├── .github
└── workflows
│ └── release-charts.yaml
├── .gitignore
├── .idea
├── codeStyles
│ ├── Project.xml
│ └── codeStyleConfig.xml
└── vcs.xml
├── .prettierrc.yml
├── Makefile
├── README.md
├── charts
├── cert-manager-cloudflare-config
│ ├── CHANGELOG.md
│ ├── Chart.yaml
│ ├── README.md
│ ├── templates
│ │ └── le_issuer.yaml
│ └── values.yaml
├── coredns-private-dns-fix
│ ├── CHANGELOG.md
│ ├── Chart.yaml
│ ├── README.md
│ └── templates
│ │ └── coredns-custom-config-map.yaml
├── gradle-build-cache
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ └── common-25.4.8.tgz
│ ├── templates
│ │ ├── NOTES.txt
│ │ └── common.yaml
│ └── values.yaml
├── iobroker
│ ├── .gitignore
│ ├── .helmignore
│ ├── CHANGELOG.md
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── README.networking.md
│ ├── templates
│ │ ├── NOTES.txt
│ │ └── common.yaml
│ └── values.yaml
├── iperf3
│ ├── Chart.yaml
│ ├── README.md
│ ├── templates
│ │ ├── deployment.yml
│ │ └── service.yml
│ └── values.yaml
├── localpath
│ ├── CHANGELOG.md
│ ├── Chart.yaml
│ ├── README.md
│ └── templates
│ │ └── localpath.yaml
├── longhorn-backup-config
│ ├── CHANGELOG.md
│ ├── Chart.yaml
│ ├── README.md
│ ├── templates
│ │ └── schedule-daily.yaml
│ └── values.yaml
├── network-tools
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── templates
│ │ ├── NOTES.txt
│ │ └── common.yaml
│ └── values.yaml
├── openldap-test
│ ├── CHANGELOG.md
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ └── common-25.4.2.tgz
│ ├── templates
│ │ ├── NOTES.txt
│ │ └── common.yaml
│ └── values.yaml
├── postgres-pgdump-backup
│ ├── CHANGELOG.md
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ └── common-25.4.2.tgz
│ ├── templates
│ │ ├── NOTES.txt
│ │ └── common.yaml
│ └── values.yaml
├── rundeck
│ ├── .helmignore
│ ├── CHANGELOG.md
│ ├── Chart.yaml
│ ├── README.md
│ ├── files
│ │ └── nginx
│ │ │ └── nginx.conf
│ ├── scripts
│ │ └── bootstrap.sh
│ ├── templates
│ │ ├── _helpers.tpl
│ │ ├── addons-pvc.yaml
│ │ ├── boostrap-wrapper-script-configmap.yaml
│ │ ├── data-pvc.yaml
│ │ ├── execution-logs-pvc.yaml
│ │ ├── ingress.yaml
│ │ ├── nginx-configmap.yaml
│ │ ├── nginx-deployment.yaml
│ │ ├── nginx-service.yaml
│ │ ├── plugins-pvc.yaml
│ │ ├── rundeck-backend-deployment.yaml
│ │ ├── rundeck-backend-service.yaml
│ │ ├── rundeck-environment-configmap.yaml
│ │ └── serviceaccount.yaml
│ ├── values-test.yaml
│ └── values.yaml
├── vulnz-nvd-mirror
│ ├── CHANGELOG.md
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── Makefile
│ ├── README.md
│ ├── charts
│ │ └── common-25.4.8.tgz
│ ├── templates
│ │ ├── NOTES.txt
│ │ └── common.yaml
│ └── values.yaml
├── whatsmyip
│ ├── CHANGELOG.md
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── Makefile
│ ├── charts
│ │ └── common-25.4.2.tgz
│ ├── templates
│ │ ├── NOTES.txt
│ │ └── common.yaml
│ └── values.yaml
└── whoami
│ ├── CHANGELOG.md
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── Makefile
│ ├── charts
│ └── common-25.4.2.tgz
│ ├── templates
│ ├── NOTES.txt
│ └── common.yaml
│ └── values.yaml
└── cr.yaml
/.github/workflows/release-charts.yaml:
--------------------------------------------------------------------------------
1 | name: Release Charts
2 |
3 | on:
4 | push:
5 | branches:
6 | - main
7 |
8 | jobs:
9 | release:
10 | # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
11 | # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
12 | permissions:
13 | contents: write
14 | runs-on: ubuntu-latest
15 | steps:
16 | - name: Checkout
17 | uses: actions/checkout@v3
18 | with:
19 | fetch-depth: 0
20 |
21 | - name: Configure Git
22 | run: |
23 | git config user.name "$GITHUB_ACTOR"
24 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
25 |
26 | - name: Install Helm
27 | uses: azure/setup-helm@v3
28 |
29 | - name: Run chart-releaser
30 | uses: helm/chart-releaser-action@v1.6.0
31 | with:
32 | charts_dir: charts
33 | config: cr.yaml
34 | skip_existing: true
35 | env:
36 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
37 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .deploy
2 | index.yaml
3 | config.yaml
4 | .cr-release-packages
--------------------------------------------------------------------------------
/.idea/codeStyles/Project.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
11 |
12 |
13 |
14 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
39 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 | true
169 | Keep static fields order
170 | true
171 |
172 |
173 |
174 |
175 |
176 |
177 |
178 |
179 | true
180 | true
181 | true
182 | true
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 | true
192 | true
193 | true
194 | true
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 | true
204 | true
205 | true
206 | true
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 | true
216 | true
217 | true
218 | true
219 |
220 |
221 |
222 |
223 |
224 |
225 |
226 |
227 | true
228 | true
229 | true
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 |
238 | true
239 | true
240 | true
241 |
242 |
243 |
244 |
245 |
246 |
247 |
248 |
249 | true
250 | true
251 | true
252 |
253 |
254 |
255 |
256 |
257 |
258 |
259 |
260 | true
261 | true
262 | true
263 |
264 |
265 |
266 |
267 |
268 |
269 |
270 |
271 | true
272 | true
273 |
274 |
275 |
276 |
277 |
278 |
279 |
280 |
281 | true
282 | true
283 | true
284 |
285 |
286 |
287 |
288 |
289 |
290 |
291 |
292 | true
293 | true
294 | true
295 |
296 |
297 |
298 |
299 |
300 |
301 |
302 |
303 | true
304 | true
305 | true
306 |
307 |
308 |
309 |
310 |
311 |
312 |
313 |
314 | true
315 | true
316 | true
317 |
318 |
319 |
320 |
321 |
322 |
323 |
324 |
325 | true
326 | true
327 |
328 |
329 |
330 |
331 |
332 |
333 |
334 |
335 | true
336 | true
337 |
338 |
339 |
340 |
341 |
342 |
343 |
344 |
345 | true
346 | true
347 |
348 |
349 |
350 |
351 |
352 |
353 |
354 |
355 | true
356 | true
357 |
358 |
359 |
360 |
361 |
362 |
363 |
364 | true
365 |
366 |
367 |
368 |
369 |
370 |
371 | true
372 |
373 |
374 |
375 |
376 |
377 |
378 | true
379 |
380 |
381 |
382 |
383 |
384 |
385 |
386 | true
387 | true
388 |
389 |
390 |
391 |
392 |
393 |
394 |
395 | true
396 |
397 |
398 |
399 |
400 |
401 |
402 | true
403 |
404 |
405 |
406 |
407 |
408 |
409 | true
410 |
411 |
412 |
413 |
414 |
415 |
416 |
417 | true
418 | true
419 |
420 |
421 |
422 |
423 |
424 |
425 |
426 | true
427 |
428 |
429 |
430 |
431 |
432 |
433 |
434 |
435 |
436 |
437 |
438 |
439 |
440 |
441 |
442 |
443 |
444 |
445 |
446 |
447 |
448 |
449 |
450 |
451 |
452 |
453 |
454 |
455 |
456 |
457 |
458 |
459 |
460 |
461 |
462 |
463 |
464 |
465 |
466 |
467 |
468 |
469 |
470 |
471 |
472 |
473 |
474 |
475 |
476 |
477 |
478 |
479 |
480 |
481 |
482 |
483 |
484 |
485 |
486 |
487 |
488 |
489 |
490 |
491 |
492 |
493 |
494 |
495 |
496 |
497 |
498 |
499 |
500 |
501 |
502 |
503 |
504 |
505 |
506 |
507 |
508 |
509 |
510 |
511 |
512 |
513 |
514 |
515 |
516 |
517 |
518 |
519 |
520 |
521 |
522 |
523 |
524 |
525 |
526 |
527 |
528 |
529 |
530 |
531 |
532 |
533 |
534 |
535 |
536 |
537 |
538 |
539 |
540 |
541 |
542 |
543 |
544 |
545 |
546 |
547 |
548 | xmlns:android
549 |
550 | ^$
551 |
552 |
553 |
554 |
555 |
556 |
557 |
558 |
559 | xmlns:.*
560 |
561 | ^$
562 |
563 |
564 | BY_NAME
565 |
566 |
567 |
568 |
569 |
570 |
571 | .*:id
572 |
573 | http://schemas.android.com/apk/res/android
574 |
575 |
576 |
577 |
578 |
579 |
580 |
581 |
582 | style
583 |
584 | ^$
585 |
586 |
587 |
588 |
589 |
590 |
591 |
592 |
593 | .*
594 |
595 | ^$
596 |
597 |
598 | BY_NAME
599 |
600 |
601 |
602 |
603 |
604 |
605 | .*:.*Style
606 |
607 | http://schemas.android.com/apk/res/android
608 |
609 |
610 | BY_NAME
611 |
612 |
613 |
614 |
615 |
616 |
617 | .*:layout_width
618 |
619 | http://schemas.android.com/apk/res/android
620 |
621 |
622 |
623 |
624 |
625 |
626 |
627 |
628 | .*:layout_height
629 |
630 | http://schemas.android.com/apk/res/android
631 |
632 |
633 |
634 |
635 |
636 |
637 |
638 |
639 | .*:layout_weight
640 |
641 | http://schemas.android.com/apk/res/android
642 |
643 |
644 |
645 |
646 |
647 |
648 |
649 |
650 | .*:layout_margin
651 |
652 | http://schemas.android.com/apk/res/android
653 |
654 |
655 |
656 |
657 |
658 |
659 |
660 |
661 | .*:layout_marginTop
662 |
663 | http://schemas.android.com/apk/res/android
664 |
665 |
666 |
667 |
668 |
669 |
670 |
671 |
672 | .*:layout_marginBottom
673 |
674 | http://schemas.android.com/apk/res/android
675 |
676 |
677 |
678 |
679 |
680 |
681 |
682 |
683 | .*:layout_marginStart
684 |
685 | http://schemas.android.com/apk/res/android
686 |
687 |
688 |
689 |
690 |
691 |
692 |
693 |
694 | .*:layout_marginEnd
695 |
696 | http://schemas.android.com/apk/res/android
697 |
698 |
699 |
700 |
701 |
702 |
703 |
704 |
705 | .*:layout_marginLeft
706 |
707 | http://schemas.android.com/apk/res/android
708 |
709 |
710 |
711 |
712 |
713 |
714 |
715 |
716 | .*:layout_marginRight
717 |
718 | http://schemas.android.com/apk/res/android
719 |
720 |
721 |
722 |
723 |
724 |
725 |
726 |
727 | .*:layout_.*
728 |
729 | http://schemas.android.com/apk/res/android
730 |
731 |
732 | BY_NAME
733 |
734 |
735 |
736 |
737 |
738 |
739 | .*:padding
740 |
741 | http://schemas.android.com/apk/res/android
742 |
743 |
744 |
745 |
746 |
747 |
748 |
749 |
750 | .*:paddingTop
751 |
752 | http://schemas.android.com/apk/res/android
753 |
754 |
755 |
756 |
757 |
758 |
759 |
760 |
761 | .*:paddingBottom
762 |
763 | http://schemas.android.com/apk/res/android
764 |
765 |
766 |
767 |
768 |
769 |
770 |
771 |
772 | .*:paddingStart
773 |
774 | http://schemas.android.com/apk/res/android
775 |
776 |
777 |
778 |
779 |
780 |
781 |
782 |
783 | .*:paddingEnd
784 |
785 | http://schemas.android.com/apk/res/android
786 |
787 |
788 |
789 |
790 |
791 |
792 |
793 |
794 | .*:paddingLeft
795 |
796 | http://schemas.android.com/apk/res/android
797 |
798 |
799 |
800 |
801 |
802 |
803 |
804 |
805 | .*:paddingRight
806 |
807 | http://schemas.android.com/apk/res/android
808 |
809 |
810 |
811 |
812 |
813 |
814 |
815 |
816 | .*
817 | http://schemas.android.com/apk/res/android
818 |
819 |
820 | BY_NAME
821 |
822 |
823 |
824 |
825 |
826 |
827 | .*
828 | http://schemas.android.com/apk/res-auto
829 |
830 |
831 | BY_NAME
832 |
833 |
834 |
835 |
836 |
837 |
838 | .*
839 | http://schemas.android.com/tools
840 |
841 |
842 | BY_NAME
843 |
844 |
845 |
846 |
847 |
848 |
849 | .*
850 | .*
851 |
852 |
853 | BY_NAME
854 |
855 |
856 |
857 |
858 |
859 |
860 |
861 |
862 |
863 |
864 |
865 |
866 |
867 |
868 |
869 |
--------------------------------------------------------------------------------
/.idea/codeStyles/codeStyleConfig.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.prettierrc.yml:
--------------------------------------------------------------------------------
1 | # we need this, otherwise the gotpl brackes are
2 | # broken in .yaml helm templates
3 | bracketSpacing: false
4 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | release-all: package-all
2 | cr upload --push --skip-existing
3 | cr index --push
4 |
5 | package-all:
6 | cr package charts/postgres-pgdump-backup
7 | cr package charts/iperf3
8 | cr package charts/rundeck
9 | cr package charts/openldap-test
10 | cr package charts/vulnz-nvd-mirror
11 | cr package charts/cert-manager-cloudflare-config
12 | cr package charts/localpath
13 | cr package charts/whatsmyip
14 | cr package charts/whoami
15 | cr package charts/coredns-private-dns-fix
16 | cr package charts/longhorn-backup-config
17 | cr package charts/iobroker
18 | cr package charts/network-tools
19 | cr package charts/gradle-build-cache
20 |
21 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | [](https://artifacthub.io/packages/search?repo=eugen)
2 |
3 | # WAT
4 |
5 | Different kubernetes charts.
6 |
7 | - Hopefully using the current standards
8 | - If possible, uses the official docker images
9 |
10 | ## Chart repository
11 |
12 | The chart repository is hosted vi Github-Pages under [chart repository](https://github.com/EugenMayer/helm-charts/tree/gh-pages)
13 | and can be access via
14 |
15 | `https://eugenmayer.github.io/helm-charts/`
16 |
17 | See an overview of the charts using artifacthub: [](https://artifacthub.io/packages/search?repo=eugen)
18 |
19 | ## What it is not
20 |
21 | Please do consider the helm charts are **not** build to be a starter for you to understand how to install an application the first time - please use the official docs for that purpose.
22 | Please use the docs of the particular application, learn the Docker environment variables, possible configuration values and all those things.
23 | Please always use the official docs, I will not answer non-chart related questions here.
24 |
25 | So it is not a 'how to learn to run rundeck' kind of project. Thank you for respecting that :)
26 |
27 | ## Index
28 |
29 | - [rundeck](charts/rundeck): Rundeck
30 | - [postgres-pgdump-backup](charts/postgres-pgdump-backup): Automated Postgres DB backups
31 | - [iperf3](charts/iperf3): Iperf for network performance tests
32 | - [openldap-test](charts/openldap-test): Pre-Provisioned ldap server for tests
33 | - [vulnz-nvd-mirror](charts/vulnz-nvd-mirror): NVD vuln mirror
34 | - [cert-manager-cloudflare-config](charts/cert-manager-cloudflare-config): Cert Manager Cloudflare ACME config CRD)
35 | - [localpath](charts/localpath): Rancher localpath
36 | - [whatsmyip](charts/whatsmyip): Responds with your external ip - great for dyndns
37 | - [whoami](charts/whoami): Simple pong service for ingress tests and http header tests
38 | - [coredns-private-dns-fix](charts/coredns-private-dns-fix): Fix coreDNS private DNS resolving
39 | - [ioBroker](charts/iobroker): Home automation ioBroker
40 | - [longhorn-backup-config](charts/longhorn-backup-config): Longhorn backup configuration (CRD)
41 | - [network-tools](charts/network-tools): Multi-Pod network debugging tools
42 | - [gradle-build-cache](charts/gradle-build-cache) Remote and centralized gradle build cache server
43 | - [nist-data-mirror (deprecated)](charts/nist-data-mirror)
44 |
45 | ## Releasing
46 |
47 | We are using [chart-releaser](https://github.com/helm/chart-releaser)
48 | This will release all packages that have been changed and update the `index.yaml` under `gh-pages`.
