diff --git a/charts/apps/audiobookshelf/Chart.yaml b/charts/apps/audiobookshelf/Chart.yaml new file mode 100644 index 0000000..b6db4d9 --- /dev/null +++ b/charts/apps/audiobookshelf/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: audiobookshelf diff --git a/charts/apps/audiobookshelf/templates/client.yaml b/charts/apps/audiobookshelf/templates/client.yaml new file mode 100644 index 0000000..6f94876 --- /dev/null +++ b/charts/apps/audiobookshelf/templates/client.yaml @@ -0,0 +1,13 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + redirectUris: + - path: /audiobookshelf/auth/openid/callback + subdomain: '{{ .Values.subdomain }}' + matchingMode: strict + - path: /audiobookshelf/auth/openid/mobile-redirect + subdomain: '{{ .Values.subdomain }}' + matchingMode: strict diff --git a/charts/apps/audiobookshelf/templates/deployment.yaml b/charts/apps/audiobookshelf/templates/deployment.yaml new file mode 100644 index 0000000..119a656 --- /dev/null +++ b/charts/apps/audiobookshelf/templates/deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: '{{ .Release.Name }}' +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: '{{ .Release.Name }}' + template: + metadata: + labels: + app: '{{ .Release.Name }}' + spec: + containers: + - name: '{{ .Release.Name }}' + image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /config + name: config + - mountPath: /metadata + name: metadata + - mountPath: /audiobooks + name: audiobooks + - mountPath: /podcasts + name: podcasts + volumes: + - name: config + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-config' + - name: metadata + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-metadata' + - name: audiobooks + persistentVolumeClaim: + claimName: books + - name: podcasts + persistentVolumeClaim: + claimName: podcasts diff --git a/charts/apps/audiobookshelf/templates/external-http-service.yaml b/charts/apps/audiobookshelf/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/audiobookshelf/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/audiobookshelf/templates/pvc.yaml b/charts/apps/audiobookshelf/templates/pvc.yaml new file mode 100644 index 0000000..14c9293 --- /dev/null +++ b/charts/apps/audiobookshelf/templates/pvc.yaml @@ -0,0 +1,24 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-config' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' + +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-metadata' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/ollama.disabled/templates/service.yaml b/charts/apps/audiobookshelf/templates/service.yaml similarity index 60% rename from charts/apps/ollama.disabled/templates/service.yaml rename to charts/apps/audiobookshelf/templates/service.yaml index 4fcd7f4..ac45675 100644 --- a/charts/apps/ollama.disabled/templates/service.yaml +++ b/charts/apps/audiobookshelf/templates/service.yaml @@ -5,11 +5,11 @@ metadata: labels: app: '{{ .Release.Name }}' spec: - type: LoadBalancer # Set to NodePort/ClusterIP if you prefer + type: ClusterIP ports: - - name: http - port: 11434 - targetPort: http + - port: 80 + targetPort: 80 protocol: TCP + name: http selector: app: '{{ .Release.Name }}' diff --git a/charts/apps/audiobookshelf/values.yaml b/charts/apps/audiobookshelf/values.yaml new file mode 100644 index 0000000..8448676 --- /dev/null +++ b/charts/apps/audiobookshelf/values.yaml @@ -0,0 +1,7 @@ +globals: + environment: prod +image: + repository: ghcr.io/advplyr/audiobookshelf + tag: 2.26.1 + pullPolicy: IfNotPresent +subdomain: audiobookshelf diff --git a/charts/apps/bytestash/templates/headless-service.yaml b/charts/apps/bytestash/templates/_headless-service.yaml similarity index 100% rename from charts/apps/bytestash/templates/headless-service.yaml rename to charts/apps/bytestash/templates/_headless-service.yaml diff --git a/charts/apps/bytestash/templates/client.yaml b/charts/apps/bytestash/templates/client.yaml index 2d5b3a6..377c75d 100644 --- a/charts/apps/bytestash/templates/client.yaml +++ b/charts/apps/bytestash/templates/client.yaml @@ -3,7 +3,7 @@ kind: OidcClient metadata: name: '{{ .Release.Name }}' spec: - environment: '{{ .Values.environment }}' + environment: '{{ .Values.globals.environment }}' redirectUris: - path: /api/auth/oidc/callback subdomain: bytestash diff --git a/charts/apps/bytestash/templates/stateful-set.yaml b/charts/apps/bytestash/templates/deployment.yaml similarity index 72% rename from charts/apps/bytestash/templates/stateful-set.yaml rename to charts/apps/bytestash/templates/deployment.yaml index c1878fb..e7f7a83 100644 --- a/charts/apps/bytestash/templates/stateful-set.yaml +++ b/charts/apps/bytestash/templates/deployment.