diff --git a/apps/charts/homarr/Chart.yaml b/apps/charts/homarr/Chart.yaml index 5b46cef..3e6cf7c 100644 --- a/apps/charts/homarr/Chart.yaml +++ b/apps/charts/homarr/Chart.yaml @@ -1,3 +1,7 @@ apiVersion: v2 version: 1.0.0 -name: openwebui +name: homarr +dependencies: + - name: common + version: 1.0.0 + repository: file://../../common diff --git a/apps/charts/homarr/templates/client.yaml b/apps/charts/homarr/templates/client.yaml index 747fe09..c13745f 100644 --- a/apps/charts/homarr/templates/client.yaml +++ b/apps/charts/homarr/templates/client.yaml @@ -1,10 +1 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: OidcClient -metadata: - name: "{{ .Release.Name }}" -spec: - environment: "{{ .Values.globals.environment }}" - redirectUris: - - path: /api/auth/callback/oidc - subdomain: "{{ .Values.subdomain }}" - matchingMode: strict +{{ include "common.oidc" . }} diff --git a/apps/charts/homarr/templates/deployment.yaml b/apps/charts/homarr/templates/deployment.yaml index 0deef6e..4508e33 100644 --- a/apps/charts/homarr/templates/deployment.yaml +++ b/apps/charts/homarr/templates/deployment.yaml @@ -1,84 +1 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ .Release.Name }}" -spec: - strategy: - type: Recreate - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: "{{ .Release.Name }}" - template: - metadata: - labels: - app: "{{ .Release.Name }}" - spec: - containers: - - name: "{{ .Release.Name }}" - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - ports: - - name: http - containerPort: 7575 - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - mountPath: /appdata - name: data - env: - - name: BASE_URL - value: https://homarr.olsen.cloud # TODO - - - name: NEXTAUTH_URL - value: https://homarr.olsen.cloud - - - name: AUTH_PROVIDERS - value: oidc - - - name: AUTH_OIDC_CLIENT_NAME - value: Authentik - - - name: AUTH_OIDC_SCOPE_OVERWRITE - value: openid email profile - - - name: AUTH_OIDC_GROUPS_ATTRIBUTE - value: groups - - - name: AUTH_OIDC_AUTO_LOGIN - value: "true" - - - name: SECRET_ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-secrets" - key: encryptionkey - - - name: AUTH_OIDC_ISSUER - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: configurationIssuer - - - name: AUTH_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: clientId - - - name: AUTH_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: clientSecret - - volumes: - - name: data - persistentVolumeClaim: - claimName: "{{ .Release.Name }}-data" +{{ include "common.deployment" . }} diff --git a/apps/charts/homarr/templates/pvc.yaml b/apps/charts/homarr/templates/pvc.yaml index bc1d0a6..379bad9 100644 --- a/apps/charts/homarr/templates/pvc.yaml +++ b/apps/charts/homarr/templates/pvc.yaml @@ -1,11 +1 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: '{{ .Release.Name }}-data' -spec: - accessModes: - - 'ReadWriteOnce' - resources: - requests: - storage: '1Gi' - storageClassName: '{{ .Values.globals.environment }}' +{{ include "common.pvc" . }} diff --git a/apps/charts/homarr/templates/secret-external-secrets.yaml b/apps/charts/homarr/templates/secret-external-secrets.yaml new file mode 100644 index 0000000..de340c4 --- /dev/null +++ b/apps/charts/homarr/templates/secret-external-secrets.yaml @@ -0,0 +1 @@ +{{ include "common.externalSecrets.externalSecrets" . }} diff --git a/apps/charts/homarr/templates/secret-password-generators.yaml b/apps/charts/homarr/templates/secret-password-generators.yaml new file mode 100644 index 0000000..2183e0a --- /dev/null +++ b/apps/charts/homarr/templates/secret-password-generators.yaml @@ -0,0 +1 @@ +{{ include "common.externalSecrets.passwordGenerators" . }} diff --git a/apps/charts/homarr/templates/secret.yaml b/apps/charts/homarr/templates/secret.yaml deleted file mode 100644 index d086249..0000000 --- a/apps/charts/homarr/templates/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: GenerateSecret -metadata: - name: "{{ .Release.Name }}-secrets" -spec: - fields: - - name: encryptionkey - encoding: hex - length: 64 diff --git a/apps/charts/homarr/templates/service.yaml b/apps/charts/homarr/templates/service.yaml index 73dd8e9..f024c64 100644 --- a/apps/charts/homarr/templates/service.yaml +++ b/apps/charts/homarr/templates/service.yaml @@ -1,15 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Release.Name }}" - labels: - app: "{{ .Release.Name }}" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 7575 - protocol: TCP - name: http - selector: - app: "{{ .Release.Name }}" +{{ include "common.service" . }} diff --git a/apps/charts/homarr/templates/virtual-service.yaml b/apps/charts/homarr/templates/virtual-service.yaml index 36e9d43..766f6b9 100644 --- a/apps/charts/homarr/templates/virtual-service.yaml +++ b/apps/charts/homarr/templates/virtual-service.yaml @@ -1,39 +1 @@ -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-public" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.public }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - ---- -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-private" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.private }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - +{{ include "common.virtualService" . }} diff --git a/apps/charts/homarr/values.yaml b/apps/charts/homarr/values.yaml index fcbf281..7a311c9 100644 --- a/apps/charts/homarr/values.yaml +++ b/apps/charts/homarr/values.yaml @@ -2,4 +2,93 @@ image: repository: ghcr.io/homarr-labs/homarr tag: v1.48.0@sha256:47f827c16e7a93435159f77ddb726d8dacdf8b6dd8fb7bb91777b933a915bf05 pullPolicy: IfNotPresent + subdomain: homarr + +# Deployment configuration +deployment: + strategy: Recreate + replicas: 1 + revisionHistoryLimit: 0 + +# Container configuration +container: + port: 7575 + healthProbe: + type: tcpSocket + port: http # Use named port + +# Service configuration +service: + port: 80 + type: ClusterIP + +# Volume configuration +volumes: + - name: data + mountPath: /appdata + persistentVolumeClaim: data + +# Persistent volume claims +persistentVolumeClaims: + - name: data + size: 1Gi + +# VirtualService configuration +virtualService: + enabled: true + gateways: + public: true + private: true + +# OIDC client configuration +oidc: + enabled: true + redirectUris: + - "/api/auth/callback/oidc" + subjectMode: user_username + +# External Secrets configuration +externalSecrets: + - name: "{release}-secrets" + passwords: + - name: encryptionkey + length: 32 + allowRepeat: true + encoding: hex + secretKeys: + - encryptionkey + +# Environment variables +env: + BASE_URL: + value: "https://{subdomain}.{domain}" + NEXTAUTH_URL: + value: "https://{subdomain}.{domain}" + AUTH_PROVIDERS: oidc + AUTH_OIDC_CLIENT_NAME: Authentik + AUTH_OIDC_SCOPE_OVERWRITE: "openid email profile" + AUTH_OIDC_GROUPS_ATTRIBUTE: groups + AUTH_OIDC_AUTO_LOGIN: "true" + AUTH_OIDC_ADMIN_GROUP: "admin" + AUTH_OIDC_ENABLE_DANGEROUS_ACCOUNT_LINKING: "true" + SECRET_ENCRYPTION_KEY: + valueFrom: + secretKeyRef: + name: "{release}-secrets" + key: encryptionkey + AUTH_OIDC_ISSUER: + valueFrom: + secretKeyRef: + name: "{release}-oidc-credentials" + key: issuer + AUTH_OIDC_CLIENT_ID: + valueFrom: + secretKeyRef: + name: "{release}-oidc-credentials" + key: clientId + AUTH_OIDC_CLIENT_SECRET: + valueFrom: + secretKeyRef: + name: "{release}-oidc-credentials" + key: clientSecret