49 |
50 | ```bash
51 | # export the gh token
52 | export CR_TOKEN=
53 | make release-all
54 | ```
55 |
--------------------------------------------------------------------------------
/charts/cert-manager-cloudflare-config/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 1.1.0
2 | - First public release
3 |
--------------------------------------------------------------------------------
/charts/cert-manager-cloudflare-config/Chart.yaml:
--------------------------------------------------------------------------------
1 | name: cert-manager-cloudflare-config
2 | description: Cert-Manager config for lets encrypt ACME via Cloudflare (DNS01)
3 | version: 1.1.0
4 | apiVersion: v2
5 | appVersion: 1.0.0
6 |
--------------------------------------------------------------------------------
/charts/cert-manager-cloudflare-config/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | Deploys the configuration needed to run ACME DNS01 based certificates in the Cert-Manager, using Cloudflares API as
4 | challenge.
5 |
6 | # Install
7 |
8 | ```bash
9 | helm repo add eugenmayer https://eugenmayer.github.io/helm-charts/
10 | helm install eugenmayer/coredns-private-dns-fix
11 | ```
12 |
13 | # Why
14 |
15 | Since `ClusterIssuer` is a CRD you cannot deploy Cert-Manager via the helm-chart AND also deploy this configuration
16 | since it won't be known in the same deployment (in terraform). It is pragmatic to have a simple config chart deploying
17 | that specific CRD, so you can depend on it.
18 |
--------------------------------------------------------------------------------
/charts/cert-manager-cloudflare-config/templates/le_issuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: ClusterIssuer
3 | metadata:
4 | name: le
5 | namespace: {{.Release.Namespace}}
6 | spec:
7 | acme:
8 | email: {{required "Please set the dns email!" .Values.le.dns.email}}
9 | privateKeySecretRef:
10 | name: le
11 | server: {{.Values.le.server}}
12 | solvers:
13 | # see https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/
14 | - dns01:
15 | cloudflare:
16 | email: {{required "Please set the dns email!" .Values.le.dns.email}}
17 | apiTokenSecretRef:
18 | name: {{required "Please set the dns secret name!" .Values.le.dns.secret.name}}
19 | key: {{required "Please set the dns secret key!" .Values.le.dns.secret.key}}
20 |
--------------------------------------------------------------------------------
/charts/cert-manager-cloudflare-config/values.yaml:
--------------------------------------------------------------------------------
1 | le:
2 | # use "https://acme-staging-v02.api.letsencrypt.org/directory" for staging
3 | server: "https://acme-v02.api.letsencrypt.org/directory"
4 | dns:
5 | email:
6 | secret:
7 | name:
8 | key:
9 |
--------------------------------------------------------------------------------
/charts/coredns-private-dns-fix/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 0.1.1
2 | - Fix formatting
3 |
4 | ## 0.1.0
5 | - First public release
6 |
--------------------------------------------------------------------------------
/charts/coredns-private-dns-fix/Chart.yaml:
--------------------------------------------------------------------------------
1 | name: coredns-private-dns-fix
2 | description: Ensure coredns uses dns upstreams in a sequential order to fix private DNS resolving
3 | version: 0.1.1
4 | apiVersion: v2
5 | appVersion: 0.1.0
6 |
--------------------------------------------------------------------------------
/charts/coredns-private-dns-fix/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | CoreDNS has an "interesting" default behavior which is not expected in the linux world.
4 |
5 | **Linux way / expected**
6 | When 2 DNS servers are presented via the resolv.conf / DNS tree, we would expect it to pick
7 | the first one in order and try resolving. Then, if that fails (the server is not reachable) it would
8 | try to pick the second one. https://linux.die.net/man/5/resolv.conf
9 |
10 | > if there are multiple servers, the resolver library queries them in the order listed.
11 |
12 | **CoreDNS way**
13 | Instead of doing it as expected above, CoreDNS picks "one of the servers" round-robbing/random style.
14 | It load balances through the servers, equally distributed. https://coredns.io/plugins/forward/
15 |
16 | > TO… are the destination endpoints to forward to. The TO syntax allows you to specify a protocol, tls://9.9.9.9 or dns:// (or no protocol) for plain DNS. The number of upstreams is limited to 15.
17 | Multiple upstreams are randomized (see policy) on first use. When a healthy proxy returns an error during the exchange the next upstream in the list is tried.
18 |
19 | > policy specifies the policy to use for selecting upstream servers. The default is random.
20 | random is a policy that implements random upstream selection.
21 |
22 | Especially if the first server is a private / internal DNS and the second one is the typical "8.8.8.8" upstream
23 | public dns for fallback, the above leads to issues.
24 |
25 | Every second time we cannot resolve our private dns entries.
26 |
27 | This chart fixes this by using a coredns override and lets coredns work sequential - as in linux. See https://k3d.io/v5.3.0/usage/k3s/#modifications
28 |
29 | ## Works for
30 |
31 | - k3s
32 | - rke2
33 |
34 | ## Install
35 |
36 | ```bash
37 | helm repo add eugenmayer https://eugenmayer.github.io/helm-charts/
38 | helm install eugenmayer/coredns-private-dns-fix
39 | ```
40 |
41 | ## More
42 |
43 | See https://github.com/k3s-io/k3s/discussions/7822#discussioncomment-6307840
44 |
--------------------------------------------------------------------------------
/charts/coredns-private-dns-fix/templates/coredns-custom-config-map.yaml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: coredns-custom
5 | namespace: kube-system
6 | data:
7 | forward.override: |-
8 | forward . /etc/resolv.conf {
9 | policy sequential
10 | }
11 |
12 |
--------------------------------------------------------------------------------
/charts/gradle-build-cache/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: common
3 | repository: oci://tccr.io/truecharts
4 | version: 25.4.8
5 | digest: sha256:88ffa524d01143070c03894d7077cce7cd759fb34c886ca258e30c6a18f1bee3
6 | generated: "2025-01-27T08:37:49.534219817+01:00"
7 |
--------------------------------------------------------------------------------
/charts/gradle-build-cache/Chart.yaml:
--------------------------------------------------------------------------------
1 | kubeVersion: ">=1.24.0-0"
2 | apiVersion: v2
3 | name: gradle-build-cache
4 | version: 0.0.2
5 | appVersion: 20.1
6 | description: Hosts the official gradle build cache node
7 | home: https://github.com/EugenMayer/helm-charts/tree/main/charts/gradle-build-cache
8 | deprecated: false
9 | keywords:
10 | - network
11 | - tools
12 | - development
13 | sources:
14 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/gradle-build-cache
15 | dependencies:
16 | - name: common
17 | # https://github.com/truecharts/public/blob/master/charts/library/common/Chart.yaml
18 | version: 25.4.8
19 | repository: oci://tccr.io/truecharts
20 | condition: ""
21 | alias: ""
22 | tags: []
23 | import-values: []
24 | type: application
25 |
--------------------------------------------------------------------------------
/charts/gradle-build-cache/Makefile:
--------------------------------------------------------------------------------
1 | update:
2 | helm dependency update
3 |
--------------------------------------------------------------------------------
/charts/gradle-build-cache/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | Lets you host the official gradle build cache on your k8s cluster - uses the official [docker container](https://hub.docker.com/r/gradle/build-cache-node/) by the Gradle team and wraps it in a simple chart.
4 |
5 | ### Config
6 |
7 | If you want to provide your config (which you most probably will do in prodduction), you need to deploy a k8s secret that includes a key `config.yaml`, holding the entire/vanilla gradle-build-cache configuration-yaml as
8 | a base64 encoded string. See the (official docs)(https://docs.gradle.com/build-cache-node/#editing_the_file).
9 | You will then need to enable it in the `persistence.config-secret`, and if you used a custom name,
10 | override `objectName`
11 |
12 | ```yaml
13 | persistence:
14 | config-secret:
15 | enabled: true
16 | objectName: 'gradle-cache-config'
17 | ```
18 |
19 | ### Persistence
20 |
21 | By default, the cache data is persistent, see persistence in [values.yml](./values.yaml)
22 |
23 | ### Values
24 |
25 | Check the [values.yml](./values.yaml) file
26 |
27 | # Credits
28 |
29 | All the credits to [gradles build cache](https://docs.gradle.com/build-cache-node/) doing the actual work.
30 |
--------------------------------------------------------------------------------
/charts/gradle-build-cache/charts/common-25.4.8.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EugenMayer/helm-charts/69fbb6b596975a5e55f5891186e23e365956470d/charts/gradle-build-cache/charts/common-25.4.8.tgz
--------------------------------------------------------------------------------
/charts/gradle-build-cache/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- include "tc.v1.common.lib.chart.notes" $ -}}
2 |
--------------------------------------------------------------------------------
/charts/gradle-build-cache/templates/common.yaml:
--------------------------------------------------------------------------------
1 | {{ include "tc.v1.common.loader.all" . }}
2 |
--------------------------------------------------------------------------------
/charts/gradle-build-cache/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | repository: gradle/build-cache-node
3 | # see https://hub.docker.com/r/gradle/build-cache-node/tags
4 | tag: "20.1"
5 | pullPolicy: Always
6 |
7 | service:
8 | main:
9 | ports:
10 | main:
11 | port: 5071
12 | targetPort: 5071
13 |
14 | workload:
15 | main:
16 | replicas: 1
17 | strategy: Recreate
18 | type: Deployment
19 | podSpec:
20 | initContainers:
21 | init-config:
22 | enabled: true
23 | type: init
24 | imageSelector: image
25 | # we need to copy the config since mounting the secret would make the file read only
26 | # which crashes the build cache server (required rw). So we jump through hoops
27 | command:
28 | - /bin/sh
29 | - -ce
30 | args:
31 | - |
32 | echo "Copying config.yaml file..."
33 | if [ -f /tmp/conf/config.yaml ]; then
34 | cp /tmp/conf/config.yaml /data/conf/config.yaml
35 | echo "...done"
36 | else
37 | echo 'config.yaml does not exist'
38 | fi
39 | containers:
40 | main:
41 | args:
42 | - start
43 | probes:
44 | startup:
45 | enabled: true
46 | port: 5071
47 | type: tcp
48 | spec:
49 | initialDelaySeconds: 5
50 | periodSeconds: 3
51 | failureThreshold: 6
52 | readiness:
53 | enabled: true
54 | port: 5071
55 | type: tcp
56 | spec:
57 | initialDelaySeconds: 5
58 | periodSeconds: 3
59 | failureThreshold: 6
60 | liveness:
61 | enabled: true
62 | type: tcp
63 | port: 5071
64 | spec:
65 | initialDelaySeconds: 1
66 | periodSeconds: 5
67 | failureThreshold: 3
68 |
69 | securityContext:
70 | container:
71 | readOnlyRootFilesystem: false
72 | runAsNonRoot: false
73 | runAsUser: 0
74 | runAsGroup: 0
75 |
76 | persistence:
77 | cache:
78 | enabled: true
79 | size: 1Gi
80 | mountPath: "/data/system"
81 | config:
82 | enabled: true
83 | size: 1Mi
84 | mountPath: "/data/conf"
85 | targetSelectAll: all
86 | type: emptyDir
87 | config-secret:
88 | # Enable if you want to preseed a config
89 | enabled: false
90 | type: secret
91 | objectName: 'gradle-cache-config'
92 | expandObjectName: false
93 | targetSelector:
94 | main:
95 | init-config:
96 | # this secret needs to have a property called 'config.yaml' that is the base64 encoded gradle-cache config
97 | # see https://docs.gradle.com/build-cache-node/#editing_the_file
98 | mountPath: "/tmp/conf/config.yaml"
99 | subPath: 'config.yaml'
100 |
101 | portal:
102 | open:
103 | enabled: false
104 |
105 |
--------------------------------------------------------------------------------
/charts/iobroker/.gitignore:
--------------------------------------------------------------------------------
1 | charts
2 |
--------------------------------------------------------------------------------
/charts/iobroker/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | .vscode/
23 | # OWNERS file for Kubernetes
24 | OWNERS
25 | # helm-docs templates
26 | *.gotmpl
27 | # docs folder
28 | /docs
29 | # icon
30 | icon.png
31 |
--------------------------------------------------------------------------------
/charts/iobroker/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 0.2.6
2 |
3 | - Update iobroker to 9.1.2
4 |
5 | ## 0.1.0
6 |
7 | - First public release
8 |
--------------------------------------------------------------------------------
/charts/iobroker/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: common
3 | repository: oci://tccr.io/truecharts
4 | version: 20.2.13
5 | digest: sha256:50603df9eb942a536f02603977787f5c6c47a1c1fbf2296a4ffd2dc12414f85f
6 | generated: "2024-04-06T11:16:54.367589862+02:00"
7 |
--------------------------------------------------------------------------------
/charts/iobroker/Chart.yaml:
--------------------------------------------------------------------------------
1 | kubeVersion: ">=1.24.0-0"
2 | apiVersion: v2
3 | name: iobroker
4 | version: 0.2.6
5 | # see https://hub.docker.com/r/iobroker/iobroker/tags
6 | appVersion: v9.1.2
7 | description: home automation via ioBroker
8 | home: https://github.com/EugenMayer/helm-charts/tree/main/charts/iobroker
9 | deprecated: false
10 | sources:
11 | - https://www.iobroker.net/
12 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/iobroker
13 | - https://github.com/buanet/ioBroker.docker
14 | keywords:
15 | - iobroker
16 | - home-automation
17 | dependencies:
18 | - name: common
19 | # https://artifacthub.io/packages/helm/truecharts-library-charts/common
20 | version: 20.2.13
21 | repository: oci://tccr.io/truecharts
22 | condition: ""
23 | alias: ""
24 | tags: []
25 | import-values: []
26 | type: application
27 |
--------------------------------------------------------------------------------
/charts/iobroker/Makefile:
--------------------------------------------------------------------------------
1 | update:
2 | helm dependency update
3 | helm dependency build
--------------------------------------------------------------------------------
/charts/iobroker/README.md:
--------------------------------------------------------------------------------
1 | # DISCONTINUED
2 |
3 | For now, if nobody opts in to maintain this chart, i will not update it since i moved on to home-assistant.
4 | The chart should work (as of now) and you can update the image version via the values.yaml without being in need
5 | of a chart release.
6 |
7 | If you are willing to maintain this chart, write me and create a PR removing this section.
8 |
9 | # WAT
10 |
11 | ioBroker in kubernetes - that is what we go for here.
12 |
13 | The helm chart is based on the official ioBroker [docker image by buanet](https://github.com/buanet/ioBroker.docker)
14 |
15 | This chart is based on [TrueCharts](https://truecharts.org/)
16 |
17 | # Configuration
18 |
19 | ## Ingress
20 |
21 | You can enable creating the ingress, just see [values.yaml](values.yaml) - disabled by default.
22 | See more under [ingress](https://truecharts.org/manual/helm/common/ingress/).
23 |
24 | ## Volumes
25 |
26 | See [values.yaml](values.yaml) under `persistence`. The default is that a PVC is created. More under [persistence](https://truecharts.org/manual/helm/common/persistence/)
27 | You could add custom volume mounts, use NFS mounts, empty dir or whatever you like.
28 |
29 | ## Env Variables
30 |
31 | For now, there are not "quick settings", so all you need to do is set `env` section with what you need, a
32 | [see the reference for possible env vars](https://docs.buanet.de/iobroker-docker-image/docs/#environment-variables-env)
33 |
34 | ```yaml
35 | workload:
36 | main:
37 | podSpec:
38 | containers:
39 | main:
40 | env:
41 | DEBUG: true
42 | PACKAGES: "nfs-common tcpdump"
43 | ```
44 |
45 | # Network
46 |
47 | If you want to attach a specific VLAN and have autodiscovery / multicast / unicast support, please see [README.networking.md](./README.networking.md)
48 |
49 |
50 | # Buid
51 |
52 | ```bash
53 | helm dependency build
54 | ```
55 |
56 | # Credits
57 |
58 | Well most of the work has been done on the containerization side by [buanet](https://github.com/buanet) - so give him a heads up on the [project]((https://github.com/buanet/ioBroker.docker))
59 | Also credits to the [TrueCharts Team](https://truecharts.org/) for the helm chart library making this one so much easier to implement.
60 |
--------------------------------------------------------------------------------
/charts/iobroker/README.networking.md:
--------------------------------------------------------------------------------
1 | # Configure your network
2 |
3 | For auto-discovery you will need to add a bit of more configuration.
4 |
5 | In my case here, i will add a guide how to use [multus](https://github.com/k8snetworkplumbingwg/multus-cni) to attach additional interfaces to the ioBroker pod.
6 | I do not intend to explain or utilize on how to use "host networking" or anything else, that is a huge issue in itself.
7 |
8 | I will explain 2 scenarios
9 |
10 | - `macvlan` simple macvlan to just expose the pod to the host network
11 | - `hostdevice` binds the host-nic directly into the pod
12 | If you are not sure what you need, please see [this guide](https://devopstales.github.io/kubernetes/multus/) - it's a good read.
13 |
14 | ## Macvlan
15 |
16 | So to start with, install the `multus` CNI as and additional CNI to what ever you have right now.
