Key-ID: ed25519:P8gZqV
+
+      qVzy2Cwokt15RjGy8OzFSq6z0JFmI6QX/1Zw1VP73uU=
+      -----END MATRIX PRIVATE KEY-----
+postgresql:
+  enabled: true
--- a/charts/incubator/dendrite/templates/_helper.tpl
+++ b/charts/incubator/dendrite/templates/_helper.tpl
@@ -0,0 +1,3 @@
+{{- define "dendrite.names.key" -}}
+    {{- default (printf "%s-key" (include "common.names.fullname" .)) .Values.dendrite.matrix_key_secret.existingSecret -}}
+{{- end -}}
--- a/charts/incubator/dendrite/templates/common.yaml
+++ b/charts/incubator/dendrite/templates/common.yaml
@@ -1,42 +1,25 @@
-{{ include "common.values.setup" . }}
-
-{{- define "dendrite.keyVolume" -}}
-enabled: {{ .Values.dendrite.matrix_key_secret.enabled | quote }}
-type: "custom"
-volumeSpec:
-  secret:
-    defaultMode: 0600
-    secretName: {{ default (include "common.names.fullname" .) .Values.dendrite.matrix_key_secret.secretName }}
-subPath:
-  - path: {{ .Values.dendrite.matrix_key_secret.key }}
-    mountPath: "/etc/dendrite/matrix_key.pem"
-{{- end -}}
-{{- define "dendrite.tlsVolume" -}}
-enabled: {{ .Values.dendrite.tls_secret.enabled }}
-type: "custom"
-volumeSpec:
-  secret:
-    defaultMode: 0600
-    secretName: {{ .Values.dendrite.tls_secret.secretName }}
-subPath:
-  - path: {{ .Values.dendrite.tls_secret.crtKey }}
-    mountPath: "/etc/dendrite/server.crt"
-  - path: {{ .Values.dendrite.tls_secret.keyKey }}
-    mountPath: "/etc/dendrite/server.key"
-{{- end -}}
-{{- define "dendrite.configVolume" -}}
-enabled: "true"
-type: "custom"
-volumeSpec:
-  secret:
-    defaultMode: 0600
-    secretName: {{ include "common.names.fullname" . }}-config
-subPath:
-  - path: dendrite.yaml
-    mountPath: "/etc/dendrite/dendrite.yaml"
-{{- end -}}
-{{- $_ := set .Values.persistence "dendrite-key" (include "dendrite.keyVolume" . | fromYaml) -}}
-{{- $_ := set .Values.persistence "dendrite-config" (include "dendrite.configVolume" . | fromYaml) -}}
-{{- $_ := set .Values.persistence "dendrite-tls" (include "dendrite.tlsVolume" . | fromYaml) -}}
-
-{{ include "common.all" . }}
+{{- if .Values.dendrite.polylithEnabled }}
+  {{ $components := list "clientapi" "appserviceapi" "federationapi" "userapi" "keyserver" "mediaapi" "syncapi" "roomserver" "eduserver" }}
+  {{- range $components }}
+    {{- include "common.values.setup" (index $.Subcharts .) }}
+    {{- with (index $.Values .) }}
+      {{- if not .persistence }}
+        {{- $_ := set . "persistence" (dict)}}
+      {{- end }}
+      {{- $_ := set .persistence "dendrite-key" (include "dendrite.keyVolume" $ | fromYaml) -}}
+      {{- $_ := set .persistence "dendrite-config" (include "dendrite.configVolume" $ | fromYaml) -}}
+      {{- $_ := set .persistence "dendrite-tls" (include "dendrite.tlsVolume" $ | fromYaml) -}}
+      {{- $_ := set .persistence "jetstream" $.Values.persistence.jetstream -}}
+    {{- end }}
+    {{- include "common.all" (index $.Subcharts .) }}
+  {{- end }}
+  {{- with (index $.Values "mediaapi") }}
+    {{- $_ := set .persistence "media" $.Values.persistence.media -}}
+  {{- end }}
+{{- else }}
+  {{ include "common.values.setup" . }}
+  {{- $_ := set .Values.persistence "dendrite-key" (include "dendrite.keyVolume" . | fromYaml) -}}
+  {{- $_ := set .Values.persistence "dendrite-config" (include "dendrite.configVolume" . | fromYaml) -}}
+  {{- $_ := set .Values.persistence "dendrite-tls" (include "dendrite.tlsVolume" . | fromYaml) -}}
+  {{ include "common.all" . }}
+{{- end }}
--- a/charts/incubator/dendrite/templates/dendrite-config.yaml
+++ b/charts/incubator/dendrite/templates/dendrite-config.yaml
@@ -1,6 +1,6 @@
 {{- $connectionString := "file:" -}}
 {{- if .Values.postgresql.enabled}}
-{{- $connectionString = print "postgresql://" .Values.postgresql.postgresqlUsername ":" .Values.postgresql.postgresqlPassword "@dendrite-postgresql/" -}}
+{{- $connectionString = print "postgresql://" .Values.postgresql.postgresqlUsername ":" .Values.postgresql.postgresqlPassword "@" (include "common.names.fullname" .)  "-postgresql/" -}}
 {{- end}}
 ---
 apiVersion: v1
@@ -10,7 +10,7 @@ metadata:
 type: Opaque
 stringData:
  dendrite.yaml: |
-    version: 1
+    version: 2
    global:
      server_name: {{ required "A server_name must be provided." .Values.dendrite.global.server_name | quote }}
      private_key: matrix_key.pem
@@ -21,7 +21,7 @@ stringData:
      jetstream:
        addresses:
          {{- if .Values.nats.enabled }}
-          - {{ include "nats.fullname" .Subcharts.nats  }}:4222
+          - {{ template "common.names.fullname" . }}-nats:4222
          {{- else }}
          []
          {{- end }}
@@ -39,40 +39,40 @@ stringData:
        cache_lifetime: {{ default "5m" .Values.dendrite.global.dns_cache.cache_lifetime }}
    app_service_api:
      internal_api:
-        listen: http://0.0.0.0:7777
-        connect: http://appservice_api:7777
+        listen: http://0.0.0.0:{{ .Values.appserviceapi.service.main.ports.internal.port }}
+        connect: http://{{ include "common.names.fullname" . }}-appserviceapi:{{ .Values.appserviceapi.service.main.ports.internal.port }}
      database:
        connection_string: {{ $connectionString }}dendrite_appservice?sslmode=disable
        max_open_conns: {{ .Values.dendrite.database.max_open_conns }}
        max_idle_conns: {{ .Values.dendrite.database.max_idle_conns }}
        conn_max_lifetime: {{ .Values.dendrite.database.conn_max_lifetime }}
-      config_files: {{- toYaml .Values.dendrite.components.app_service_api.config_files | nindent 8 }}
+      config_files: {{- toYaml .Values.appserviceapi.config.config_files | nindent 8 }}
    client_api:
      internal_api:
-        listen: http://0.0.0.0:7771
-        connect: http://client_api:7771
+        listen: http://0.0.0.0:{{ .Values.clientapi.service.main.ports.internal.port }}
+        connect: http://{{ include "common.names.fullname" . }}-clientapi:{{ .Values.clientapi.service.main.ports.internal.port }}
      external_api:
-        listen: http://0.0.0.0:8071
-      registration_disabled: {{ default false .Values.dendrite.components.client_api.registration_disabled }}
-      registration_shared_secret: {{ default "" .Values.dendrite.components.client_api.registration_shared_secret | quote }}
-      enable_registration_captcha: {{ default false .Values.dendrite.components.client_api.captcha.enabled }}
-      recaptcha_public_key: {{ default "" .Values.dendrite.components.client_api.captcha.recaptcha_public_key | quote }}
-      recaptcha_private_key: {{ default "" .Values.dendrite.components.client_api.captcha.recaptcha_private_key | quote }}
-      recaptcha_bypass_secret: {{ default "" .Values.dendrite.components.client_api.captcha.recaptcha_bypass_secret | quote }}
-      recaptcha_siteverify_api: {{ default "" .Values.dendrite.components.client_api.captcha.recaptcha_siteverify_api | quote }}
-      turn: {{- toYaml .Values.dendrite.components.client_api.turn | nindent 8 }}
+        listen: http://0.0.0.0:{{ .Values.clientapi.service.main.ports.external.port }}
+      registration_disabled: {{ default false .Values.clientapi.config.registration_disabled }}
+      registration_shared_secret: {{ default "" .Values.clientapi.config.registration_shared_secret | quote }}
+      enable_registration_captcha: {{ default false .Values.clientapi.config.captcha.enabled }}
+      recaptcha_public_key: {{ default "" .Values.clientapi.config.captcha.recaptcha_public_key | quote }}
+      recaptcha_private_key: {{ default "" .Values.clientapi.config.captcha.recaptcha_private_key | quote }}
+      recaptcha_bypass_secret: {{ default "" .Values.clientapi.config.captcha.recaptcha_bypass_secret | quote }}
+      recaptcha_siteverify_api: {{ default "" .Values.clientapi.config.captcha.recaptcha_siteverify_api | quote }}
+      turn: {{- toYaml .Values.clientapi.config.turn | nindent 8 }}
      rate_limiting:
-        enabled: {{ default true .Values.dendrite.components.client_api.rate_limiting.enabled }}
-        threshold: {{ default 5 .Values.dendrite.components.client_api.rate_limiting.threshold }}
-        cooloff_ms: {{ default 500 .Values.dendrite.components.client_api.rate_limiting.cooloff_ms }}
+        enabled: {{ default true .Values.clientapi.config.rate_limiting.enabled }}
+        threshold: {{ default 5 .Values.clientapi.config.rate_limiting.threshold }}
+        cooloff_ms: {{ default 500 .Values.clientapi.config.rate_limiting.cooloff_ms }}
    edu_server:
      internal_api:
        listen: http://0.0.0.0:7778
-        connect: http://edu_server:7778
+        connect: http://{{ include "common.names.fullname" . }}-eduserver:7778
    federation_api:
      internal_api:
        listen: http://0.0.0.0:7772
-        connect: http://federation_api:7772
+        connect: http://{{ include "common.names.fullname" . }}-federationapi:7772
      external_api:
        listen: http://0.0.0.0:8072
      database:
@@ -80,20 +80,20 @@ stringData:
        max_open_conns: {{ .Values.dendrite.database.max_open_conns }}
        max_idle_conns: {{ .Values.dendrite.database.max_idle_conns }}
        conn_max_lifetime: {{ .Values.dendrite.database.conn_max_lifetime }}
-      federation_certificates: {{- toYaml .Values.dendrite.components.federation_api.federation_certificates | nindent 8 }}
-      send_max_retries: {{ default 16 .Values.dendrite.components.federation_api.send_max_retries }}
-      disable_tls_validation: {{ default false .Values.dendrite.components.federation_api.disable_tls_validation }}
+      federation_certificates: {{- toYaml .Values.federationapi.config.federation_certificates | nindent 8 }}
+      send_max_retries: {{ default 16 .Values.federationapi.config.send_max_retries }}
+      disable_tls_validation: {{ default false .Values.federationapi.config.disable_tls_validation }}
      proxy_outbound:
-        enabled: {{ default false .Values.dendrite.components.federation_api.proxy_outbound.enabled }}
-        protocol: {{ default "http" .Values.dendrite.components.federation_api.proxy_outbound.protocol | quote }}
-        host: {{ default "localhost" .Values.dendrite.components.federation_api.proxy_outbound.host | quote }}
-        port: {{ default 8080 .Values.dendrite.components.federation_api.proxy_outbound.port }}
-      key_perspectives: {{- toYaml .Values.dendrite.components.federation_api.key_perspectives | nindent 8 }}
-      prefer_direct_fetch: {{ default false .Values.dendrite.components.federation_api.prefer_direct_fetch }}
+        enabled: {{ default false .Values.federationapi.config.proxy_outbound.enabled }}
+        protocol: {{ default "http" .Values.federationapi.config.proxy_outbound.protocol | quote }}
+        host: {{ default "localhost" .Values.federationapi.config.proxy_outbound.host | quote }}
+        port: {{ default 8080 .Values.federationapi.config.proxy_outbound.port }}
+      key_perspectives: {{- toYaml .Values.federationapi.config.key_perspectives | nindent 8 }}
+      prefer_direct_fetch: {{ default false .Values.federationapi.config.prefer_direct_fetch }}
    key_server:
      internal_api:
        listen: http://0.0.0.0:7779
-        connect: http://key_server:7779
+        connect: http://{{ include "common.names.fullname" . }}-keyserver:7779
      database:
        connection_string: {{ $connectionString }}dendrite_keyserver?sslmode=disable
        max_open_conns: {{ .Values.dendrite.database.max_open_conns }}
@@ -102,7 +102,7 @@ stringData:
    media_api:
      internal_api:
        listen: http://0.0.0.0:7774
-        connect: http://media_api:7774
+        connect: http://{{ include "common.names.fullname" . }}-mediaapi:7774
      external_api:
        listen: http://0.0.0.0:8074
      database:
@@ -110,15 +110,22 @@ stringData:
        max_open_conns: {{ .Values.dendrite.database.max_open_conns }}
        max_idle_conns: {{ .Values.dendrite.database.max_idle_conns }}
        conn_max_lifetime: {{ .Values.dendrite.database.conn_max_lifetime }}
-      base_path: {{ default "/var/dendrite/media" .Values.dendrite.components.media_api.base_path | quote }}
-      max_file_size_bytes: {{ default 10485760 .Values.dendrite.components.media_api.max_file_size_bytes }}
-      dynamic_thumbnails: {{ default false .Values.dendrite.components.media_api.dynamic_thumbnails }}
-      max_thumbnail_generators: {{ default 10 .Values.dendrite.components.media_api.max_thumbnail_generators }}
-      thumbnail_sizes: {{- toYaml .Values.dendrite.components.media_api.thumbnail_sizes | nindent 8 }}
+      base_path: {{ default "/var/dendrite/media" .Values.mediaapi.config.base_path | quote }}
+      max_file_size_bytes: {{ int ( default 10485760 .Values.mediaapi.config.max_file_size_bytes ) }}
+      dynamic_thumbnails: {{ default false .Values.mediaapi.config.dynamic_thumbnails }}
+      max_thumbnail_generators: {{ default 10 .Values.mediaapi.config.max_thumbnail_generators }}
+      thumbnail_sizes: {{- toYaml .Values.mediaapi.config.thumbnail_sizes | nindent 8 }}
+    mscs:
+      mscs: {{ .Values.dendrite.global.mscs | toYaml | nindent 8 }}
+      database:
+        connection_string: {{ $connectionString }}dendrite_mscs?sslmode=disable
+        max_open_conns: {{ .Values.dendrite.database.max_open_conns }}
+        max_idle_conns: {{ .Values.dendrite.database.max_idle_conns }}
+        conn_max_lifetime: {{ .Values.dendrite.database.conn_max_lifetime }}
    room_server:
      internal_api:
        listen: http://0.0.0.0:7770
-        connect: http://room_server:7770
+        connect: http://{{ include "common.names.fullname" . }}-roomserver:7770
      database:
        connection_string: {{ $connectionString }}dendrite_roomserver?sslmode=disable
        max_open_conns: {{ .Values.dendrite.database.max_open_conns }}
@@ -127,7 +134,7 @@ stringData:
    sync_api:
      internal_api:
        listen: http://0.0.0.0:7773
-        connect: http://sync_api:7773
+        connect: http://{{ include "common.names.fullname" . }}-syncapi:7773
      external_api:
          listen: http://0.0.0.0:8073
      database:
@@ -138,7 +145,7 @@ stringData:
    user_api:
      internal_api:
        listen: http://0.0.0.0:7781
-        connect: http://user_api:7781
+        connect: http://{{ include "common.names.fullname" . }}-userapi:7781
      account_database:
        connection_string: {{ $connectionString }}dendrite_userapi_accounts?sslmode=disable
        max_open_conns: {{ .Values.dendrite.database.max_open_conns }}
--- a/charts/incubator/dendrite/templates/matrix-key-secret.yaml
+++ b/charts/incubator/dendrite/templates/matrix-key-secret.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.dendrite.matrix_key_secret.create }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "dendrite.names.key" . }}
+stringData:
+  {{ .Values.dendrite.matrix_key_secret.secretPath }}: | {{ .Values.dendrite.matrix_key_secret.keyBody | nindent 4 }}
+{{- end }}
--- a/charts/incubator/dendrite/templates/volumes.yaml
+++ b/charts/incubator/dendrite/templates/volumes.yaml
@@ -0,0 +1,35 @@
+{{- define "dendrite.keyVolume" -}}
+enabled: {{ .Values.dendrite.matrix_key_secret.enabled }}
+type: "custom"
+volumeSpec:
+  secret:
+    defaultMode: 0600
+    secretName: {{ include "dendrite.names.key" . }}
+subPath:
+  - path: {{ .Values.dendrite.matrix_key_secret.secretPath }}
+    mountPath: "/etc/dendrite/matrix_key.pem"
+{{- end -}}
+{{- define "dendrite.tlsVolume" -}}
+enabled: {{ .Values.dendrite.tls_secret.enabled }}
+type: "custom"
+volumeSpec:
+  secret:
+    defaultMode: 0600
+    secretName: {{ .Values.dendrite.tls_secret.existingSecret }}
+subPath:
+  - path: {{ .Values.dendrite.tls_secret.crtPath }}
+    mountPath: "/etc/dendrite/server.crt"
+  - path: {{ .Values.dendrite.tls_secret.keyPath }}
+    mountPath: "/etc/dendrite/server.key"
+{{- end -}}
+{{- define "dendrite.configVolume" -}}
+enabled: true
+type: "custom"
+volumeSpec:
+  secret:
+    defaultMode: 0600
+    secretName: {{ include "common.names.fullname" . }}-config
+subPath:
+  - path: dendrite.yaml
+    mountPath: "/etc/dendrite/dendrite.yaml"
+{{- end -}}
--- a/charts/incubator/dendrite/values.yaml
+++ b/charts/incubator/dendrite/values.yaml
@@ -10,7 +10,7 @@ image:
  # -- image repository
  repository: matrixdotorg/dendrite-monolith
  # -- image tag
-  tag: "v0.5.1"
+  tag: "v0.6.2"
  # -- image pull policy
  pullPolicy: IfNotPresent

