diff --git a/apps/charts/vikunja/Chart.yaml b/apps/charts/vikunja/Chart.yaml index 8c0e9b9..8ac7943 100644 --- a/apps/charts/vikunja/Chart.yaml +++ b/apps/charts/vikunja/Chart.yaml @@ -1,3 +1,7 @@ apiVersion: v2 version: 1.0.0 name: vikunja +dependencies: + - name: common + version: 1.0.0 + repository: file://../../common diff --git a/apps/charts/vikunja/templates/client.yaml b/apps/charts/vikunja/templates/client.yaml index 63a317d..c13745f 100644 --- a/apps/charts/vikunja/templates/client.yaml +++ b/apps/charts/vikunja/templates/client.yaml @@ -1,10 +1 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: OidcClient -metadata: - name: "{{ .Release.Name }}" -spec: - environment: "{{ .Values.globals.environment }}" - redirectUris: - - path: /auth/openid/oidc - subdomain: "{{ .Values.subdomain }}" - matchingMode: strict +{{ include "common.oidc" . }} diff --git a/apps/charts/vikunja/templates/database.yaml b/apps/charts/vikunja/templates/database.yaml index 6a30b53..8a7fad4 100644 --- a/apps/charts/vikunja/templates/database.yaml +++ b/apps/charts/vikunja/templates/database.yaml @@ -1,6 +1 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: PostgresDatabase -metadata: - name: '{{ .Release.Name }}' -spec: - environment: '{{ .Values.globals.environment }}' +{{ include "common.database" . }} diff --git a/apps/charts/vikunja/templates/deployment.yaml b/apps/charts/vikunja/templates/deployment.yaml index 59120d8..4508e33 100644 --- a/apps/charts/vikunja/templates/deployment.yaml +++ b/apps/charts/vikunja/templates/deployment.yaml @@ -1,110 +1 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ .Release.Name }}" -spec: - strategy: - type: RollingUpdate - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: "{{ .Release.Name }}" - template: - metadata: - labels: - app: "{{ .Release.Name }}" - spec: - containers: - - name: "{{ .Release.Name }}" - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - ports: - - name: http - containerPort: 3456 - protocol: TCP - livenessProbe: - tcpSocket: - port: http - readinessProbe: - tcpSocket: - port: http - volumeMounts: - - mountPath: /app/vikunja/files - name: data - env: - - name: VIKUNJA_SERVICE_TIMEZONE - value: "{{ .Values.globals.timezone }}" - - - name: VIKUNJA_SERVICE_ENABLEREGISTRATION - value: "false" - - - name: VIKUNJA_AUTH_OPENID_ENABLED - value: "true" - - - name: VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_NAME - value: Authentik - - - name: VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_AUTHURL - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: configurationIssuer - - - name: VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_USERNAMEFALLBACK - value: "true" - - - name: VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_EMAILFALLBACK - value: "true" - - - name: VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_CLIENTID - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: clientId - - - name: VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_CLIENTSECRET - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-client" - key: clientSecret - - - name: VIKUNJA_SERVICE_PUBLICURL - value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }} - - - name: VIKUNJA_SERVICE_JWTSECRET - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-secrets" - key: encryptionkey - - - name: VIKUNJA_DATABASE_TYPE - value: postgres - - - name: VIKUNJA_DATABASE_DATABASE - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: database - - - name: VIKUNJA_DATABASE_HOST - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: host - - - name: VIKUNJA_DATABASE_USER - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: user - - name: VIKUNJA_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: password - - volumes: - - name: data - persistentVolumeClaim: - claimName: "{{ .Release.Name }}-data" +{{ include "common.deployment" . }} diff --git a/apps/charts/vikunja/templates/pvc.yaml b/apps/charts/vikunja/templates/pvc.yaml index bc1d0a6..379bad9 100644 --- a/apps/charts/vikunja/templates/pvc.yaml +++ b/apps/charts/vikunja/templates/pvc.yaml @@ -1,11 +1 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: '{{ .Release.Name }}-data' -spec: - accessModes: - - 'ReadWriteOnce' - resources: - requests: - storage: '1Gi' - storageClassName: '{{ .Values.globals.environment }}' +{{ include "common.pvc" . }} diff --git a/apps/charts/vikunja/templates/secret-external-secrets.yaml b/apps/charts/vikunja/templates/secret-external-secrets.yaml new file mode 100644 index 0000000..de340c4 --- /dev/null +++ b/apps/charts/vikunja/templates/secret-external-secrets.yaml @@ -0,0 +1 @@ +{{ include "common.externalSecrets.externalSecrets" . }} diff --git a/apps/charts/vikunja/templates/secret-password-generators.yaml b/apps/charts/vikunja/templates/secret-password-generators.yaml new file mode 100644 index 0000000..2183e0a --- /dev/null +++ b/apps/charts/vikunja/templates/secret-password-generators.yaml @@ -0,0 +1 @@ +{{ include "common.externalSecrets.passwordGenerators" . }} diff --git a/apps/charts/vikunja/templates/secret.yaml b/apps/charts/vikunja/templates/secret.yaml deleted file mode 100644 index d086249..0000000 --- a/apps/charts/vikunja/templates/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: GenerateSecret -metadata: - name: "{{ .Release.Name }}-secrets" -spec: - fields: - - name: encryptionkey - encoding: hex - length: 64 diff --git a/apps/charts/vikunja/templates/service.yaml b/apps/charts/vikunja/templates/service.yaml index 6434fb7..f024c64 100644 --- a/apps/charts/vikunja/templates/service.yaml +++ b/apps/charts/vikunja/templates/service.yaml @@ -1,15 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Release.Name }}" - labels: - app: "{{ .Release.Name }}" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 3456 - protocol: TCP - name: http - selector: - app: "{{ .Release.Name }}" +{{ include "common.service" . }} diff --git a/apps/charts/vikunja/templates/virtual-service.yaml b/apps/charts/vikunja/templates/virtual-service.yaml index 36e9d43..766f6b9 100644 --- a/apps/charts/vikunja/templates/virtual-service.yaml +++ b/apps/charts/vikunja/templates/virtual-service.yaml @@ -1,39 +1 @@ -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-public" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.public }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - ---- -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-private" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.private }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - +{{ include "common.virtualService" . }} diff --git a/apps/charts/vikunja/values.yaml b/apps/charts/vikunja/values.yaml index 9a5d0b5..05647f0 100644 --- a/apps/charts/vikunja/values.yaml +++ b/apps/charts/vikunja/values.yaml @@ -2,4 +2,115 @@ image: repository: vikunja/vikunja tag: latest@sha256:e457d7c75d195935df0da68321f9dc3388db710c7543085d785ae523d415b0f2 pullPolicy: IfNotPresent + subdomain: vikunja + +# Deployment configuration +deployment: + strategy: RollingUpdate + replicas: 1 + +# Container configuration +container: + port: 3456 + healthProbe: + type: tcpSocket + port: http # Use named port + +# Service configuration +service: + port: 80 + type: ClusterIP + +# Volume configuration +volumes: + - name: data + mountPath: /app/vikunja/files + persistentVolumeClaim: data + +# Persistent volume claims +persistentVolumeClaims: + - name: data + size: 1Gi + +# VirtualService configuration +virtualService: + enabled: true + gateways: + public: true + private: true + +# OIDC client configuration +oidc: + enabled: true + redirectUris: + - "/auth/openid/oidc" + subjectMode: user_username + +# Database configuration +database: + enabled: true + +# External Secrets configuration +externalSecrets: + - name: "{release}-secrets" + passwords: + - name: encryptionkey + length: 64 + allowRepeat: true + encoding: hex + secretKeys: + - encryptionkey + +# Environment variables +env: + VIKUNJA_SERVICE_TIMEZONE: + value: "{timezone}" + VIKUNJA_SERVICE_ENABLEREGISTRATION: "false" + VIKUNJA_AUTH_OPENID_ENABLED: "true" + VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_NAME: Authentik + VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_AUTHURL: + valueFrom: + secretKeyRef: + name: "{release}-oidc-credentials" + key: issuer + VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_USERNAMEFALLBACK: "true" + VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_EMAILFALLBACK: "true" + VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_CLIENTID: + valueFrom: + secretKeyRef: + name: "{release}-oidc-credentials" + key: clientId + VIKUNJA_AUTH_OPENID_PROVIDERS_OIDC_CLIENTSECRET: + valueFrom: + secretKeyRef: + name: "{release}-oidc-credentials" + key: clientSecret + VIKUNJA_SERVICE_PUBLICURL: + value: "https://{subdomain}.{domain}" + VIKUNJA_SERVICE_JWTSECRET: + valueFrom: + secretKeyRef: + name: "{release}-secrets" + key: encryptionkey + VIKUNJA_DATABASE_TYPE: postgres + VIKUNJA_DATABASE_DATABASE: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: database + VIKUNJA_DATABASE_HOST: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: host + VIKUNJA_DATABASE_USER: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: user + VIKUNJA_DATABASE_PASSWORD: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: password