mirror of
https://github.com/morten-olsen/homelab-apps.git
synced 2026-02-08 01:36:28 +01:00
migrate homarr
This commit is contained in:
Morten Olsen
@@ -1,3 +1,7 @@
|
||||
apiVersion: v2
|
||||
version: 1.0.0
|
||||
name: openwebui
|
||||
name: homarr
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 1.0.0
|
||||
repository: file://../../common
|
||||
|
||||
@@ -1,10 +1 @@
|
||||
apiVersion: homelab.mortenolsen.pro/v1
|
||||
kind: OidcClient
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}"
|
||||
spec:
|
||||
environment: "{{ .Values.globals.environment }}"
|
||||
redirectUris:
|
||||
- path: /api/auth/callback/oidc
|
||||
subdomain: "{{ .Values.subdomain }}"
|
||||
matchingMode: strict
|
||||
{{ include "common.oidc" . }}
|
||||
|
||||
@@ -1,84 +1 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}"
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 0
|
||||
selector:
|
||||
matchLabels:
|
||||
app: "{{ .Release.Name }}"
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: "{{ .Release.Name }}"
|
||||
spec:
|
||||
containers:
|
||||
- name: "{{ .Release.Name }}"
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 7575
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: http
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: http
|
||||
volumeMounts:
|
||||
- mountPath: /appdata
|
||||
name: data
|
||||
env:
|
||||
- name: BASE_URL
|
||||
value: https://homarr.olsen.cloud # TODO
|
||||
|
||||
- name: NEXTAUTH_URL
|
||||
value: https://homarr.olsen.cloud
|
||||
|
||||
- name: AUTH_PROVIDERS
|
||||
value: oidc
|
||||
|
||||
- name: AUTH_OIDC_CLIENT_NAME
|
||||
value: Authentik
|
||||
|
||||
- name: AUTH_OIDC_SCOPE_OVERWRITE
|
||||
value: openid email profile
|
||||
|
||||
- name: AUTH_OIDC_GROUPS_ATTRIBUTE
|
||||
value: groups
|
||||
|
||||
- name: AUTH_OIDC_AUTO_LOGIN
|
||||
value: "true"
|
||||
|
||||
- name: SECRET_ENCRYPTION_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-secrets"
|
||||
key: encryptionkey
|
||||
|
||||
- name: AUTH_OIDC_ISSUER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-client"
|
||||
key: configurationIssuer
|
||||
|
||||
- name: AUTH_OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-client"
|
||||
key: clientId
|
||||
|
||||
- name: AUTH_OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-client"
|
||||
key: clientSecret
|
||||
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: "{{ .Release.Name }}-data"
|
||||
{{ include "common.deployment" . }}
|
||||
|
||||
@@ -1,11 +1 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: '{{ .Release.Name }}-data'
|
||||
spec:
|
||||
accessModes:
|
||||
- 'ReadWriteOnce'
|
||||
resources:
|
||||
requests:
|
||||
storage: '1Gi'
|
||||
storageClassName: '{{ .Values.globals.environment }}'
|
||||
{{ include "common.pvc" . }}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{ include "common.externalSecrets.externalSecrets" . }}
|
||||
@@ -0,0 +1 @@
|
||||
{{ include "common.externalSecrets.passwordGenerators" . }}
|
||||
@@ -1,9 +0,0 @@
|
||||
apiVersion: homelab.mortenolsen.pro/v1
|
||||
kind: GenerateSecret
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-secrets"
|
||||
spec:
|
||||
fields:
|
||||
- name: encryptionkey
|
||||
encoding: hex
|
||||
length: 64
|
||||
@@ -1,15 +1 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}"
|
||||
labels:
|
||||
app: "{{ .Release.Name }}"
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 7575
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app: "{{ .Release.Name }}"
|
||||
{{ include "common.service" . }}