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: '{{ .Release.Name }}' labels: @@ -22,6 +22,10 @@ spec: - containerPort: 5000 name: http env: + - name: ALLOW_NEW_ACCOUNTS + value: 'true' + - name: DISABLE_INTERNAL_ACCOUNTS + value: 'true' - name: OIDC_ENABLED value: 'true' - name: OIDC_DISPLAY_NAME @@ -44,20 +48,8 @@ spec: volumeMounts: - mountPath: /data/snippets - name: bytestash-data - - # Defines security context for the pod to avoid running as root. - # securityContext: - # runAsUser: 1000 - # runAsGroup: 1000 - # fsGroup: 1000 - - volumeClaimTemplates: - - metadata: - name: bytestash-data - spec: - accessModes: ['ReadWriteOnce'] - storageClassName: '{{ .Values.environment }}' - resources: - requests: - storage: 5Gi + name: data + volumes: + - name: data + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-data' diff --git a/charts/apps/bytestash/templates/external-http-service.yaml b/charts/apps/bytestash/templates/external-http-service.yaml index f944629..e28916d 100644 --- a/charts/apps/bytestash/templates/external-http-service.yaml +++ b/charts/apps/bytestash/templates/external-http-service.yaml @@ -3,7 +3,7 @@ kind: ExternalHttpService metadata: name: '{{ .Release.Name }}' spec: - environment: '{{ .Values.environment }}' + environment: '{{ .Values.globals.environment }}' subdomain: '{{ .Values.subdomain }}' destination: host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' diff --git a/charts/apps/ollama.disabled/templates/pvc.yaml b/charts/apps/bytestash/templates/pvc.yaml similarity index 57% rename from charts/apps/ollama.disabled/templates/pvc.yaml rename to charts/apps/bytestash/templates/pvc.yaml index 8530cae..bc1d0a6 100644 --- a/charts/apps/ollama.disabled/templates/pvc.yaml +++ b/charts/apps/bytestash/templates/pvc.yaml @@ -1,11 +1,11 @@ -apiVersion: v1 kind: PersistentVolumeClaim +apiVersion: v1 metadata: name: '{{ .Release.Name }}-data' spec: - storageClassName: '{{ .Values.environment }}' accessModes: - - ReadWriteOnce + - 'ReadWriteOnce' resources: requests: - storage: 20Gi + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/bytestash/values.yaml b/charts/apps/bytestash/values.yaml index e573d54..a9a2b59 100644 --- a/charts/apps/bytestash/values.yaml +++ b/charts/apps/bytestash/values.yaml @@ -1,2 +1,3 @@ -environment: prod +globals: + environment: prod subdomain: bytestash diff --git a/charts/apps/jellyfin/templates/client.yaml b/charts/apps/jellyfin/templates/client.yaml index ffcd40a..a8509cb 100644 --- a/charts/apps/jellyfin/templates/client.yaml +++ b/charts/apps/jellyfin/templates/client.yaml @@ -6,5 +6,5 @@ spec: environment: '{{ .Values.environment }}' redirectUris: - path: /sso/OID/redirect/Authentik - subdomain: '{{ .Values.subdomain }}' + subdomain: '{{ .Values.globals.subdomain }}' matchingMode: strict diff --git a/charts/apps/jellyfin/templates/deployment.yaml b/charts/apps/jellyfin/templates/deployment.yaml index 8da16f2..a221d8d 100644 --- a/charts/apps/jellyfin/templates/deployment.yaml +++ b/charts/apps/jellyfin/templates/deployment.yaml @@ -5,7 +5,7 @@ metadata: spec: strategy: type: Recreate - replicas: 1 + replicas: 1 selector: matchLabels: app: '{{ .Release.Name }}' diff --git a/charts/apps/jellyfin/templates/external-http-service.yaml b/charts/apps/jellyfin/templates/external-http-service.yaml index f944629..e28916d 100644 --- a/charts/apps/jellyfin/templates/external-http-service.yaml +++ b/charts/apps/jellyfin/templates/external-http-service.yaml @@ -3,7 +3,7 @@ kind: ExternalHttpService metadata: name: '{{ .Release.Name }}' spec: - environment: '{{ .Values.environment }}' + environment: '{{ .Values.globals.environment }}' subdomain: '{{ .Values.subdomain }}' destination: host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' diff --git a/charts/apps/jellyfin/values.yaml b/charts/apps/jellyfin/values.yaml index 64ca5a7..0712798 100644 --- a/charts/apps/jellyfin/values.yaml +++ b/charts/apps/jellyfin/values.yaml @@ -1,6 +1,7 @@ +globals: + environment: prod image: repository: docker.io/jellyfin/jellyfin tag: latest pullPolicy: IfNotPresent -environment: prod subdomain: jellyfin diff --git a/charts/apps/miniflux.disable/Chart.yaml b/charts/apps/miniflux.disable/Chart.yaml new file mode 100644 index 0000000..8bc957b --- /dev/null +++ b/charts/apps/miniflux.disable/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: ByteStash diff --git a/charts/apps/miniflux.disable/templates/client.yaml b/charts/apps/miniflux.disable/templates/client.yaml new file mode 100644 index 0000000..377c75d --- /dev/null +++ b/charts/apps/miniflux.disable/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + redirectUris: + - path: /api/auth/oidc/callback + subdomain: bytestash + matchingMode: strict diff --git a/charts/apps/miniflux.disable/templates/deployment.yaml b/charts/apps/miniflux.disable/templates/deployment.yaml new file mode 100644 index 0000000..a51125b --- /dev/null +++ b/charts/apps/miniflux.disable/templates/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: '{{ .Release.Name }}' + labels: + app: '{{ .Release.Name }}' +spec: + serviceName: '{{ .Release.Name }}-headless' + replicas: 1 + selector: + matchLabels: + app: '{{ .Release.Name }}' + template: + metadata: + labels: + app: '{{ .Release.Name }}' + spec: + containers: + - name: '{{ .Release.Name }}' + image: ghcr.io/miniflux/miniflux:latest + ports: + - containerPort: 8080 + name: http + env: + - name: ALLOW_NEW_ACCOUNTS + value: 'true' + - name: DISABLE_INTERNAL_ACCOUNTS + value: 'true' + - name: OIDC_ENABLED + value: 'true' + - name: OIDC_DISPLAY_NAME + value: OIDC + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-client' + key: clientId + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-client' + key: clientSecret + - name: OIDC_ISSUER_URL + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-client' + key: configuration + + volumeMounts: + - mountPath: /data/snippets + name: data + volumes: + - name: data + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-data' diff --git a/charts/apps/miniflux.disable/templates/external-http-service.yaml b/charts/apps/miniflux.disable/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/miniflux.disable/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/miniflux.disable/templates/pvc.yaml b/charts/apps/miniflux.disable/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/miniflux.disable/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/miniflux.disable/templates/service.yaml b/charts/apps/miniflux.disable/templates/service.yaml new file mode 100644 index 0000000..501e92a --- /dev/null +++ b/charts/apps/miniflux.disable/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: '{{ .Release.Name }}' + labels: + app: '{{ .Release.Name }}' +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: '{{ .Release.Name }}' diff --git a/charts/apps/miniflux.disable/values.yaml b/charts/apps/miniflux.disable/values.yaml new file mode 100644 index 0000000..3712d5e --- /dev/null +++ b/charts/apps/miniflux.disable/values.yaml @@ -0,0 +1,3 @@ +globals: + environment: prod +subdomain: miniflux diff --git a/charts/apps/n8n/Chart.yaml b/charts/apps/n8n/Chart.yaml new file mode 100644 index 0000000..333b29f --- /dev/null +++ b/charts/apps/n8n/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: Jellyfin diff --git a/charts/apps/n8n/templates/database.yaml b/charts/apps/n8n/templates/database.yaml new file mode 100644 index 0000000..6a30b53 --- /dev/null +++ b/charts/apps/n8n/templates/database.yaml @@ -0,0 +1,6 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: PostgresDatabase +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' diff --git a/charts/apps/n8n/templates/deployment.yaml b/charts/apps/n8n/templates/deployment.yaml new file mode 100644 index 0000000..09960b9 --- /dev/null +++ b/charts/apps/n8n/templates/deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: '{{ .Release.Name }}' +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: '{{ .Release.Name }}' + template: + metadata: + labels: + app: '{{ .Release.Name }}' + spec: + containers: + - name: '{{ .Release.Name }}' + image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + ports: + - name: http + containerPort: 5678 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /home/node/.n8n + name: data + env: + - name: TZ + value: '{{ .Values.globals.timezone }}' + - name: GENERIC_TIMEZONE + value: '{{ .Values.globals.timezone }}' + - name: N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS + value: 'true' + - name: N8N_RUNNERS_ENABLED + value: 'true' + - name: DB_TYPE + value: postgresdb + - name: DB_POSTGRESDB_DATABASE + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: database + - name: DB_POSTGRESDB_HOST + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: host + - name: DB_POSTGRESDB_PORT + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: port + - name: DB_POSTGRESDB_USER + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: user + - name: DB_POSTGRESDB_PASSWORD + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: password + volumes: + - name: data + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-data' diff --git a/charts/apps/n8n/templates/external-http-service.yaml b/charts/apps/n8n/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/n8n/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/n8n/templates/pvc.yaml b/charts/apps/n8n/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/n8n/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/n8n/templates/service.yaml b/charts/apps/n8n/templates/service.yaml new file mode 100644 index 0000000..4fa3b1b --- /dev/null +++ b/charts/apps/n8n/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: '{{ .Release.Name }}' + labels: + app: '{{ .Release.Name }}' +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 5678 + protocol: TCP + name: http + selector: + app: '{{ .Release.Name }}' diff --git a/charts/apps/n8n/values.yaml b/charts/apps/n8n/values.yaml new file mode 100644 index 0000000..ff10ba3 --- /dev/null +++ b/charts/apps/n8n/values.yaml @@ -0,0 +1,8 @@ +globals: + environment: prod + timezone: Europe/Amsterdam +image: + repository: docker.n8n.io/n8nio/n8n + tag: latest + pullPolicy: IfNotPresent +subdomain: n8n diff --git a/charts/apps/ollama.disabled/templates/deployment.yaml b/charts/apps/ollama.disabled/templates/deployment.yaml deleted file mode 100644 index 1cadfe6..0000000 --- a/charts/apps/ollama.disabled/templates/deployment.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: '{{ .Release.Name }}' - labels: - app: '{{ .Release.Name }}' -spec: - replicas: 1 - selector: - matchLabels: - app: '{{ .Release.Name }}' - template: - metadata: - labels: - app: '{{ .Release.Name }}' - spec: - containers: - - name: ollama - image: ghcr.io/ollama/ollama:latest # Official image - imagePullPolicy: IfNotPresent - ports: - - containerPort: 11434 - name: http - volumeMounts: - - name: ollama-data - mountPath: /root/.ollama - env: - # If you want to pre‑start a model, set this env var to the - # model name (e.g., "gpt-4o-mini"). The container will download - # it automatically at startup. - # - name: OLLAMA_MODEL - # value: "gpt-4o-mini" - readinessProbe: - httpGet: - scheme: HTTP - path: /api/status - port: 11434 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - resources: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 2000m - memory: 4Gi - volumes: - - name: ollama-data - persistentVolumeClaim: - claimName: '{{ .Release.Name }}-data' diff --git a/charts/apps/ollama.disabled/values.yaml b/charts/apps/ollama.disabled/values.yaml deleted file mode 100644 index 3067066..0000000 --- a/charts/apps/ollama.disabled/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -environment: dev -subdomain: bytestash diff --git a/charts/apps/ollama.disabled/Chart.yaml b/charts/apps/ollama/Chart.yaml similarity index 69% rename from charts/apps/ollama.disabled/Chart.yaml rename to charts/apps/ollama/Chart.yaml index 5726120..66232a9 100644 --- a/charts/apps/ollama.disabled/Chart.yaml +++ b/charts/apps/ollama/Chart.yaml @@ -1,3 +1,3 @@ apiVersion: v2 version: 1.0.0 -name: Ollama +name: ollama diff --git a/charts/apps/ollama/templates/client.yaml b/charts/apps/ollama/templates/client.yaml new file mode 100644 index 0000000..8299b34 --- /dev/null +++ b/charts/apps/ollama/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + redirectUris: + - path: /oauth/oidc/callback + subdomain: '{{ .Values.subdomain }}' + matchingMode: strict diff --git a/charts/apps/ollama/templates/deployment.yaml b/charts/apps/ollama/templates/deployment.yaml new file mode 100644 index 0000000..8d0d66b --- /dev/null +++ b/charts/apps/ollama/templates/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: '{{ .Release.Name }}' +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: '{{ .Release.Name }}' + template: + metadata: + labels: + app: '{{ .Release.Name }}' + spec: + containers: + - name: '{{ .Release.Name }}' + image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + ports: + - name: http + containerPort: 11434 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /root/.ollama + name: data + + volumes: + - name: data + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-data' diff --git a/charts/apps/ollama/templates/pvc.yaml b/charts/apps/ollama/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/ollama/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/ollama/templates/service.yaml b/charts/apps/ollama/templates/service.yaml new file mode 100644 index 0000000..5650efa --- /dev/null +++ b/charts/apps/ollama/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: '{{ .Release.Name }}' + labels: + app: '{{ .Release.Name }}' +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 11434 + protocol: TCP + name: http + selector: + app: '{{ .Release.Name }}' diff --git a/charts/apps/ollama/values.yaml b/charts/apps/ollama/values.yaml new file mode 100644 index 0000000..02c3e75 --- /dev/null +++ b/charts/apps/ollama/values.yaml @@ -0,0 +1,7 @@ +globals: + environment: prod +image: + repository: ollama/ollama + tag: 0.11.8 + pullPolicy: IfNotPresent +subdomain: openwebui diff --git a/charts/apps/openwebui/Chart.yaml b/charts/apps/openwebui/Chart.yaml new file mode 100644 index 0000000..5b46cef --- /dev/null +++ b/charts/apps/openwebui/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: openwebui diff --git a/charts/apps/openwebui/templates/client.yaml b/charts/apps/openwebui/templates/client.yaml new file mode 100644 index 0000000..8299b34 --- /dev/null +++ b/charts/apps/openwebui/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + redirectUris: + - path: /oauth/oidc/callback + subdomain: '{{ .Values.subdomain }}' + matchingMode: strict diff --git a/charts/apps/openwebui/templates/deployment.yaml b/charts/apps/openwebui/templates/deployment.yaml new file mode 100644 index 0000000..2fcd4aa --- /dev/null +++ b/charts/apps/openwebui/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: '{{ .Release.Name }}' +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: '{{ .Release.Name }}' + template: + metadata: + labels: + app: '{{ .Release.Name }}' + spec: + containers: + - name: '{{ .Release.Name }}' + image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /app/backend/data + name: data + env: + - name: ENABLE_SIGNUP + value: 'false' + - name: WEBUI_URL # TODO: remove + value: https://openwebui.olsen.cloud + - name: ENABLE_OAUTH_PERSISTENT_CONFIG + value: 'false' + - name: ENABLE_OAUTH_SIGNUP + value: 'true' + - name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL + value: 'true' + - name: OAUTH_PROVIDER_NAME + value: authentik + - name: OPENID_PROVIDER_URL + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-client' + key: configuration + - name: OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-client' + key: clientId + - name: OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-client' + key: clientSecret + - name: ENABLE_LOGIN_FORM + value: 'false' + - name: OPENID_REDIRECT + value: https://openwebui.olsen.cloud/oauth/oidc/callback + + volumes: + - name: data + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-data' diff --git