truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-08 13:19:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Publish new changes in catalog

Browse Source
This commit is contained in:
sonicaj
2023-09-22 15:22:06 +00:00
parent c82c671517
commit 8f66befbd0
22 changed files with 1125 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
community/briefkasten/1.0.0/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common
version: 1.1.1
digest: sha256:a7dbe3e4d42dbcd4325776e5e01a1d630c7f185f79e7ebf22b1b9cc80f56eed7
generated: "2023-09-21T17:36:42.077526429+03:00"

25
community/briefkasten/1.0.0/Chart.yaml Normal file
View File

@@ -0,0 +1,25 @@
name: briefkasten
description: Briefkasten is a self hosted bookmarking app
annotations:
title: Briefkasten
type: application
version: 1.0.0
apiVersion: v2
appVersion: latest
kubeVersion: '>=1.16.0-0'
maintainers:
- name: truenas
url: https://www.truenas.com/
email: dev@ixsystems.com
dependencies:
- name: common
repository: file://../../../common
version: 1.1.1
home: https://github.com/ndom91/briefkasten
icon: https://docs.briefkastenhq.com/logo.svg
sources:
- https://github.com/truenas/charts/tree/master/library/ix-dev/community/briefkasten
- https://github.com/ndom91/briefkasten
- https://docs.briefkastenhq.com/
keywords:
- bookmark

11
community/briefkasten/1.0.0/README.md Normal file
View File

@@ -0,0 +1,11 @@
# Briefkasten
[Briefkasten](https://github.com/ndom91/briefkasten) is a self hosted bookmarking app
> When application is installed, a container will be launched with **root** privileges.
> This is required in order to apply the correct permissions to the `postgres` directories.
> Afterward, the `postgres` container will run as a **non**-root user (`999`).
> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
> But will only be changed once for the `postgres` data directories.

11
community/briefkasten/1.0.0/app-readme.md Normal file
View File

@@ -0,0 +1,11 @@
# Briefkasten
[Briefkasten](https://github.com/ndom91/briefkasten) is a self hosted bookmarking app
> When application is installed, a container will be launched with **root** privileges.
> This is required in order to apply the correct permissions to the `postgres` directories.
> Afterward, the `postgres` container will run as a **non**-root user (`999`).
> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
> But will only be changed once for the `postgres` data directories.

BIN
community/briefkasten/1.0.0/charts/common-1.1.1.tgz Normal file
View File

Binary file not shown.

17
community/briefkasten/1.0.0/ci/basic-values.yaml Normal file
View File

@@ -0,0 +1,17 @@
briefkastenNetwork:
webPort: 31000
briefkastenConfig:
url: http://localhost:31000
smtp:
enabled: true
server: some.smtp.server:587
from: briefkasten@example.com
briefkastenStorage:
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/pgBackup

24
community/briefkasten/1.0.0/ci/extra-values.yaml Normal file
View File

@@ -0,0 +1,24 @@
briefkastenNetwork:
webPort: 31000
briefkastenConfig:
url: http://localhost:31000
smtp:
enabled: true
server: some.smtp.server:587
from: briefkasten@example.com
briefkastenStorage:
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/pgBackup
additionalStorages:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
mountPath: /data1
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data2
mountPath: /data2

18
community/briefkasten/1.0.0/ci/hostNet-values.yaml Normal file
View File

@@ -0,0 +1,18 @@
briefkastenNetwork:
webPort: 31000
hostNetwork: true
briefkastenConfig:
url: http://localhost:31000
smtp:
enabled: true
server: some.smtp.server:587
from: briefkasten@example.com
briefkastenStorage:
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/pgBackup