@@ -47,32 +47,304 @@ persistence:
  media:
    enabled: false
    mountPath: &mediaPath /var/dendrite/media
+    accessMode: ReadWriteOnce
+    size: 5Gi
  # -- Configure Jetsream persistence. This is highly recommended in production.
  # @default -- See values.yaml
  jetstream:
    enabled: false
    mountPath: /var/dendrite/jetstream
+    accessMode: ReadWriteOnce
+    size: 1Gi
+
+# -- Configure the key server.
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- See values.yaml
+keyserver:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7779
+  args: "keyserver"
+
+# -- Configure the app service api.
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- See values.yaml
+appserviceapi:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7777
+  args: "appservice"
+  config:
+    config_files: []
+
+# -- Configuration for the client api component.
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- See values.yaml
+clientapi:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7771
+        external:
+          enabled: true
+          port: 8071
+  args: "clientapi"
+  config:
+    # -- Enable or disable registration for this homeserver.
+    registration_disabled: false
+    # -- Shared secret that allows registration, despite registration_disabled.
+    registration_shared_secret: ""
+    # -- Configure captcha for registration
+    # @default -- See values.yaml
+    captcha:
+      enabled: false
+      recaptcha_public_key: ""
+      recaptcha_private_key: ""
+      recaptcha_bypass_secret: ""
+      recaptcha_siteverify_api: ""
+    # -- Configure TURN
+    # @default -- See values.yaml
+    turn:
+      turn_user_lifetime: ""
+      turn_uris: []
+      turn_shared_secret: ""
+      turn_username: ""
+      turn_password: ""
+    # -- Configure rate limiting.
+    # @default -- values.yaml
+    rate_limiting:
+      enabled: true
+      threshold: 5
+      cooloff_ms: 500
+
+# -- Configure the Federation API
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- values.yaml
+federationapi:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7772
+        external:
+          enabled: true
+          port: 8072
+  args: "federationapi"
+  config:
+    federation-certificates: []
+    send-max_retires: 16
+    disable_tls_validation: false
+    proxy_outbound:
+      enabled: false
+      protocol: http
+      host: localhost
+      port: 8080
+    key_perspectives:
+      - server_name: matrix.org
+        keys:
+          - key_id: ed25519:auto
+            public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
+          - key_id: ed25519:a_RXGa
+            public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
+    prefer_direct_fetch: false
+
+# -- Configure the User API
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- values.yaml
+userapi:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7781
+  args: "userapi"
+
+# -- Configure the Sync API
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- values.yaml
+syncapi:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7773
+        external:
+          enabled: true
+          port: 8073
+  args: "syncapi"
+
+# -- Configure the Room Server
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- values.yaml
+roomserver:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7770
+  args: "roomserver"
+
+# -- Configure the edu server
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- values.yaml
+eduserver:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7778
+  args: "eduserver"
+
+# -- Configure the Media API
+# For more information see [the sample dendrite configuration](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
+# @default -- values.yaml
+mediaapi:
+  image:
+    # -- image repository
+    repository: matrixdotorg/dendrite-polylith
+    # -- image tag
+    tag: "v0.6.2"
+    # -- image pull policy
+    pullPolicy: IfNotPresent
+  service:
+    main:
+      ports:
+        http:
+          enabled: false
+        internal:
+          enabled: true
+          port: 7774
+        external:
+          enabled: true
+          port: 8074
+  args: "mediaapi"
+  config:
+    base_path: *mediaPath
+    max_file_size_bytes: 10485760
+    dynamic_thumbnails: false
+    max_thumbnail_generators: 10
+    thumbnail_sizes:
+      - width: 32
+        height: 32
+        method: crop
+      - width: 96
+        height: 96
+        method: crop
+      - width: 640
+        height: 480
+        method: scale

