add deployments

.github/workflows/main.yml

@@ -55,12 +55,10 @@ jobs:
 
       - name: Install dependencies
         run: pnpm install
-        working-directory: images/operator
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Run tests
-        working-directory: images/operator
         run: pnpm test
 
   update-release-draft:
@@ -73,23 +71,9 @@ jobs:
     environment: release
     runs-on: ubuntu-latest
     steps:
-      - id: create-release
-        uses: release-drafter/release-drafter@v6
+      - uses: release-drafter/release-drafter@v6
         with:
           config-name: release-drafter-config.yml
           publish: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - uses: actions/checkout@v4
-
-      - name: Upload Release Asset
-        id: upload-release-asset
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create-release.outputs.upload_url }}
-          asset_path: ./operator.yaml
-          asset_name: operator.yaml
-          asset_content_type: application/yaml

.github/workflows/publish-backup-tag.yml

@@ -1,65 +0,0 @@
-name: Publish tag
-
-on:
-  push:
-    branches:
-      - "main"
-    tags:
-      - "v*"
-
-env:
-  environment: test
-  release_channel: latest
-  DO_NOT_TRACK: "1"
-  NODE_VERSION: "23.x"
-  DOCKER_REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}-backup
-  PNPM_VERSION: 10.6.0
-
-permissions:
-  contents: read
-  packages: read
-
-jobs:
-  release:
-    permissions:
-      contents: read
-      packages: write
-      attestations: write
-      id-token: write
-      pages: write
-    name: Release
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-        with:
-          registry: ${{ env.DOCKER_REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@032a4b3bda1b716928481836ac5bfe36e1feaad6
-        with:
-          images: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      - name: Build and push Docker image
-        id: push
-        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
-        with:
-          context: ./images/backup
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-
-      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
-        with:
-          subject-name: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME}}
-          subject-digest: ${{ steps.push.outputs.digest }}
-          push-to-registry: true

.github/workflows/publish-tag.yml

@@ -3,7 +3,7 @@ name: Publish tag
 on:
   push:
     branches:
-      - "main"
+      - 'main'
     tags:
       - "v*"
 
@@ -44,7 +44,7 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@032a4b3bda1b716928481836ac5bfe36e1feaad6
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
           images: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}
 
@@ -52,7 +52,7 @@ jobs:
         id: push
         uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
         with:
-          context: ./images/operator
+          context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.github/workflows/renovate.yml

@@ -1,16 +0,0 @@
-name: Renovate
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 */6 * * *"
-jobs:
-  renovate:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Self-hosted Renovate
-        uses: renovatebot/github-action@v40.2.2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          configurationFile: ./renovate.json5

.gitignore

@@ -1,4 +1,34 @@
-/secret.*.yaml
-/data/
-/.envrc
-*.DS_Store
+# dependencies (bun install)
+node_modules
+
+# output
+out
+dist
+*.tgz
+
+# code coverage
+coverage
+*.lcov
+
+# logs
+logs
+_.log
+report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# caches
+.eslintcache
+.cache
+*.tsbuildinfo
+
+# IntelliJ based IDEs
+.idea
+
+# Finder (MacOS) folder config
+.DS_Store

Dockerfile

@@ -0,0 +1,6 @@
+FROM node:23-alpine
+RUN corepack enable
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile --prod
+COPY . .
+CMD ["node", "src/index.ts"]

Makefile

@@ -1,14 +0,0 @@
-.PHONY: dev-recreate dev-destroy server-install
-
-dev-destroy:
-	colima delete -f
-
-dev-recreate: dev-destroy
-	colima start --network-address --kubernetes -m 8 --k3s-arg="--disable helm-controller,local-storage,traefik --docker" # --mount ${PWD}/data:/data:w 
-	flux install --components="source-controller,helm-controller"
-
-setup-flux:
-	flux install --components="source-controller,helm-controller"
-
-server-install:
-	curl -sfL https://get.k3s.io | sh -s - --disable traefik,local-storage,helm-controller