17 |
18 | Then deploy a macvlan NAD via CRD. You should most probably adjust
19 |
20 | - `eth1` - your second interface on your node might be name something else
21 | - `subnet/ranges/`
22 | -
23 |
24 | ```yaml
25 | apiVersion: "k8s.cni.cncf.io/v1"
26 | kind: NetworkAttachmentDefinition
27 | metadata:
28 | name: iobroker-macvlan
29 | spec:
30 | config: '{
31 | "name": "iobroker-macvlan",
32 | "cniVersion": "0.3.1",
33 | "type": "macvlan",
34 | "master": "eth1",
35 | "mode": "bridge",
36 | "ipam": {
37 | "type": "host-local",
38 | "subnet": "192.168.1.0/24",
39 | "rangeStart": "192.168.1.200",
40 | "rangeEnd": "192.168.1.216",
41 | "gateway": "192.168.1.1"
42 | }
43 | }'
44 | ```
45 |
46 | Now, to add this network to you iobroker pod in this chart, just set
47 |
48 | ```yaml
49 | workload:
50 | main:
51 | podSpec:
52 | annotations:
53 | k8s.v1.cni.cncf.io/networks: "iobroker-macvlan"
54 | ```
55 |
56 | If you want multiple / more interfaces and go beyond this, please see the [quickstart guide](https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/quickstart.md)
57 |
58 | ## host device
59 |
60 | This will use a host interface, usually a second interface you have on your node you want to dedicate to iobroker and
61 | bind that one to the iobroker pod directly.
62 |
63 | - be sure to use the address that was used on the host and use the right network.
64 | - `240.0.0.0/4` is for multicast
65 |
66 | ```yaml
67 | apiVersion: "k8s.cni.cncf.io/v1"
68 | kind: NetworkAttachmentDefinition
69 | metadata:
70 | name: iobroker-host
71 | spec:
72 | config: '{
73 | "name": "iot-iobroker-host",
74 | "cniVersion": "0.3.1",
75 | "type": "host-device",
76 | "device": "eth1",
77 | "ipam": {
78 | "type": "static",
79 | "addresses": [
80 | {
81 | "address": "192.168.1.10/24",
82 | "gateway": "192.168.1.1"
83 | }
84 | ],
85 | "routes": [ {"dst": "240.0.0.0/4"} ]
86 | }
87 | }'
88 | ```
89 |
90 | Now, to add this network to you iobroker pod in this chart, just set
91 |
92 | ```yaml
93 | workload:
94 | main:
95 | podSpec:
96 | annotations:
97 | k8s.v1.cni.cncf.io/networks: "iobroker-host"
98 | ```
99 |
--------------------------------------------------------------------------------
/charts/iobroker/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- include "tc.v1.common.lib.chart.notes" $ -}}
2 |
--------------------------------------------------------------------------------
/charts/iobroker/templates/common.yaml:
--------------------------------------------------------------------------------
1 | {{ include "tc.v1.common.loader.all" . }}
2 |
--------------------------------------------------------------------------------
/charts/iobroker/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | # see https://github.com/buanet/ioBroker.docker
3 | # https://hub.docker.com/r/iobroker/iobroker/tags
4 | # https://github.com/buanet/ioBroker.docker/pkgs/container/iobroker
5 | #repository: iobroker/iobroker
6 | repository: ghcr.io/buanet/iobroker
7 | pullPolicy: IfNotPresent
8 | tag: v9.1.2
9 |
10 | service:
11 | main:
12 | ports:
13 | main:
14 | port: 8081
15 | targetPort: 8081
16 |
17 | persistence:
18 | config:
19 | enabled: true
20 | size: 1Gi
21 | mountPath: "/opt/iobroker"
22 |
23 | portal:
24 | open:
25 | enabled: false
26 |
27 | securityContext:
28 | container:
29 | # yet iobroker is not rootless
30 | capabilities:
31 | add:
32 | - NET_RAW
33 | # TODO: drop as many as possible. ALL is too much though
34 | drop: []
35 | readOnlyRootFilesystem: false
36 | allowPrivilegeEscalation: true
37 | # image requires start as root for a couple of things and the de-escalates to 568:568
38 | runAsGroup: 0
39 | runAsUser: 0
40 |
41 | workload:
42 | main:
43 | replicas: 1
44 | strategy: Recreate
45 | podSpec:
46 | containers:
47 | main:
48 | env:
49 | # see https://docs.buanet.de/iobroker-docker-image/docs/#environment-variables-env
50 | DEBUG: false
51 | # trueCharts default is 568:568 and it is setting it via PUID/PGID
52 | # which is not yet supported by the iobroker image, see https://github.com/buanet/ioBroker.docker/issues/419
53 | SETGID: 568
54 | SETUID: 568
55 | probes:
56 | readiness:
57 | type: "exec"
58 | command:
59 | - /bin/bash
60 | - /opt/scripts/healthcheck.sh
61 | liveness:
62 | type: "exec"
63 | command:
64 | - /bin/bash
65 | - /opt/scripts/healthcheck.sh
66 | spec:
67 | initialDelaySeconds: 60
68 | periodSeconds: 5
69 | startup:
70 | type: "exec"
71 | command:
72 | - /bin/bash
73 | - /opt/scripts/healthcheck.sh
74 |
75 | # see more under https://truecharts.org/manual/helm/common/ingress/
76 | ingress:
77 | main:
78 | enabled: false
79 | primary: true
80 | required: false
81 | ingressClassName: ""
82 | targetSelector:
83 | main: main
84 | hosts:
85 | - host: my-iobroker.local
86 | paths:
87 | - path: /
88 | pathType: Prefix
89 |
--------------------------------------------------------------------------------
/charts/iperf3/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | description: IPerf3 server to benchmark kubernetes networking
3 | name: iperf3
4 | home: https://iperf.fr/iperf-download.php
5 | version: 0.2.2
6 | appVersion: 3.0.0
7 | keywords:
8 | - benchmark
9 | - network
10 | - tools
11 | sources:
12 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/iperf3
13 |
--------------------------------------------------------------------------------
/charts/iperf3/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | Runs an Iperf3 server, by default exposed by an LoadBalancer service.
4 |
5 | You usually run this chart temporary to measure and debug kubernetes network aspects and benchmark your throughput.
6 |
7 | # Values
8 |
9 | Check the `values.yaml` file
10 |
11 | # Usage
12 |
13 | Deploy the chart, set the externalIp to a ip on your control-plane and then run
14 |
15 | ```bash
16 | iperf3 -c -p 5201
17 | ```
18 |
--------------------------------------------------------------------------------
/charts/iperf3/templates/deployment.yml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: {{.Chart.Name}}
5 | spec:
6 | replicas: {{ .Values.replicas }}
7 | revisionHistoryLimit: 1
8 | selector:
9 | matchLabels:
10 | app.kubernetes.io/name: iperf3
11 | app.kubernetes.io/instance: {{.Release.Name}}
12 | strategy:
13 | type: Recreate
14 | template:
15 | metadata:
16 | labels:
17 | app.kubernetes.io/name: iperf3
18 | app.kubernetes.io/instance: {{.Release.Name}}
19 | spec:
20 | containers:
21 | - name: iperf3
22 | image: {{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}
23 | command:
24 | - iperf3
25 | - -s
26 | - -p 40000
27 | - -i 1
28 | - --forceflush
29 | {{- if .Values.verbose }}
30 | - -V
31 | {{- end }}
32 | ports:
33 | - name: iperf3
34 | containerPort: 40000
35 | protocol: TCP
36 | restartPolicy: Always
37 | status: {}
38 |
--------------------------------------------------------------------------------
/charts/iperf3/templates/service.yml:
--------------------------------------------------------------------------------
1 | {{- if .Values.service.enabled -}}
2 | ---
3 | apiVersion: v1
4 | kind: Service
5 | metadata:
6 | name: iperf3
7 | spec:
8 | type: LoadBalancer
9 | {{- if .Values.service.externalIp -}}
10 | externalIPs:
11 | - {{.Values.service.externalIp}}
12 | {{- end }}
13 | selector:
14 | app.kubernetes.io/name: iperf3
15 | app.kubernetes.io/instance: {{.Release.Name}}
16 | ports:
17 | - protocol: TCP
18 | port: {{.Values.service.port}}
19 | targetPort: 40000
20 | {{- end }}
21 |
--------------------------------------------------------------------------------
/charts/iperf3/values.yaml:
--------------------------------------------------------------------------------
1 | service:
2 | enabled: true
3 | # mandatory with enabled service. Will be the ip the LoadBalancer service binds to
4 | # externalIp:
5 | # the port to bind on the service, if enabled.
6 | port: 40000
7 | # set to true for verbose logging
8 | verbose: false
9 | # change this to set the number of replicas
10 | replicas: 1
11 | deployment:
12 | image:
13 | # if needed you can use another image
14 | repository: networkstatic/iperf3
15 | # adapt if you want to use a different tag
16 | tag: "latest"
17 |
--------------------------------------------------------------------------------
/charts/localpath/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 1.1.0
2 | - First public release
3 |
--------------------------------------------------------------------------------
/charts/localpath/Chart.yaml:
--------------------------------------------------------------------------------
1 | name: localpath
2 | description: Provisions the rancher local-path
3 | version: 1.2.0
4 | apiVersion: v2
5 | # see https://github.com/rancher/local-path-provisioner/releases
6 | appVersion: 0.0.28
7 |
--------------------------------------------------------------------------------
/charts/localpath/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | Offers ranchers local-path as helm chart
4 |
5 | # Install
6 |
7 | ```bash
8 | helm repo add eugenmayer https://eugenmayer.github.io/helm-charts/
9 | helm install eugenmayer/coredns-private-dns-fix
10 | ```
11 |
12 | # Future
13 |
14 | Migrate to https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart/local-path-provisioner when it becomes
15 | available as a chart.
16 |
17 | # Upgrade
18 |
19 | Copied/copy from https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml to [templates/](templates/localpath.yaml)
20 |
--------------------------------------------------------------------------------
/charts/localpath/templates/localpath.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: local-path-storage
5 |
6 | ---
7 | apiVersion: v1
8 | kind: ServiceAccount
9 | metadata:
10 | name: local-path-provisioner-service-account
11 | namespace: local-path-storage
12 |
13 | ---
14 | apiVersion: rbac.authorization.k8s.io/v1
15 | kind: Role
16 | metadata:
17 | name: local-path-provisioner-role
18 | namespace: local-path-storage
19 | rules:
20 | - apiGroups: [""]
21 | resources: ["pods"]
22 | verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
23 |
24 | ---
25 | apiVersion: rbac.authorization.k8s.io/v1
26 | kind: ClusterRole
27 | metadata:
28 | name: local-path-provisioner-role
29 | rules:
30 | - apiGroups: [""]
31 | resources: ["nodes", "persistentvolumeclaims", "configmaps", "pods", "pods/log"]
32 | verbs: ["get", "list", "watch"]
33 | - apiGroups: [""]
34 | resources: ["persistentvolumes"]
35 | verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
36 | - apiGroups: [""]
37 | resources: ["events"]
38 | verbs: ["create", "patch"]
39 | - apiGroups: ["storage.k8s.io"]
40 | resources: ["storageclasses"]
41 | verbs: ["get", "list", "watch"]
42 |
43 | ---
44 | apiVersion: rbac.authorization.k8s.io/v1
45 | kind: RoleBinding
46 | metadata:
47 | name: local-path-provisioner-bind
48 | namespace: local-path-storage
49 | roleRef:
50 | apiGroup: rbac.authorization.k8s.io
51 | kind: Role
52 | name: local-path-provisioner-role
53 | subjects:
54 | - kind: ServiceAccount
55 | name: local-path-provisioner-service-account
56 | namespace: local-path-storage
57 |
58 | ---
59 | apiVersion: rbac.authorization.k8s.io/v1
60 | kind: ClusterRoleBinding
61 | metadata:
62 | name: local-path-provisioner-bind
63 | roleRef:
64 | apiGroup: rbac.authorization.k8s.io
65 | kind: ClusterRole
66 | name: local-path-provisioner-role
67 | subjects:
68 | - kind: ServiceAccount
69 | name: local-path-provisioner-service-account
70 | namespace: local-path-storage
71 |
72 | ---
73 | apiVersion: apps/v1
74 | kind: Deployment
75 | metadata:
76 | name: local-path-provisioner
77 | namespace: local-path-storage
78 | spec:
79 | replicas: 1
80 | selector:
81 | matchLabels:
82 | app: local-path-provisioner
83 | template:
84 | metadata:
85 | labels:
86 | app: local-path-provisioner
87 | spec:
88 | serviceAccountName: local-path-provisioner-service-account
89 | containers:
90 | - name: local-path-provisioner
91 | image: rancher/local-path-provisioner:master-head
92 | imagePullPolicy: IfNotPresent
93 | command:
94 | - local-path-provisioner
95 | - --debug
96 | - start
97 | - --config
98 | - /etc/config/config.json
99 | volumeMounts:
100 | - name: config-volume
101 | mountPath: /etc/config/
102 | env:
103 | - name: POD_NAMESPACE
104 | valueFrom:
105 | fieldRef:
106 | fieldPath: metadata.namespace
107 | - name: CONFIG_MOUNT_PATH
108 | value: /etc/config/
109 | volumes:
110 | - name: config-volume
111 | configMap:
112 | name: local-path-config
113 |
114 | ---
115 | apiVersion: storage.k8s.io/v1
116 | kind: StorageClass
117 | metadata:
118 | name: local-path
119 | provisioner: rancher.io/local-path
120 | volumeBindingMode: WaitForFirstConsumer
121 | reclaimPolicy: Delete
122 |
123 | ---
124 | kind: ConfigMap
125 | apiVersion: v1
126 | metadata:
127 | name: local-path-config
128 | namespace: local-path-storage
129 | data:
130 | config.json: |-
131 | {
132 | "nodePathMap":[
133 | {
134 | "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
135 | "paths":["/opt/local-path-provisioner"]
136 | }
137 | ]
138 | }
139 | setup: |-
140 | #!/bin/sh
141 | set -eu
142 | mkdir -m 0777 -p "$VOL_DIR"
143 | teardown: |-
144 | #!/bin/sh
145 | set -eu
146 | rm -rf "$VOL_DIR"
147 | helperPod.yaml: |-
148 | apiVersion: v1
149 | kind: Pod
150 | metadata:
151 | name: helper-pod
152 | spec:
153 | priorityClassName: system-node-critical
154 | tolerations:
155 | - key: node.kubernetes.io/disk-pressure
156 | operator: Exists
157 | effect: NoSchedule
158 | containers:
159 | - name: helper-pod
160 | image: busybox
161 | imagePullPolicy: IfNotPresent
162 |
--------------------------------------------------------------------------------
/charts/longhorn-backup-config/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 0.0.2
2 |
3 | - Introduce group parameter for backups
4 |
--------------------------------------------------------------------------------
/charts/longhorn-backup-config/Chart.yaml:
--------------------------------------------------------------------------------
1 | name: longhorn-backup-config
2 | description: Configure longhorn backups
3 | version: 0.0.2
4 | apiVersion: v2
5 | appVersion: 0.0.1
6 |
--------------------------------------------------------------------------------
/charts/longhorn-backup-config/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | Lets you deploy a Longhorn Backup Definition (CRD) via a helm, which helps deploying via terraform when rolling out
4 | an entire cluster at ones (CRD henn egg problem)
5 |
6 | ## Install
7 |
8 | ```bash
9 | helm repo add eugenmayer https://eugenmayer.github.io/helm-charts/
10 | helm install eugenmayer/longhorn-backup-config
11 | ```
12 |
--------------------------------------------------------------------------------
/charts/longhorn-backup-config/templates/schedule-daily.yaml:
--------------------------------------------------------------------------------
1 | # https://longhorn.io/docs/1.6.1/snapshots-and-backups/scheduling-backups-and-snapshots/#using-the-manifest
2 |
3 | apiVersion: longhorn.io/v1beta1
4 | kind: RecurringJob
5 | metadata:
6 | name: {{ .Values.longhorn.backup.schedule_label }}-backup
7 | spec:
8 | cron: {{ .Values.longhorn.backup.cron }}
9 | task: "backup-force-create"
10 | groups:
11 | {{- with .Values.longhorn.backup.groups }}
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | retain: {{ .Values.longhorn.backup.retain }}
15 | concurrency: {{ .Values.longhorn.backup.concurrency }}
16 | labels:
17 | schedule: {{ .Values.longhorn.backup.schedule_label }}
18 |
--------------------------------------------------------------------------------
/charts/longhorn-backup-config/values.yaml:
--------------------------------------------------------------------------------
1 | longhorn:
2 | backup:
3 | groups:
4 | - default
5 | cron: "20 2 * * *"
6 | retain: 7
7 | concurrency: 3
8 | schedule_label: daily
9 |
--------------------------------------------------------------------------------
/charts/network-tools/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: common
3 | repository: oci://tccr.io/truecharts
4 | version: 25.4.2
5 | digest: sha256:5c215489de7cd01ef00adf256de23189b8fb6a3e199db06369a1ac24f45b7b9e
6 | generated: "2025-01-07T11:00:55.037521646+01:00"
7 |
--------------------------------------------------------------------------------
/charts/network-tools/Chart.yaml:
--------------------------------------------------------------------------------
1 | name: network-tools
2 | description: Debugging Tools / Pods
3 | version: 0.2.3
4 | apiVersion: v2
5 | appVersion: 1.1.0
6 | keywords:
7 | - network
8 | - tools
9 | - development
10 | sources:
11 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/network-tools
12 | home: https://github.com/EugenMayer/helm-charts/tree/main/charts/network-tools
13 | dependencies:
14 | - name: common
15 | # https://artifacthub.io/packages/helm/truecharts-library-charts/common
16 | version: 25.4.2
17 | repository: oci://tccr.io/truecharts
18 | condition: ""
19 | alias: ""
20 | tags: []
21 | import-values: []
22 |
--------------------------------------------------------------------------------
/charts/network-tools/Makefile:
--------------------------------------------------------------------------------
1 | update:
2 | helm dependency update
3 |
--------------------------------------------------------------------------------
/charts/network-tools/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | Tool to debug different issues in your cluster, geared towards network debugging. Runs an `iperf` server if you need
4 | to benchmark performance. Includes DNS tools and other tools.
