migrate gitea, coder and esphome

2026-02-08 01:36:28 +01:00 · 2026-01-01 18:01:41 +01:00
parent 44f5a93d46
commit 9ac5b61a38
20 changed files with 252 additions and 394 deletions
--- a/apps/charts/coder/Chart.yaml
+++ b/apps/charts/coder/Chart.yaml
@@ -1,3 +1,7 @@
 apiVersion: v2
 version: 1.0.0
-name: openwebui
+name: coder
+dependencies:
+  - name: common
+    version: 1.0.0
+    repository: file://../common
--- a/apps/charts/coder/templates/deployment.yaml
+++ b/apps/charts/coder/templates/deployment.yaml
@@ -1,74 +1 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  revisionHistoryLimit: 0
-  selector:
-    matchLabels:
-      app: "{{ .Release.Name }}"
-  template:
-    metadata:
-      labels:
-        app: "{{ .Release.Name }}"
-    spec:
-      serviceAccountName: "{{ .Release.Name }}-serviceaccount"
-      containers:
-        - name: "{{ .Release.Name }}"
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          ports:
-            - name: http
-              containerPort: 7080
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-          readinessProbe:
-            tcpSocket:
-              port: http
-          volumeMounts:
-            - mountPath: /home/coder/.config
-              name: data
-          env:
-            - name: CODER_HTTP_ADDRESS
-              value: "0.0.0.0:7080"
-            - name: CODER_OIDC_ALLOWED_GROUPS
-              value: admin
-            - name: CODER_OIDC_GROUP_FIELD
-              value: groups
-            - name: CODER_ACCESS_URL
-              value: https://coder.olsen.cloud
-            - name: CODER_OIDC_ICON_URL
-              value: https://authentik.olsen.cloud/static/dist/assets/icons/icon.png
-            - name: CODER_DISABLE_PASSWORD_AUTH
-              value: "true"
-            - name: CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
-              value: "false"
-            - name: CODER_OIDC_SIGN_IN_TEXT
-              value: "Sign in with OIDC"
-            - name: CODER_OIDC_SCOPES
-              value: openid,profile,email,offline_access
-            - name: CODER_OIDC_ISSUER_URL
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
-                  key: configurationIssuer
-            - name: CODER_OIDC_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
-                  key: clientId
-            - name: CODER_OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
-                  key: clientSecret
-
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-data"
+{{ include "common.deployment" . }}
--- a/apps/charts/coder/templates/pvc.yaml
+++ b/apps/charts/coder/templates/pvc.yaml
@@ -1,11 +1 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-data'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'
+{{ include "common.pvc" . }}
--- a/apps/charts/coder/templates/service.yaml
+++ b/apps/charts/coder/templates/service.yaml
@@ -1,15 +1 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: '{{ .Release.Name }}'
-  labels:
-    app: '{{ .Release.Name }}'
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 7080
-      protocol: TCP
-      name: http
-  selector:
-    app: '{{ .Release.Name }}'
+{{ include "common.service" . }}
--- a/apps/charts/coder/templates/virtual-service.yaml
+++ b/apps/charts/coder/templates/virtual-service.yaml
@@ -1,19 +1 @@
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-private"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.private }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
+{{ include "common.virtualService" . }}
--- a/apps/charts/coder/values.yaml
+++ b/apps/charts/coder/values.yaml
@@ -2,4 +2,70 @@ image:
  repository: ghcr.io/coder/coder
  tag: v2.29.1@sha256:19b3ecd02510b4ee91ba488c61a3f40a6c164c9aeef38999c855e55fd653097c
  pullPolicy: IfNotPresent
+
 subdomain: coder
+
+# Deployment configuration
+deployment:
+  strategy: Recreate
+  replicas: 1
+  revisionHistoryLimit: 0
+  serviceAccountName: "{release}-serviceaccount"  # Will be templated
+
+# Container configuration
+container:
+  port: 7080
+  healthProbe:
+    type: tcpSocket
+    port: http  # Use named port
+
+# Service configuration
+service:
+  port: 80
+  type: ClusterIP
+
+# Volume configuration
+volumes:
+  - name: data
+    mountPath: /home/coder/.config
+    persistentVolumeClaim: data
+
+# Persistent volume claims
+persistentVolumeClaims:
+  - name: data
+    size: 1Gi
+
+# VirtualService configuration
+virtualService:
+  enabled: true
+  gateways:
+    public: false
+    private: true
+
+# Environment variables
+env:
+  CODER_HTTP_ADDRESS: "0.0.0.0:7080"
+  CODER_OIDC_ALLOWED_GROUPS: admin
+  CODER_OIDC_GROUP_FIELD: groups
+  CODER_ACCESS_URL:
+    value: "https://{subdomain}.{domain}"
+  CODER_OIDC_ICON_URL: "https://authentik.olsen.cloud/static/dist/assets/icons/icon.png"
+  CODER_DISABLE_PASSWORD_AUTH: "true"
+  CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS: "false"
+  CODER_OIDC_SIGN_IN_TEXT: "Sign in with OIDC"
+  CODER_OIDC_SCOPES: "openid,profile,email,offline_access"
+  CODER_OIDC_ISSUER_URL:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-client"
+        key: configurationIssuer
+  CODER_OIDC_CLIENT_ID:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-client"
+        key: clientId
+  CODER_OIDC_CLIENT_SECRET:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-client"
+        key: clientSecret
--- a/apps/charts/common/common-1.0.0.tgz
+++ b/apps/charts/common/common-1.0.0.tgz
--- a/apps/charts/common/templates/_helpers.tpl
+++ b/apps/charts/common/templates/_helpers.tpl
@@ -297,6 +297,12 @@ spec:
      labels:
        {{- include "common.selectorLabels" . | nindent 8 }}
    spec:
+      {{- if .Values.deployment.serviceAccountName }}
+      serviceAccountName: {{ .Values.deployment.serviceAccountName | replace "{release}" .Release.Name | replace "{fullname}" (include "common.fullname" .) }}
+      {{- end }}
+      {{- if .Values.deployment.hostNetwork }}
+      hostNetwork: {{ .Values.deployment.hostNetwork }}
+      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -324,6 +330,25 @@ spec:
 {{- end }}
 {{- end }}

+{{/*
+Full ServiceAccount resource
+*/}}
+{{- define "common.serviceAccount" -}}
+{{- if .Values.serviceAccount }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ if .Values.serviceAccount.name }}{{ .Values.serviceAccount.name }}{{ else }}{{ include "common.fullname" . }}{{ end }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+{{- if .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
 {{/*
 Full Service resource(s) - supports multiple services
 */}}
--- a/apps/charts/esphome/Chart.yaml
+++ b/apps/charts/esphome/Chart.yaml
@@ -1,3 +1,7 @@
 apiVersion: v2
 version: 1.0.0
 name: esphome
+dependencies:
+  - name: common
+    version: 1.0.0
+    repository: file://../common
--- a/apps/charts/esphome/templates/deployment.yaml
+++ b/apps/charts/esphome/templates/deployment.yaml
@@ -1,43 +1 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  revisionHistoryLimit: 0
-  selector:
-    matchLabels:
-      app: "{{ .Release.Name }}"
-  template:
-    metadata:
-      labels:
-        app: "{{ .Release.Name }}"
-    spec:
-      hostNetwork: true
-      containers:
-        - name: "{{ .Release.Name }}"
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          ports:
-            - name: http
-              containerPort: 6052
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-          readinessProbe:
-            tcpSocket:
-              port: http
-          env:
-            - name: TZ
-              value: "{{ .Values.globals.timezone }}"
-          volumeMounts:
-            - mountPath: /config
-              name: data
-
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-data"
+{{ include "common.deployment" . }}
--- a/apps/charts/esphome/templates/pvc.yaml
+++ b/apps/charts/esphome/templates/pvc.yaml
@@ -1,11 +1 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-data'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'
+{{ include "common.pvc" . }}
--- a/apps/charts/esphome/templates/service.yaml
+++ b/apps/charts/esphome/templates/service.yaml
@@ -1,15 +1 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 6052
-      protocol: TCP
-      name: http
-  selector:
-    app: "{{ .Release.Name }}"
+{{ include "common.service" . }}
--- a/apps/charts/esphome/templates/virtual-service.yaml
+++ b/apps/charts/esphome/templates/virtual-service.yaml
@@ -1,19 +1 @@
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-private"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.private }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
+{{ include "common.virtualService" . }}
--- a/apps/charts/esphome/values.yaml
+++ b/apps/charts/esphome/values.yaml