README.md

@@ -0,0 +1,282 @@
+# homelab-operator
+
+A Kubernetes operator designed for homelab environments that simplifies the
+management of PostgreSQL databases and Kubernetes secrets. Built with TypeScript
+and designed to run efficiently in resource-constrained environments.
+
+## Features
+
+- **PostgreSQL Database Management**: Automatically create and manage PostgreSQL
+  databases and roles
+- **Secret Management**: Generate and manage Kubernetes secrets with
+  configurable data
+- **Owner References**: Automatic cleanup when resources are deleted
+- **Status Tracking**: Comprehensive status conditions and error reporting
+- **Lightweight**: Minimal resource footprint suitable for homelab environments
+
+## Architecture
+
+The operator manages two main Custom Resource Definitions (CRDs):
+
+### PostgresDatabase
+
+Manages PostgreSQL databases and their associated roles:
+
+- Creates a PostgreSQL role with a secure random password
+- Creates a database owned by that role
+- Generates a Kubernetes secret containing database credentials
+- Ensures proper cleanup through owner references
+
+### SecretRequest
+
+Generates Kubernetes secrets with configurable data:
+
+- Supports custom secret names
+- Configurable data fields with various encodings
+- Automatic secret lifecycle management
+
+## Installation
+
+### Prerequisites
+
+- Kubernetes cluster (1.20+)
+- PostgreSQL instance accessible from the cluster
+- Helm 3.x (for chart-based installation)
+
+### Using Helm Chart
+
+1. Clone the repository:
+
+```bash
+git clone <repository-url>
+cd homelab-operator
+```
+
+2. Install using Helm:
+
+```bash
+helm install homelab-operator ./chart \
+  --set-string env.POSTGRES_HOST=<your-postgres-host> \
+  --set-string env.POSTGRES_USER=<admin-user> \
+  --set-string env.POSTGRES_PASSWORD=<admin-password>
+```
+
+### Using kubectl
+
+1. Build and push the Docker image:
+
+```bash
+docker build -t your-registry/homelab-operator:latest .
+docker push your-registry/homelab-operator:latest
+```
+
+2. Apply the Kubernetes manifests:
+
+```bash
+kubectl apply -f chart/templates/
+```
+
+## Configuration
+
+The operator is configured through environment variables:
+
+| Variable            | Description                              | Required | Default |
+| ------------------- | ---------------------------------------- | -------- | ------- |
+| `POSTGRES_HOST`     | PostgreSQL server hostname               | Yes      | -       |
+| `POSTGRES_USER`     | PostgreSQL admin username                | Yes      | -       |
+| `POSTGRES_PASSWORD` | PostgreSQL admin password                | Yes      | -       |
+| `POSTGRES_PORT`     | PostgreSQL server port                   | No       | 5432    |
+| `LOG_LEVEL`         | Logging level (debug, info, warn, error) | No       | info    |
+
+## Usage
+
+### PostgreSQL Database
+
+Create a PostgreSQL database with an associated role:
+
+```yaml
+apiVersion: homelab.mortenolsen.pro/v1
+kind: PostgresDatabase
+metadata:
+  name: my-app-db
+  namespace: my-namespace
+spec: {}
+```
+
+This will create:
+
+- A PostgreSQL role named `my-app-db`
+- A PostgreSQL database named `my-namespace_my-app-db` owned by the role
+- A Kubernetes secret `postgres-database-my-app-db` containing:
+  - `name`: Base64-encoded database name
+  - `user`: Base64-encoded username
+  - `password`: Base64-encoded password
+
+### Secret Request
+
+Generate a Kubernetes secret with custom data:
+
+```yaml
+apiVersion: homelab.mortenolsen.pro/v1
+kind: SecretRequest
+metadata:
+  name: my-secret
+  namespace: my-namespace
+spec:
+  secretName: app-config
+  data:
+    - key: api-key
+      value: "my-api-key"
