diff --git a/apps/charts/coder/Chart.yaml b/apps/charts/coder/Chart.yaml index 5b46cef..07bc4e8 100644 --- a/apps/charts/coder/Chart.yaml +++ b/apps/charts/coder/Chart.yaml @@ -1,3 +1,7 @@ apiVersion: v2 version: 1.0.0 -name: openwebui +name: coder +dependencies: + - name: common + version: 1.0.0 + repository: file://../common diff --git a/apps/charts/coder/templates/deployment.yaml b/apps/charts/coder/templates/deployment.yaml index 039319c..4508e33 100644 --- a/apps/charts/coder/templates/deployment.yaml +++ b/apps/charts/coder/templates/deployment.yaml @@ -1,74 +1 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ .Release.Name }}" -spec: - strategy: - type: Recreate - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: "{{ .Release.Name }}" - template: - metadata: - labels: - app: "{{ .Release.Name }}" - spec: - serviceAccountName: "{{ .Release.Name }}-serviceaccount" - containers: - - name: "{{ .Release.Name }}" - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - ports: - - name: http - containerPort: 7080 - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - mountPath: /home/coder/.config - name: data - env: - - name: CODER_HTTP_ADDRESS - value: "0.0.0.0:7080" - - name: CODER_OIDC_ALLOWED_GROUPS - value: admin - - name: CODER_OIDC_GROUP_FIELD - value: groups - - name: CODER_ACCESS_URL - value: https://coder.olsen.cloud - - name: CODER_OIDC_ICON_URL - value: https://authentik.olsen.cloud/static/dist/assets/icons/icon.png - - name: CODER_DISABLE_PASSWORD_AUTH - value: "true" - - name: CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS - value: "false" - - name: CODER_OIDC_SIGN_IN_TEXT - value: "Sign in with OIDC" - - name: CODER_OIDC_SCOPES - value: openid,profile,email,offline_access - - name: CODER_OIDC_ISSUER_URL - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: configurationIssuer - - name: CODER_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: clientId - - name: CODER_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: clientSecret - - volumes: - - name: data - persistentVolumeClaim: - claimName: "{{ .Release.Name }}-data" +{{ include "common.deployment" . }} diff --git a/apps/charts/coder/templates/pvc.yaml b/apps/charts/coder/templates/pvc.yaml index bc1d0a6..379bad9 100644 --- a/apps/charts/coder/templates/pvc.yaml +++ b/apps/charts/coder/templates/pvc.yaml @@ -1,11 +1 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: '{{ .Release.Name }}-data' -spec: - accessModes: - - 'ReadWriteOnce' - resources: - requests: - storage: '1Gi' - storageClassName: '{{ .Values.globals.environment }}' +{{ include "common.pvc" . }} diff --git a/apps/charts/coder/templates/service.yaml b/apps/charts/coder/templates/service.yaml index ca4d3c5..f024c64 100644 --- a/apps/charts/coder/templates/service.yaml +++ b/apps/charts/coder/templates/service.yaml @@ -1,15 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: '{{ .Release.Name }}' - labels: - app: '{{ .Release.Name }}' -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 7080 - protocol: TCP - name: http - selector: - app: '{{ .Release.Name }}' +{{ include "common.service" . }} diff --git a/apps/charts/coder/templates/virtual-service.yaml b/apps/charts/coder/templates/virtual-service.yaml index a9b195e..766f6b9 100644 --- a/apps/charts/coder/templates/virtual-service.yaml +++ b/apps/charts/coder/templates/virtual-service.yaml @@ -1,19 +1 @@ -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-private" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.private }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - +{{ include "common.virtualService" . }} diff --git a/apps/charts/coder/values.yaml b/apps/charts/coder/values.yaml index 375869c..021088a 100644 --- a/apps/charts/coder/values.yaml +++ b/apps/charts/coder/values.yaml @@ -2,4 +2,70 @@ image: repository: ghcr.io/coder/coder tag: v2.29.1@sha256:19b3ecd02510b4ee91ba488c61a3f40a6c164c9aeef38999c855e55fd653097c pullPolicy: IfNotPresent + subdomain: coder + +# Deployment configuration +deployment: + strategy: Recreate + replicas: 1 + revisionHistoryLimit: 0 + serviceAccountName: "{release}-serviceaccount" # Will be templated + +# Container configuration +container: + port: 7080 + healthProbe: + type: tcpSocket + port: http # Use named port + +# Service configuration +service: + port: 80 + type: ClusterIP + +# Volume configuration +volumes: + - name: data + mountPath: /home/coder/.config + persistentVolumeClaim: data + +# Persistent volume claims +persistentVolumeClaims: + - name: data + size: 1Gi + +# VirtualService configuration +virtualService: + enabled: true + gateways: + public: false + private: true + +# Environment variables +env: + CODER_HTTP_ADDRESS: "0.0.0.0:7080" + CODER_OIDC_ALLOWED_GROUPS: admin + CODER_OIDC_GROUP_FIELD: groups + CODER_ACCESS_URL: + value: "https://{subdomain}.