simplify

chart/templates/deployment.yaml

@@ -31,6 +31,67 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            # PostgreSQL Host
+            - name: POSTGRES_HOST
+              {{- if .Values.config.postgres.host.fromSecret.enabled }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgres.host.fromSecret.secretName }}
+                  key: {{ .Values.config.postgres.host.fromSecret.key }}
+              {{- else }}
+              value: {{ .Values.config.postgres.host.value | quote }}
+              {{- end }}
+            # PostgreSQL Port
+            - name: POSTGRES_PORT
+              {{- if .Values.config.postgres.port.fromSecret.enabled }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgres.port.fromSecret.secretName }}
+                  key: {{ .Values.config.postgres.port.fromSecret.key }}
+              {{- else }}
+              value: {{ .Values.config.postgres.port.value | quote }}
+              {{- end }}
+            # PostgreSQL User
+            - name: POSTGRES_USER
+              {{- if .Values.config.postgres.user.fromSecret.enabled }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgres.user.fromSecret.secretName }}
+                  key: {{ .Values.config.postgres.user.fromSecret.key }}
+              {{- else }}
+              value: {{ .Values.config.postgres.user.value | quote }}
+              {{- end }}
+            # PostgreSQL Password
+            - name: POSTGRES_PASSWORD
+              {{- if .Values.config.postgres.password.fromSecret.enabled }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.postgres.password.fromSecret.secretName }}
+                  key: {{ .Values.config.postgres.password.fromSecret.key }}
+              {{- else }}
+              value: {{ .Values.config.postgres.password.value | quote }}
+              {{- end }}
+            # Certificate Manager
+            - name: CERT_MANAGER
+              {{- if .Values.config.certManager.fromSecret.enabled }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.certManager.fromSecret.secretName }}
+                  key: {{ .Values.config.certManager.fromSecret.key }}
+              {{- else }}
+              value: {{ .Values.config.certManager.value | quote }}
+              {{- end }}
+            # Istio Gateway
+            - name: ISTIO_GATEWAY
+              {{- if .Values.config.istioGateway.fromSecret.enabled }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.config.istioGateway.fromSecret.secretName }}
+                  key: {{ .Values.config.istioGateway.fromSecret.key }}
+              {{- else }}
+              value: {{ .Values.config.istioGateway.value | quote }}
+              {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

chart/values.yaml

@@ -50,4 +50,54 @@ nodeSelector: {}
 
 tolerations: []
 
-affinity: {}
+affinity: {}
+
+# Configuration for the homelab operator
+config:
+  # PostgreSQL database configuration
+  postgres:
+    host:
+      # Direct value (used when fromSecret.enabled is false)
+      value: "127.0.0.1"
+      # Secret reference (used when fromSecret.enabled is true)
+      fromSecret:
+        enabled: false
+        secretName: ""
+        key: "POSTGRES_HOST"
+    
+    port:
+      value: "5432"
+      fromSecret:
+        enabled: false
+        secretName: ""
+        key: "POSTGRES_PORT"
+    
+    user:
+      value: "postgres"
+      fromSecret:
+        enabled: false
+        secretName: ""
+        key: "POSTGRES_USER"
+    
+    password:
+      value: ""
+      fromSecret:
+        enabled: true  # Default to secret for sensitive data
+        secretName: "postgres-secret"
+        key: "POSTGRES_PASSWORD"
+  
+  # Certificate manager configuration
+  certManager:
+    value: "letsencrypt-prod"
+    fromSecret:
+      enabled: false
+      secretName: ""
+      key: "CERT_MANAGER"
+  
+  # Istio gateway configuration
+  istioGateway:
+    value: "istio-ingress"
+    fromSecret:
+      enabled: false
+      secretName: ""
+      key: "ISTIO_GATEWAY"

src/index.ts

@@ -5,7 +5,6 @@ import { Services } from './utils/service.ts';
 import { CustomResourceService } from './services/custom-resources/custom-resources.ts';
 import { WatcherService } from './services/watchers/watchers.ts';
 import { customResources } from './custom-resouces/custom-resources.ts';
-import { StorageProvider } from './storage-provider/storage-provider.ts';
 
 process.on('uncaughtException', (error) => {
   console.log('UNCAUGHT EXCEPTION');
@@ -30,8 +29,6 @@ process.on('unhandledRejection', (error) => {
 
 const services = new Services();
 const watcherService = services.get(WatcherService);
-const storageProvider = services.get(StorageProvider);
-await storageProvider.start();
 await watcherService
   .create({
     path: '/apis/apiextensions.k8s.io/v1/customresourcedefinitions',

src/storage-provider/storage-provider.ts

@@ -1,73 +0,0 @@
-import { mkdir } from 'fs/promises';
-
-import { V1PersistentVolume, type V1PersistentVolumeClaim } from '@kubernetes/client-node';
-
-import { Watcher, WatcherService } from '../services/watchers/watchers.ts';
-import type { Services } from '../utils/service.ts';
-import { ResourceService, type Resource } from '../services/resources/resources.ts';
-
-const PROVISIONER = 'reuse-local-path-provisioner';
-const LABEL_SELECTOR = `provisioner=${PROVISIONER}`;
-
-class StorageProvider {
-  #watcher: Watcher<V1PersistentVolumeClaim>;
-  #services: Services;
-
-  constructor(services: Services) {
-    this.#services = services;
-    const watchService = this.#services.get(WatcherService);
-    this.#watcher = watchService.create({
-      path: '/api/v1/persistantvolumeclaims',
-      list: (k8s) =>
-        k8s.api.listPersistentVolumeClaimForAllNamespaces({
-          labelSelector: LABEL_SELECTOR,
-        }),
-      verbs: ['add', 'update', 'delete'],
-      selector: LABEL_SELECTOR,
-    });
-    this.#watcher.on('changed', this.#handleChange);
-  }
-
-  #handleChange = async (pvc: Resource<V1PersistentVolumeClaim>) => {
-    const target = `/data/volumes/${pvc.namespace}/${pvc.name}`;
-    await mkdir(target, { recursive: true });
-    const resourceService = this.#services.get(ResourceService);
-    const pv = resourceService.get<V1PersistentVolume>({
-      apiVersion: 'v1',
-      kind: 'PersistantVolume',
-      name: pvc.name,
-      namespace: pvc.namespace,
-    });
-    await pv.load();
-    await pv.patch({
-      metadata: {
-        labels: {
-          provisioner: PROVISIONER,
-        },
-      },
-      spec: {
-        hostPath: {
-          path: target,
-        },
-        capacity: {
-          storage: pvc.spec?.resources?.requests?.storage ?? '1GB',
-        },
-        persistentVolumeReclaimPolicy: 'Retain',
-        accessModes: pvc.spec?.accessModes,
-        claimRef: {
-          uid: pvc.metadata?.uid,
-          resourceVersion: pvc.metadata?.resourceVersion,
-          apiVersion: pvc.apiVersion,
-          name: pvc.name,
-          namespace: pvc.namespace,
-        },
-      },
-    });
-  };
-
-  public start = async () => {
-    await this.#watcher.start();
-  };
-}
-
-export { StorageProvider };