+      encoding: base64
+    - key: database-url
+      value: "postgresql://user:pass@host:5432/db"
+    - key: random-token
+      length: 32
+      chars: "abcdefghijklmnopqrstuvwxyz0123456789"
+```
+
+### Accessing Created Resources
+
+To retrieve database credentials:
+
+```bash
+# Get the secret
+kubectl get secret postgres-database-my-app-db -o jsonpath='{.data.user}' | base64 -d
+kubectl get secret postgres-database-my-app-db -o jsonpath='{.data.password}' | base64 -d
+kubectl get secret postgres-database-my-app-db -o jsonpath='{.data.name}' | base64 -d
+```
+
+## Development
+
+### Prerequisites
+
+- [Bun](https://bun.sh/) runtime
+- [pnpm](https://pnpm.io/) package manager
+- Docker (for building images)
+- Access to a Kubernetes cluster for testing
+
+### Setup
+
+1. Clone the repository:
+
+```bash
+git clone <repository-url>
+cd homelab-operator
+```
+
+2. Install dependencies:
+
+```bash
+pnpm install
+```
+
+3. Set up development environment:
+
+```bash
+cp .env.example .env
+# Edit .env with your PostgreSQL connection details
+```
+
+### Running Locally
+
+For development, you can run the operator locally against a remote cluster:
+
+```bash
+# Ensure kubectl is configured for your development cluster
+export KUBECONFIG=~/.kube/config
+
+# Set PostgreSQL connection environment variables
+export POSTGRES_HOST=localhost
+export POSTGRES_USER=postgres
+export POSTGRES_PASSWORD=yourpassword
+
+# Run the operator
+bun run src/index.ts
+```
+
+### Development with Docker Compose
+
+A development environment with PostgreSQL is provided:
+
+```bash
+docker-compose -f docker-compose.dev.yaml up -d
+```
+
+### Building
+
+Build the Docker image:
+
+```bash
+docker build -t homelab-operator:latest .
+```
+
+### Testing
+
+```bash
+# Run linting
+pnpm run test:lint
+
+# Apply test resources
+kubectl apply -f test.yaml
+```
+
+## Contributing
+
+1. Fork the repository
+2. Create a feature branch: `git checkout -b feature/new-feature`
+3. Make your changes and add tests
+4. Run linting: `pnpm run test:lint`
+5. Commit your changes: `git commit -am 'Add new feature'`
+6. Push to the branch: `git push origin feature/new-feature`
+7. Submit a pull request
+
+## Project Structure
+
+```
+├── chart/                 # Helm chart for deployment
+├── src/
+│   ├── crds/             # Custom Resource Definitions
+│   │   ├── postgres/     # PostgreSQL database management
+│   │   └── secrets/      # Secret generation
+│   ├── custom-resource/   # Base CRD framework
+│   ├── database/         # Database migrations
+│   ├── services/         # Core services
+│   │   ├── config/       # Configuration management
+│   │   ├── k8s.ts        # Kubernetes API client
+│   │   ├── log/          # Logging service
+│   │   ├── postgres/     # PostgreSQL service
+│   │   └── secrets/      # Secret management
+│   └── utils/            # Utilities and constants
+├── Dockerfile            # Container build configuration
+└── docker-compose.dev.yaml  # Development environment
+```
+
+## License
+
+This project is licensed under the MIT License - see the LICENSE file for
+details.
+
+## Support
+
+For support and questions:
+
+- Create an issue in the GitHub repository
+- Check existing issues for similar problems
+- Review the logs using `kubectl logs -l app=homelab-operator`
+
+## Status Monitoring
+
+Monitor the operator status:
+
+```bash
+# Check operator logs
+kubectl logs -l app=homelab-operator -f
+
+# Check CRD status
+kubectl get postgresdatabases
+kubectl get secretrequests
+
+# Describe resources for detailed status
+kubectl describe postgresdatabase my-app-db
+kubectl describe secretrequest my-secret
+```