{domain}" + CODER_OIDC_ICON_URL: "https://authentik.olsen.cloud/static/dist/assets/icons/icon.png" + CODER_DISABLE_PASSWORD_AUTH: "true" + CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS: "false" + CODER_OIDC_SIGN_IN_TEXT: "Sign in with OIDC" + CODER_OIDC_SCOPES: "openid,profile,email,offline_access" + CODER_OIDC_ISSUER_URL: + valueFrom: + secretKeyRef: + name: "{release}-client" + key: configurationIssuer + CODER_OIDC_CLIENT_ID: + valueFrom: + secretKeyRef: + name: "{release}-client" + key: clientId + CODER_OIDC_CLIENT_SECRET: + valueFrom: + secretKeyRef: + name: "{release}-client" + key: clientSecret diff --git a/apps/charts/common/common-1.0.0.tgz b/apps/charts/common/common-1.0.0.tgz index 95732af..bc8616f 100644 Binary files a/apps/charts/common/common-1.0.0.tgz and b/apps/charts/common/common-1.0.0.tgz differ diff --git a/apps/charts/common/templates/_helpers.tpl b/apps/charts/common/templates/_helpers.tpl index c89da53..edb063c 100644 --- a/apps/charts/common/templates/_helpers.tpl +++ b/apps/charts/common/templates/_helpers.tpl @@ -297,6 +297,12 @@ spec: labels: {{- include "common.selectorLabels" . | nindent 8 }} spec: + {{- if .Values.deployment.serviceAccountName }} + serviceAccountName: {{ .Values.deployment.serviceAccountName | replace "{release}" .Release.Name | replace "{fullname}" (include "common.fullname" .) }} + {{- end }} + {{- if .Values.deployment.hostNetwork }} + hostNetwork: {{ .Values.deployment.hostNetwork }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -324,6 +330,25 @@ spec: {{- end }} {{- end }} +{{/* +Full ServiceAccount resource +*/}} +{{- define "common.serviceAccount" -}} +{{- if .Values.serviceAccount }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ if .Values.serviceAccount.name }}{{ .Values.serviceAccount.name }}{{ else }}{{ include "common.fullname" . }}{{ end }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "common.labels" . | nindent 4 }} +{{- if .Values.serviceAccount.annotations }} + annotations: + {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +{{- end }} +{{- end }} + {{/* Full Service resource(s) - supports multiple services */}} diff --git a/apps/charts/esphome/Chart.yaml b/apps/charts/esphome/Chart.yaml index b06614b..fd781ec 100644 --- a/apps/charts/esphome/Chart.yaml +++ b/apps/charts/esphome/Chart.yaml @@ -1,3 +1,7 @@ apiVersion: v2 version: 1.0.0 name: esphome +dependencies: + - name: common + version: 1.0.0 + repository: file://../common diff --git a/apps/charts/esphome/templates/deployment.yaml b/apps/charts/esphome/templates/deployment.yaml index c01f4ec..4508e33 100644 --- a/apps/charts/esphome/templates/deployment.yaml +++ b/apps/charts/esphome/templates/deployment.yaml @@ -1,43 +1 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ .Release.Name }}" -spec: - strategy: - type: Recreate - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: "{{ .Release.Name }}" - template: - metadata: - labels: - app: "{{ .Release.Name }}" - spec: - hostNetwork: true - containers: - - name: "{{ .Release.Name }}" - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - ports: - - name: http - containerPort: 6052 - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - tcpSocket: - port: http - env: - - name: TZ - value: "{{ .Values.globals.timezone }}" - volumeMounts: - - mountPath: /config - name: data - - volumes: - - name: data - persistentVolumeClaim: - claimName: "{{ .Release.Name }}-data" +{{ include "common.deployment" . }} diff --git a/apps/charts/esphome/templates/pvc.yaml b/apps/charts/esphome/templates/pvc.yaml index bc1d0a6..379bad9 100644 --- a/apps/charts/esphome/templates/pvc.yaml +++ b/apps/charts/esphome/templates/pvc.yaml @@ -1,11 +1 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: '{{ .Release.Name }}-data' -spec: - accessModes: - - 'ReadWriteOnce' - resources: - requests: - storage: '1Gi' - storageClassName: '{{ .Values.globals.environment }}' +{{ include "common.pvc" . }} diff --git a/apps/charts/esphome/templates/service.yaml b/apps/charts/esphome/templates/service.yaml index 48d3c5a..f024c64 100644 --- a/apps/charts/esphome/templates/service.yaml +++ b/apps/charts/esphome/templates/service.yaml @@ -1,15 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Release.Name }}" - labels: - app: "{{ .Release.Name }}" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 6052 - protocol: TCP - name: http - selector: - app: "{{ .Release.Name }}" +{{ include "common.service" . }} diff --git a/apps/charts/esphome/templates/virtual-service.yaml b/apps/charts/esphome/templates/virtual-service.yaml index a9b195e..766f6b9 100644 --- a/apps/charts/esphome/templates/virtual-service.yaml +++ b/apps/charts/esphome/templates/virtual-service.yaml @@ -1,19 +1 @@ -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-private" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.private }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - +{{ include "common.virtualService" . }} diff --git a/apps/charts/esphome/values.yaml b/apps/charts/esphome/values.yaml index 23463e0..dae94ce 100644 --- a/apps/charts/esphome/values.yaml +++ b/apps/charts/esphome/values.yaml @@ -2,4 +2,42 @@ image: repository: ghcr.io/esphome/esphome tag: 2025.12.4@sha256:a7915def0a60c76506db766b7b733760f09b47ab6a511d5052a6d38bc3f424e3 pullPolicy: IfNotPresent + subdomain: esphome + +# Deployment configuration +deployment: + strategy: Recreate + replicas: 1 + revisionHistoryLimit: 0 + hostNetwork: true # ESPHome needs hostNetwork for device discovery + +# Container configuration +container: + port: 6052 + healthProbe: + type: tcpSocket + port: http # Use named port + +# Service configuration +service: + port: 80 + type: ClusterIP + +# Volume configuration +volumes: + - name: data + mountPath: /config + persistentVolumeClaim: data + +# Persistent volume claims +persistentVolumeClaims: + - name: data + size: 1Gi + +# VirtualService configuration +virtualService: + enabled: true + gateways: + public: false + private: true diff --git a/apps/charts/gitea/Chart.yaml b/apps/charts/gitea/Chart.yaml index 2027869..61c0487 100644 --- a/apps/charts/gitea/Chart.yaml +++ b/apps/charts/gitea/Chart.yaml @@ -1,3 +1,7 @@ apiVersion: v2 version: 1.0.0 name: gitea +dependencies: + - name: common + version: 1.0.0 + repository: file://../common diff --git a/apps/charts/gitea/templates/deployment.yaml b/apps/charts/gitea/templates/deployment.yaml index 55e57e8..4508e33 100644 --- a/apps/charts/gitea/templates/deployment.yaml +++ b/apps/charts/gitea/templates/deployment.yaml @@ -1,104 +1 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ .Release.Name }}" -spec: - strategy: - type: RollingUpdate - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: "{{ .Release.Name }}" - template: - metadata: - labels: - app: "{{ .Release.Name }}" - spec: - containers: - - name: "{{ .Release.Name }}" - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - ports: - - name: http - containerPort: 3000 - protocol: TCP - - name: ssh - containerPort: 22 - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - mountPath: /data - name: data - env: - - name: TZ - value: "{{ .Values.globals.timezone }}" - - name: USER_UID - value: "1000" - - name: USER_GID - value: "1000" - - name: GITEA__server__SSH_DOMAIN - value: ssh-gitea.olsen.cloud - - name: GITEA__server__SSH_PORT - value: "2205" - - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD - value: "true" - #- name: GITEA__service__ENABLE_BASIC_AUTHENTICATION - # value: 'true' - - name: GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM - value: "false" - - name: GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE - value: "true" - - name: GITEA__service__DEFAULT_USER_IS_RESTRICTED - value: "true" - - name: GITEA__service__DEFAULT_USER_VISIBILITY - value: "private" - - name: GITEA__service__DEFAULT_ORG_VISIBILITY - value: "private" - - name: GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION - value: "true" - - name: GITEA__other__SHOW_FOOTER_POWERED_BY - value: "false" - - name: GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME - value: "false" - - name: GITEA__other__SHOW_FOOTER_VERSION - value: "false" - - name: GITEA__repository__ENABLE_PUSH_CREATE_USER - value: "true" - - name: GITEA__repository__ENABLE_PUSH_CREATE_ORG - value: "true" - - name: GITEA__openid__ENABLE_OPENID_SIGNIN - value: "false" - - name: GITEA__openid__ENABLE_OPENID_SIGNUP - value: "false" - - name: GITEA__database__DB_TYPE - value: postgres - - name: GITEA__database__NAME - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: database - - name: GITEA__database__HOST - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: host - - name: GITEA__database__USER - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: user - - name: GITEA__database__PASSWD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: password - volumes: - - name: data - persistentVolumeClaim: - claimName: "{{ .Release.Name }}-data" +{{ include "common.deployment" . }} diff --git