@@ -2,4 +2,42 @@ image:
  repository: ghcr.io/esphome/esphome
  tag: 2025.12.4@sha256:a7915def0a60c76506db766b7b733760f09b47ab6a511d5052a6d38bc3f424e3
  pullPolicy: IfNotPresent
+
 subdomain: esphome
+
+# Deployment configuration
+deployment:
+  strategy: Recreate
+  replicas: 1
+  revisionHistoryLimit: 0
+  hostNetwork: true  # ESPHome needs hostNetwork for device discovery
+
+# Container configuration
+container:
+  port: 6052
+  healthProbe:
+    type: tcpSocket
+    port: http  # Use named port
+
+# Service configuration
+service:
+  port: 80
+  type: ClusterIP
+
+# Volume configuration
+volumes:
+  - name: data
+    mountPath: /config
+    persistentVolumeClaim: data
+
+# Persistent volume claims
+persistentVolumeClaims:
+  - name: data
+    size: 1Gi
+
+# VirtualService configuration
+virtualService:
+  enabled: true
+  gateways:
+    public: false
+    private: true
--- a/apps/charts/gitea/Chart.yaml
+++ b/apps/charts/gitea/Chart.yaml
@@ -1,3 +1,7 @@
 apiVersion: v2
 version: 1.0.0
 name: gitea
+dependencies:
+  - name: common
+    version: 1.0.0
+    repository: file://../common
--- a/apps/charts/gitea/templates/deployment.yaml
+++ b/apps/charts/gitea/templates/deployment.yaml
@@ -1,104 +1 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  strategy:
-    type: RollingUpdate
-  replicas: 1
-  revisionHistoryLimit: 0
-  selector:
-    matchLabels:
-      app: "{{ .Release.Name }}"
-  template:
-    metadata:
-      labels:
-        app: "{{ .Release.Name }}"
-    spec:
-      containers:
-        - name: "{{ .Release.Name }}"
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          ports:
-            - name: http
-              containerPort: 3000
-              protocol: TCP
-            - name: ssh
-              containerPort: 22
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-          readinessProbe:
-            tcpSocket:
-              port: http
-          volumeMounts:
-            - mountPath: /data
-              name: data
-          env:
-            - name: TZ
-              value: "{{ .Values.globals.timezone }}"
-            - name: USER_UID
-              value: "1000"
-            - name: USER_GID
-              value: "1000"
-            - name: GITEA__server__SSH_DOMAIN
-              value: ssh-gitea.olsen.cloud
-            - name: GITEA__server__SSH_PORT
-              value: "2205"
-            - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD
-              value: "true"
-            #- name: GITEA__service__ENABLE_BASIC_AUTHENTICATION
-            #  value: 'true'
-            - name: GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM
-              value: "false"
-            - name: GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE
-              value: "true"
-            - name: GITEA__service__DEFAULT_USER_IS_RESTRICTED
-              value: "true"
-            - name: GITEA__service__DEFAULT_USER_VISIBILITY
-              value: "private"
-            - name: GITEA__service__DEFAULT_ORG_VISIBILITY
-              value: "private"
-            - name: GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION
-              value: "true"
-            - name: GITEA__other__SHOW_FOOTER_POWERED_BY
-              value: "false"
-            - name: GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME
-              value: "false"
-            - name: GITEA__other__SHOW_FOOTER_VERSION
-              value: "false"
-            - name: GITEA__repository__ENABLE_PUSH_CREATE_USER
-              value: "true"
-            - name: GITEA__repository__ENABLE_PUSH_CREATE_ORG
-              value: "true"
-            - name: GITEA__openid__ENABLE_OPENID_SIGNIN
-              value: "false"
-            - name: GITEA__openid__ENABLE_OPENID_SIGNUP
-              value: "false"
-            - name: GITEA__database__DB_TYPE
-              value: postgres
-            - name: GITEA__database__NAME
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-pg-connection"
-                  key: database
-            - name: GITEA__database__HOST
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-pg-connection"
-                  key: host
-            - name: GITEA__database__USER
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-pg-connection"
-                  key: user