 # -- Configuration for Dendrite.
 # For more information see [the sample
 # denrite-config.yaml](https://github.com/matrix-org/dendrite/blob/master/build/docker/config/dendrite-config.yaml)
 # @default -- See values.yaml
 dendrite:
+  # -- Enable polylith deployment
+  polylithEnabled: false
  # -- If enabled, use an existing secrets for the TLS certificate and key.
  # Otherwise, to enable TLS a `server.crt` and `server.key` must be mounted at
  # `/etc/dendrite`.
  # @default -- See values.yaml
  tls_secret:
    enabled: false
-    secretName: "dendrite-tls"
-    crtKey: tls.crt
-    keyKey: tls.key
-  # -- If enabled, use an existing secret for matrix_key.pem. Otherwise a
-  # matrix_key.pem must be mounted to `/etc/dendrite`.
-  # @default -- See values.yaml
+    existingSecret: ""
+    crtPath: tls.crt
+    keyPath: tls.key
  matrix_key_secret:
-    enabled: false
-    key: matrix_key.pem
+    # -- Create matrix_key secret using the keyBody below.
+    create: false
+    # -- New Key Body
+    keyBody: ""
+    # -- Use an existing secret
+    existingSecret: ""
+    # -- Field in the secret to get the key from
+    secretPath: matrix_key.pem
+
  # -- Configure database connection parameters.
  # @default -- See values.yaml
  database:
@@ -109,77 +381,9 @@ dendrite:
      enabled: false
      cache_size: 256
      cache_lifetime: "5m"
-  # -- Configure the dendrite components.
-  # @default -- See values.yaml
-  components:
-    # -- Configure the App Service API
-    # @default -- See values.yaml
-    app_service_api:
-      config_files: []
-    # -- Configure the Client API
-    client_api:
-      # -- Enable or disable registration for this homeserver.
-      registration_disabled: false
-      # -- Shared secret that allows registration, despite registration_disabled.
-      registration_shared_secret: ""
-      # -- Configure captcha for registration
-      # @default -- See values.yaml
-      captcha:
-        enabled: false
-        recaptcha_public_key: ""
-        recaptcha_private_key: ""
-        recaptcha_bypass_secret: ""
-        recaptcha_siteverify_api: ""
-      # -- Configure TURN
-      # @default -- See values.yaml
-      turn:
-        turn_user_lifetime: ""
-        turn_uris: []
-        turn_shared_secret: ""
-        turn_username: ""
-        turn_password: ""
-      # -- Configure rate limiting.
-      # @default -- values.yaml
-      rate_limiting:
-        enabled: true
-        threshold: 5
-        cooloff_ms: 500
-    # -- Configure the Federation API
-    # @default -- values.yaml
-    federation_api:
-      federation_certificates: []
-      send_max_retires: 16
-      disable_tls_validation: false
-      proxy_outbound:
-        enabled: false
-        protocol: http
-        host: localhost
-        port: 8080
-      key_perspectives:
-        - server_name: matrix.org
-          keys:
-            - key_id: ed25519:auto
-              public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
-            - key_id: ed25519:a_RXGa
-              public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
-      prefer_direct_fetch: false
-    # -- Configure the Media API
-    # @default -- values.yaml
-    media_api:
-      base_path: *mediaPath
-      max_file_size_bytes: 10485760
-      dynamic_thumbnails: false
-      max_thumbnail_generators: 10
-      thumbnail_sizes:
-        - width: 32
-          height: 32
-          method: crop
-        - width: 96
-          height: 96
-          method: crop
-        - width: 640
-          height: 480
-          method: scale
+    # -- Configure experimental MSC's
+    mscs: []
+
  # -- Configure opentracing.
  # @default -- See values.yaml
  tracing:
@@ -194,6 +398,7 @@ dendrite:
      headers: null
      baggage_restrictions: null
      throttler: null
+
  # -- Configure logging.
  # @default -- See values.yaml
  logging:
@@ -221,6 +426,7 @@ nats:
  # deployments - an internal NATS server will be used in its place.
  # @default -- See value.yaml
  enabled: false
-  image: nats:2.7.1-alpine
-  jetstream:
-    enabled: true
+  nats:
+    image: nats:2.7.1-alpine
+    jetstream:
+      enabled: true
--- a/charts/incubator/scrypted/.helmignore
+++ b/charts/incubator/scrypted/.helmignore
@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl
--- a/charts/incubator/scrypted/Chart.yaml
+++ b/charts/incubator/scrypted/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+appVersion: 0.0.138
+description: scrypted helm package
+name: scrypted
+type: application
+version: 0.1.0
+kubeVersion: ">=1.16.0-0"
+keywords:
+  - scrypted
+home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/scrypted
+icon: https://scrypted.org/icon
+sources:
+  - https://github.com/koush/scrypted
+maintainers:
+  - name: scrypted
+    email: koush@scrypted.com
+dependencies:
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+annotations:
+  artifacthub.io/changes: |
+    - kind: added
+      description: Initial version
--- a/charts/incubator/scrypted/README.md
+++ b/charts/incubator/scrypted/README.md
@@ -0,0 +1,115 @@
+# scrypted
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.138](https://img.shields.io/badge/AppVersion-0.0.138-informational?style=flat-square)
+
+scrypted helm package
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## Source Code
+
+* <https://github.com/koush/scrypted>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://library-charts.k8s-at-home.com | common | 4.3.0 |
+
+## TL;DR
+
+```console
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm repo update
+helm install scrypted k8s-at-home/scrypted
+```
+
+## Installing the Chart
+
+To install the chart with the release name `scrypted`
+
+```console
+helm install scrypted k8s-at-home/scrypted
+```
+
+## Uninstalling the Chart
+
+To uninstall the `scrypted` deployment
+
+```console
+helm uninstall scrypted
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install scrypted \
+  --set env.TZ="America/New York" \
+    k8s-at-home/scrypted
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install scrypted k8s-at-home/scrypted -f values.yaml
+```
+
+## Custom configuration
+
+N/A
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| env | object | See below | environment variables. See more environment variables in the [scrypted documentation](https://scrypted.org/docs). |
+| env.TZ | string | `"UTC"` | Set the container timezone |
+| image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| image.repository | string | `"koush/scrypted"` | image repository |
+| image.tag | string | `"16-bullseye"` | image tag |
+| ingress.main | object | See values.yaml | Enable and configure ingress settings for the chart under this key. |
+| persistence | object | See values.yaml | Configure persistence settings for the chart under this key. |
+| service | object | See values.yaml | Configures service settings for the chart. |
+
+## Changelog
+
+### Version 0.1.0
+
+#### Added
+
+* Initial version
+
+#### Changed
+
+N/A
+
+#### Fixed
+
+N/A
+
+### Older versions
+
+A historical overview of changes can be found on [ArtifactHUB](https://artifacthub.io/packages/helm/k8s-at-home/scrypted?modal=changelog)
+
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v0.1.1](https://github.com/k8s-at-home/helm-docs/releases/v0.1.1)
--- a/charts/incubator/scrypted/README.md.gotmpl
+++ b/charts/incubator/scrypted/README.md.gotmpl
@@ -0,0 +1,176 @@
+{{- define "custom.repository.organization" -}}
+k8s-at-home
+{{- end -}}
+
+{{- define "custom.repository.url" -}}
+https://github.com/k8s-at-home/charts
+{{- end -}}
+
+{{- define "custom.helm.url" -}}
+https://k8s-at-home.com/charts/
+{{- end -}}
+
+{{- define "custom.helm.path" -}}
+{{ template "custom.repository.organization" . }}/{{ template "chart.name" . }}
+{{- end -}}
+
+{{- define "custom.notes" -}}
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+{{- end -}}
+
+{{- define "custom.requirements" -}}
+## Requirements
+
+{{ template "chart.kubeVersionLine" . }}
+{{- end -}}
+
+{{- define "custom.dependencies" -}}
+## Dependencies
+
+{{ template "chart.requirementsTable" . }}
+{{- end -}}
+
+{{- define "custom.install.tldr" -}}
+## TL;DR
+
+```console
+helm repo add {{ template "custom.repository.organization" . }} {{ template "custom.helm.url" . }}
+helm repo update
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.install" -}}
+## Installing the Chart
+
+To install the chart with the release name `{{ template "chart.name" . }}`
+
+```console
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.uninstall" -}}
+## Uninstalling the Chart
+
+To uninstall the `{{ template "chart.name" . }}` deployment
+
+```console
+helm uninstall {{ template "chart.name" . }}
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+{{- end -}}
+
+{{- define "custom.configuration.header" -}}
+## Configuration
+{{- end -}}
+
+{{- define "custom.configuration.readValues" -}}
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+{{- end -}}
+
+{{- define "custom.configuration.example.set" -}}
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install {{ template "chart.name" . }} \
+  --set env.TZ="America/New York" \
+    {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.configuration.example.file" -}}
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -f values.yaml
+```
+{{- end -}}
+
+{{- define "custom.valuesSection" -}}
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+{{ template "chart.valuesTable" . }}
+{{- end -}}
+
+{{- define "custom.support" -}}
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+{{- end -}}
+
+{{- define "custom.changelog" -}}
+{{ $changeTypes := list "added" "changed" "fixed" }}
+## Changelog
+
+### Version {{ template "chart.version" . }}
+
+{{ range $changeType := $changeTypes }}
+  {{- with (index $.Annotations "artifacthub.io/changes") }}
+    {{- print "#### " ($changeType | title)  | nindent 0  }}
+    {{- print "" | nindent 0  }}
+    {{- $changesFound := false }}
+    {{- range (print "changes:\n" . | fromYaml).changes }}
+      {{- if eq .kind $changeType }}
+        {{- print "* " .description  | nindent 0 }}
+        {{- $changesFound = true }}
+      {{- end }}
+    {{- end }}
+    {{- if not $changesFound }}
+      {{- print "N/A" | nindent 0 }}
+    {{- end }}
+    {{- print "" | nindent 0  }}
+  {{- end }}
+{{- end }}
+
+### Older versions
+
+A historical overview of changes can be found on [ArtifactHUB](https://artifacthub.io/packages/helm/k8s-at-home/{{- template "chart.name" . }}?modal=changelog)
+
+{{- end -}}
+
+{{ template "chart.header" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "custom.notes" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "custom.requirements" . }}
+
+{{ template "custom.dependencies" . }}
+
+{{ template "custom.install.tldr" . }}
+
+{{ template "custom.install" . }}
+
+{{ template "custom.uninstall" . }}
+
+{{ template "custom.configuration.header" . }}
+
+{{ template "custom.configuration.readValues" . }}
+
+{{ template "custom.configuration.example.set" . }}
+
+{{ template "custom.configuration.example.file" . }}
+
+{{ template "custom.custom.configuration" . }}
+
+{{ template "custom.valuesSection" . }}
+
+{{ template "custom.changelog" . }}
+
+{{ template "custom.support" . }}
+
+{{ template "helm-docs.versionFooter" . }}
+{{ "" }}
--- a/charts/incubator/scrypted/README_CONFIG.md.gotmpl
+++ b/charts/incubator/scrypted/README_CONFIG.md.gotmpl
@@ -0,0 +1,9 @@
+{{- define "custom.custom.configuration.header" -}}
+## Custom configuration
+{{- end -}}
+
+{{- define "custom.custom.configuration" -}}
+{{ template "custom.custom.configuration.header" . }}
+
+N/A
+{{- end -}}
--- a/charts/incubator/scrypted/templates/NOTES.txt
+++ b/charts/incubator/scrypted/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}
--- a/charts/incubator/scrypted/templates/common.yaml
+++ b/charts/incubator/scrypted/templates/common.yaml
@@ -0,0 +1 @@
+{{ include "common.all" . }}
--- a/charts/incubator/scrypted/values.yaml
+++ b/charts/incubator/scrypted/values.yaml
@@ -0,0 +1,52 @@
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml
+#
+
+image:
+  # -- image repository
+  repository: koush/scrypted
+  # -- image tag
+  tag: 16-bullseye
+  # -- image pull policy
+  pullPolicy: IfNotPresent
+
+# -- environment variables. See more environment variables in the [scrypted documentation](https://scrypted.org/docs).
+# @default -- See below
+env:
+  # -- Set the container timezone
+  TZ: UTC
+
+# -- Configures service settings for the chart.
+# @default -- See values.yaml
+service:
+  main:
+    ports:
+      http:
+        port: 10080
+        primary: true
+      https:
+        enabled: false
+        port: 10443
+        protocol: HTTPS
+        primary: false
+      debug:
+        enabled: false
+        port: 10081
+        protocol: HTTP
+        primary: false
+
+ingress:
+  # -- Enable and configure ingress settings for the chart under this key.
+  # @default -- See values.yaml
+  main:
+    enabled: false
+
+# -- Configure persistence settings for the chart under this key.
+# @default -- See values.yaml
+persistence:
+  config:
+    enabled: false
+    mountPath: /server/volume
--- a/charts/incubator/teamspeak/Chart.yaml
+++ b/charts/incubator/teamspeak/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 3.13.6
 description: TeamSpeak Server
 name: teamspeak
-version: 0.3.0
+version: 0.4.0
 kubeVersion: ">=1.16.0-0"
 keywords:
  - teamspeak
@@ -20,4 +20,6 @@ dependencies:
 annotations:
  artifacthub.io/changes: |
    - kind: changed
-      description: Upgraded `common` chart dependency to version `4.3.0`.
+      description: Merged ports into single service.
+    - kind: added
+      description: Added metrics sidecar.
--- a/charts/incubator/teamspeak/README.md
+++ b/charts/incubator/teamspeak/README.md
@@ -1,6 +1,6 @@
 # teamspeak

-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 3.13.6](https://img.shields.io/badge/AppVersion-3.13.6-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: 3.13.6](https://img.shields.io/badge/AppVersion-3.13.6-informational?style=flat-square)

 TeamSpeak Server

@@ -67,7 +67,29 @@ helm install teamspeak k8s-at-home/teamspeak -f values.yaml

 ## Custom configuration

-N/A
+### Regarding the services
+
+By default, it is not yet possible to combine TCP and UDP ports on a service with `type: LoadBalancer`. This can be solved in a number of ways:
+
+1. Create a separate service containing the UDP ports. This could be done by disabling the UDP ports under `service.main.ports` and adding the following in your `values.yaml`:
+
+```yaml
+service:
+  udp:
+    enabled: true
+    type: LoadBalancer
+    # <your other service configuration>
+    ports:
+      voice:
+        enabled: true
+        port: 9987
+        protocol: UDP
+```
+
+2. Since Kubernetes 1.20 there is a feature gate that can be enabled to allow TCP and UDP ports to coexist on Services with `type: Loadbalancer`.
+   You will need to enable the `MixedProtocolLBService` feature gate in order to achieve this.
+
+   For more information about feature gates, please see [the docs](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/).

 ## Values

@@ -75,10 +97,21 @@ N/A

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| env | string | See below | environment variables. See more environment variables in the [teamspeak image documentation](https://hub.docker.com/_/teamspeak). |
+| env | object | See below | environment variables. See more environment variables in the [teamspeak image documentation](https://hub.docker.com/_/teamspeak). |
 | image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
 | image.repository | string | `"teamspeak"` | image repository |
 | image.tag | string | `"3.13.6"` | image tag |
+| metrics.enabled | bool | See values.yaml | Enable and configure ts3exporter sidecar and Prometheus serviceMonitor. |
+| metrics.exporter.env.enableChannelMetrics | bool | `false` | Set to true to enable gathering of channel metrics |
+| metrics.exporter.env.port | int | `9189` | metrics port |
+| metrics.exporter.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| metrics.exporter.image.repository | string | `"quay.io/ricardbejarano/ts3exporter"` | image repository |
+| metrics.exporter.image.tag | string | `"0.0.7"` | image tag |
+| metrics.prometheusRule | object | See values.yaml | Enable and configure Prometheus Rules for the chart under this key. |
+| metrics.prometheusRule.rules | list | See prometheusrules.yaml | Configure additionial rules for the chart under this key. |
+| metrics.serviceMonitor.interval | string | `"1m"` |  |
+| metrics.serviceMonitor.labels | object | `{}` |  |
+| metrics.serviceMonitor.scrapeTimeout | string | `"30s"` |  |
 | nodeSelector | object | `{"kubernetes.io/arch":"amd64"}` | The TeamSpeak server binary is only available for x86_64. |
 | persistence | object | See values.yaml | Configure persistence settings for the chart under this key. |
 | probes.liveness.custom | bool | `true` |  |
@@ -91,15 +124,15 @@ N/A

 ## Changelog

-### Version 0.3.0
+### Version 0.4.0

 #### Added

-N/A
+* Added metrics sidecar.

 #### Changed

-* Upgraded `common` chart dependency to version `4.3.0`.
+* Merged ports into single service.

 #### Fixed

--- a/charts/incubator/teamspeak/README_CONFIG.md.gotmpl
+++ b/charts/incubator/teamspeak/README_CONFIG.md.gotmpl
@@ -5,5 +5,27 @@
 {{- define "custom.custom.configuration" -}}
 {{ template "custom.custom.configuration.header" . }}

-N/A
+### Regarding the services
+
+By default, it is not yet possible to combine TCP and UDP ports on a service with `type: LoadBalancer`. This can be solved in a number of ways:
+
+1. Create a separate service containing the UDP ports. This could be done by disabling the UDP ports under `service.main.ports` and adding the following in your `values.yaml`:
+
+```yaml
+service:
+  udp:
+    enabled: true
+    type: LoadBalancer
+    # <your other service configuration>
+    ports:
+      voice:
+        enabled: true
+        port: 9987
+        protocol: UDP
+```
+
+2. Since Kubernetes 1.20 there is a feature gate that can be enabled to allow TCP and UDP ports to coexist on Services with `type: Loadbalancer`.
+   You will need to enable the `MixedProtocolLBService` feature gate in order to achieve this.
+
+   For more information about feature gates, please see [the docs](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/).
 {{- end -}}
--- a/charts/incubator/teamspeak/templates/common.yaml
+++ b/charts/incubator/teamspeak/templates/common.yaml
@@ -1 +1,79 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{/*
+If there's an existing secret, reuse it, otherwise generate a new one.
+*/}}
+{{- define "teamspeak.serveradmin-password" -}}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "common.names.fullname" .) ) -}}
+  {{- if $secret -}}
+    {{-  index $secret "data" "serveradmin_password" -}}
+  {{- else -}}
+    {{- randAlphaNum 32 | b64enc | quote -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Append the hardcoded settings */}}
+{{- define "teamspeak.harcodedValues" -}}
+{{- if not .Values.env.TS3SERVER_SERVERADMIN_PASSWORD }}
+env:
+  TS3SERVER_SERVERADMIN_PASSWORD:
+    valueFrom:
+      secretKeyRef:
+        name: {{ include "common.names.fullname" . }}
+        key: serveradmin_password
+{{- end }}
+{{- if .Values.metrics.enabled }}
+additionalContainers:
+  exporter:
+    name: exporter
+    image: "{{ .Values.metrics.exporter.image.repository }}:{{ .Values.metrics.exporter.image.tag }}"
+    imagePullPolicy: {{ .Values.metrics.exporter.image.pullPolicy }}
+    args:
+      - -listen
+      - :{{ .Values.metrics.exporter.env.port }}
+      {{- if .Values.metrics.exporter.env.enableChannelMetrics }}
+      - -enablechannelmetrics
+      {{- end }}
+    env:
+      - name: SERVERQUERY_PASSWORD
+        {{- $value := .Values.env.TS3SERVER_SERVERADMIN_PASSWORD }}
+        {{- if $value }}
+        {{- if kindIs "map" $value -}}
+          {{- if hasKey $value "value" }}
+            {{- $value = $value.value -}}
+          {{- else if hasKey $value "valueFrom" }}
+            {{- toYaml $value | nindent 8 }}
+          {{- else }}
+            {{- dict "valueFrom" $value | toYaml | nindent 8 }}
+          {{- end }}
+        {{- else }}
+          {{- if kindIs "string" $value }}
+            {{- $value = tpl $value $ }}
+          {{- end }}
+        value: {{ quote $value }}
+        {{- end }}
+        {{- else }}
+        valueFrom:
+          secretKeyRef:
+            name: {{ include "common.names.fullname" . }}
+            key: serveradmin_password
+        {{- end }}
+    ports:
+      - name: metrics
+        containerPort: {{ .Values.metrics.exporter.env.port }}
+
+service:
+  metrics:
+    enabled: true
+    ports:
+      metrics:
+        enabled: true
+        protocol: TCP
+        port: {{ .Values.metrics.exporter.env.port }}
+{{- end }}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "teamspeak.harcodedValues" . | fromYaml) -}}
+
+{{/* Render the templates */}}
 {{ include "common.all" . }}
--- a/charts/incubator/teamspeak/templates/prometheusrules.yaml
+++ b/charts/incubator/teamspeak/templates/prometheusrules.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+    {{- with .Values.metrics.prometheusRule.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  groups:
+    - name: {{ include "common.names.fullname" . }}
+      rules:
+        - alert: Ts3ExporterAbsent
+          annotations:
+            description: ts3exporter has disappeared from Prometheus service discovery.
+            summary: ts3exporter is down.
+          expr: |
+            absent(up{job=~".*{{ include "common.names.fullname" . }}.*"} == 1)
+          for: 5m
+          labels:
+            severity: critical
+        - alert: TeamSpeakDown
+          annotations:
+            description: TeamSpeak service is down.
+            summary: TeamSpeak is down.
+          expr: |
+            ts3_serverinfo_online{job=~".*{{ include "common.names.fullname" . }}.*"} == 0
+          for: 5m
+          labels:
+            severity: critical
+        {{- with .Values.metrics.prometheusRule.rules }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+{{- end }}
--- a/charts/incubator/teamspeak/templates/secret.yaml
+++ b/charts/incubator/teamspeak/templates/secret.yaml
@@ -0,0 +1,11 @@
+{{- if not .Values.env.TS3SERVER_SERVERADMIN_PASSWORD }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+type: Opaque
+data:
+  serveradmin_password: {{ template "teamspeak.serveradmin-password" . }}
+{{- end }}
--- a/charts/incubator/teamspeak/templates/servicemonitor.yaml
+++ b/charts/incubator/teamspeak/templates/servicemonitor.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.metrics.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+    {{- with .Values.metrics.serviceMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "common.labels.selectorLabels" . | nindent 6 }}
+  endpoints:
+    - port: metrics
+      {{- with .Values.metrics.serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
+      {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ . }}
+      {{- end }}
+      path: /metrics
+{{- end }}
--- a/charts/incubator/teamspeak/values.yaml
+++ b/charts/incubator/teamspeak/values.yaml
@@ -16,7 +16,14 @@ image:
 # -- environment variables. See more environment variables in the [teamspeak image documentation](https://hub.docker.com/_/teamspeak).
 # @default -- See below
 env:
+  TZ: UTC
  # TS3SERVER_LICENSE: accept
+  # TS3SERVER_SERVERADMIN_PASSWORD:
+  #   valueFrom:
+  #     secretKeyRef:
+  #       name: teamspeak
+  #       key: serveradmin_password
+

 # -- Configures service settings for the chart.
 # @default -- See values.yaml
@@ -26,20 +33,17 @@ service:
      http:
        enabled: false
        primary: false
-      voice:
-        enabled: true
-        primary: true
-        port: 9987
-        protocol: UDP
-  tcp:
-    enabled: true
-    ports:
      serverquery:
        enabled: true
        port: 10011
      filetransfer:
        enabled: true
        port: 30033
+      voice:
+        enabled: true
+        primary: true
+        port: 9987
+        protocol: UDP

 probes:
  readiness:
@@ -65,6 +69,45 @@ persistence:
    enabled: false
    mountPath: /var/ts3server

+metrics:
+  # -- Enable and configure ts3exporter sidecar and Prometheus serviceMonitor.
+  # @default -- See values.yaml
+  enabled: false
+  serviceMonitor:
+    interval: 1m
+    scrapeTimeout: 30s
+    labels: {}
+  # -- Enable and configure Prometheus Rules for the chart under this key.
+  # @default -- See values.yaml
+  prometheusRule:
+    enabled: false
+    labels: {}
+    # -- Configure additionial rules for the chart under this key.
+    # @default -- See prometheusrules.yaml
+    rules: []
+      # - alert: TeamSpeakDown
+      #   annotations:
+      #     description: Teamspeak service is down.
+      #     summary: Teamspeak is down.
+      #   expr: |
+      #     ts3_serverinfo_online == 0
+      #   for: 5m
+      #   labels:
+      #     severity: critical
+  exporter:
+    image:
+      # -- image repository
+      repository: quay.io/ricardbejarano/ts3exporter
+      # -- image tag
+      tag: 0.0.7
+      # -- image pull policy
+      pullPolicy: IfNotPresent
+    env:
+      # -- metrics port
+      port: 9189
+      # -- Set to true to enable gathering of channel metrics
+      enableChannelMetrics: false
+
 # -- The TeamSpeak server binary is only available for x86_64.
 nodeSelector:
  kubernetes.io/arch: amd64
--- a/charts/stable/monica/Chart.yaml
+++ b/charts/stable/monica/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 3.1.1-apache
+appVersion: 3.7.0-apache
 description: A Personal Relationship Management tool to help you organize your social life
 name: monica
-version: 7.0.0
+version: 7.0.1
 kubeVersion: ">=1.16.0-0"
 keywords:
  - crm
@@ -25,6 +25,4 @@ dependencies:
 annotations:
  artifacthub.io/changes: |
    - kind: changed
-      description: Upgraded `common` chart dependency to version `4.3.0`.
-    - kind: changed
-      description: Upgraded `mariadb` chart dependency to version `10.2.0`.
+      description: Upgraded app to version `3.7.0-apache` from `3.1.1-apache`.
--- a/charts/stable/monica/README.md
+++ b/charts/stable/monica/README.md
@@ -1,6 +1,6 @@
 # monica

-![Version: 7.0.0](https://img.shields.io/badge/Version-7.0.0-informational?style=flat-square) ![AppVersion: 3.1.1-apache](https://img.shields.io/badge/AppVersion-3.1.1--apache-informational?style=flat-square)
+![Version: 7.0.1](https://img.shields.io/badge/Version-7.0.1-informational?style=flat-square) ![AppVersion: 3.7.0-apache](https://img.shields.io/badge/AppVersion-3.7.0--apache-informational?style=flat-square)

 A Personal Relationship Management tool to help you organize your social life

@@ -88,7 +88,7 @@ N/A
 | env.TZ | string | `"UTC"` | Set the container timezone |
 | image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
 | image.repository | string | `"monica"` | image repository |
-| image.tag | string | `"3.1.1-apache"` | image tag |
+| image.tag | string | chart.appVersion | image tag |
 | ingress.main | object | See values.yaml | Enable and configure ingress settings for the chart under this key. |
 | mariadb | object | See values.yaml | Enable and configure mariadb database subchart under this key.    For more options see [mariadb chart documentation](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) |
 | persistence | object | See values.yaml | Configure persistence settings for the chart under this key. |
@@ -96,7 +96,7 @@ N/A

 ## Changelog

-### Version 7.0.0
+### Version 7.0.1

 #### Added

@@ -104,8 +104,7 @@ N/A

 #### Changed

-* Upgraded `common` chart dependency to version `4.3.0`.
-* Upgraded `mariadb` chart dependency to version `10.2.0`.
+* Upgraded app to version `3.7.0-apache` from `3.1.1-apache`.

 #### Fixed

--- a/charts/stable/monica/values.yaml
+++ b/charts/stable/monica/values.yaml
@@ -9,7 +9,8 @@ image:
  # -- image repository
  repository: monica
  # -- image tag
-  tag: 3.1.1-apache
+  # @default -- chart.appVersion
+  tag:
  # -- image pull policy
  pullPolicy: IfNotPresent

--- a/charts/stable/samba/Chart.yaml
+++ b/charts/stable/samba/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: latest
+appVersion: 4.15.5
 description: A simple in-cluster Samba server
 name: samba
-version: 5.2.0
+version: 6.0.0
 kubeVersion: ">=1.16.0-0"
 keywords:
  - samba
@@ -20,4 +20,4 @@ dependencies:
 annotations:
  artifacthub.io/changes: |
    - kind: changed
-      description: Upgraded `common` chart dependency to version `4.3.0`.
+      description: Migrated to docker image `crazy-max/samba` in order to fix https://github.com/k8s-at-home/charts/issues/1401
--- a/charts/stable/samba/README.md
+++ b/charts/stable/samba/README.md
@@ -1,6 +1,6 @@
 # samba

-![Version: 5.2.0](https://img.shields.io/badge/Version-5.2.0-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 6.0.0](https://img.shields.io/badge/Version-6.0.0-informational?style=flat-square) ![AppVersion: 4.15.5](https://img.shields.io/badge/AppVersion-4.15.5-informational?style=flat-square)

 A simple in-cluster Samba server

@@ -75,18 +75,20 @@ N/A

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| env | object | See below | environment variables. See [image docs](https://github.com/dperson/samba/blob/master/README.md) for more details. |
+| configmap.config.data | object | See values.yaml | Samba configuration. See [image documentation](https://github.com/crazy-max/docker-samba#configuration) for more information. |
+| configmap.config.enabled | bool | `false` | Store samba configuration as a ConfigMap |
+| env | object | See below | environment variables. See [image docs](https://github.com/crazy-max/docker-samba#environment-variables) for more details. |
 | env.TZ | string | `"UTC"` | Set the container timezone |
 | image.pullPolicy | string | `"Always"` | image pull policy |
-| image.repository | string | `"dperson/samba"` | image repository |
-| image.tag | string | `"latest"` | image tag |
+| image.repository | string | `"ghcr.io/crazy-max/samba"` | image repository |
+| image.tag | string | `"4.15.5"` | image tag |
 | ingress.main | object | See values.yaml | Enable and configure ingress settings for the chart under this key. |
 | persistence | object | See values.yaml | Configure persistence settings for the chart under this key. |
 | service | object | See values.yaml | Configures service settings for the chart. |

 ## Changelog

-### Version 5.2.0
+### Version 6.0.0

 #### Added

@@ -94,7 +96,7 @@ N/A

 #### Changed

-* Upgraded `common` chart dependency to version `4.3.0`.
+* Migrated to docker image `crazy-max/samba` in order to fix https://github.com/k8s-at-home/charts/issues/1401

 #### Fixed

--- a/charts/stable/samba/templates/common.yaml
+++ b/charts/stable/samba/templates/common.yaml
@@ -3,6 +3,23 @@

 {{/* Append the hardcoded settings */}}
 {{- define "samba.harcodedValues" -}}
+{{- if .Values.configmap.config.enabled }}
+{{/* merge Values specific annotations with podAnnotations*/}}
+podAnnotations:
+  configmap/checksum: "{{ .Values.configmap.config.data | toYaml | sha256sum }}"
+{{- end }}
+
+{{- if .Values.configmap.config.enabled }}
+{{/* Append the configMap volume to the volumes */}}
+persistence:
+  config:
+    enabled: true
+    type: "configMap"
+    name: "{{ include "common.names.fullname" . }}-config"
+    mountPath: "/data/config.yml"
+    subPath: "config.yml"
+{{- end }}
+
 service:
  main:
    ports:
--- a/charts/stable/samba/values.yaml
+++ b/charts/stable/samba/values.yaml
@@ -7,19 +7,24 @@

 image:
  # -- image repository
-  repository: dperson/samba
+  repository: ghcr.io/crazy-max/samba
  # -- image tag
-  tag: latest
+  tag: 4.15.5
  # -- image pull policy
  pullPolicy: Always

-# -- environment variables. See [image docs](https://github.com/dperson/samba/blob/master/README.md) for more details.
+# -- environment variables. See [image docs](https://github.com/crazy-max/docker-samba#environment-variables) for more details.
 # @default -- See below
 env:
  # -- Set the container timezone
  TZ: UTC
-  # SHARE1: share1;/share/samba/share1
-  # SHARE2: share2;/share/samba/share2
+  # SAMBA_WORKGROUP: NT-Domain-Name or Workgroup-Name. (default WORKGROUP)
+  # SAMBA_SERVER_STRING: Server string is the equivalent of the NT Description field. (default Docker Samba Server)
+  # SAMBA_LOG_LEVEL: Log level. (default 0)
+  # SAMBA_FOLLOW_SYMLINKS: Allow to follow symlinks. (default yes)
+  # SAMBA_WIDE_LINKS: Controls whether or not links in the UNIX file system may be followed by the server. (default yes)
+  # SAMBA_HOSTS_ALLOW: Set of hosts which are permitted to access a service. (default 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16)
+  # SAMBA_INTERFACES: Allows you to override the default network interfaces list.

 # -- Configures service settings for the chart.
 # @default -- See values.yaml
@@ -48,3 +53,37 @@ persistence:
    enabled: false
    type: hostPath
    hostPath: /share/samba/share1
+
+configmap:
+  config:
+    # -- Store samba configuration as a ConfigMap
+    enabled: false
+    # -- Samba configuration. See [image documentation](https://github.com/crazy-max/docker-samba#configuration) for more information.
+    # @default -- See values.yaml
+    data:
+      config.yml: |
+        auth:
+          - user: foo
+            group: foo
+            uid: 1000
+            gid: 1000
+            password: bar
+          - user: baz
+            group: xxx
+            uid: 1100
+            gid: 1200
+            password: foobar
+
+        global:
+          - "force user = foo"
+          - "force group = foo"
+
+        share:
+          - name: foo
+            path: /share/samba/share1
+            browsable: yes
+            readonly: no
+            guestok: no
+            validusers: foo
+            writelist: foo
+            veto: no
--- a/charts/stable/traefik-forward-auth/Chart.yaml
+++ b/charts/stable/traefik-forward-auth/Chart.yaml
@@ -1,9 +1,9 @@
 apiVersion: v2
-name: traefik-forward-auth
-description: A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer
-type: application
-version: 1.0.10
 appVersion: 2.2.0
+description: A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer
+name: traefik-forward-auth
+version: 2.0.0
+kubeVersion: ">=1.16.0-0"
 keywords:
  - traefik
  - traefik-forward-auth
@@ -17,3 +17,15 @@ sources:
 maintainers:
  - name: DirtyCajunRice
    email: nick@cajun.pro
+dependencies:
+  - name: common
+    repository: https://library-charts.k8s-at-home.com
+    version: 4.3.0
+annotations:
+  artifacthub.io/changes: |
+    - kind: added
+      description: >
+        **BREAKING** Added `common` chart dependency.
+        This will likely require you to update your chart values.
+    - kind: changed
+      description: Reuse existing secret if present.
--- a/charts/stable/traefik-forward-auth/README.md
+++ b/charts/stable/traefik-forward-auth/README.md
@@ -1,6 +1,6 @@
 # traefik-forward-auth

-![Version: 1.0.10](https://img.shields.io/badge/Version-1.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square)
+![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square)

 A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer

@@ -13,10 +13,13 @@ A minimal forward authentication service that provides OAuth/SSO login and authe

 ## Requirements

+Kubernetes: `>=1.16.0-0`
+
 ## Dependencies

 | Repository | Name | Version |
 |------------|------|---------|
+| https://library-charts.k8s-at-home.com | common | 4.3.0 |

 ## TL;DR

@@ -73,101 +76,33 @@ N/A

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| affinity | object | `{}` |  |
-| authHost | string | `""` | Single host to use when returning from 3rd party auth |
-| autoscaling.enabled | bool | `false` |  |
-| autoscaling.maxReplicas | int | `100` |  |
-| autoscaling.minReplicas | int | `1` |  |
-| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
-| cookie.csrfName | string | `""` | CSRF Cookie Name (default: _forward_auth_csrf) |
-| cookie.domain | string | `""` | Domain(s) to set auth cookie on. (Comma delimited) |
-| cookie.insecure | string | `""` | Use insecure cookies |
-| cookie.name | string | `""` | Cookie Name (default: _forward_auth) |
-| cookie.secret | string | `""` | Cookie Secret used for authentication across multiple instances / clusters (default: randomly generated) |
-| default.action | string | `""` | [auth|allow] Default action (default: auth) |
-| default.provider | string | `""` | [google|oidc|generic-oauth] Default provider (default: google) |
-| env | list | `[]` |  |
-| envFrom | string | `nil` |  |
-| fullnameOverride | string | `""` |  |
-| image.pullPolicy | string | `"IfNotPresent"` |  |
-| image.repository | string | `"thomseddon/traefik-forward-auth"` |  |
-| image.tag | string | `""` |  |
-| imagePullSecrets | list | `[]` |  |
-| ingress.annotations | object | `{}` |  |
-| ingress.enabled | bool | `false` |  |
-| ingress.hosts[0].host | string | `"chart-example.local"` |  |
-| ingress.hosts[0].paths | list | `[]` |  |
-| ingress.tls | list | `[]` |  |
-| lifetime | string | `""` | Lifetime in seconds (default: 43200) |
-| livenessProbe | object | {"periodSeconds":20,"tcpSocket":{"port":"http"}} | Liveness probe configuration |
-| livenessProbe.enabled | bool | `true` | Enable liveness probe |
-| logging.format | string | `""` | [text|json|pretty] Log format (default: text) |
-| logging.level | string | `""` | [trace|debug|info|warn|error|fatal|panic] Log level (default: warn) |
-| logoutRedirect | string | `""` | URL to redirect to following logout |
-| middleware.enabled | bool | `false` | Enable to deploy a preconfigured middleware |
-| middleware.name | string | `""` | Name for the middleware |
-| nameOverride | string | `""` |  |
-| nodeSelector | object | `{}` |  |
-| podAnnotations | object | `{}` |  |
-| podSecurityContext | object | `{}` |  |
-| providers.genericOauth.authUrl | string | `""` | Auth/Login URL |
-| providers.genericOauth.clientId | string | `""` | Client ID |
-| providers.genericOauth.clientSecret | string | `""` | Client Secret |
-| providers.genericOauth.enabled | bool | `false` | Enable the generic OAUTH2 provider |
-| providers.genericOauth.resource | string | `""` | Optional resource indicator |
-| providers.genericOauth.scope | string | `""` | Scopes (default: profile, email) |
-| providers.genericOauth.tokenStyle | string | `""` | How token is presented when querying the User URL |
-| providers.genericOauth.tokenUrl | string | `""` | Token URL |
-| providers.genericOauth.userUrl | string | `""` | URL used to retrieve user info |
-| providers.google.clientId | string | `""` | Client ID |
-| providers.google.clientSecret | string | `""` | Client Secret |
-| providers.google.enabled | bool | `false` | Enable the google provider |
-| providers.google.prompt | string | `""` | Space separated list of OpenID prompt options |
-| providers.oidc.clientId | string | `""` | Client ID |
-| providers.oidc.clientSecret | string | `""` | Client Secret |
-| providers.oidc.enabled | bool | `false` | Enable the generic OIDC provider |
-| providers.oidc.issuerUrl | string | `""` | Issuer URL |
-| providers.oidc.resource | string | `""` | Optional resource indicator |
-| readinessProbe | object | {"periodSeconds":10,"tcpSocket":{"port":"http"}} | Readiness probe configuration |
-| readinessProbe.enabled | bool | `true` | Enable readiness probe |
-| replicaCount | int | `1` |  |
-| resources | object | `{}` |  |
-| restrictions.domain | string | `""` | Only allow given email domains. (Comma delimited) |
-| restrictions.whitelist | string | `""` | Only allow given email addresses. (Comma delimited) |
-| secret | string | `""` | Secret used for signing. If empty, one will be generated. If specifying your own in env use "-" |
-| securityContext | object | `{}` |  |
-| service.additionalSpec | object | `{}` |  |
-| service.annotations | object | `{}` |  |
-| service.labels | object | `{}` |  |
-| service.port | int | `4181` |  |
-| service.type | string | `"ClusterIP"` |  |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `true` |  |
-| serviceAccount.name | string | `""` |  |
-| tolerations | list | `[]` |  |
-| urlPath | string | `""` | Callback URL Path (default: /_oauth) |
+| env | object | See below | environment variables. See more environment variables in the [traefik-forward-auth documentation](https://github.com/thomseddon/traefik-forward-auth#configuration) |
+| image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| image.repository | string | `"thomseddon/traefik-forward-auth"` | image repository |
+| image.tag | string | chart.appVersion | image tag |
+| middleware.enabled | bool | `true` | Enable a preconfigured middleware. |
+| middleware.nameOverride | string | `""` | Override the middleware name. |
+| service | object | See values.yaml | Configures service settings for the chart. |

 ## Changelog

-All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-### [1.0.6]
+### Version 2.0.0

 #### Added

- N/A
+* **BREAKING** Added `common` chart dependency. This will likely require you to update your chart values.

 #### Changed

- use helm-docs
+* Reuse existing secret if present.

-#### Removed
+#### Fixed

- N/A
+N/A

-[1.0.6]: #1.0.6
+### Older versions
+
+A historical overview of changes can be found on [ArtifactHUB](https://artifacthub.io/packages/helm/k8s-at-home/traefik-forward-auth?modal=changelog)

 ## Support

@@ -177,4 +112,4 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Join our [Discord](https://discord.gg/sTMX7Vh) community

 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)
+Autogenerated from chart metadata using [helm-docs v0.1.1](https://github.com/k8s-at-home/helm-docs/releases/v0.1.1)
--- a/charts/stable/traefik-forward-auth/README.md.gotmpl
+++ b/charts/stable/traefik-forward-auth/README.md.gotmpl
@@ -106,6 +106,36 @@ helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -
 - Join our [Discord](https://discord.gg/sTMX7Vh) community
 {{- end -}}

+{{- define "custom.changelog" -}}
+{{ $changeTypes := list "added" "changed" "fixed" }}
+## Changelog
+
+### Version {{ template "chart.version" . }}
+
+{{ range $changeType := $changeTypes }}
+  {{- with (index $.Annotations "artifacthub.io/changes") }}
+    {{- print "#### " ($changeType | title)  | nindent 0  }}
+    {{- print "" | nindent 0  }}
+    {{- $changesFound := false }}
+    {{- range (print "changes:\n" . | fromYaml).changes }}
+      {{- if eq .kind $changeType }}
+        {{- print "* " .description  | nindent 0 }}
+        {{- $changesFound = true }}
+      {{- end }}
+    {{- end }}
+    {{- if not $changesFound }}
+      {{- print "N/A" | nindent 0 }}
+    {{- end }}
+    {{- print "" | nindent 0  }}
+  {{- end }}
+{{- end }}
+
+### Older versions
+
+A historical overview of changes can be found on [ArtifactHUB](https://artifacthub.io/packages/helm/k8s-at-home/{{- template "chart.name" . }}?modal=changelog)
+
+{{- end -}}
+
 {{ template "chart.header" . }}

 {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
--- a/charts/stable/traefik-forward-auth/ci/ct-values.yaml
+++ b/charts/stable/traefik-forward-auth/ci/ct-values.yaml
@@ -1,5 +1,6 @@
-providers:
-  google:
-    enabled: true
-    clientId: "fakeclientid"
-    clientSecret: "fakeclientsecret"
+env:
+  PROVIDERS_GOOGLE_CLIENT_ID: fakeclientid
+  PROVIDERS_GOOGLE_CLIENT_SECRET: fakeclientsecret
+
+middleware:
+  enabled: false
--- a/charts/stable/traefik-forward-auth/templates/NOTES.txt
+++ b/charts/stable/traefik-forward-auth/templates/NOTES.txt
@@ -1,21 +1 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "traefik-forward-auth.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "traefik-forward-auth.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "traefik-forward-auth.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "traefik-forward-auth.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
-{{- end }}
+{{- include "common.notes.defaultNotes" . -}}
--- a/charts/stable/traefik-forward-auth/templates/_helpers.tpl
+++ b/charts/stable/traefik-forward-auth/templates/_helpers.tpl
@@ -1,63 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "traefik-forward-auth.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "traefik-forward-auth.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "traefik-forward-auth.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "traefik-forward-auth.labels" -}}
-helm.sh/chart: {{ include "traefik-forward-auth.chart" . }}
-{{ include "traefik-forward-auth.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "traefik-forward-auth.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "traefik-forward-auth.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "traefik-forward-auth.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "traefik-forward-auth.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/charts/stable/traefik-forward-auth/templates/common.yaml
+++ b/charts/stable/traefik-forward-auth/templates/common.yaml
@@ -0,0 +1,29 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{/*
+If there's an existing secret, reuse it, otherwise generate a new one.
+*/}}
+{{- define "traefik-forward-auth.secret" -}}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "common.names.fullname" .) ) -}}
+  {{- if $secret -}}
+    {{-  index $secret "data" "secret" -}}
+  {{- else -}}
+    {{- randAlphaNum 16 | b64enc | quote -}}
+  {{- end -}}
+{{- end -}}
+
+{{/* Append the hardcoded settings */}}
+{{- define "traefik-forward-auth.harcodedValues" -}}
+{{- if not .Values.env.SECRET }}
+env:
+  SECRET:
+    valueFrom:
+      secretKeyRef:
+        name: {{ include "common.names.fullname" . }}
+        key: secret
+{{- end }}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "traefik-forward-auth.harcodedValues" . | fromYaml) -}}
+
+{{ include "common.all" . }}
--- a/charts/stable/traefik-forward-auth/templates/deployment.yaml
+++ b/charts/stable/traefik-forward-auth/templates/deployment.yaml
@@ -1,222 +0,0 @@
-{{- $fullName := include "traefik-forward-auth.fullname" . -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ $fullName }}
-  labels:
-  {{- include "traefik-forward-auth.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-  {{- include "traefik-forward-auth.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-    {{- include "traefik-forward-auth.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "traefik-forward-auth.serviceAccountName" . }}
-      {{- with .Values.podSecurityContext }}
-      securityContext:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          {{- with .Values.securityContext }}
-          securityContext:
-          {{- toYaml . | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- with .Values.envFrom }}
-          envFrom:
-          {{- toYaml . | nindent 12 }}
-          {{- end }}
-          env:
-            {{- if .Values.logging.level }}
-            - name: LOG_LEVEL
-              value: {{ .Values.logging.level | quote }}
-            {{- end }}
-            {{- if .Values.logging.format }}
-            - name: LOG_FORMAT
-              value: {{ .Values.logging.format | quote }}
-            {{- end }}
-            {{- if .Values.authHost }}
-            - name: AUTH_HOST
-              value: {{ .Values.authHost | quote }}
-            {{- end }}
-            {{- if .Values.cookie.domain }}
-            - name: COOKIE_DOMAIN
-              value: {{ .Values.cookie.domain | quote }}
-            {{- end }}
-            {{- if .Values.cookie.insecure }}
-            - name: INSECURE_COOKIE
-              value: {{ .Values.cookie.insecure | quote }}
-            {{- end }}
-            {{- if .Values.cookie.name }}
-            - name: COOKIE_NAME
-              value: {{ .Values.cookie.name | quote }}
-            {{- end }}
-            {{- if .Values.cookie.csrfName }}
-            - name: CSRF_COOKIE_NAME
-              value: {{ .Values.cookie.csrfName | quote }}
-            {{- end }}
-            {{- if .Values.default.action }}
-            - name: DEFAULT_ACTION
-              value: {{ .Values.default.action | quote }}
-            {{- end }}
-            {{- if .Values.default.provider }}
-            - name: DEFAULT_PROVIDER
-              value: {{ .Values.default.provider | quote }}
-            {{- end }}
-            {{- if .Values.restrictions.domain }}
-            - name: DOMAIN
-              value: {{ .Values.restrictions.domain | quote }}
-            {{- end }}
-            {{- if .Values.restrictions.whitelist }}
-            - name: WHITELIST
-              value: {{ .Values.restrictions.whitelist | quote }}
-            {{- end }}
-            {{- if .Values.lifetime }}
-            - name: LIFETIME
-              value: {{ .Values.lifetime | quote }}
-            {{- end }}
-            {{- if .Values.logoutRedirect }}
-            - name: LOGOUT_REDIRECT
-              value: {{ .Values.logoutRedirect | quote }}
-            {{- end }}
-            {{- if .Values.urlPath }}
-            - name: URL_PATH
-              value: {{ .Values.urlPath | quote }}
-            {{- end }}
-            {{- if .Values.cookie.secret }}
-            - name: COOKIE_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: {{ $fullName }}
-                  key: cookie-secret
-            {{- end }}
-            {{- if ne .Values.secret "-" }}
-            - name: SECRET
-              {{- if .Values.secret }}
-              value: {{ .Values.secret | quote }}
-              {{- else }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ $fullName }}
-                  key: secret
-              {{- end }}
-            {{- with .Values.providers}}
-            {{- if .google.enabled }}
-            {{- if .google.clientId }}
-            - name: PROVIDERS_GOOGLE_CLIENT_ID
-              value: {{ .google.clientId | quote }}
-            {{- end }}
-            {{- if .google.clientSecret }}
-            - name: PROVIDERS_GOOGLE_CLIENT_SECRET
-              value: {{ .google.clientSecret | quote }}
-            {{- end }}
-            {{- if .google.prompt }}
-            - name: PROVIDERS_GOOGLE_PROMPT
-              value: {{ .google.prompt | quote }}
-              {{- end }}
-            {{- end }}
-            {{- if .oidc.enabled }}
-            {{- if .oidc.clientId }}
-            - name: PROVIDERS_OIDC_CLIENT_ID
-              value: {{ .oidc.clientId | quote }}
-            {{- end }}
-            {{- if .oidc.clientSecret }}
-            - name: PROVIDERS_OIDC_CLIENT_SECRET
-              value: {{ .oidc.clientSecret | quote }}
-            {{- end }}
-            {{- if .oidc.issuerUrl }}
-            - name: PROVIDERS_OIDC_ISSUER_URL
-              value: {{ .oidc.issuerUrl | quote }}
-            {{- end }}
-            {{- if .oidc.resource }}
-            - name: PROVIDERS_OIDC_RESOURCE
-              value: {{ .oidc.resource | quote }}
-              {{- end }}
-            {{- end }}
-            {{- if .genericOauth.enabled }}
-            {{- if .genericOauth.clientId }}
-            - name: PROVIDERS_GENERIC_OAUTH_CLIENT_ID
-              value: {{ .genericOauth.clientId | quote }}
-            {{- end }}
-            {{- if .genericOauth.clientSecret }}
-            - name: PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET
-              value: {{ .genericOauth.clientSecret | quote }}
-            {{- end }}
-            {{- if .genericOauth.authUrl }}
-            - name: PROVIDERS_GENERIC_OAUTH_AUTH_URL
-              value: {{ .genericOauth.authUrl | quote }}
-            {{- end }}
-            {{- if .genericOauth.tokenUrl }}
-            - name: PROVIDERS_GENERIC_OAUTH_TOKEN_URL
-              value: {{ .genericOauth.tokenUrl | quote }}
-            {{- end }}
-            {{- if .genericOauth.userUrl }}
-            - name: PROVIDERS_GENERIC_OAUTH_USER_URL
-              value: {{ .genericOauth.userUrl | quote }}
-            {{- end }}
-            {{- if .genericOauth.resource }}
-            - name: PROVIDERS_GENERIC_OAUTH_RESOURCE
-              value: {{ .genericOauth.resource | quote }}
-            {{- end }}
-            {{- if .genericOauth.scope }}
-            - name: PROVIDERS_GENERIC_OAUTH_SCOPE
-              value: {{ .genericOauth.scope | quote }}
-            {{- end }}
-            {{- if .genericOauth.tokenStyle }}
-            - name: PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE
-              value: {{ .genericOauth.tokenStyle | quote }}
-          {{- end }}
-          {{- end }}
-          {{- end }}
-          {{- end }}
-          {{- if .Values.env }}
-          {{- toYaml .Values.env | nindent 12 }}
-          {{- end }}
-          ports:
-            - name: http
-              containerPort: 4181
-              protocol: TCP
-        {{- $livenessProbe := .Values.livenessProbe }}
-        {{- if $livenessProbe.enabled }}
-          livenessProbe:
-          {{- $livenessProbe := unset $livenessProbe "enabled" }}
-          {{- toYaml $livenessProbe | nindent 12 }}
-        {{- end }}
-        {{- $readinessProbe := .Values.readinessProbe }}
-        {{- if $readinessProbe.enabled }}
-          readinessProbe:
-            {{- $readinessProbe := unset $readinessProbe "enabled" }}
-            {{- toYaml $readinessProbe | nindent 12 }}
-        {{- end }}
-          {{- with .Values.resources }}
-          resources:
-      {{- toYaml . | nindent 12 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-  {{- toYaml . | nindent 8 }}
-  {{- end }}
--- a/charts/stable/traefik-forward-auth/templates/hpa.yaml
+++ b/charts/stable/traefik-forward-auth/templates/hpa.yaml
@@ -1,28 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "traefik-forward-auth.fullname" . }}
-  labels:
-    {{- include "traefik-forward-auth.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "traefik-forward-auth.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-  {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-  {{- end }}
-  {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-  {{- end }}
-{{- end }}
--- a/charts/stable/traefik-forward-auth/templates/ingress.yaml
+++ b/charts/stable/traefik-forward-auth/templates/ingress.yaml
@@ -1,58 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-  {{- $fullName := include "traefik-forward-auth.fullname" . -}}
-  {{- $svcPort := .Values.service.port -}}
-  {{- $apiVersion := .Capabilities.KubeVersion.GitVersion -}}
-  {{- if semverCompare "<1.14-0" $apiVersion -}}
-apiVersion: extensions/v1beta1
-  {{- else if semverCompare "<1.19-0" $apiVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-  {{- else -}}
-apiVersion: networking.k8s.io/v1
-  {{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-  {{- include "traefik-forward-auth.labels" . | nindent 4 }}
-  {{- if or .Values.ingress.annotations (and .Values.middleware.enabled .Values.authHost) }}
-  annotations:
-    {{- with .Values.ingress.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    {{- if and .Values.middleware.enabled .Values.authHost }}
-    traefik.ingress.kubernetes.io/router.middlewares: {{ .Release.Namespace }}-{{ .Values.middleware.name | default "traefik-forward-auth" }}@kubernetescrd
-  {{- end }}
-  {{- end }}
-spec:
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ . }}
-            {{- if semverCompare ">=1.19-0" $apiVersion }}
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ $fullName }}
-                port:
-                  name: http
-            {{- else }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-            {{- end }}
-  {{- end }}
-  {{- end }}
-  {{- end }}
--- a/charts/stable/traefik-forward-auth/templates/middleware.yaml
+++ b/charts/stable/traefik-forward-auth/templates/middleware.yaml
@@ -2,10 +2,10 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: {{ .Values.middleware.name | default "traefik-forward-auth" }}
+  name: {{ default (include "common.names.fullname" .) .Values.middleware.nameOverride }}
 spec:
  forwardAuth:
-    address: "http://{{ include "traefik-forward-auth.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}"
+    address: "http://{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.main.ports.http.port }}"
    authResponseHeaders:
      - X-Forwarded-User
-  {{- end }}
+{{- end }}
--- a/charts/stable/traefik-forward-auth/templates/secret.yaml
+++ b/charts/stable/traefik-forward-auth/templates/secret.yaml
@@ -1,16 +1,11 @@
-{{- if or (and (ne .Values.secret "-") (not .Values.secret)) .Values.cookie.secret }}
+{{- if not .Values.env.SECRET }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "traefik-forward-auth.fullname" . }}
+  name: {{ template "common.names.fullname" . }}
  labels:
-  {{- include "traefik-forward-auth.labels" . | nindent 4 }}
+    {{- include "common.labels" . | nindent 4 }}
 type: Opaque
 data:
-  {{- if not .Values.secret }}
-  secret: {{ randAlphaNum 16 | b64enc | quote }}
-  {{- end }}
-  {{- if .Values.cookie.secret }}
-  cookie-secret: {{ .Values.cookie.secret | b64enc | quote }}
-  {{- end }}
-  {{- end }}
+  secret: {{ template "traefik-forward-auth.secret" . }}
+{{- end }}
--- a/charts/stable/traefik-forward-auth/templates/service.yaml
+++ b/charts/stable/traefik-forward-auth/templates/service.yaml
@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "traefik-forward-auth.fullname" . }}
-  labels:
-    {{- include "traefik-forward-auth.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  {{- with .Values.service.additionalSpec }}
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-  selector:
-    {{- include "traefik-forward-auth.selectorLabels" . | nindent 4 }}
--- a/charts/stable/traefik-forward-auth/templates/serviceaccount.yaml
+++ b/charts/stable/traefik-forward-auth/templates/serviceaccount.yaml
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "traefik-forward-auth.serviceAccountName" . }}
-  labels:
-    {{- include "traefik-forward-auth.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
--- a/charts/stable/traefik-forward-auth/values.yaml
+++ b/charts/stable/traefik-forward-auth/values.yaml
@@ -1,190 +1,69 @@
-# Default values for traefik-forward-auth.
-
-
-replicaCount: 1
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml
+#

 image:
+  # -- image repository
  repository: thomseddon/traefik-forward-auth
-  pullPolicy: IfNotPresent
+  # -- image tag
+  # @default -- chart.appVersion
  tag: ""
+  # -- image pull policy
+  pullPolicy: IfNotPresent