5 |
6 | You can add pod annotations to debug multus issues or add persistence to debug those.
--------------------------------------------------------------------------------
/charts/network-tools/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- include "tc.v1.common.lib.chart.notes" $ -}}
2 |
--------------------------------------------------------------------------------
/charts/network-tools/templates/common.yaml:
--------------------------------------------------------------------------------
1 | {{ include "tc.v1.common.loader.all" . }}
2 |
--------------------------------------------------------------------------------
/charts/network-tools/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | repository: debian
3 | tag: bookworm
4 | pullPolicy: IfNotPresent
5 |
6 | securityContext:
7 | container:
8 | runAsNonRoot: false
9 | runAsGroup: 0
10 | runAsUser: 0
11 | readOnlyRootFilesystem: false
12 |
13 | service:
14 | main:
15 | ports:
16 | main:
17 | protocol: tcp
18 | port: 5201
19 | targetPort: 5201
20 |
21 | workload:
22 | main:
23 | enabled: true
24 | replicas: 1
25 | strategy: Recreate
26 | type: Deployment
27 | podSpec:
28 | containers:
29 | main:
30 | command:
31 | - "/bin/bash"
32 | args:
33 | - "-c"
34 | - |
35 | apt update
36 | apt install -y curl wget iperf3 inetutils-ping telnet dnsutils procps iproute2 tcpdump
37 | echo "run iperf3 on port 5201"
38 | exec iperf3 -s -p 5201
39 | probes:
40 | readiness:
41 | port: 5201
42 | type: tcp
43 | spec:
44 | initialDelaySeconds: 40
45 | periodSeconds: 5
46 | failureThreshold: 2
47 | liveness:
48 | enabled: true
49 | type: tcp
50 | port: 5201
51 | spec:
52 | initialDelaySeconds: 40
53 | periodSeconds: 5
54 | failureThreshold: 2
55 | ingress:
56 | main:
57 | enabled: false
58 |
59 | portal:
60 | open:
61 | enabled: false
62 |
--------------------------------------------------------------------------------
/charts/openldap-test/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 0.2.1
2 |
3 | - Update truecharts common base
4 |
5 | ## 0.2.0
6 |
7 | - Switch from osixia to bitnami docker images. Adopt configuration
8 |
9 |
10 | ## 0.1.1
11 |
12 | - Fix smaller service declaration issues
13 |
14 | ## 0.1.0
15 |
16 | **BREAKING CHANGE**
17 |
18 | - Migrate to Truecharts
19 |
--------------------------------------------------------------------------------
/charts/openldap-test/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: common
3 | repository: oci://tccr.io/truecharts
4 | version: 25.4.2
5 | digest: sha256:5c215489de7cd01ef00adf256de23189b8fb6a3e199db06369a1ac24f45b7b9e
6 | generated: "2025-01-07T10:57:38.55256929+01:00"
7 |
--------------------------------------------------------------------------------
/charts/openldap-test/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | description: OpenLdap test / example server
3 | name: openldap-test
4 | home: https://github.com/EugenMayer/docker-image-ldapexample
5 | version: 0.2.1
6 | appVersion: 0.1.0
7 | keywords:
8 | - benchmark
9 | - network
10 | - tools
11 | - directory
12 | - test
13 | sources:
14 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/openldap-test
15 | dependencies:
16 | - name: common
17 | # https://artifacthub.io/packages/helm/truecharts-library-charts/common
18 | version: 25.4.2
19 | repository: oci://tccr.io/truecharts
20 | condition: ''
21 | alias: ''
22 | tags: []
23 | import-values: []
24 | type: application
25 |
--------------------------------------------------------------------------------
/charts/openldap-test/Makefile:
--------------------------------------------------------------------------------
1 | update:
2 | helm dependency update
3 |
--------------------------------------------------------------------------------
/charts/openldap-test/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | Chart for an OpenLDAP test server with pre-defined structure. Testing purposes only.
4 | See https://github.com/EugenMayer/docker-image-ldapexample for the structure and
5 | general documentation of the ldap server itself.
6 |
7 | # Install
8 |
9 | ```bash
10 | helm repo add eugenmayer https://eugenmayer.github.io/helm-charts/
11 | helm install eugenmayer/openldap-test
12 | ```
13 |
14 | # Values
15 |
16 | Check the `values.yaml` file
17 |
18 | If you deploy the service, be sure to set the `service.externalIp`
19 |
--------------------------------------------------------------------------------
/charts/openldap-test/charts/common-25.4.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EugenMayer/helm-charts/69fbb6b596975a5e55f5891186e23e365956470d/charts/openldap-test/charts/common-25.4.2.tgz
--------------------------------------------------------------------------------
/charts/openldap-test/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- include "tc.v1.common.lib.chart.notes" $ -}}
2 |
--------------------------------------------------------------------------------
/charts/openldap-test/templates/common.yaml:
--------------------------------------------------------------------------------
1 | {{ include "tc.v1.common.loader.all" . }}
2 |
--------------------------------------------------------------------------------
/charts/openldap-test/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | repository: ghcr.io/eugenmayer/ldaptestserver
3 | # adapt if you want to use a different tag like type1
4 | tag: 'bitnami-type2-main'
5 | pullPolicy: Always
6 |
7 | service:
8 | main:
9 | enabled: true
10 | #type: ExternalIP
11 | #externalIP:
12 | ports:
13 | main:
14 | protocol: tcp
15 | port: 389
16 | targetPort: 1389
17 | tls:
18 | enabled: true
19 | #type: ExternalIP
20 | #externalIP:
21 | ports:
22 | main:
23 | protocol: tcp
24 | port: 636
25 | targetPort: 1636
26 |
27 | workload:
28 | main:
29 | replicas: 1
30 | strategy: Recreate
31 | type: Deployment
32 | podSpec:
33 | containers:
34 | main:
35 | probes:
36 | readiness:
37 | type: tcp
38 | port: 1389
39 | spec:
40 | initialDelaySeconds: 10
41 | periodSeconds: 5
42 | failureThreshold: 2
43 | liveness:
44 | enabled: true
45 | type: tcp
46 | port: 1389
47 | spec:
48 | initialDelaySeconds: 15
49 | periodSeconds: 5
50 | failureThreshold: 2
51 |
52 | ingress:
53 | main:
54 | enabled: false
55 |
56 | portal:
57 | open:
58 | enabled: false
59 |
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 0.7.4
2 |
3 | - Update truecharts common base
4 |
5 | ## 0.7.3
6 |
7 | - Update truecharts common base
8 |
9 | ## 0.7.2
10 |
11 | - Do not override the POSTGRES_EXTRA_OPTS by default
12 |
13 | ## 0.7.1
14 |
15 | - Update TrueCharts
16 |
17 | ## 0.7.0
18 |
19 | **BREAKING CHANGES!!**
20 | The chart has been migrated to TrueCharts, thus most of the values have been remapped.
21 | Please see the readme on how to map the new values like PGHOST and so forth. Should be a simple mapping.
22 |
23 | **Important**: If you used the PVC definition of the chart, the PVC name has been changed, so you most probably either
24 | have to use an existing claim name now (`postgres-pgdump-backup`) to match your pvc - or migrate the data itself. It changed from `postgres-pgdump-backup` to `postgres-pgdump-backup-storage`. You might also need to change the ownership of the volume to `999:999` if you migrated the files.
25 |
26 | ## 0.6.0
27 |
28 | - Use PG 15 by default. You can and should still change it to your PG version via the tag
29 |
30 | ## 0.5.2
31 |
32 | - Ensure we redeploy the pods if the configmap changes - like changing the DBs to backup
33 |
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: common
3 | repository: oci://tccr.io/truecharts
4 | version: 25.4.2
5 | digest: sha256:5c215489de7cd01ef00adf256de23189b8fb6a3e199db06369a1ac24f45b7b9e
6 | generated: "2025-01-07T10:57:54.742585658+01:00"
7 |
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/Chart.yaml:
--------------------------------------------------------------------------------
1 | name: postgres-pgdump-backup
2 | description: Backup postgres databases using pg_dump, retention and schedules
3 | version: 0.7.4
4 | apiVersion: v2
5 | appVersion: 16
6 | keywords:
7 | - postgres
8 | - backup
9 | - retention
10 | - pg_dump
11 | sources:
12 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/postgres-pgdump-backup
13 | - https://github.com/prodrigestivill/docker-postgres-backup-local
14 | home: https://github.com/EugenMayer/helm-charts/tree/main/charts/postgres-pgdump-backup
15 | dependencies:
16 | - name: common
17 | # https://github.com/truecharts/public/blob/master/charts/library/common/Chart.yaml
18 | version: 25.4.2
19 | repository: oci://tccr.io/truecharts
20 | condition: ""
21 | alias: ""
22 | tags: []
23 | import-values: []
24 |
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/Makefile:
--------------------------------------------------------------------------------
1 | update:
2 | helm dependency update
3 |
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/README.md:
--------------------------------------------------------------------------------
1 | [CHANGELOG](./CHANGELOG.md)
2 | **0.7.0** had breaking changes - see changelog!
3 |
4 | # WAT
5 |
6 | Helm for the postgres 'pg_dump' based backup solution [postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local).
7 | It offers a backup solution with those key features
8 |
9 | - schedules
10 | - retentions
11 | - health monitoring of the jobs
12 | - using pg_dump / pg_dumpall as storage formats (not WAL)
13 | - can backup specific databases or all databases (all databases is the default)
14 |
15 | You find all the important documentation in the official repository [documentation](https://github.com/prodrigestivill/docker-postgres-backup-local).
16 |
17 | This chart does just try to provide an option to run the original image, not introducing any additional functionalities
18 | or anything else - we keep it vanilla. If you need anything else, ask in [postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local).
19 |
20 | We do not re-publish the docker-image but use the original one published in [postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local).
21 |
22 | # Install
23 |
24 | ```bash
25 | helm repo add eugenmayer https://eugenmayer.github.io/helm-charts/
26 | helm install eugenmayer/postgres-pgdump-backup
27 | ```
28 |
29 | ## Adjustments / Fixes
30 |
31 | - To fix https://github.com/prodrigestivill/docker-postgres-backup-local/issues/76 we are current also exposing `PGUSER`, `PGPASSWORD`, `PGHOST`,`PGPORT`as additional env variables
32 |
33 | ## Helm values
34 |
35 | Mandatory values to set
36 |
37 | - `tag`: You have to select a postgres dump version to deploy - use the same version as your server
38 | - `PGHOST`: hostname/ip of your pg
39 | - `POSTGRES_DB`: comma seperated list of databases to backup, for example: `sko,mattermost,paperless`
40 |
41 | For example
42 |
43 | ```yaml
44 | image:
45 | tag: "16-debian"
46 |
47 | workload:
48 | main:
49 | podSpec:
50 | containers:
51 | main:
52 | env:
53 | POSTGRES_HOST: mypostgres.local
54 | POSTGRES_DB: sko,mattermost,paperless
55 | ```
56 |
57 | You will also need to deploy a secret called `postgres-backup-local` (you can rename it, see values.yaml) with the following values
58 |
59 | - `POSTGRES_USER`
60 | - `POSTGRES_PASSWORD`
61 | - `PGUSER` (same values, optional)
62 | - `PGPASSWORD` (same values, optional)
63 |
64 | see [values.yaml](./values.yaml) for a full list, but you will need to set
65 |
66 | ## FAQ
67 |
68 | - **How to enable ssl support?** Add this to your values.yaml
69 | ```yaml
70 | workload:
71 | main:
72 | podSpec:
73 | containers:
74 | main:
75 | env:
76 | PGSSLMODE: "require"
77 | ```
78 |
79 | ## Developing
80 |
81 | Test chart-rendering
82 |
83 | ```bash
84 | helm template . -f values.yaml
85 | ```
86 |
87 | ## Credits
88 |
89 | Of course all the credits are going to [postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) doing all the important and hard work.
90 |
91 | Also credits to [duck-helm/postgres-backup-local](https://artifacthub.io/packages/helm/duck-helm/postgres-backup-local), which was the base of this helm chart when it started.
92 |
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/charts/common-25.4.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EugenMayer/helm-charts/69fbb6b596975a5e55f5891186e23e365956470d/charts/postgres-pgdump-backup/charts/common-25.4.2.tgz
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- include "tc.v1.common.lib.chart.notes" $ -}}
2 |
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/templates/common.yaml:
--------------------------------------------------------------------------------
1 | {{ include "tc.v1.common.loader.all" . }}
2 |
--------------------------------------------------------------------------------
/charts/postgres-pgdump-backup/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | repository: prodrigestivill/postgres-backup-local
3 | # pick the pg version here: 15, 16 - see https://hub.docker.com/r/prodrigestivill/postgres-backup-local/tags
4 | # tag: "15"
5 | pullPolicy: Always
6 |
7 | persistence:
8 | storage:
9 | enabled: true
10 | size: 1Gi
11 | mountPath: "/backups"
12 | type: emptyDir
13 |
14 | securityContext:
15 | container:
16 | runAsUser: 999
17 | runAsGroup: 999
18 | runAsNonRoot: true
19 | readOnlyRootFilesystem: true
20 |
21 | service:
22 | main:
23 | enabled: false
24 | ports:
25 | main:
26 | protocol: tcp
27 | port: 8080
28 | targetPort: 8080
29 |
30 | workload:
31 | main:
32 | enabled: true
33 | replicas: 1
34 | strategy: Recreate
35 | type: Deployment
36 | podSpec:
37 | containers:
38 | main:
39 | env:
40 | #### MANDATORY
41 | # those 2 are used by backup.sh directly
42 | # POSTGRES_HOST:
43 | # the database(s) to backup (single name or comma seperated list of database)
44 | # POSTGRES_DB:
45 | #### OPTIONAL
46 | POSTGRES_PORT: 5432
47 | # Setting those 2 for better cli-support https://github.com/prodrigestivill/docker-postgres-backup-local/issues/76
48 | # PGHOST:
49 | PGPORT: 5432
50 | # PGSSLMODE: "require"
51 | # If TRUE, backups all databases and not just the list given in POSTGRES_DB
52 | POSTGRES_CLUSTER: "FALSE"
53 | # POSTGRES_EXTRA_OPTS: '-Z1'
54 | SCHEDULE: "@daily"
55 | BACKUP_KEEP_DAYS: 7
56 | BACKUP_KEEP_WEEKS: 4
57 | BACKUP_KEEP_MONTHS: 6
58 | HEALTHCHECK_PORT: "8080"
59 | envFrom:
60 | - secretRef:
61 | name: postgres-backup-local
62 | expandObjectName: false
63 | # should define following keys
64 | # those 2 are used by backup.sh directly
65 | # POSTGRES_USER:
66 | # POSTGRES_PASSWORD:
67 | # Setting those 2 for better cli-support https://github.com/prodrigestivill/docker-postgres-backup-local/issues/76
68 | # PGUSER:
69 | # PGPASSWORD:
70 |
71 | ingress:
72 | main:
73 | enabled: false
74 |
75 | portal:
76 | open:
77 | enabled: false
78 |
--------------------------------------------------------------------------------
/charts/rundeck/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | .vscode/
23 |
--------------------------------------------------------------------------------
/charts/rundeck/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 2.12.0
2 |
3 | - Upgrade rundeck to 5.12.0
4 |
5 | ## 2.11.1
6 |
7 | - Upgrade rundeck to 5.11.1
8 |
9 | ## 2.11.0
10 |
11 | - Upgrade rundeck to 5.11.0
12 |
13 | ## 2.10.0
14 |
15 | - Upgrade rundeck to 5.10.0
16 |
17 | ## 2.9.0
18 |
19 | - Upgrade rundeck to 5.9.0
20 |
21 | ## 2.8.0
22 |
23 | - Upgrade rundeck to 5.8.0
24 |
25 | ## 2.7.0
26 |
27 | - Upgrade rundeck to 5.7.0
28 |
29 | ## 2.6.1
30 |
31 | - Fix name-prefixing of ingress [#60](https://github.com/EugenMayer/helm-charts/pull/60) - thank you [callen-rti](https://github.com/callen-rti)
32 |
33 | ## 2.6.0
34 |
35 | - Upgrade rundeck to 5.6.0
36 |
37 | ## 2.5.0
38 |
39 | - Upgrade rundeck to 5.5.0
40 |
41 | ## 2.4.0
42 |
43 | - Upgrade rundeck to 5.4.0
44 |
45 | ## 2.1.0
46 |
47 | - Upgrade rundeck to 5.2.0
48 |
49 | ## 2.0.1
50 |
51 | - Upgrade rundeck to 5.1.2
52 |
53 | ## 2.0.0
54 |
55 | **Major app update**!!
56 |
57 | - Upgrade rundeck to 5.1.1
58 |
59 | ## 1.11.1
60 |
61 | - Upgrade rundeck to 4.17.5
62 |
63 | ## 1.11.0
64 |
65 | - Add support for sidecar containers
66 |
67 | ## 1.10.3
68 |
69 | - Upgrade run rundeck to 4.17.4
70 |
71 | ## 1.10.2
72 |
73 | - Upgrade run rundeck to 4.17.3
74 |
75 | ## 1.10.1
76 |
77 | - Upgrade run rundeck to 4.17.2
78 |
79 | ## 1.10.0
80 |
81 | - Resilient bootstrap when no custom plugins exist #44 - by @langesven
82 | - Make subPath for user credentials configurable #43 - by @langesven
83 |
84 | Both changes should be backward compatible.
85 |
86 | ## 1.9.0
87 |
88 | - Upgrade run rundeck to 4.17.1
89 |
90 | ## 1.8.2
91 |
92 | - Downgrade rundeck to 4.16.0 (4.16.1 does not exist)
93 |
94 | ## 1.8.1
95 |
96 | - Upgrade rundeck to 4.16.1
97 |
98 | ## 1.8.0
99 |
100 | - Upgrade rundeck to 4.16.0
101 |
102 | ## 1.7.0
103 |
104 | - Upgrade rundeck to 4.15.0
105 |
106 | ## 1.6.1
107 |
108 | - Upgrade rundeck to 4.14.2
109 |
110 | ## 1.6.0
111 |
112 | - Upgrade rundeck to 4.14.0
113 |
114 | ## 1.5.2
115 |
116 | - Upgrade rundeck to 4.10.1
117 |
118 | ## 1.5.1
119 |
120 | - add h2 internal database support (for development)
121 |
122 | ## 1.4.0
123 |
124 | - Upgrade rundeck to 4.10.0
125 |
126 | ## 1.3.1
127 |
128 | - Fix syntax errors in helm chart
129 |
130 | ## 1.3.0
131 |
132 | - Upgrade to rundeck 4.9.0
133 |
134 | ## 1.2.0
135 |
136 | - Upgrade to rundeck 4.8.0
137 |
138 | ## 1.1.0
139 |
140 | - Upgrade to rundeck 4.7.0
141 |
142 | ## 1.0.0
143 |
144 | - Major app upgrade to rundeck 4.5.0. Still rather consider early adoption
145 |
146 | ## 0.9.9
147 |
148 | - Fix duplicated port definition for rundeck deployment
149 |
150 | ## 0.9.8
151 |
152 | - Fix ingress router definition and simplify its template
153 |
154 | ## 0.9.7
155 |
156 | - Adding support for kubernetes 1.19+ for ingress routes
157 | - Adding support to set framework.properties
158 |
--------------------------------------------------------------------------------
/charts/rundeck/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | description: Rundeck chart for Kubernetes
3 | name: rundeck
4 | home: https://github.com/rundeck/rundeck
5 | version: 2.12.0
6 | # see https://hub.docker.com/r/rundeck/rundeck/tags
7 | appVersion: 5.12.0
8 | keywords:
9 | - rundeck
10 | - jobs
11 | - automation
12 | - operations
13 | sources:
14 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/rundeck
15 | - https://github.com/rundeck/rundeck
16 |
--------------------------------------------------------------------------------
/charts/rundeck/README.md:
--------------------------------------------------------------------------------
1 | [](https://artifacthub.io/packages/search?repo=eugen)
2 |
3 | # WAT
4 |
5 | Rundeck helm chart.
6 |
7 | History: This chart has been taken from [charts incubator](https://github.com/helm/charts/tree/master/incubator/rundeck) and adopted to newly standards, since the old repository has been archived and is no longer maintained.
8 |
9 | - Added database configuration support
10 | - add proper secret for user creation (`realm.properties`)
11 | - add configuration to the `rundeck-config.properties`
12 | - add configuration to the `framework.properties`
13 | - add proper support for plugins
14 | - add proper default volumes and claims
15 | - handle security context properly to fix volume mounts
16 | - Fix Grail and CSP issues
17 | - adopted PVC standards
18 | - adopted ingress standards
19 | - added OPTIONS support in nginx
20 | - Add execution-logs handling by default (local storage)
21 | - split nginx and rundeck-backend deployments
22 |
23 | If you migrate from the incubator please consider breaking changes and read any aspect of this helm chart. Do not expect
24 | to just switch out the helm source.
25 |
26 | # Strong hint
27 |
28 | This helm chart is not a place to fix the lack of documentation available for rundeck, it's environment variables or
29 | plugin concepts in general. So please do **not** open issues for questions like 'How to configure AWS s3 storage' or
30 | 'is there an environment variable for X or Y.
31 |
32 | Please open or ask all those questions in one of the [official channels](https://docs.rundeck.com/docs/introduction/getting-help.html).
33 |
34 | # Install
35 |
36 | helm repo add eugenmayer https://eugenmayer.github.io/helm-charts/
37 | helm install eugenmayer/rundeck
38 |
39 | # Configuration
40 |
41 | ## Mandatory settings / Initial setup
42 |
43 | - `externUrl`
44 | - `executionLogs.claim.storageClass` / `data.claim.storageClass` / `plugins.claim.storageClass` / `addons.claim.storageClass` or disable those (or some)
45 | - deploy your `user-credentials-secret` secret (in your rundeck namespace) with the field `userCredentials` including the string (at least)`admin:PASSWORD,user,admin,architect,deploy,build`
46 | - replace `PASSWORD` with your password
47 | - add as many as you like, seperate by newlines `\n`
48 | - deploy your `rundeck-database-secret` to define the DB credentials and connection details or use `database.useInternalH2db` (only for non-production). See `Database` below.
49 | - deploy your own `ingress` route (default) or activate `ingress.enabled` and set the values to your liking
50 |
51 | ## Database
52 |
53 | For production usage, the secret `database.secret_name` must include the following keys
54 |
55 | - `jdbc`: The jdbc url like `jdbc:postgresql://$user:$password@$host:$port/$database`
56 | - `user`: DB user
57 | - `password`: DB password
58 | - `type`: one of these `org.postgresql.Driver`/`org.mariadb.jdbc.Driver`/`com.mysql.jdbc.Driver`
59 |
60 | See the [docs](https://docs.rundeck.com/docs/administration/configuration/docker.html#database)
61 |
62 | For development usage, the `database.useInternalH2db` flag can be set to true, in which case rundeck will use the embedded database at `jdbc:h2:file:/home/rundeck/server/data/grailsdb;MVCC=true`. This is only meant for pure development and testing, never use on a production environment (see [docs for default](https://docs.rundeck.com/docs/administration/configuration/docker.html#basic) and [database docs](https://docs.rundeck.com/docs/administration/configuration/docker.html#basic)).
63 |
64 | ## Execution logs
65 |
66 | By default the execution logs are saved on the `execution-logs` volume under the default undeck location `/home/rundeck/var/logs/rundeck`.
67 | You can disable the `claim` and use any other execution-log storage (be aware, the OSS docker image has no support for s3, see below)
68 |
69 | ## Plugins
70 |
71 | Due to the [limitations](https://github.com/rundeck/rundeck/issues/7487) of rundeck's docker-image, plugin support is implemented
72 | using a hack - nothing more.
73 |
74 | If you want to use plugins you have to
75 |
76 | - use an `initContainer`
77 | - mount the volume `rundeck-plugins` to `/mnt/plugins` in the `initContainer`
78 |
79 | To do so put this (as an example for the `s3` plugin) into your `values.yaml`
80 |
81 | ```yaml
82 | initContainers:
83 | - name: plugins-download
84 | image: curlimages/curl
85 | imagePullPolicy: IfNotPresent
86 | command: ["/bin/sh"]
87 | args:
88 | - -c
89 | - >
90 | curl -L --fail https://github.com/rundeck-plugins/rundeck-s3-log-plugin/releases/download/v1.0.12/rundeck-s3-log-plugin-1.0.12.jar --output /mnt/plugins/rundeck-s3-log-plugin-1.0.12.jar;
91 | volumeMounts:
92 | - name: rundeck-plugins
93 | mountPath: /mnt/plugins
94 | ```
95 |
96 | Background: When the rundeck-backend image starts, we override the command, copy the plugins first and then call the actual
97 | command to continue the boostrap. Hopefully the [issue](https://github.com/rundeck/rundeck/issues/7487) will be solved at some point, making this entire backflip unneeded.
98 |
99 | ## Configuration
100 |
101 | You can configure `rundeck-config.properties` and `framework-properties` via `ConfigMaps` - see `rundeck.rundeckConfigConfigMap` and `rundeck.rundeckFrameworkConfigMap` in `values.yaml`
102 |
103 | If you change the values, you usually have to manually restart the pod so those values are applied, since k8s caches the config maps.
104 |
105 | ## Addons
106 |
107 | Similar to plugins, mount `rundeck-addons` using an init container and download your addons(s)
108 |
109 | ## S3 Execution log storage
110 |
111 | **ATTENTION**: this is NOT working due to [rundeck oss version limitations](https://github.com/rundeck/rundeck/issues/7490)
112 |
113 | See https://docs.rundeck.com/docs/administration/cluster/logstore/s3.html#install
114 |
115 | You usuall add something like this to your values
116 |
117 | ```yaml
118 | env:
119 | # see https://docs.rundeck.com/docs/administration/cluster/logstore/s3.html#install
120 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME: "org.rundeck.amazon-s3"
121 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET: "rundeck-execution-logs"
122 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION: "eu-central-1"
123 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_AWSACCESSKEYID: "awskey"
124 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_AWSSECRETKEY: "awssecret"
125 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_ALLOWDELETE: "true"
126 | RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_PATH: "logs/$${job.project}/logs/$${job.execid}.log"
127 | ```
128 |
129 | Of course you will need to adjust the bucket, region, key and secret (at least)
130 |
131 | ## Other Values
132 |
133 | It is better to read the `values.yaml` itself - but here is somewhat of an overview about the options (not all).
134 |
135 | | Parameter | Description | Default |
136 | | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------- |
137 | | database.secret_name | Secret-name with your database credentials and connection details: `type`,`jdbc`,`user`,`password`, You have to create the secret yourself. | None (required) |
138 | | executionLogs.claim.enabled | If you plan to store execution logs locally, enable the claim. | true |
139 | | executionLogs.claim.storageClass | If you enabled local execution-logs, set your storage class | None (required) |
140 | | data.claim.enabled | If enabled, mounts a volume for the server data [what is it used for?](https://github.com/rundeck/rundeck/issues/7488) | true |
141 | | data.claim.storageClass | Set the storage class for the server data volume [what is it used for?](https://github.com/rundeck/rundeck/issues/7488) | None (required) |
142 | | plugins.claim.enabled | If enabled, mounts a volume for the plugins. Those will be copied to `/home/rundeck/libexex/` | true |
143 | | plugins.claim.storageClass | Set the storage class for the plugins volume | None (required) |
144 | | addons.claim.enabled | If enabled, mounts a volume for the server addons - special addons for the enterprise editions (not plugins) | true |
145 | | addons.claim.storageClass | Set the storage class for the server addons volume | None (required) |
146 | | deployment.replicaCount | How many replicas to run. Rundeck can really only work with one. | 1 |
147 | | deployment.annotations | You can pass annotations inside deployment.spec.template.metadata.annotations. Useful for KIAM/Kube2IAM and others for example. | {} |
148 | | deployment.strategy | Sets the K8s rollout strategy for the Rundeck deployment | { type: RollingUpdate } |
149 | | image.repository | Name of the image to run, without the tag. | [rundeck/rundeck](https://github.com/rundeck/rundeck) |
150 | | image.tag | The image tag to use. | 3.2.7 |
151 | | image.pullPolicy | The kubernetes image pull policy. | IfNotPresent |
152 | | image.pullSecrets | The kubernetes secret to pull the image from a private registry. | None |
153 | | service.type | The kubernetes service type to use. | ClusterIP |
154 | | service.port | The tcp port the service should listen on. | 80 |
155 | | ingress | Any ingress rules to apply. | None |
156 | | resources | Any resource constraints to apply. | None |
157 | | rundeck.adminUser | The config to set up the admin user that should be placed at the realm.properties file. | "admin:admin,user,admin,architect,deploy,build" |
158 | | rundeck.env | The rundeck environment variables that you would want to set. See the [official docs](https://docs.rundeck.com/docs/administration/configuration/docker.html#key-store-security) for more. | Default variables provided in docker file |
159 | | rundeck.envSecret | Name of secret containing environment variables to add to the Rundeck deployment | "" |
160 | | rundeck.sshSecrets | A reference to the Kubernetes Secret that contains the ssh keys. | "" |
161 | | rundeck.kubeConfigSecret | Name of secret to mount under the `~/.kube/` directory. Useful when Rundeck needs configuration for multiple K8s clusters. | "" |
162 | | rundeck.extraConfigSecret | Name of secret containing additional files to mount at `~/extra/`. Can be useful for working with RUNDECK_TOKENS_FILE configuration | "" |
163 | | nginxConfOverride | An optional multi-line value that can replace the default nginx.conf. | "" |
164 | | serviceAccount.create | Set to true to create a service account for the Rundeck pod | false |
165 | | serviceAccount.annotations | A map of annotations to attach to the service account (eg: AWS IRSA) | {} |
166 | | serviceAccount.name | Name of the service account the Rundeck pod should use | "" |
167 | | volumes | volumes made available to all containers | "" |
168 | | volumeMounts | volumeMounts to add to the rundeck container | "" |
169 | | initContainers | can be used to download plugins or customize your rundeck installation | "" |
170 | | sideCars | can be used to run additional containers in the pod | "" |
171 |
172 | ## Test
173 |
174 | To test if the templates compile
175 |
176 | ```bash
177 | helm template . -f values.yaml -f values-test.yaml
178 | ```
179 |
180 | ### License
181 |
182 | It is explicitly forbidden to be used as a work to derive from for any purpose by PagerDuty or Rundeck the coorporate. It cannot be included in any work offered on their website or as a base to anything else by the company. So if your are an employee of PagerDuty, Rundeck or do work for them commercially, you cannot use this chart.
183 |
184 | Anybody else can use this helm chart for what ever they like - without warranties included of course
185 |
--------------------------------------------------------------------------------
/charts/rundeck/files/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | events {
2 | worker_connections 1024;
3 | }
4 |
5 | http {
6 | server {
7 | location /healthz {
8 | return 204;
9 | access_log off;
10 | }
11 | # our actual reason for this setup, allow options call for rundeck, because rundeck cannot do that
12 |
13 |
14 | location / {
15 | if ($request_method = 'OPTIONS') {
16 | add_header 'Access-Control-Allow-Origin' '*';
17 | add_header 'Access-Control-Allow-Credentials' 'true';
18 | add_header 'Access-Control-Allow-Methods' 'GET, HEAD, OPTIONS, POST, PUT';
19 | add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Origin, User-Agent, If-Modified-Since, Cache-Control, Accept, X-Rundeck-Auth-Token';
20 | add_header 'Access-Control-Max-Age' 1728000;
21 | add_header 'Content-Length' 0;
22 |
23 | return 200;
24 | }
25 |
26 | recursive_error_pages on;
27 | client_max_body_size 50M; # upload archives (backup/restore)
28 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
29 | proxy_set_header X-Forwarded-Proto $scheme;
30 | proxy_set_header X-Forwarded-Host $host:$server_port;
31 | proxy_set_header X-Forwarded-Server $host;
32 | proxy_set_header User-Agent $http_user_agent;
33 | proxy_pass http://rundeck-backend:4440;
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/charts/rundeck/scripts/bootstrap.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | CONFIG_SRC=/home/rundeck/custom/rundeck-config/rundeck-config-append.properties
6 | if test -f "$CONFIG_SRC"; then
7 | echo "Applying custom rundeck-config.properties"
8 | mkdir -p /tmp/remco-partials/rundeck-config
9 | cp "$CONFIG_SRC" /tmp/remco-partials/rundeck-config/rundeck-config-custom.properties
10 | fi
11 |
12 | FRAMEWORK_SRC=/home/rundeck/custom/framework/framework-append.properties
13 | if test -f "$FRAMEWORK_SRC"; then
14 | echo "Applying custom framework.properties"
15 | # see https://docs.rundeck.com/docs/administration/configuration/docker/extending-configuration.html#special-destination-directories
16 | mkdir -p /tmp/remco-partials/framework
17 | cp "$FRAMEWORK_SRC" /tmp/remco-partials/framework/framework-custom.properties
18 | fi
19 |
20 | if test -d /mnt/plugins; then
21 | echo "Copying custom plugins"
22 | cp -r /mnt/plugins/. /home/rundeck/libext
23 | else
24 | echo "Starting without custom plugins because mount point '/mnt/plugins' does not exist"
25 | fi
26 |
27 | echo "Continue with common bootstrap"
28 | exec /home/rundeck/docker-lib/entry.sh
29 |
--------------------------------------------------------------------------------
/charts/rundeck/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{/* vim: set filetype=mustache: */}}
2 | {{/*
3 | Expand the name of the chart.