-            - name: GITEA__database__PASSWD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-pg-connection"
-                  key: password
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-data"
+{{ include "common.deployment" . }}
--- a/apps/charts/gitea/templates/pvc.yaml
+++ b/apps/charts/gitea/templates/pvc.yaml
@@ -1,11 +1 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-data'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'
+{{ include "common.pvc" . }}
--- a/apps/charts/gitea/templates/service.yaml
+++ b/apps/charts/gitea/templates/service.yaml
@@ -1,32 +1 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 3000
-      protocol: TCP
-      name: http
-  selector:
-    app: "{{ .Release.Name }}"
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}-ssh"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: LoadBalancer
-  ports:
-    - port: 2205
-      targetPort: 22
-      protocol: TCP
-      name: ssh
-  selector:
-    app: "{{ .Release.Name }}"
+{{ include "common.service" . }}
--- a/apps/charts/gitea/templates/virtual-service.yaml
+++ b/apps/charts/gitea/templates/virtual-service.yaml
@@ -1,39 +1 @@
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-public"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.public }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
---
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-private"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.private }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
+{{ include "common.virtualService" . }}
--- a/apps/charts/gitea/values.yaml
+++ b/apps/charts/gitea/values.yaml
@@ -2,4 +2,102 @@ image:
  repository: docker.gitea.com/gitea
  tag: 1.25.3@sha256:fee0e5e55da6d2d11186bf39023a772fe63d9deffc0a83283e3d8e5d11c2716a
  pullPolicy: IfNotPresent
+
 subdomain: gitea
+
+# Deployment configuration
+deployment:
+  strategy: RollingUpdate
+  replicas: 1
+  revisionHistoryLimit: 0
+
+# Container configuration - multiple ports
+container:
+  ports:
+    - name: http
+      port: 3000
+      protocol: TCP
+    - name: ssh
+      port: 22
+      protocol: TCP
+  healthProbe:
+    type: tcpSocket
+    port: http  # Use named port
+
+# Service configuration - multiple services
+service:
+  ports:
+    - name: http
+      port: 80
+      targetPort: 3000
+      protocol: TCP
+      type: ClusterIP
+    - name: ssh
+      port: 2205
+      targetPort: 22
+      protocol: TCP
+      type: LoadBalancer
+      serviceName: ssh  # Results in: {release}-ssh
+
+# Volume configuration
+volumes:
+  - name: data
+    mountPath: /data
+    persistentVolumeClaim: data
+
+# Persistent volume claims
+persistentVolumeClaims:
+  - name: data
+    size: 1Gi
+
+# VirtualService configuration
+virtualService:
+  enabled: true
+  gateways:
+    public: true
+    private: true
+  servicePort: 80  # Route to the http service port
+
+# Environment variables
+env:
+  USER_UID: "1000"
+  USER_GID: "1000"
+  GITEA__server__SSH_DOMAIN:
+    value: "ssh-{subdomain}.{domain}"
+  GITEA__server__SSH_PORT: "2205"
+  GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD: "true"
+  GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM: "false"
+  GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
+  GITEA__service__DEFAULT_USER_IS_RESTRICTED: "true"
+  GITEA__service__DEFAULT_USER_VISIBILITY: "private"
+  GITEA__service__DEFAULT_ORG_VISIBILITY: "private"
+  GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true"
+  GITEA__other__SHOW_FOOTER_POWERED_BY: "false"
+  GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: "false"
+  GITEA__other__SHOW_FOOTER_VERSION: "false"
+  GITEA__repository__ENABLE_PUSH_CREATE_USER: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_ORG: "true"
+  GITEA__openid__ENABLE_OPENID_SIGNIN: "false"
+  GITEA__openid__ENABLE_OPENID_SIGNUP: "false"
+  GITEA__database__DB_TYPE: postgres
+  GITEA__database__DB_PORT: "5432"
+  GITEA__database__NAME:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-pg-connection"
+        key: database
+  GITEA__database__HOST:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-pg-connection"
+        key: host
+  GITEA__database__USER:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-pg-connection"
+        key: user
+  GITEA__database__PASSWD:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-pg-connection"
+        key: password