chart/templates/clusterrole.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "homelab-operator.fullname" . }}
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create", "get", "watch", "list"]
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["get", "watch", "list", "patch"]
+- apiGroups: ["apiextensions.k8s.io"]
+  resources: ["customresourcedefinitions"]
+  verbs: ["get", "create", "replace"]

chart/templates/deployment.yaml

@@ -33,14 +33,6 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          volumeMounts:
-            - name: data-volumes
-              mountPath: {{ .Values.storage.path }}
-      volumes:
-        - name: data-volumes
-          hostPath:
-            path: {{ .Values.storage.path }}
-            type: DirectoryOrCreate
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

chart/values.yaml

@@ -3,20 +3,14 @@
 # Declare variables to be passed into your templates.
 
 image:
-  repository: ghcr.io/morten-olsen/homelab-operator
-  pullPolicy: IfNotPresent
+  repository: ghcr.io/morten-olsen/homelab-operator:main
+  pullPolicy: Always
   # Overrides the image tag whose default is the chart appVersion.
-  tag: main@sha256:752b25d3ef9711e72d63e936244dac03c6caa2dd1e00f49fb98238f2702f07a5
+  tag: ""
 
 imagePullSecrets: []
-nameOverride: ''
-fullnameOverride: ''
-
-storage:
-  path: /data/volumes
-  reclaimPolicy: Retain
-  allowVolumeExpansion: false
-  volumeBindingMode: WaitForFirstConsumer
+nameOverride: ""
+fullnameOverride: ""
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -25,7 +19,7 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ''
+  name: ""
 
 podAnnotations: {}
 

charts/apps/AGENT.md

@@ -1,136 +0,0 @@
-# Agent Documentation
-
-This document describes how to create a new application chart for the homelab operator.
-
-## Chart Structure
-
-Each application has its own chart located in a directory under `charts/apps`. The chart should contain the following files:
-
-- `Chart.yaml`: The chart metadata.
-- `values.yaml`: The default values for the chart.
-- `templates/`: A directory containing the Kubernetes resource templates.
-
-## Custom Resources
-
-The homelab operator uses several custom resources to manage applications. These resources are defined in the `templates` directory of the chart.
-
-### `PostgresDatabase`
-
-If the application requires a PostgreSQL database, you can create a `PostgresDatabase` resource. The operator will automatically create a database and a secret containing the connection details. The secret will have the same name as the release with a `-pg-connection` postfix.
-
-Example:
-
-```yaml
-# templates/database.yaml
-apiVersion: homelab.mortenolsen.pro/v1
-kind: PostgresDatabase
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-```
-
-The secret has the following values:
-
-- `database`: name of the created database
-- `host`: the hostname of the postgres server
-- `port`: the port of the postgres server
-- `url`: combined url in the format `postgresql://{user}:{password}@{host}:{port}/{database}`
-
-### `OidcClient`
-
-If the application requires OIDC authentication, you can create an `OidcClient` resource. The operator will automatically create an OIDC client and a secret containing the client ID and secret. The secret will have the same name as the release with a `-client` postfix.
-
-You need to specify the redirect URIs for the OIDC client. The subdomain is taken from the `values.yaml` file.
-
-Example:
-
-```yaml
-# templates/client.yaml
-apiVersion: homelab.mortenolsen.pro/v1
-kind: OidcClient
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-  redirectUris:
-    - path: /user/oauth2/Authentik/callback
-      subdomain: "{{ .Values.subdomain }}"
-      matchingMode: strict
-```
-
-The secret has the following value:
-
-- `authorization`: Authorization endpoint
-- `clientId`
-- `clientSecret`
-- `configuration`: autodiscovery endpoint
-- `configurationIssuer`: issuer url
-- `endSession`: end session endpoint
-- `jwks`: jwks endpoint
-- `token`: token endpoint
-- `userinfo`: user info endpoint
-
-### `HttpService` and `ExternalHttpService`
-
-To expose the application, you can use either an `HttpService` or an `ExternalHttpService` resource.
-
-- `HttpService`: This will expose the application through the Istio gateway. This is for internal access only.
-- `ExternalHttpService`: This will expose the application through a CloudFlare tunnel. This is for external access.
-
-Both resources take a `subdomain` and a `destination` as parameters. The `destination` is the Kubernetes service to route traffic to.
-
-Example of `HttpService`:
-
-```yaml
-# templates/http-service.yaml
-apiVersion: homelab.mortenolsen.pro/v1
-kind: HttpService
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-  subdomain: "{{ .Values.subdomain }}"
-  destination:
-    host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
-    port:
-      number: 80
-```
-
-Example of `ExternalHttpService`:
-
-```yaml
-# templates/external-http-service.yaml
-apiVersion: homelab.mortenolsen.pro/v1
-kind: ExternalHttpService
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-  subdomain: "{{ .Values.subdomain }}"
-  destination:
-    host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
-    port:
-      number: 80
-```
-
-## `values.yaml`
-
-The `values.yaml` file should contain the following values:
-
-- `globals.environment`: The environment the application is running in (e.g., `prod`, `dev`).
-- `image.repository`: The Docker image repository.
-- `image.tag`: The Docker image tag.
-- `subdomain`: The subdomain for the application.
-
-Example:
-
-```yaml
-# values.yaml
-globals:
-  environment: prod
-image:
-  repository: docker.gitea.com/gitea
-  tag: latest
-subdomain: gitea
-```