a/charts/apps/openwebui/templates/external-http-service.yaml b/charts/apps/openwebui/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/openwebui/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/openwebui/templates/pvc.yaml b/charts/apps/openwebui/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/openwebui/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/openwebui/templates/service.yaml b/charts/apps/openwebui/templates/service.yaml new file mode 100644 index 0000000..501e92a --- /dev/null +++ b/charts/apps/openwebui/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: '{{ .Release.Name }}' + labels: + app: '{{ .Release.Name }}' +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: '{{ .Release.Name }}' diff --git a/charts/apps/openwebui/values.yaml b/charts/apps/openwebui/values.yaml new file mode 100644 index 0000000..d80367c --- /dev/null +++ b/charts/apps/openwebui/values.yaml @@ -0,0 +1,7 @@ +globals: + environment: prod +image: + repository: ghcr.io/open-webui/open-webui + tag: main + pullPolicy: IfNotPresent +subdomain: openwebui diff --git a/charts/volumes/templates/books-pvc.yaml b/charts/volumes/templates/books-pvc.yaml index 2f0693c..60ca459 100644 --- a/charts/volumes/templates/books-pvc.yaml +++ b/charts/volumes/templates/books-pvc.yaml @@ -10,19 +10,17 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - storageClassName: manual - hostPath: null + storageClassName: manual-books nfs: path: '{{ .Values.books.path }}' server: '{{ .Values.host }}' - readOnly: true --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: books spec: - storageClassName: manual + storageClassName: manual-books accessModes: - ReadWriteMany resources: diff --git a/charts/volumes/templates/movies-pvc.yaml b/charts/volumes/templates/movies-pvc.yaml index 693aa9c..ceff4db 100644 --- a/charts/volumes/templates/movies-pvc.yaml +++ b/charts/volumes/templates/movies-pvc.yaml @@ -10,19 +10,17 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - storageClassName: manual - hostPath: null + storageClassName: manual-movies nfs: path: '{{ .Values.movies.path }}' server: '{{ .Values.host }}' - readOnly: true --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: movies spec: - storageClassName: manual + storageClassName: manual-movies accessModes: - ReadWriteMany resources: diff --git a/charts/volumes/templates/music-pvc.yaml b/charts/volumes/templates/music-pvc.yaml index 8f648cc..973a1c1 100644 --- a/charts/volumes/templates/music-pvc.yaml +++ b/charts/volumes/templates/music-pvc.yaml @@ -10,19 +10,17 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - storageClassName: manual - hostPath: null + storageClassName: manual-music nfs: path: '{{ .Values.music.path }}' server: '{{ .Values.host }}' - readOnly: true --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: music spec: - storageClassName: manual + storageClassName: manual-music accessModes: - ReadWriteMany resources: diff --git a/charts/volumes/templates/podcasts-pvc.yaml b/charts/volumes/templates/podcasts-pvc.yaml index 9e093fe..7cd65e0 100644 --- a/charts/volumes/templates/podcasts-pvc.yaml +++ b/charts/volumes/templates/podcasts-pvc.yaml @@ -10,19 +10,17 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - storageClassName: manual - hostPath: null + storageClassName: manual-podcasts nfs: path: '{{ .Values.podcasts.path }}' server: '{{ .Values.host }}' - readOnly: true --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: podcasts spec: - storageClassName: manual + storageClassName: manual-podcasts accessModes: - ReadWriteMany resources: diff --git a/charts/volumes/templates/tv-pvc.yaml b/charts/volumes/templates/tv-pvc.yaml index d98cce8..75d1426 100644 --- a/charts/volumes/templates/tv-pvc.yaml +++ b/charts/volumes/templates/tv-pvc.yaml @@ -10,19 +10,17 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - storageClassName: manual - hostPath: null + storageClassName: manual-tvshows nfs: path: '{{ .Values.tvshows.path }}' server: '{{ .Values.host }}' - readOnly: true --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: tvshows spec: - storageClassName: manual + storageClassName: manual-tvshows accessModes: - ReadWriteMany resources: