migrate zot

apps/charts/blinko/Chart.yaml

@@ -1,7 +0,0 @@
-apiVersion: v2
-version: 1.0.0
-name: blinko
-dependencies:
-  - name: common
-    version: 1.0.0
-    repository: file://../../common

apps/charts/blinko/templates/client.yaml

@@ -1,10 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: OidcClient
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-  redirectUris:
-    - path: api/auth/callback/authentik
-      subdomain: "{{ .Values.subdomain }}"
-      matchingMode: strict

apps/charts/blinko/templates/database.yaml

@@ -1,2 +0,0 @@
-{{ include "common.database" . }}
-

apps/charts/blinko/templates/deployment.yaml

@@ -1 +0,0 @@
-{{ include "common.deployment" . }}

apps/charts/blinko/templates/oidc.yaml

@@ -1 +0,0 @@
-{{ include "common.oidc" . }}

apps/charts/blinko/templates/pvc.yaml

@@ -1 +0,0 @@
-{{ include "common.pvc" . }}

apps/charts/blinko/templates/service.yaml

@@ -1 +0,0 @@
-{{ include "common.service" . }}

apps/charts/blinko/templates/virtual-service.yaml

@@ -1 +0,0 @@
-{{ include "common.virtualService" . }}

apps/charts/blinko/values.yaml

@@ -1,81 +0,0 @@
-image:
-  repository: blinkospace/blinko
-  tag: latest@sha256:6db31658e58a0af9d2e15312de995fb3bb3d04db30b2fe500ed4ff0360c57518
-  pullPolicy: IfNotPresent
-
-subdomain: blinko
-
-# Deployment configuration
-deployment:
-  strategy: RollingUpdate
-  replicas: 1
-
-# Container configuration
-container:
-  port: 1111
-  healthProbe:
-    type: tcpSocket
-    port: http # Use named port
-
-# Service configuration
-service:
-  port: 80
-  type: ClusterIP
-
-# Volume configuration
-volumes:
-  - name: data
-    mountPath: /data
-    persistentVolumeClaim: data
-
-# Persistent volume claims
-persistentVolumeClaims:
-  - name: data
-    size: 1Gi
-
-# OIDC client
-oidc:
-  enabled: true
-  redirectUris:
-    - "/api/auth/callback/authentik"
-
-# Database configuration
-database:
-  enabled: true
-
-# External Secrets configuration
-externalSecrets:
-  - name: "{release}-secrets"
-    passwords:
-      - name: betterauth
-        length: 64
-        allowRepeat: true  # Required for longer passwords
-        noUpper: false
-        encoding: hex  # hex encoding for the secret
-        secretKeys:
-          - betterauth  # Use this key name in the secret instead of default "password"
-
-# VirtualService configuration
-virtualService:
-  enabled: true
-  gateways:
-    public: true
-    private: true
-
-# Environment variables
-env:
-  NODE_ENV: "production"
-  NEXTAUTH_URL:
-    value: "https://{subdomain}.{domain}"
-  NEXT_PUBLIC_BASE_URL:
-    value: "https://{subdomain}.{domain}"
-  NEXTAUTH_SECRET:
-    valueFrom:
-      secretKeyRef:
-        name: "{release}-secrets"
-        key: betterauth
-  DATABASE_URL:
-    valueFrom:
-      secretKeyRef:
-        name: "{release}-connection"
-        key: url

apps/charts/zot/Chart.yaml

@@ -1,3 +1,7 @@
 apiVersion: v2
 version: 1.0.0
 name: zot
+dependencies:
+  - name: common
+    version: 1.0.0
+    repository: file://../../common

apps/charts/zot/templates/client.yaml

@@ -1,10 +1 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: OidcClient
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-  redirectUris:
-    - path: /zot/auth/callback/oidc
-      subdomain: "{{ .Values.subdomain }}"
-      matchingMode: strict
+{{ include "common.oidc" . }}

apps/charts/zot/templates/deployment.yaml

@@ -25,17 +25,17 @@ spec:
             - name: ISSUER
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
-                  key: configurationIssuer
+                  name: "{{ .Release.Name }}-oidc-credentials"
+                  key: issuer
             - name: CLIENT_ID
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
+                  name: "{{ .Release.Name }}-oidc-credentials"
                   key: clientId
             - name: CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
+                  name: "{{ .Release.Name }}-oidc-credentials"
                   key: clientSecret
             - name: PASSWORD
               valueFrom:

apps/charts/zot/templates/pvc.yaml

@@ -1,11 +1 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-data'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'
+{{ include "common.pvc" . }}

apps/charts/zot/templates/secret.yaml

@@ -1,9 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: GenerateSecret
-metadata:
-  name: "{{ .Release.Name }}-secret"
-spec:
-  fields:
-    - name: password
-      encoding: hex
-      length: 64

apps/charts/zot/templates/service.yaml

@@ -1,15 +1 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 5000
-      protocol: TCP
-      name: http
-  selector:
-    app: "{{ .Release.Name }}"
+{{ include "common.service" . }}

apps/charts/zot/templates/virtual-service.yaml

@@ -1,39 +1 @@
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-public"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.public }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
----
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-private"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.private }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
+{{ include "common.virtualService" . }}

apps/charts/zot/values.yaml

@@ -1,4 +1,74 @@
-subdomain: zot
 image:
   repository: ghcr.io/project-zot/zot
   tag: v2.1.13@sha256:d3cde44fa759bf7f3d25b479e2b33ed5d4d3f1d6fdad01b204d15a9c3af2db3c
+  pullPolicy: IfNotPresent
+
+subdomain: zot
+
+# Deployment configuration
+deployment:
+  strategy: Recreate
+  replicas: 1
+  revisionHistoryLimit: 0
+
+# Container configuration
+container:
+  ports:
+    - name: http
+      port: 5000
+      protocol: TCP
+  # Health probes commented out in original - can be enabled later
+  # healthProbe:
+  #   type: httpGet
+  #   path: /v2/
+  #   port: http
+
+# Service configuration
+service:
+  port: 80
+  targetPort: 5000
+  type: ClusterIP
+
+# Volume configuration
+volumes:
+  - name: data
+    mountPath: /var/lib/registry
+    persistentVolumeClaim: data
+  - name: config
+    mountPath: /etc/zot
+    emptyDir: {}
+
+# Persistent volume claims
+persistentVolumeClaims:
+  - name: data
+    size: 1Gi
+
+# VirtualService configuration
+virtualService:
+  enabled: true
+  gateways:
+    public: true
+    private: true
+
+# OIDC client configuration
+oidc:
+  enabled: true
+  redirectUris:
+    - "/zot/auth/callback/oidc"
+  subjectMode: user_username
+
+# External secrets configuration
+externalSecrets:
+  - name: "{release}-secret"
+    passwords:
+      - name: password
+        length: 64
+        encoding: hex
+        allowRepeat: true
+
+# Environment variables
+env:
+  TZ:
+    value: "{timezone}"
+  BASE_URL:
+    value: "https://{subdomain}.{domain}"