charts/apps/apprise/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-version: 1.0.0
-name: apprise

charts/apps/apprise/templates/client.yaml

@@ -1,10 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: OidcClient
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'
-  redirectUris:
-    - path: /oauth/oidc/callback
-      subdomain: '{{ .Values.subdomain }}'
-      matchingMode: strict

charts/apps/apprise/templates/deployment.yaml

@@ -1,43 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  selector:
-    matchLabels:
-      app: "{{ .Release.Name }}"
-  template:
-    metadata:
-      labels:
-        app: "{{ .Release.Name }}"
-    spec:
-      containers:
-        - name: "{{ .Release.Name }}"
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          ports:
-            - name: http
-              containerPort: 8000
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-          readinessProbe:
-            tcpSocket:
-              port: http
-          env:
-            - name: TZ
-              value: "{{ .Values.globals.timezone }}"
-            - name: BASE_URL
-              value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}
-          volumeMounts:
-            - mountPath: /config
-              name: data
-
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-data"

charts/apps/apprise/templates/http-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: HttpService
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-  subdomain: "{{ .Values.subdomain }}"
-  destination:
-    host: "{{ .Release.Name }}"
-    port:
-      number: 80

charts/apps/apprise/templates/pvc.yaml

@@ -1,11 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-data'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'

charts/apps/apprise/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 8000
-      protocol: TCP
-      name: http
-  selector:
-    app: "{{ .Release.Name }}"

charts/apps/apprise/values.yaml

@@ -1,9 +0,0 @@
-globals:
-  environment: prod
-  timezone: Europe/Amsterdam
-  domain: olsen.cloud
-image:
-  repository: docker.io/caronc/apprise
-  tag: latest@sha256:127b3834f0679502529397ead8ffeaadf5189019c4c863fa6652e9b942fdccf8
-  pullPolicy: IfNotPresent
-subdomain: apprise

charts/apps/audiobookshelf/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-version: 1.0.0
-name: audiobookshelf

charts/apps/audiobookshelf/templates/client.yaml

@@ -1,13 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: OidcClient
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'
-  redirectUris:
-    - path: /audiobookshelf/auth/openid/callback
-      subdomain: '{{ .Values.subdomain }}'
-      matchingMode: strict
-    - path: /audiobookshelf/auth/openid/mobile-redirect
-      subdomain: '{{ .Values.subdomain }}'
-      matchingMode: strict

charts/apps/audiobookshelf/templates/deployment.yaml

@@ -1,52 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  selector:
-    matchLabels:
-      app: '{{ .Release.Name }}'
-  template:
-    metadata:
-      labels:
-        app: '{{ .Release.Name }}'
-    spec:
-      containers:
-        - name: '{{ .Release.Name }}'
-          image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
-          imagePullPolicy: '{{ .Values.image.pullPolicy }}'
-          ports:
-            - name: http
-              containerPort: 80
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-          readinessProbe:
-            tcpSocket:
-              port: http
-          volumeMounts:
-            - mountPath: /config
-              name: config
-            - mountPath: /metadata
-              name: metadata
-            - mountPath: /audiobooks
-              name: audiobooks
-            - mountPath: /podcasts
-              name: podcasts
-      volumes:
-        - name: config
-          persistentVolumeClaim:
-            claimName: '{{ .Release.Name }}-config'
-        - name: metadata
-          persistentVolumeClaim:
-            claimName: '{{ .Release.Name }}-metadata'
-        - name: audiobooks
-          persistentVolumeClaim:
-            claimName: books
-        - name: podcasts
-          persistentVolumeClaim:
-            claimName: podcasts