4 | */}}
5 | {{- define "rundeck.name" -}}
6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
7 | {{- end -}}
8 |
9 | {{/*
10 | Create a default fully qualified app name.
11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
12 | If release name contains chart name it will be used as a full name.
13 | */}}
14 | {{- define "rundeck.fullname" -}}
15 | {{- if .Values.fullnameOverride -}}
16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
17 | {{- else -}}
18 | {{- $name := default .Chart.Name .Values.nameOverride -}}
19 | {{- if contains $name .Release.Name -}}
20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
21 | {{- else -}}
22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
23 | {{- end -}}
24 | {{- end -}}
25 | {{- end -}}
26 |
27 | {{/*
28 | Create chart name and version as used by the chart label.
29 | */}}
30 | {{- define "rundeck.chart" -}}
31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
32 | {{- end -}}
33 |
34 | {{/* Basic labels */}}
35 | {{- define "rundeck.labels" }}
36 | app.kubernetes.io/name: {{ template "rundeck.name" . }}
37 | helm.sh/chart: {{ template "rundeck.chart" . }}
38 | app.kubernetes.io/instance: {{.Release.Name }}
39 | app.kubernetes.io/managed-by: {{.Release.Service }}
40 | {{- end }}
41 |
42 | {{/*
43 | Create the name of the service account to use
44 | */}}
45 | {{- define "rundeck.serviceAccountName" -}}
46 | {{- if .Values.serviceAccount.create -}}
47 | {{ default (include "rundeck.fullname" .) .Values.serviceAccount.name }}
48 | {{- else -}}
49 | {{ default "default" .Values.serviceAccount.name }}
50 | {{- end -}}
51 | {{- end -}}
52 |
53 | {{/*
54 | Create a variable for the service name referenced in the ingress resource.
55 | */}}
56 | {{- define "rundeck.serviceName" -}}
57 | {{- if .Values.nginx.enabled -}}
58 | {{- include "rundeck.fullname" . -}}-nginx
59 | {{- else -}}
60 | rundeck-backend
61 | {{- end -}}
62 | {{- end -}}
63 |
64 | {{/*
65 | Create a variable for the service port referenced in the ingress resource.
66 | */}}
67 | {{- define "rundeck.servicePort" -}}
68 | {{- if .Values.nginx.enabled -}}
69 | http
70 | {{- else -}}
71 | rundeck
72 | {{- end -}}
73 | {{- end -}}
--------------------------------------------------------------------------------
/charts/rundeck/templates/addons-pvc.yaml:
--------------------------------------------------------------------------------
1 | {{- $fullName := include "rundeck.fullname" . -}}
2 | {{- $labels := include "rundeck.labels" . -}}
3 |
4 | {{- if and .Values.addons.claim.enabled }}
5 | {{- with .Values.addons.claim}}
6 | kind: PersistentVolumeClaim
7 | apiVersion: v1
8 | metadata:
9 | name: {{ $fullName }}-addons-claim
10 | labels: {{ $labels | indent 4 }}
11 | spec:
12 | {{- if .storageClass }}
13 | storageClassName: {{ required "Please set the storage class for the addons volume!" .storageClass | quote }}
14 | {{- end }}
15 | accessModes:
16 | - {{ .accessMode | quote }}
17 | resources:
18 | requests:
19 | storage: {{ .size | quote }}
20 | {{- end }}
21 | {{- end }}
--------------------------------------------------------------------------------
/charts/rundeck/templates/boostrap-wrapper-script-configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: boostrap-wrapper-script
5 | data:
6 | {{ (.Files.Glob "scripts/bootstrap.sh").AsConfig | indent 2 }}
--------------------------------------------------------------------------------
/charts/rundeck/templates/data-pvc.yaml:
--------------------------------------------------------------------------------
1 | {{- $fullName := include "rundeck.fullname" . -}}
2 | {{- $labels := include "rundeck.labels" . -}}
3 |
4 | {{- if and .Values.data.claim.enabled }}
5 | {{- with .Values.data.claim}}
6 | kind: PersistentVolumeClaim
7 | apiVersion: v1
8 | metadata:
9 | name: {{ $fullName }}-data-claim
10 | labels: {{ $labels | indent 4 }}
11 | spec:
12 | {{- if .storageClass }}
13 | storageClassName: {{ required "Please set the storage class for the data volume!" .storageClass | quote }}
14 | {{- end }}
15 | accessModes:
16 | - {{ .accessMode | quote }}
17 | resources:
18 | requests:
19 | storage: {{ .size | quote }}
20 | {{- end }}
21 | {{- end }}
--------------------------------------------------------------------------------
/charts/rundeck/templates/execution-logs-pvc.yaml:
--------------------------------------------------------------------------------
1 | {{- $fullName := include "rundeck.fullname" . -}}
2 | {{- $labels := include "rundeck.labels" . -}}
3 |
4 | {{- if and .Values.executionLogs.claim.enabled }}
5 | {{- with .Values.executionLogs.claim}}
6 | kind: PersistentVolumeClaim
7 | apiVersion: v1
8 | metadata:
9 | name: {{ $fullName }}-execution-logs-claim
10 | labels: {{ $labels | indent 4 }}
11 | spec:
12 | {{- if .storageClass }}
13 | storageClassName: {{ required "Please set the storage class for execution logs!" .storageClass | quote }}
14 | {{- end }}
15 | accessModes:
16 | - {{ .accessMode | quote }}
17 | resources:
18 | requests:
19 | storage: {{ .size | quote }}
20 | {{- end }}
21 | {{- end }}
--------------------------------------------------------------------------------
/charts/rundeck/templates/ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.ingress.enabled -}}
2 |
3 | {{- $fullName := include "rundeck.fullname" . -}}
4 | {{- $serviceName := include "rundeck.serviceName" . -}}
5 | {{- $servicePort := include "rundeck.servicePort" . -}}
6 |
7 | apiVersion: networking.k8s.io/v1
8 | kind: Ingress
9 | metadata:
10 | name: {{ $fullName }}
11 | labels: {{ include "rundeck.labels" . | indent 4 }}
12 | {{- with .Values.ingress.annotations }}
13 | annotations:
14 | {{- toYaml . | nindent 4 }}
15 | {{- end }}
16 | spec:
17 | {{- if .Values.ingress.className }}
18 | ingressClassName: {{ .Values.ingress.className }}
19 | {{- end }}
20 | {{- if .Values.ingress.tls }}
21 | tls:
22 | {{- range .Values.ingress.tls }}
23 | - secretName: {{ .secretName }}
24 | hosts:
25 | {{- range .hosts }}
26 | - {{ . | quote }}
27 | {{- end }}
28 | {{- end }}
29 | {{- end }}
30 | rules:
31 | {{- range .Values.ingress.hosts }}
32 | - host: {{ .host | quote }}
33 | http:
34 | paths:
35 | {{- range .paths }}
36 | - path: {{ .path }}
37 | {{- if .pathType }}
38 | pathType: {{ .pathType }}
39 | {{- end }}
40 | backend:
41 | service:
42 | name: {{ $serviceName }}
43 | port:
44 | name: {{ $servicePort }}
45 | {{- end }}
46 | {{- end }}
47 | {{- end }}
48 |
--------------------------------------------------------------------------------
/charts/rundeck/templates/nginx-configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: {{ .Release.Name }}-nginx-configmap
5 | labels: {{ include "rundeck.labels" . | indent 4 }}
6 | data:
7 | nginx.conf: |-
8 | {{- if .Values.nginxConfOverride }}
9 | {{ tpl .Values.nginxConfOverride . | indent 4 }}
10 | {{- else }}
11 | {{ .Files.Get "files/nginx/nginx.conf" | indent 4 }}
12 | {{- end }}
13 |
--------------------------------------------------------------------------------
/charts/rundeck/templates/nginx-deployment.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.nginx.enabled }}
2 | {{- $fullName := include "rundeck.fullname" . -}}
3 | apiVersion: apps/v1
4 | kind: Deployment
5 | metadata:
6 | name: {{ $fullName }}-nginx
7 | labels: {{ include "rundeck.labels" . | indent 4 }}
8 | {{- with .Values.deployment.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | replicas: {{ .Values.deployment.replicaCount }}
14 | revisionHistoryLimit: 1
15 | strategy:
16 | {{- toYaml .Values.deployment.strategy | nindent 4 }}
17 | selector:
18 | matchLabels:
19 | app.kubernetes.io/name: {{ $fullName }}-nginx
20 | app.kubernetes.io/instance: {{ .Release.Name }}
21 | template:
22 | metadata:
23 | labels:
24 | # This will restart the nginx pod if the nginx configuration changed
25 | app.kubernetes.io/name: {{ $fullName }}-nginx
26 | app.kubernetes.io/instance: {{ .Release.Name }}
27 | annotations:
28 | # needed to ensure that we update / redeploy the pod on config map changes
29 | # see https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
30 | checksum/config: {{ include (print $.Template.BasePath "/nginx-configmap.yaml") . | sha256sum }}
31 | spec:
32 | securityContext:
33 | fsGroupChangePolicy: "OnRootMismatch"
34 | {{- if .Values.image.pullSecrets }}
35 | imagePullSecrets:
36 | - name: {{ .Values.image.pullSecrets }}
37 | {{- end }}
38 | containers:
39 | - name: nginx
40 | image: nginx:stable
41 | ports:
42 | - name: http
43 | containerPort: 80
44 | protocol: TCP
45 | livenessProbe:
46 | httpGet:
47 | path: /healthz
48 | port: 80
49 | scheme: HTTP
50 | periodSeconds: 5
51 | readinessProbe:
52 | httpGet:
53 | path: /healthz
54 | port: 80
55 | scheme: HTTP
56 | periodSeconds: 5
57 | volumeMounts:
58 | - name: nginx-config
59 | mountPath: /etc/nginx
60 | serviceAccountName: {{ include "rundeck.serviceAccountName" . }}
61 | volumes:
62 | - name: nginx-config
63 | configMap:
64 | name: {{ .Release.Name }}-nginx-configmap
65 | items:
66 | - key: nginx.conf
67 | path: nginx.conf
68 | {{ end }}
69 |
--------------------------------------------------------------------------------
/charts/rundeck/templates/nginx-service.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.nginx.enabled }}
2 | {{- $fullName := include "rundeck.fullname" . -}}
3 | apiVersion: v1
4 | kind: Service
5 | metadata:
6 | name: {{ $fullName }}-nginx
7 | labels: {{ include "rundeck.labels" . | indent 4 }}
8 | spec:
9 | type: ClusterIP
10 | ports:
11 | - port: 80
12 | targetPort: http
13 | protocol: TCP
14 | name: http
15 | selector:
16 | app.kubernetes.io/name: {{ $fullName }}-nginx
17 | app.kubernetes.io/instance: {{ .Release.Name }}
18 | {{ end }}
19 |
--------------------------------------------------------------------------------
/charts/rundeck/templates/plugins-pvc.yaml:
--------------------------------------------------------------------------------
1 | {{- $fullName := include "rundeck.fullname" . -}}
2 | {{- $labels := include "rundeck.labels" . -}}
3 |
4 | {{- if and .Values.plugins.claim.enabled }}
5 | {{- with .Values.plugins.claim}}
6 | kind: PersistentVolumeClaim
7 | apiVersion: v1
8 | metadata:
9 | name: {{ $fullName }}-plugins-claim
10 | labels: {{ $labels | indent 4 }}
11 | spec:
12 | {{- if .storageClass }}
13 | storageClassName: {{ required "Please set the storage class for the plugins volume!" .storageClass | quote }}
14 | {{- end }}
15 | accessModes:
16 | - {{ .accessMode | quote }}
17 | resources:
18 | requests:
19 | storage: {{ .size | quote }}
20 | {{- end }}
21 | {{- end }}
--------------------------------------------------------------------------------
/charts/rundeck/templates/rundeck-backend-deployment.yaml:
--------------------------------------------------------------------------------
1 | {{- $fullName := include "rundeck.fullname" . -}}
2 |
3 | apiVersion: apps/v1
4 | kind: Deployment
5 | metadata:
6 | name: {{ $fullName }}-rundeck-backend
7 | labels: {{ include "rundeck.labels" . | indent 4 }}
8 | {{- with .Values.deployment.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | replicas: {{ .Values.deployment.replicaCount }}
14 | revisionHistoryLimit: 1
15 | strategy:
16 | {{- toYaml .Values.deployment.strategy | nindent 4 }}
17 | selector:
18 | matchLabels:
19 | app.kubernetes.io/name: {{ $fullName }}-rundeck-backend
20 | app.kubernetes.io/instance: {{ .Release.Name }}
21 | template:
22 | metadata:
23 | annotations:
24 | # This will restart the rundeck pod if its environment configuration is updated by helm
25 | checksum/config: {{ include (print $.Template.BasePath "/rundeck-environment-configmap.yaml") . | sha256sum }}
26 | {{- with .Values.deployment.annotations }}
27 | {{- toYaml . | nindent 8 }}
28 | {{- end }}
29 | labels:
30 | app.kubernetes.io/name: {{ $fullName }}-rundeck-backend
31 | app.kubernetes.io/instance: {{ .Release.Name }}
32 | spec:
33 | {{- if .Values.initContainers }}
34 | initContainers:
35 | {{- toYaml .Values.initContainers | nindent 8 }}
36 | {{- end }}
37 | containers:
38 | - name: {{ .Chart.Name }}
39 | command: ["/bin/bash"]
40 | args: ["/custom-scripts/bootstrap.sh"]
41 | image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
42 | imagePullPolicy: {{ .Values.image.pullPolicy }}
43 | envFrom:
44 | - configMapRef:
45 | name: {{ .Release.Name }}-environment-configmap
46 | {{- if .Values.rundeck.envSecret }}
47 | - secretRef:
48 | name: {{ .Values.rundeck.envSecret }}
49 | {{- end }}
50 | ports:
51 | - name: rundeck
52 | containerPort: 4440
53 | protocol: TCP
54 | env:
55 | {{- if not .Values.database.useInternalH2db }}
56 | - name: RUNDECK_DATABASE_DRIVER
57 | valueFrom:
58 | secretKeyRef:
59 | name: {{.Values.database.secret_name | quote }}
60 | key: type
61 | - name: RUNDECK_DATABASE_URL
62 | valueFrom:
63 | secretKeyRef:
64 | name: {{.Values.database.secret_name | quote }}
65 | key: jdbc
66 | - name: RUNDECK_DATABASE_USERNAME
67 | valueFrom:
68 | secretKeyRef:
69 | name: {{.Values.database.secret_name | quote }}
70 | key: user
71 | - name: RUNDECK_DATABASE_PASSWORD
72 | valueFrom:
73 | secretKeyRef:
74 | name: {{.Values.database.secret_name| quote }}
75 | key: password
76 | {{- end }}
77 | - name: RUNDECK_GRAILS_URL
78 | value: {{ required "Please set the externUrl so grails can be configured!" .Values.externUrl | quote }}
79 | volumeMounts:
80 | - name: boostrap-wrapper-script
81 | mountPath: /custom-scripts
82 | {{- if .Values.volumeMounts }}
83 | {{- toYaml .Values.volumeMounts | nindent 10}}
84 | {{- end }}
85 | {{- if .Values.executionLogs.claim.enabled }}
86 | - name: {{ $fullName }}-execution-logs
87 | mountPath: /home/rundeck/var/logs/rundeck/
88 | {{- end }}
89 | {{- if .Values.data.claim.enabled }}
90 | - name: {{ $fullName }}-data
91 | mountPath: /home/rundeck/server/data
92 | {{- end }}
93 | {{- if .Values.addons.claim.enabled }}
94 | - name: {{ $fullName }}-addons
95 | mountPath: /home/rundeck/server/addons
96 | {{- end }}
97 | {{- if .Values.plugins.claim.enabled }}
98 | - name: {{ $fullName }}-plugins
99 | mountPath: /mnt/plugins
100 | {{- end }}
101 | {{- if .Values.rundeck.sshSecrets }}
102 | - name: sshkeys
103 | mountPath: /home/rundeck/.ssh
104 | readOnly: true
105 | {{- end }}
106 | {{- if .Values.rundeck.kubeConfigSecret }}
107 | - name: kube-config
108 | mountPath: /home/rundeck/.kube/
109 | {{- end }}
110 | {{- if .Values.rundeck.extraConfigSecret }}
111 | - name: extra-config
112 | mountPath: /home/rundeck/extra/
113 | {{- end }}
114 | {{- if .Values.rundeck.userCredentialsSecretName }}
115 | - name: user-credentials
116 | mountPath: /home/rundeck/server/config/realm.properties
117 | subPath: {{ .Values.rundeck.userCredentialsSecretSubpath }}
118 | {{- end }}
119 | {{- if .Values.rundeck.rundeckConfigConfigMap }}
120 | - name: rundeck-config-append
121 | mountPath: /home/rundeck/custom/rundeck-config
122 | {{- end }}
123 | {{- if .Values.rundeck.rundeckFrameworkConfigMap }}
124 | - name: framework-append
125 | mountPath: /home/rundeck/custom/framework
126 | {{- end }}
127 | livenessProbe:
128 | httpGet:
129 | path: /
130 | port: 4440
131 | scheme: HTTP
132 | initialDelaySeconds: 120
133 | periodSeconds: 5
134 | readinessProbe:
135 | httpGet:
136 | path: /
137 | port: 4440
138 | scheme: HTTP
139 | initialDelaySeconds: 60
140 | periodSeconds: 5
141 | resources:
142 | {{- toYaml .Values.resources | nindent 12 }}
143 | {{- if .Values.sideCars }}
144 | {{- toYaml .Values.sideCars | nindent 8 }}
145 | {{- end }}