|
||||
|
||||
@@ -1,39 +1 @@
|
||||
apiVersion: networking.istio.io/v1
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-public"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
spec:
|
||||
gateways:
|
||||
- "{{ .Values.globals.istio.gateways.public }}"
|
||||
- mesh
|
||||
hosts:
|
||||
- "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
|
||||
- mesh
|
||||
http:
|
||||
- route:
|
||||
- destination:
|
||||
host: "{{ .Release.Name }}"
|
||||
port:
|
||||
number: 80
|
||||
|
||||
---
|
||||
apiVersion: networking.istio.io/v1
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-private"
|
||||
namespace: "{{ .Release.Namespace }}"
|
||||
spec:
|
||||
gateways:
|
||||
- "{{ .Values.globals.istio.gateways.private }}"
|
||||
- mesh
|
||||
hosts:
|
||||
- "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
|
||||
- mesh
|
||||
http:
|
||||
- route:
|
||||
- destination:
|
||||
host: "{{ .Release.Name }}"
|
||||
port:
|
||||
number: 80
|
||||
|
||||
{{ include "common.virtualService" . }}
|
||||
|
||||
@@ -2,4 +2,93 @@ image:
|
||||
repository: ghcr.io/homarr-labs/homarr
|
||||
tag: v1.48.0@sha256:47f827c16e7a93435159f77ddb726d8dacdf8b6dd8fb7bb91777b933a915bf05
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
subdomain: homarr
|
||||
|
||||
# Deployment configuration
|
||||
deployment:
|
||||
strategy: Recreate
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 0
|
||||
|
||||
# Container configuration
|
||||
container:
|
||||
port: 7575
|
||||
healthProbe:
|
||||
type: tcpSocket
|
||||
port: http # Use named port
|
||||
|
||||
# Service configuration
|
||||
service:
|
||||
port: 80
|
||||
type: ClusterIP
|
||||
|
||||
# Volume configuration
|
||||
volumes:
|
||||
- name: data
|
||||
mountPath: /appdata
|
||||
persistentVolumeClaim: data
|
||||
|
||||
# Persistent volume claims
|
||||
persistentVolumeClaims:
|
||||
- name: data
|
||||
size: 1Gi
|
||||
|
||||
# VirtualService configuration
|
||||
virtualService:
|
||||
enabled: true
|
||||
gateways:
|
||||
public: true
|
||||
private: true
|
||||
|
||||
# OIDC client configuration
|
||||
oidc:
|
||||
enabled: true
|
||||
redirectUris:
|
||||
- "/api/auth/callback/oidc"
|
||||
subjectMode: user_username
|
||||
|
||||
# External Secrets configuration
|
||||
externalSecrets:
|
||||
- name: "{release}-secrets"
|
||||
passwords:
|
||||
- name: encryptionkey
|
||||
length: 32
|
||||
allowRepeat: true
|
||||
encoding: hex
|
||||
secretKeys:
|
||||
- encryptionkey
|
||||
|
||||
# Environment variables
|
||||
env:
|
||||
BASE_URL:
|
||||
value: "https://{subdomain}.{domain}"
|
||||
NEXTAUTH_URL:
|
||||
value: "https://{subdomain}.{domain}"
|
||||
AUTH_PROVIDERS: oidc
|
||||
AUTH_OIDC_CLIENT_NAME: Authentik
|
||||
AUTH_OIDC_SCOPE_OVERWRITE: "openid email profile"
|
||||
AUTH_OIDC_GROUPS_ATTRIBUTE: groups
|
||||
AUTH_OIDC_AUTO_LOGIN: "true"
|
||||
AUTH_OIDC_ADMIN_GROUP: "admin"
|
||||
AUTH_OIDC_ENABLE_DANGEROUS_ACCOUNT_LINKING: "true"
|
||||
SECRET_ENCRYPTION_KEY:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{release}-secrets"
|
||||
key: encryptionkey
|
||||
AUTH_OIDC_ISSUER:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{release}-oidc-credentials"
|
||||
key: issuer
|
||||
AUTH_OIDC_CLIENT_ID:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{release}-oidc-credentials"
|
||||
key: clientId
|
||||
AUTH_OIDC_CLIENT_SECRET:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{release}-oidc-credentials"
|
||||
key: clientSecret
|
||||
|
||||
Reference in New Issue
Block a user