charts/apps/audiobookshelf/templates/external-http-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: ExternalHttpService
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'
-  subdomain: '{{ .Values.subdomain }}'
-  destination:
-    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
-    port:
-      number: 80

charts/apps/audiobookshelf/templates/pvc.yaml

@@ -1,24 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-config'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'
-
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-metadata'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'

charts/apps/audiobookshelf/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: '{{ .Release.Name }}'
-  labels:
-    app: '{{ .Release.Name }}'
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 80
-      protocol: TCP
-      name: http
-  selector:
-    app: '{{ .Release.Name }}'

charts/apps/audiobookshelf/values.yaml

@@ -1,7 +0,0 @@
-globals:
-  environment: prod
-image:
-  repository: ghcr.io/advplyr/audiobookshelf
-  tag: 2.26.1@sha256:5901162ccdf4b44f563ff2012484d5e315d9a1ecd6af86f7fe605ec96bbc5039
-  pullPolicy: IfNotPresent
-subdomain: audiobookshelf

charts/apps/baikal/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-version: 1.0.0
-name: esphome

charts/apps/baikal/templates/database.yaml

@@ -1,6 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: PostgresDatabase
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'

charts/apps/baikal/templates/deployment.yaml

@@ -1,46 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  selector:
-    matchLabels:
-      app: "{{ .Release.Name }}"
-  template:
-    metadata:
-      labels:
-        app: "{{ .Release.Name }}"
-    spec:
-      containers:
-        - name: "{{ .Release.Name }}"
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          ports:
-            - name: http
-              containerPort: 80
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-          readinessProbe:
-            tcpSocket:
-              port: http
-          env:
-            - name: TZ
-              value: "{{ .Values.globals.timezone }}"
-          volumeMounts:
-            - mountPath: /var/www/baikal/Specific
-              name: data
-            - mountPath: /var/www/baikal/config
-              name: config
-
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-data"
-        - name: config
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-config"

charts/apps/baikal/templates/external-http-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: ExternalHttpService
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'
-  subdomain: '{{ .Values.subdomain }}'
-  destination:
-    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
-    port:
-      number: 80

charts/apps/baikal/templates/http-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: HttpService
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-  subdomain: "{{ .Values.subdomain }}"
-  destination:
-    host: "{{ .Release.Name }}"
-    port:
-      number: 80

charts/apps/baikal/templates/pvc.yaml

@@ -1,24 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: "{{ .Release.Name }}-data"
-spec:
-  accessModes:
-    - "ReadWriteOnce"
-  resources:
-    requests:
-      storage: "1Gi"
-  storageClassName: "{{ .Values.globals.environment }}"
-
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: "{{ .Release.Name }}-config"
-spec:
-  accessModes:
-    - "ReadWriteOnce"
-  resources:
-    requests:
-      storage: "1Gi"
-  storageClassName: "{{ .Values.globals.environment }}"

charts/apps/baikal/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 80
-      protocol: TCP
-      name: http
-  selector:
-    app: "{{ .Release.Name }}"

charts/apps/baikal/values.yaml

@@ -1,9 +0,0 @@
-globals:
-  environment: prod
-  timezone: Europe/Amsterdam
-  domain: olsen.cloud
-image:
-  repository: docker.io/ckulka/baikal
-  tag: nginx@sha256:27bd9afbb8142c2143b6959c023074b05c86356ded0f589fcb1424ab5fbe0a70
-  pullPolicy: IfNotPresent
-subdomain: baikal

charts/apps/bytestash/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-version: 1.0.0
-name: ByteStash

charts/apps/bytestash/templates/client.yaml

@@ -1,10 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: OidcClient
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'
-  redirectUris:
-    - path: /api/auth/oidc/callback
-      subdomain: '{{ .Values.subdomain }}'
-      matchingMode: strict