146 | {{- if .Values.nodeSelector }}
147 | {{- with .Values.nodeSelector }}
148 | nodeSelector:
149 | {{- toYaml . | nindent 8 }}
150 | {{- end }}
151 | {{- end }}
152 |
153 | {{- if .Values.affinity }}
154 | {{- with .Values.affinity }}
155 | affinity:
156 | {{- toYaml . | nindent 8 }}
157 | {{- end }}
158 | {{- end }}
159 |
160 | {{- if .Values.tolerations }}
161 | {{- with .Values.tolerations }}
162 | tolerations:
163 | {{- toYaml . | nindent 8 }}
164 | {{- end }}
165 | {{- end }}
166 |
167 | securityContext:
168 | {{- toYaml .Values.securityContext | nindent 8 }}
169 |
170 | {{- if .Values.image.pullSecrets }}
171 | imagePullSecrets:
172 | - name: {{ .Values.image.pullSecrets }}
173 | {{- end }}
174 |
175 | serviceAccountName: {{ include "rundeck.serviceAccountName" . }}
176 |
177 | volumes:
178 | - name: boostrap-wrapper-script
179 | configMap:
180 | name: boostrap-wrapper-script
181 | {{- if .Values.executionLogs.claim.enabled }}
182 | - name: {{ $fullName }}-execution-logs
183 | persistentVolumeClaim:
184 | claimName: {{ $fullName }}-execution-logs-claim
185 | {{- end }}
186 | {{- if .Values.data.claim.enabled }}
187 | - name: {{ $fullName }}-data
188 | persistentVolumeClaim:
189 | claimName: {{ $fullName }}-data-claim
190 | {{- end }}
191 | {{- if .Values.plugins.claim.enabled }}
192 | - name: {{ $fullName }}-plugins
193 | persistentVolumeClaim:
194 | claimName: {{ $fullName }}-plugins-claim
195 | {{- end }}
196 | {{- if .Values.addons.claim.enabled }}
197 | - name: {{ $fullName }}-addons
198 | persistentVolumeClaim:
199 | claimName: {{ $fullName }}-addons-claim
200 | {{- end }}
201 | {{- if .Values.rundeck.sshSecrets }}
202 | - name: sshkeys
203 | secret:
204 | secretName: {{ .Values.rundeck.sshSecrets }}
205 | # stands for chmod 0400
206 | defaultMode: 256
207 | {{- end }}
208 | {{- if .Values.rundeck.kubeConfigSecret }}
209 | - name: kube-config
210 | secret:
211 | secretName: {{ .Values.rundeck.kubeConfigSecret}}
212 | {{- end }}
213 | {{- if .Values.rundeck.extraConfigSecret }}
214 | - name: extra-config
215 | secret:
216 | secretName: {{ .Values.rundeck.extraConfigSecret}}
217 | {{- end }}
218 | {{- if .Values.rundeck.userCredentialsSecretName }}
219 | - name: user-credentials
220 | secret:
221 | secretName: {{ .Values.rundeck.userCredentialsSecretName}}
222 | {{- end }}
223 | {{- if .Values.rundeck.rundeckConfigConfigMap }}
224 | - name: rundeck-config-append
225 | configMap:
226 | name: {{ .Values.rundeck.rundeckConfigConfigMap }}
227 | items:
228 | - key: config
229 | path: rundeck-config-append.properties
230 | {{- end }}
231 | {{- if .Values.rundeck.rundeckFrameworkConfigMap }}
232 | - name: framework-append
233 | configMap:
234 | name: {{ .Values.rundeck.rundeckFrameworkConfigMap }}
235 | items:
236 | - key: config
237 | path: framework-append.properties
238 | {{- end }}
239 | {{- if .Values.volumes }}
240 | {{- toYaml .Values.volumes | nindent 8}}
241 | {{- end }}
242 |
243 |
--------------------------------------------------------------------------------
/charts/rundeck/templates/rundeck-backend-service.yaml:
--------------------------------------------------------------------------------
1 | {{- $fullName := include "rundeck.fullname" . -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: rundeck-backend
6 | labels: {{include "rundeck.labels" . | indent 4}}
7 | spec:
8 | type: ClusterIP
9 | ports:
10 | - port: 4440
11 | targetPort: 4440
12 | protocol: TCP
13 | name: rundeck
14 | selector:
15 | app.kubernetes.io/name: {{$fullName}}-rundeck-backend
16 | app.kubernetes.io/instance: {{.Release.Name}}
--------------------------------------------------------------------------------
/charts/rundeck/templates/rundeck-environment-configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: {{ .Release.Name }}-environment-configmap
5 | labels: {{ include "rundeck.labels" . | indent 4 }}
6 | data:
7 | {{ toYaml .Values.rundeck.env | indent 4}}
--------------------------------------------------------------------------------
/charts/rundeck/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.serviceAccount.enabled -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ include "rundeck.serviceAccountName" . }}
6 | labels:
7 | {{- include "rundeck.labels" . | nindent 4 }}
8 | {{- with .Values.serviceAccount.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | {{- end }}
13 |
--------------------------------------------------------------------------------
/charts/rundeck/values-test.yaml:
--------------------------------------------------------------------------------
1 | externUrl: test.local
2 |
--------------------------------------------------------------------------------
/charts/rundeck/values.yaml:
--------------------------------------------------------------------------------
1 | # This must be the domain you reach your rundeck with. It is used to configure the grails URL and avoid CSP issues
2 | # @see https://github.com/rundeck/rundeck/issues/4417
3 | externUrl:
4 |
5 | image:
6 | repository: rundeck/rundeck
7 | # see https://hub.docker.com/r/rundeck/rundeck/tags
8 | tag:
9 | pullPolicy: IfNotPresent
10 |
11 | executionLogs:
12 | claim:
13 | enabled: true
14 | # required - set this
15 | storageClass:
16 | accessMode: ReadWriteOnce
17 | size: 1G
18 |
19 | data:
20 | claim:
21 | enabled: true
22 | # required - set this
23 | storageClass:
24 | accessMode: ReadWriteOnce
25 | size: 1G
26 |
27 | addons:
28 | claim:
29 | enabled: true
30 | # required - set this
31 | storageClass:
32 | accessMode: ReadWriteOnce
33 | size: 1G
34 |
35 | plugins:
36 | claim:
37 | enabled: true
38 | # required - set this
39 | storageClass:
40 | accessMode: ReadWriteOnce
41 | size: 1G
42 |
43 | database:
44 | # A secret including the following keys `type`,`jdbc`,`port`,`user`,`password`,`database`
45 | # type can be postgresql/mysql and so forth. Should be in the same namespace as you deploy the helm chart
46 | secret_name: rundeck-database-secret
47 | # If set to true, the chart won't consider the secret above for configuration and will default back to rundeck own defaults. Not safe for production.
48 | # @see https://github.com/EugenMayer/helm-charts/tree/main/charts/rundeck#database
49 | useInternalH2db: false
50 |
51 | securityContext:
52 | # keep those settings until you really know what you are doing here
53 | fsGroup: 0
54 | runAsGroup: 0
55 | runAsUser: 1000
56 | fsGroupChangePolicy: "OnRootMismatch"
57 |
58 | deployment:
59 | # HINT: you should not change the replica count. AFAICs rundeck does not support horizontal scaling. So keep this to one
60 | replicaCount: 1
61 | annotations: {}
62 | strategy:
63 | type: Recreate
64 |
65 | ingress:
66 | enabled: false
67 | className:
68 | annotations: {}
69 | # kubernetes.io/ingress.class: nginx
70 | # kubernetes.io/tls-acme: "true"
71 | hosts:
72 | - host: chart-example.local
73 | paths:
74 | - path: /
75 | pathType: ImplementationSpecific
76 | tls: []
77 | # - secretName: chart-example-tls
78 | # hosts:
79 | # - chart-example.local
80 |
81 | # Enable nginx and nginx-service and deployment. If you handle CORS and ssl using your ingress, disable this
82 | # and use the rundeck-backend service as upstream
83 | nginx:
84 | enabled: true
85 |
86 | rundeck:
87 | # if set, a config-map with this name will be loaded and appended to the
88 | # /home/rundeck/server/config/rundeck-config.properties file. Use the key 'config'
89 | # this will later be copied to /tmp/remco-partials/rundeck-config/rundeck-config-custom.properties and then appended
90 | # to rundecks rundeck-config, see https://docs.rundeck.com/docs/administration/configuration/docker/extending-configuration.html#special-destination-directories
91 | rundeckConfigConfigMap:
92 | # if set, a config-map with this name will be loaded and appended to the
93 | # /home/rundeck/server/config/rundeck-framework.properties file. Use the key 'config'
94 | # this will later be copied to /tmp/remco-partials/framework/framework-custom.properties and then appended
95 | # to rundecks framework config, see https://docs.rundeck.com/docs/administration/configuration/docker/extending-configuration.html#special-destination-directories
96 | rundeckFrameworkConfigMap:
97 | # Create this secrete in the rundeck namespace.
98 | # Should have the field `userCredentials` with the value `admin:YOURPASSWORD,user,admin,architect,deploy,build`
99 | userCredentialsSecretName: user-credentials-secret
100 | # Name of the field within the user credentials secret that contains the actual credentials
101 | userCredentialsSecretSubpath: userCredentials
102 | env:
103 | # @see https://docs.rundeck.com/docs/administration/configuration/docker.html#environment-variables for the options
104 | RUNDECK_SERVER_FORWARDED: "true"
105 | RUNDECK_LOGGING_STRATEGY: "CONSOLE"
106 | # disabling to fix https://github.com/rundeck/rundeck/issues/4417
107 | # @see https://docs.rundeck.com/docs/administration/configuration/docker.html#security-headers
108 | RUNDECK_SECURITY_HTTPHEADERS_PROVIDER_CSP_ENABLED: "false"
109 |
110 | # Name of the secret containing SSH files to mount under /home/rundeck/.ssh
111 | # sshSecrets: "ssh-secret"
112 |
113 | # Name of secret to mount under ~/.kube/
114 | # kubeConfigSecret: "kube-secret"
115 |
116 | # Name of secret containing additional sensitive Runtime environment variables
117 | # See https://hub.docker.com/r/rundeck/rundeck/
118 | # envSecret: "env-secret"
119 |
120 | # Name of secret containing additional files to mount into Rundeck's ~/extra directory.
121 | # This can be useful for populating a file you reference with RUNDECK_TOKENS_FILE above.
122 | # extraConfigSecret: "extra-secret"
123 |
124 | nameOverride: ""
125 | fullnameOverride: ""
126 |
127 | resources:
128 | {}
129 | # We usually recommend not to specify default resources and to leave this as a conscious
130 | # choice for the user. This also increases chances charts run on environments with little
131 | # resources, such as Minikube. If you do want to specify resources, uncomment the following
132 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
133 | # limits:
134 | # cpu: 100m
135 | # memory: 128Mi
136 | # requests:
137 | # cpu: 100m
138 | # memory: 128Mi
139 |
140 | nodeSelector: {}
141 |
142 | tolerations: []
143 |
144 | affinity: {}
145 |
146 | ## Replace the nginx.conf file in this chart with a customised config.
147 | nginxConfOverride:
148 | ""
149 | # # This example adds configuration for external auth e.g. via oauth2-proxy
150 | # # It also demonstrates templating in another arbitrary value (authRoles)
151 | # # to create a map of external users to rundeck roles
152 | # events {
153 | # worker_connections 1024;
154 | # }
155 | # http {
156 | # map $http_x_forwarded_user $x_forwarded_roles {
157 | # {{- .Values.authRoles | nindent 4 }}
158 | # }
159 | # server {
160 | # location /metrics/ {
161 | # proxy_pass http://localhost:4440;
162 | # proxy_set_header Host $http_host;
163 | # proxy_set_header X-Forwarded-User metrics;
164 | # proxy_set_header X-Forwarded-Roles user;
165 | # }
166 | # location / {
167 | # recursive_error_pages on;
168 | # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
169 | # proxy_set_header X-Forwarded-Proto $scheme;
170 | # proxy_set_header X-Forwarded-Roles $x_forwarded_roles;
171 | # proxy_set_header User-Agent $http_user_agent;
172 | # proxy_pass http://localhost:4440;
173 | # }
174 | # }
175 | # }
176 |
177 | # volumes made available to all containers.
178 | volumes:
179 | ""
180 | # - name: plugins
181 | # emptyDir: {}
182 |
183 | # volumeMounts to add to the rundeck container and configurable paths
184 | volumeMounts: []
185 |
186 | # initContainers can be used to download plugins or customize your rundeck installation
187 | # Plugins you on rundeck-plugins are later deployed to /mnt/plugins/libext/ during the bootstrap
188 | initContainers:
189 | ""
190 | # - name: download-plugins
191 | # image: alpine:3.8
192 | # command: [sh, -c]
193 | # args:
194 | # - wget https://github.com/rundeck-plugins/kubernetes/releases/download/1.0.16/kubernetes-plugin-1.0.16.zip -O /mnt/plugins/libext/kubernetes-plugin-1.0.16.zip
195 | # volumeMounts:
196 | # - mountPath: /mnt/plugins
197 | # name: rundeck-plugins
198 |
199 | # sideCars can run additional containers in the pod
200 | sideCars:
201 | ""
202 | # - name: cloudsql-proxy
203 | # image: gcr.io/cloudsql-docker/gce-proxy:1.17
204 | # command:
205 | # - "/cloud_sql_proxy"
206 | # - "-instances==tcp:3306"
207 | # securityContext:
208 | # runAsNonRoot: true
209 |
210 | serviceAccount:
211 | # Specifies whether a service account should be created
212 | enabled: false
213 | # Annotations to add to the service account
214 | annotations: {}
215 | # The name of the service account to use.
216 | # If not set and create is true, a name is generated using the full name template
217 | name: ""
218 |
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 0.7.1
2 |
3 | - Tweak defaults to have deterministic and reliable results with the NVD api being faulty
4 |
5 | ## 0.7.0
6 |
7 | - Use new vulnz client with more resilience, see https://github.com/jeremylong/open-vulnerability-cli/pull/279#issuecomment-2664962058
8 |
9 | ## 0.6.2
10 |
11 | - remove continue flag since it has been automated within vulnz now
12 | - fix several issues with the cache and the cache cleanup
13 |
14 | ## 0.6.0 / 0.6.1
15 |
16 | - Custom rewrite for more resilience, less memory usage and faster cache (early 7.3.0-rc1)
17 | - Using continue-feature by default (see env files) - cache per year is not re-fetched if not older then 3 days.
18 | - See https://github.com/jeremylong/Open-Vulnerability-Project/pull/259
19 | - Default cgroups max mem size back to max 2GB (can be even lower now)
20 |
21 | ## 0.5.2
22 |
23 | - Upgrade to 7.2.1
24 |
25 | ## 0.5.1
26 |
27 | - remove no longer needed JAVA_OPT param
28 |
29 | ## 0.5.0
30 |
31 | - Upgrade to 7.2.0
32 |
33 | ## 0.4.7
34 |
35 | - Further Lower max-per-page to 200 to ensure resources are not exhausted and the process actually finishes
36 |
37 | ## 0.4.6
38 |
39 | - Lower max-per-page to 500 to ensure resources are not exhausted
40 |
41 | ## 0.4.5
42 |
43 | - Add kill signal capability to the container so supervisor can handle the shutdown gracefully
44 | - Higher memory limit for the container
45 |
46 | ## 0.4.4
47 |
48 | - Leave some memory for apache
49 |
50 | ## 0.4.3
51 |
52 | - Fix resource limits being to restrictive by default, crashing the app
53 |
54 | ## 0.4.2
55 |
56 | - upgrade vulnz to 7.1.0
57 |
58 | ## 0.4.1
59 |
60 | - upgrade vulnz to 7.0.2
61 | - remove predefined JAVA_OPT settings, set default memory limit instead
62 |
63 | ## 0.4.0
64 |
65 | - adjust mounted PVC permissions to match app's user
66 |
67 | ## 0.3.2
68 |
69 | - upgrade vulnz to 7.0.1
70 |
71 | ## 0.3.1
72 |
73 | - fix vulnz image to match 7.0.0
74 |
75 | ## 0.3.0
76 |
77 | - upgrade vulnz to 7.0.0
78 |
79 | ## 0.2.1
80 |
81 | - fix OCI image version and coords
82 |
83 | ## 0.2.0
84 | - update to ghcr.io/jeremylong/open-vulnerability-data-mirror 6.2.0
85 |
86 | ## 0.1.3
87 |
88 | - Switch image back to j 6.0.1 including the cron-fix
89 | - Update TrueCharts
90 |
91 | ## 0.1.2
92 |
93 | - Update TrueCharts
94 |
95 | ## 0.1.1
96 |
97 | - Add debug flag
98 | - Change back ghcr.io/eugenmayer/vulnz
99 | - Better logging
100 |
101 | ## 0.1.0
102 |
103 | Breaking change! Please be sure to set the NVD_API_KEY using the new way since the chart was reworked.