a/apps/charts/gitea/templates/pvc.yaml b/apps/charts/gitea/templates/pvc.yaml index bc1d0a6..379bad9 100644 --- a/apps/charts/gitea/templates/pvc.yaml +++ b/apps/charts/gitea/templates/pvc.yaml @@ -1,11 +1 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: '{{ .Release.Name }}-data' -spec: - accessModes: - - 'ReadWriteOnce' - resources: - requests: - storage: '1Gi' - storageClassName: '{{ .Values.globals.environment }}' +{{ include "common.pvc" . }} diff --git a/apps/charts/gitea/templates/service.yaml b/apps/charts/gitea/templates/service.yaml index 1c09f6d..f024c64 100644 --- a/apps/charts/gitea/templates/service.yaml +++ b/apps/charts/gitea/templates/service.yaml @@ -1,32 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Release.Name }}" - labels: - app: "{{ .Release.Name }}" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 3000 - protocol: TCP - name: http - selector: - app: "{{ .Release.Name }}" - ---- -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Release.Name }}-ssh" - labels: - app: "{{ .Release.Name }}" -spec: - type: LoadBalancer - ports: - - port: 2205 - targetPort: 22 - protocol: TCP - name: ssh - selector: - app: "{{ .Release.Name }}" +{{ include "common.service" . }} diff --git a/apps/charts/gitea/templates/virtual-service.yaml b/apps/charts/gitea/templates/virtual-service.yaml index 36e9d43..766f6b9 100644 --- a/apps/charts/gitea/templates/virtual-service.yaml +++ b/apps/charts/gitea/templates/virtual-service.yaml @@ -1,39 +1 @@ -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-public" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.public }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - ---- -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-private" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.private }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - +{{ include "common.virtualService" . }} diff --git a/apps/charts/gitea/values.yaml b/apps/charts/gitea/values.yaml index d8bfc4b..41810f6 100644 --- a/apps/charts/gitea/values.yaml +++ b/apps/charts/gitea/values.yaml @@ -2,4 +2,102 @@ image: repository: docker.gitea.com/gitea tag: 1.25.3@sha256:fee0e5e55da6d2d11186bf39023a772fe63d9deffc0a83283e3d8e5d11c2716a pullPolicy: IfNotPresent + subdomain: gitea + +# Deployment configuration +deployment: + strategy: RollingUpdate + replicas: 1 + revisionHistoryLimit: 0 + +# Container configuration - multiple ports +container: + ports: + - name: http + port: 3000 + protocol: TCP + - name: ssh + port: 22 + protocol: TCP + healthProbe: + type: tcpSocket + port: http # Use named port + +# Service configuration - multiple services +service: + ports: + - name: http + port: 80 + targetPort: 3000 + protocol: TCP + type: ClusterIP + - name: ssh + port: 2205 + targetPort: 22 + protocol: TCP + type: LoadBalancer + serviceName: ssh # Results in: {release}-ssh + +# Volume configuration +volumes: + - name: data + mountPath: /data + persistentVolumeClaim: data + +# Persistent volume claims +persistentVolumeClaims: + - name: data + size: 1Gi + +# VirtualService configuration +virtualService: + enabled: true + gateways: + public: true + private: true + servicePort: 80 # Route to the http service port + +# Environment variables +env: + USER_UID: "1000" + USER_GID: "1000" + GITEA__server__SSH_DOMAIN: + value: "ssh-{subdomain}.{domain}" + GITEA__server__SSH_PORT: "2205" + GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD: "true" + GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM: "false" + GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true" + GITEA__service__DEFAULT_USER_IS_RESTRICTED: "true" + GITEA__service__DEFAULT_USER_VISIBILITY: "private" + GITEA__service__DEFAULT_ORG_VISIBILITY: "private" + GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true" + GITEA__other__SHOW_FOOTER_POWERED_BY: "false" + GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: "false" + GITEA__other__SHOW_FOOTER_VERSION: "false" + GITEA__repository__ENABLE_PUSH_CREATE_USER: "true" + GITEA__repository__ENABLE_PUSH_CREATE_ORG: "true" + GITEA__openid__ENABLE_OPENID_SIGNIN: "false" + GITEA__openid__ENABLE_OPENID_SIGNUP: "false" + GITEA__database__DB_TYPE: postgres + GITEA__database__DB_PORT: "5432" + GITEA__database__NAME: + valueFrom: + secretKeyRef: + name: "{release}-pg-connection" + key: database + GITEA__database__HOST: + valueFrom: + secretKeyRef: + name: "{release}-pg-connection" + key: host + GITEA__database__USER: + valueFrom: + secretKeyRef: + name: "{release}-pg-connection" + key: user + GITEA__database__PASSWD: + valueFrom: + secretKeyRef: + name: "{release}-pg-connection" + key: password