charts/apps/bytestash/templates/deployment.yaml

@@ -1,54 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: "{{ .Release.Name }}"
-  template:
-    metadata:
-      labels:
-        app: "{{ .Release.Name }}"
-    spec:
-      containers:
-        - name: "{{ .Release.Name }}"
-          image: ghcr.io/jordan-dalby/bytestash:latest
-          ports:
-            - containerPort: 5000
-              name: http
-          env:
-            - name: ALLOW_NEW_ACCOUNTS
-              value: "true"
-            - name: DISABLE_INTERNAL_ACCOUNTS
-              value: "true"
-            - name: OIDC_ENABLED
-              value: "true"
-            - name: OIDC_DISPLAY_NAME
-              value: OIDC
-            - name: OIDC_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
-                  key: clientId
-            - name: OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
-                  key: clientSecret
-            - name: OIDC_ISSUER_URL
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-client"
-                  key: configurationIssuer
-
-          volumeMounts:
-            - mountPath: /data/snippets
-              name: data
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-data"

charts/apps/bytestash/templates/external-http-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: ExternalHttpService
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'
-  subdomain: '{{ .Values.subdomain }}'
-  destination:
-    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
-    port:
-      number: 80

charts/apps/bytestash/templates/http-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: HttpService
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.environment }}'
-  subdomain: '{{ .Values.subdomain }}'
-  destination:
-    host: '{{ .Release.Name }}'
-    port:
-      number: 80

charts/apps/bytestash/templates/pvc.yaml

@@ -1,11 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-data'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'

charts/apps/bytestash/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: '{{ .Release.Name }}'
-  labels:
-    app: '{{ .Release.Name }}'
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 5000
-      protocol: TCP
-      name: http
-  selector:
-    app: '{{ .Release.Name }}'

charts/apps/bytestash/values.yaml

@@ -1,3 +0,0 @@
-globals:
-  environment: prod
-subdomain: bytestash

charts/apps/calibre-web/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-version: 1.0.0
-name: calibre-web

charts/apps/calibre-web/templates/client.yaml

@@ -1,10 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: OidcClient
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'
-  redirectUris:
-    - path: /api/auth/oidc/callback
-      subdomain: '{{ .Values.subdomain }}'
-      matchingMode: strict

charts/apps/calibre-web/templates/deployment.yaml

@@ -1,42 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: "{{ .Release.Name }}"
-  template:
-    metadata:
-      labels:
-        app: "{{ .Release.Name }}"
-    spec:
-      containers:
-        - name: "{{ .Release.Name }}"
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          ports:
-            - containerPort: 8083
-              name: http
-          env:
-            - name: TZ
-              value: "{{ .Values.globals.timezone }}"
-            - name: PUID
-              value: "1000"
-            - name: PGID
-              value: "1000"
-          volumeMounts:
-            - mountPath: /config
-              name: data
-            - mountPath: /books
-              name: books
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-data"
-        - name: books
-          persistentVolumeClaim:
-            claimName: books

charts/apps/calibre-web/templates/external-http-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: ExternalHttpService
-metadata:
-  name: '{{ .Release.Name }}'
-spec:
-  environment: '{{ .Values.globals.environment }}'
-  subdomain: '{{ .Values.subdomain }}'
-  destination:
-    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
-    port:
-      number: 80

charts/apps/calibre-web/templates/http-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: homelab.mortenolsen.pro/v1
-kind: HttpService
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  environment: "{{ .Values.globals.environment }}"
-  subdomain: "{{ .Values.subdomain }}"
-  destination:
-    host: "{{ .Release.Name }}"
-    port:
-      number: 80

charts/apps/calibre-web/templates/pvc.yaml

@@ -1,11 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-data'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'

charts/apps/calibre-web/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 8083
-      protocol: TCP
-      name: http
-  selector:
-    app: "{{ .Release.Name }}"

charts/apps/calibre-web/values.yaml

@@ -1,9 +0,0 @@
-globals:
-  environment: prod