104 |
105 | - Rework chart to base on TrueCharts.
106 | - introduce persistence for downloaded cache
107 | - Change to ghcr.io/jeremylong/open-vulnerability-data-mirror
108 |
109 | ## 0.0.3
110 |
111 | - use temp. different docker image source `ghcr.io/eugenmayer/vulnz` instead of `ghcr.io/jeremylong/vulnz` until
112 | the PR https://github.com/jeremylong/Open-Vulnerability-Project/pull/114 has been merged and the official image has
113 | been released.
114 |
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: common
3 | repository: oci://tccr.io/truecharts
4 | version: 25.4.8
5 | digest: sha256:88ffa524d01143070c03894d7077cce7cd759fb34c886ca258e30c6a18f1bee3
6 | generated: "2025-01-27T08:35:54.440159754+01:00"
7 |
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/Chart.yaml:
--------------------------------------------------------------------------------
1 | kubeVersion: ">=1.24.0-0"
2 | apiVersion: v2
3 | name: vulnz-nvd-mirror
4 | version: 0.7.1
5 | appVersion: 7.3.0
6 | description: NVD api mirror and cache
7 | home: https://github.com/EugenMayer/helm-charts/tree/main/charts/vulnz-nvd-mirror
8 | deprecated: false
9 | keywords:
10 | - network
11 | - tools
12 | - development
13 | sources:
14 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/vulnz-nvd-mirror
15 | - https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz
16 | dependencies:
17 | - name: common
18 | # https://github.com/truecharts/public/blob/master/charts/library/common/Chart.yaml
19 | version: 25.4.8
20 | repository: oci://tccr.io/truecharts
21 | condition: ""
22 | alias: ""
23 | tags: []
24 | import-values: []
25 | type: application
26 |
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/Makefile:
--------------------------------------------------------------------------------
1 | update:
2 | helm dependency update
3 |
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/README.md:
--------------------------------------------------------------------------------
1 | # WAT
2 |
3 | Chart to host a NIST mirror - see [jeremylong/Open-Vulnerability-Project/vulnz](https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz)
4 | It syncs and serves the NVD (CPE/CVE JSON) data from NIST.
5 |
6 | This cache offers the v2 API of NVD, while [nist-data-mirror](../nist-data-mirror), offers v1.
7 |
8 | On pod start, there should be an initial / direct preseed of the cache once (so you do not need to wait for the cron job)
9 |
10 | # Install
11 |
12 | ```bash
13 | helm repo add eugenmayer https://eugenmayer.github.io/helm-charts/
14 | helm install eugenmayer/vulnz-nvd-mirror
15 | ```
16 |
17 | # Configuration
18 | You can tweak the configuration. In general, you can mass any ENV var you like using the map.
19 | For example to adjust the memory usage or set any additional env var
20 |
21 | ```yaml
22 | workload:
23 | main:
24 | podSpec:
25 | containers:
26 | main:
27 | env:
28 | # show debug logs
29 | DEBUG: 1
30 | ```
31 |
32 | ### API key
33 |
34 | There is a rate limit that can be eased by creating an API key on NVDs side. To let your mirror use the API key create secret
35 | with the key `NVD_API_KEY` and your API key as the value
36 |
37 | Either add your API key as ENV value directly
38 | ```yaml
39 | workload:
40 | main:
41 | podSpec:
42 | containers:
43 | main:
44 | env:
45 | NVD_API_KEY: YOUR-API-KEY
46 | ```
47 |
48 | Or via a secret you created:
49 |
50 | ```yaml
51 | workload:
52 | main:
53 | podSpec:
54 | containers:
55 | main:
56 | env:
57 | NVD_API_KEY:
58 | secretKeyRef:
59 | name: nvd-api-key-secret-ref
60 | key: password
61 | ```
62 |
63 | Of course, you can change the secret name if you like.
64 |
65 | ### Refresh data
66 |
67 | The data is refreshed every night using a cron-job. If you want to do it manually, you connect to the container and run
68 |
69 | ```bash
70 | /mirror.sh
71 | ```
72 |
73 | ### Gradle plugin
74 |
75 | To use the API cache, configure gradle to use
76 |
77 | ```groovy
78 | dependencyCheck {
79 | nvd {
80 | validForHours = 24
81 | // Replace https://your-mirror-url.com with your ingress domain / schema
82 | // keep /nvdcve-{0}.json.gz
83 | datafeedUrl = "https://your-mirror-url.com/nvdcve-{0}.json.gz"
84 | // no need to drive a high delay since we use our own mirror
85 | delay = 10
86 | }
87 | }
88 | ```
89 | ## Chart
90 |
91 | ### Ingress
92 |
93 | See the [values.yml](values.yaml)
94 | A minimal example would be
95 | ```yaml
96 | ingress:
97 | main:
98 | enabled: true
99 | ingressClassName: "nginx"
100 | hosts:
101 | - host: vulnz-mirror.com
102 | paths:
103 | - path: /
104 | pathType: Prefix
105 | ```
106 |
107 | ### Volumes / PVC
108 |
109 | By default the cached mirror data is persistence, see persistence in [values.yml](values.yaml)
110 |
111 | ### Values
112 |
113 | Check the [values.yml](values.yaml) file
114 |
115 | # Credits
116 |
117 | All the credits to [jeremylong](https://github.com/jeremylong/Open-Vulnerability-Project/vulnz) doing the actual work.
118 | This is just the helm chart finishing :)
119 |
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/charts/common-25.4.8.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EugenMayer/helm-charts/69fbb6b596975a5e55f5891186e23e365956470d/charts/vulnz-nvd-mirror/charts/common-25.4.8.tgz
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- include "tc.v1.common.lib.chart.notes" $ -}}
2 |
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/templates/common.yaml:
--------------------------------------------------------------------------------
1 | {{ include "tc.v1.common.loader.all" . }}
2 |
--------------------------------------------------------------------------------
/charts/vulnz-nvd-mirror/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | #repository: ghcr.io/jeremylong/open-vulnerability-data-mirror
3 | #tag: v7.2.1
4 | repository: ghcr.io/eugenmayer/vulnz
5 | # see https://github.com/jeremylong/open-vulnerability-cli/pull/279#issuecomment-2664962058
6 | tag: v7.3.0-1
7 | pullPolicy: IfNotPresent
8 |
9 | persistence:
10 | mirror:
11 | enabled: true
12 | size: 1Gi
13 | mountPath: "/usr/local/apache2/htdocs"
14 |
15 | securityContext:
16 | container:
17 | runAsNonRoot: false
18 | runAsGroup: 0
19 | runAsUser: 0
20 | readOnlyRootFilesystem: false
21 | capabilities:
22 | add:
23 | # needed for supervisord to properly kill / handle sigterms
24 | - KILL
25 | pod:
26 | fsGroup: 101
27 |
28 | service:
29 | main:
30 | ports:
31 | main:
32 | port: 80
33 | targetPort: 80
34 |
35 | workload:
36 | main:
37 | replicas: 1
38 | strategy: Recreate
39 | type: Deployment
40 | podSpec:
41 | containers:
42 | main:
43 | probes:
44 | readiness:
45 | port: 80
46 | type: tcp
47 | spec:
48 | initialDelaySeconds: 10
49 | periodSeconds: 5
50 | failureThreshold: 2
51 | liveness:
52 | enabled: true
53 | type: tcp
54 | port: 80
55 | spec:
56 | initialDelaySeconds: 15
57 | periodSeconds: 5
58 | failureThreshold: 2
59 | resources:
60 | limits:
61 | memory: 2Gi
62 | env:
63 | ## go below 2000 (max) since the NVD api fails more often for bigger requests
64 | MAX_RECORDS_PER_PAGE: 1500
65 | ## go below the 119 (max) since the NVD api fails more often for bigger requests
66 | MAX_DAYS_OF_YEAR_RANGED: 90
67 | ## if it fails, retrying more then 5 times makes a lot of sense with NVD being so unreliably.
68 | MAX_MIRROR_RETRIES: 15
69 | ## set this to preseed your API key. the expected structure is
70 | #NVD_API_KEY:
71 | # secretKeyRef:
72 | # name: nvd-api-key
73 | # key: password
74 | ## amount of retries
75 | #MAX_RETRY: 10
76 | ## show debug logs
77 | #DEBUG: true
78 |
79 | ingress:
80 | main:
81 | enabled: false
82 | primary: true
83 | required: false
84 | ingressClassName: ""
85 | targetSelector:
86 | main: main
87 | hosts:
88 | - host: vulnz.local
89 | paths:
90 | - path: /
91 | pathType: Prefix
92 |
93 | portal:
94 | open:
95 | enabled: false
96 |
--------------------------------------------------------------------------------
/charts/whatsmyip/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 1.3.1
2 |
3 | - Update truecharts common base
4 |
5 | ## 1.3.0
6 |
7 | - Update docker image (go lang 1.22)
8 |
9 | ## 1.2.0
10 |
11 | - Migrate back to eugenmayer/whatsmyip
12 |
13 | ## 1.1.0
14 |
15 | - Migrate to truecharts
16 |
17 | ## 1.0.4
18 |
19 | - First public release
20 |
--------------------------------------------------------------------------------
/charts/whatsmyip/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: common
3 | repository: oci://tccr.io/truecharts
4 | version: 25.4.2
5 | digest: sha256:5c215489de7cd01ef00adf256de23189b8fb6a3e199db06369a1ac24f45b7b9e
6 | generated: "2025-01-07T10:57:21.756182239+01:00"
7 |
--------------------------------------------------------------------------------
/charts/whatsmyip/Chart.yaml:
--------------------------------------------------------------------------------
1 | name: whatsmyip
2 | description: What's my ip - as simple as that
3 | version: 1.3.1
4 | apiVersion: v2
5 | appVersion: 0.0.1
6 | keywords:
7 | - network
8 | - tools
9 | - development
10 | sources:
11 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/whatsmyip
12 | home: https://github.com/EugenMayer/helm-charts/tree/main/charts/whatsmyip
13 | dependencies:
14 | - name: common
15 | # https://github.com/truecharts/public/blob/master/charts/library/common/Chart.yaml
16 | version: 25.4.2
17 | repository: oci://tccr.io/truecharts
18 | condition: ""
19 | alias: ""
20 | tags: []
21 | import-values: []
22 | type: application
23 |
--------------------------------------------------------------------------------
/charts/whatsmyip/Makefile:
--------------------------------------------------------------------------------
1 | update:
2 | helm dependency update
3 |
--------------------------------------------------------------------------------
/charts/whatsmyip/charts/common-25.4.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EugenMayer/helm-charts/69fbb6b596975a5e55f5891186e23e365956470d/charts/whatsmyip/charts/common-25.4.2.tgz
--------------------------------------------------------------------------------
/charts/whatsmyip/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- include "tc.v1.common.lib.chart.notes" $ -}}
2 |
--------------------------------------------------------------------------------
/charts/whatsmyip/templates/common.yaml:
--------------------------------------------------------------------------------
1 | {{ include "tc.v1.common.loader.all" . }}
2 |
--------------------------------------------------------------------------------
/charts/whatsmyip/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | repository: ghcr.io/eugenmayer/whatsmyip
3 | # https://github.com/EugenMayer/whatsmyip/pkgs/container/whatsmyip
4 | tag: 0.0.1
5 | pullPolicy: IfNotPresent
6 |
7 | securityContext:
8 | container:
9 | runAsNonRoot: false
10 | runAsGroup: 0
11 | runAsUser: 0
12 | readOnlyRootFilesystem: true
13 |
14 | service:
15 | main:
16 | ports:
17 | main:
18 | port: 8080
19 | targetPort: 8080
20 |
21 | workload:
22 | main:
23 | replicas: 1
24 | strategy: Recreate
25 | type: Deployment
26 | podSpec:
27 | containers:
28 | main:
29 | probes:
30 | readiness:
31 | port: 8080
32 | type: tcp
33 | spec:
34 | initialDelaySeconds: 5
35 | periodSeconds: 5
36 | failureThreshold: 2
37 | liveness:
38 | enabled: true
39 | type: tcp
40 | port: 8080
41 | spec:
42 | initialDelaySeconds: 5
43 | periodSeconds: 5
44 | failureThreshold: 2
45 |
46 | ingress:
47 | main:
48 | enabled: false
49 | primary: true
50 | required: false
51 | ingressClassName: ""
52 | targetSelector:
53 | main: main
54 | hosts:
55 | - host: whatsmyip.local
56 | paths:
57 | - path: /
58 | pathType: Prefix
59 |
60 | portal:
61 | open:
62 | enabled: false
63 |
--------------------------------------------------------------------------------
/charts/whoami/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## 1.0.1
2 |
3 | - Update truecharts common base
4 |
5 | ## 1.0.0
6 |
7 | Initial release
8 |
--------------------------------------------------------------------------------
/charts/whoami/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: common
3 | repository: oci://tccr.io/truecharts
4 | version: 25.4.2
5 | digest: sha256:5c215489de7cd01ef00adf256de23189b8fb6a3e199db06369a1ac24f45b7b9e
6 | generated: "2025-01-07T10:57:28.084178608+01:00"
7 |
--------------------------------------------------------------------------------
/charts/whoami/Chart.yaml:
--------------------------------------------------------------------------------
1 | name: whoami
2 | description: What's my ip - as simple as that
3 | version: 1.0.2
4 | apiVersion: v2
5 | appVersion: 1.0.0
6 | keywords:
7 | - network
8 | - tools
9 | - development
10 | sources:
11 | - https://github.com/EugenMayer/helm-charts/tree/main/charts/whoami
12 | home: https://github.com/EugenMayer/helm-charts/tree/main/charts/whoami
13 | dependencies:
14 | - name: common
15 | # https://github.com/truecharts/public/blob/master/charts/library/common/Chart.yaml
16 | version: 25.4.2
17 | repository: oci://tccr.io/truecharts
18 | condition: ''
19 | alias: ''
20 | tags: []
21 | import-values: []
22 | type: application
23 |
--------------------------------------------------------------------------------
/charts/whoami/Makefile:
--------------------------------------------------------------------------------
1 | update:
2 | helm dependency update
3 |
--------------------------------------------------------------------------------
/charts/whoami/charts/common-25.4.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/EugenMayer/helm-charts/69fbb6b596975a5e55f5891186e23e365956470d/charts/whoami/charts/common-25.4.2.tgz
--------------------------------------------------------------------------------
/charts/whoami/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- include "tc.v1.common.lib.chart.notes" $ -}}
2 |
--------------------------------------------------------------------------------
/charts/whoami/templates/common.yaml:
--------------------------------------------------------------------------------
1 | {{ include "tc.v1.common.loader.all" . }}
2 |
--------------------------------------------------------------------------------
/charts/whoami/values.yaml:
--------------------------------------------------------------------------------
1 | image:
2 | repository: traefik/whoami
3 | # https://hub.docker.com/r/traefik/whoami/tags
4 | tag: v1.10
5 | pullPolicy: Always
6 |
7 | securityContext:
8 | container:
9 | runAsNonRoot: false
10 | runAsGroup: 0
11 | runAsUser: 0
12 | readOnlyRootFilesystem: true
13 |
14 | service:
15 | main:
16 | ports:
17 | main:
18 | port: 80
19 | targetPort: 80
20 |
21 | workload:
22 | main:
23 | replicas: 1
24 | strategy: Recreate
25 | type: Deployment
26 | podSpec:
27 | containers:
28 | main:
29 | probes:
30 | readiness:
31 | port: 80
32 | type: tcp
33 | spec:
34 | initialDelaySeconds: 5
35 | periodSeconds: 5
36 | failureThreshold: 2
37 | liveness:
38 | enabled: true
39 | type: tcp
40 | port: 80
41 | spec:
42 | initialDelaySeconds: 5
43 | periodSeconds: 5
44 | failureThreshold: 2
45 |
46 | ingress:
47 | main:
48 | enabled: false
49 | primary: true
50 | required: false
51 | ingressClassName: ''
52 | targetSelector:
53 | main: main
54 | hosts:
55 | - host: whoami.local
56 | paths:
57 | - path: /
58 | pathType: Prefix
59 |
60 | portal:
61 | open:
62 | enabled: false
63 |
--------------------------------------------------------------------------------
/cr.yaml:
--------------------------------------------------------------------------------
1 | owner: EugenMayer
2 | git-repo: helm-charts
3 | index-path: .
4 |
--------------------------------------------------------------------------------