-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
+# -- environment variables. See more environment variables in the [traefik-forward-auth documentation](https://github.com/thomseddon/traefik-forward-auth#configuration)
+# @default -- See below
+env:
+  TZ: UTC
+  # LOG_LEVEL: warn # [trace|debug|info|warn|error|fatal|panic]
+  # LOG_FORMAT: text # [text|json|pretty]
+  # AUTH_HOST: oauth.example.org
+  # DOMAIN: example.org # Only allow given email domains. (Comma delimited)
+  # WHITELIST: auth@example.org # Only allow given email addresses. (Comma delimited)
+  # LIFETIME: '43200' # Lifetime in seconds
+  # COOKIE_DOMAIN: example.org # Domain(s) to set auth cookie on. (Comma delimited)
+  # INSECURE_COOKIE: 'false' # Use insecure cookies
+  # COOKIE_NAME: _forward_auth # Cookie name
+  # CSRF_COOKIE_NAME: _forward_auth_csrf # CSRF cookie name
+  # SECRET: # Secret used for signing. If unset, one will be generated.
+  #   valueFrom:
+  #     secretKeyRef: traefik-forward-auth
+  # URL_PATH: /_oauth # Callback URL path
+  # LOGOUT_REDIRECT: '' # URL to redirect to following logout
+  # DEFAULT_ACTION: auth # [auth|allow]
+  # DEFAULT_PROVIDER: google # [google|oidc|generic-oauth]
+  #
+  # PROVIDERS_GOOGLE_CLIENT_ID: '' # Client ID
+  # PROVIDERS_GOOGLE_CLIENT_SECRET: '' # Client Secret
+  # PROVIDERS_GOOGLE_PROMPT: '' # Space separated list of OpenID prompt options
+  #
+  # PROVIDERS_OIDC_ISSUER_URL: '' # Issuer URL
+  # PROVIDERS_OIDC_CLIENT_ID: '' # Client ID
+  # PROVIDERS_OIDC_CLIENT_SECRET: '' # Client Secret
+  # PROVIDERS_OIDC_RESOURCE: '' # Optional resource indicator
+  #
+  # PROVIDERS_GENERIC_OAUTH_AUTH_URL: '' # Auth/Login URL
+  # PROVIDERS_GENERIC_OAUTH_TOKEN_URL: '' # Token URL
+  # PROVIDERS_GENERIC_OAUTH_USER_URL: '' # URL used to retrieve user info
+  # PROVIDERS_GENERIC_OAUTH_CLIENT_ID: '' # Client ID
+  # PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET: '' # Client Secret
+  # PROVIDERS_GENERIC_OAUTH_RESOURCE: '' # Optional resource indicator
+  # PROVIDERS_GENERIC_OAUTH_SCOPE: '' # Scopes (default: profile, email)
+  # PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE: '' # How token is presented when querying the User URL

-logging:
-  # logging.level -- [trace|debug|info|warn|error|fatal|panic] Log level (default: warn)
-  level: ""
-  # logging.format -- [text|json|pretty] Log format (default: text)
-  format: ""
-# authHost -- Single host to use when returning from 3rd party auth
-authHost: ""
-restrictions:
-  # restrictions.domain -- Only allow given email domains. (Comma delimited)
-  domain: ""
-  # restrictions.whitelist -- Only allow given email addresses. (Comma delimited)
-  whitelist: ""
-# lifetime -- Lifetime in seconds (default: 43200)
-lifetime: ""
-cookie:
-  # cookie.domain -- Domain(s) to set auth cookie on. (Comma delimited)
-  domain: ""
-  # cookie.insecure -- Use insecure cookies
-  insecure: ""
-  # cookie.name -- Cookie Name (default: _forward_auth)
-  name: ""
-  # cookie.csrfName -- CSRF Cookie Name (default: _forward_auth_csrf)
-  csrfName: ""
-  # cookie.secret -- Cookie Secret used for authentication across multiple instances / clusters (default: randomly generated)
-  secret: ""
-default:
-  # default.action -- [auth|allow] Default action (default: auth)
-  action: ""
-  # default.provider -- [google|oidc|generic-oauth] Default provider (default: google)
-  provider: ""
-# logoutRedirect -- URL to redirect to following logout
-logoutRedirect: ""
-# urlPath -- Callback URL Path (default: /_oauth)
-urlPath: ""
-# secret -- Secret used for signing. If empty, one will be generated. If specifying your own in env use "-"
-secret: ""
+# -- Configures service settings for the chart.
+# @default -- See values.yaml
+service:
+  main:
+    ports:
+      http:
+        port: 4181

 middleware:
-  # middleware.enabled -- Enable to deploy a preconfigured middleware
-  enabled: false
-  # middleware.name -- Name for the middleware
-  name: ""
-providers:
-  google:
-    # providers.google.enabled -- Enable the google provider
-    enabled: false
-    # providers.google.clientId -- Client ID
-    clientId: ""
-    # providers.google.clientSecret -- Client Secret
-    clientSecret: ""
-    # providers.google.prompt -- Space separated list of OpenID prompt options
-    prompt: ""
-  oidc:
-    # providers.oidc.enabled -- Enable the generic OIDC provider
-    enabled: false
-    # providers.oidc.issuerUrl -- Issuer URL
-    issuerUrl: ""
-    # providers.oidc.clientId -- Client ID
-    clientId: ""
-    # providers.oidc.clientSecret -- Client Secret
-    clientSecret: ""
-    # providers.oidc.resource -- Optional resource indicator
-    resource: ""
-  genericOauth:
-    # providers.genericOauth.enabled -- Enable the generic OAUTH2 provider
-    enabled: false
-    # providers.genericOauth.authUrl -- Auth/Login URL
-    authUrl: ""
-    # providers.genericOauth.tokenUrl -- Token URL
-    tokenUrl: ""
-    # providers.genericOauth.userUrl -- URL used to retrieve user info
-    userUrl: ""
-    # providers.genericOauth.clientId -- Client ID
-    clientId: ""
-    # providers.genericOauth.clientSecret -- Client Secret
-    clientSecret: ""
-    # providers.genericOauth.scope -- Scopes (default: profile, email)
-    scope: ""
-    # providers.genericOauth.tokenStyle -- How token is presented when querying the User URL
-    tokenStyle: ""
-    # providers.genericOauth.resource -- Optional resource indicator
-    resource: ""
-
-env: []
-envFrom:
-# - secretRef:
-#     name:
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-# livenessProbe -- Liveness probe configuration
-# @default -- {"periodSeconds":20,"tcpSocket":{"port":"http"}}
-livenessProbe:
-  # livenessProbe.enabled -- Enable liveness probe
+  # -- Enable a preconfigured middleware.
  enabled: true
-  tcpSocket:
-    port: http
-  periodSeconds: 20
-
-# readinessProbe -- Readiness probe configuration
-# @default -- {"periodSeconds":10,"tcpSocket":{"port":"http"}}
-readinessProbe:
-  # readinessProbe.enabled -- Enable readiness probe
-  enabled: true
-  tcpSocket:
-    port: http
-  periodSeconds: 10
-
-service:
-  type: ClusterIP
-  port: 4181
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-  labels: {}
-  additionalSpec: {}
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths: []
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
+  # -- Override the middleware name.
+  nameOverride: ""
Author	SHA1	Message	Date
k8s-at-home[bot]	2523cb7b5e	chore: Auto-update chart README [skip ci]	2022-02-10 22:39:36 +00:00
Casey	aa69f69828	feat: add chart for scrypted (#1409 ) Co-authored-by: Casey Vockrodt <vockrodc@nro.mil>	2022-02-10 17:39:09 -05:00
k8s-at-home[bot]	0d229ec376	chore: Auto-update chart README [skip ci]	2022-02-09 18:56:46 +00:00
Markus Reiter	5475a5ffff	[traefik-forward-auth] Reuse existing secret. (#1404 )	2022-02-09 19:56:18 +01:00
k8s-at-home[bot]	c156819394	chore: Auto-update chart README [skip ci]	2022-02-09 09:30:11 +00:00
Skyler Mäntysaari	bb314ce2d9	[monica] App version bump to 3.7.0-apache. (#1405 ) * [monica] App version bump to 3.7.0-apache. Signed-off-by: Skyler Mäntysaari <samip5@users.noreply.github.com>	2022-02-09 10:29:43 +01:00
Jonathan Bartlett	ffe4297db0	[dendrite] Add dendrite polylith mode (#1399 ) Co-authored-by: S7evinK <s73vink@gmail.com> Co-authored-by: Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs <me@bjw-s.dev> Co-authored-by: Till Faelligen <tfaelligen@gmail.com>	2022-02-08 18:11:39 -05:00
k8s-at-home[bot]	ee03d09780	chore: Auto-update chart README [skip ci]	2022-02-07 19:13:44 +00:00
Markus Reiter	90a62afddc	[teamspeak] Add TeamSpeak metrics. (#1403 ) * Merge TeamSpeak ports into single service. * Add TeamSpeak metrics.	2022-02-07 20:13:12 +01:00
k8s-at-home[bot]	05347d1716	chore: Auto-update chart README [skip ci]	2022-02-05 21:55:42 +00:00
Philipp Hellmich	f7b54c65ff	[samba] changed samba server docker image (#1402 )	2022-02-05 22:55:17 +01:00
Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs	a7aaa5a524	fix: Use strings for version numbers	2022-02-05 20:04:57 +01:00
Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs	e2bb5d8ed4	ci: Actually bump Helm	2022-02-05 19:59:13 +01:00
Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs	fbf13879b8	ci: Update Helm / Python	2022-02-05 19:57:55 +01:00
				`@@ -0,0 +1 @@`
				`{{- include "common.notes.defaultNotes" . -}}`