73
community/briefkasten/1.0.0/ix_values.yaml Normal file
View File

@@ -0,0 +1,73 @@
image:
repository: ndom91/briefkasten
pullPolicy: IfNotPresent
# No versioned tag provided
tag: latest
resources:
limits:
cpu: 4000m
memory: 8Gi
briefkastenConfig:
url: http://localhost:30080
smtp:
enabled: false
server: ''
from: ''
github:
enabled: false
id: ''
secret: ''
google:
enabled: false
id: ''
secret: ''
keycloak:
enabled: false
name: ''
id: ''
secret: ''
issuer: ''
authentik:
enabled: false
name: ''
id: ''
secret: ''
issuer: ''
additionalEnvs: []
briefkastenNetwork:
webPort: 30080
hostNetwork: false
briefkastenStorage:
additionalStorages: []
pgData:
type: ixVolume
datasetName: pgData
pgBackup:
type: ixVolume
datasetName: pgBackup
notes:
custom: |
Default credentials:
- Username: `demo@demo.demo`
- Password: `demo`
## Database
You can connect to the database using the pgAdmin App from the catalog
<details>
<summary>Database Details</summary>
- Database: `briefkasten`
- Username: `briefkasten`
- Password: `{{ .Values.briefkastenDbPass }}`
- Host: `{{ .Values.briefkastenDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
- Port: `5432`
</details>
{{- $_ := unset .Values "briefkastenDbPass" }}
{{- $_ := unset .Values "briefkastenDbHost" }}

13
community/briefkasten/1.0.0/metadata.yaml Normal file
View File

@@ -0,0 +1,13 @@
runAsContext:
- userName: briefkasten
groupName: briefkasten
gid: 1001
uid: 1001
description: Briefkasten can runs as a non-root user.
- userName: postgres
groupName: postgres
gid: 999
uid: 999
description: Postgres runs as a non-root user.
capabilities: []
hostMounts: []

539
community/briefkasten/1.0.0/questions.yaml Normal file
View File

@@ -0,0 +1,539 @@
groups:
- name: Briefkasten Configuration
description: Configure Briefkasten
- name: Network Configuration
description: Configure Network for Briefkasten
- name: Storage Configuration
description: Configure Storage for Briefkasten
- name: Resources Configuration
description: Configure Resources for Briefkasten
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_path"
questions:
- variable: briefkastenConfig
label: ""
group: Briefkasten Configuration
schema:
type: dict
attrs:
- variable: url
label: BaseURL
description: |
The URL that Briefkasten will be accessible from.</br>
Example: </br>
http://server.ip:30080</br>
https://Briefkasten.example.com
schema:
type: uri
default: ""
required: true
- variable: smtp
label: SMTP Auth Provider
description: Configure SMTP for Briefkasten.
schema:
type: dict
attrs:
- variable: enabled
label: Enabled
description: Enable SMTP for auth.
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: server
label: SMTP Server
description: The SMTP server to use.
schema:
type: string
default: ""
required: true
- variable: from
label: SMTP From
description: The SMTP from address to use.
schema:
type: string
default: ""
required: true
- variable: github
label: GitHub Auth Provider
description: Configure GitHub for Briefkasten.
schema:
type: dict
attrs:
- variable: enabled
label: Enabled
description: Enable GitHub for auth.
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: id
label: GitHub Client ID
description: The GitHub Client ID.
schema:
type: string
default: ""
required: true
- variable: secret
label: GitHub Client Secret
description: The GitHub Client Secret.
schema:
type: string
default: ""
required: true
- variable: google
label: Google Auth Provider
description: Configure Google for Briefkasten.
schema:
type: dict
attrs:
- variable: enabled
label: Enabled
description: Enable Google for auth.
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: id
label: Google Client ID
description: The Google Client ID.
schema:
type: string
default: ""
required: true
- variable: secret
label: Google Client Secret
description: The Google Client Secret.
schema:
type: string
default: ""
required: true
- variable: keycloak
label: Keycloak Auth Provider
description: Configure Keycloak for Briefkasten.
schema:
type: dict
attrs:
- variable: enabled
label: Enabled
description: Enable Keycloak for auth.
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: name
label: Keycloak Name
description: The Keycloak Name.
schema:
type: string
default: ""
required: true
- variable: id
label: Keycloak Client ID
description: The Keycloak Client ID.
schema:
type: string
default: ""
required: true
- variable: secret
label: Keycloak Client Secret
description: The Keycloak Client Secret.
schema:
type: string
default: ""
required: true
- variable: issuer
label: Keycloak Issuer
description: The Keycloak Issuer.
schema:
type: string
default: ""
required: true
- variable: authentik
label: Authentik Auth Provider
description: Configure Authentik for Briefkasten.
schema:
type: dict
attrs:
- variable: enabled
label: Enabled
description: Enable Authentik for auth.
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: name
label: Authentik Name
description: The Authentik Name.
schema:
type: string
default: ""
required: true
- variable: id
label: Authentik Client ID
description: The Authentik Client ID.
schema:
type: string
default: ""
required: true
- variable: secret
label: Authentik Client Secret
description: The Authentik Client Secret.
schema:
type: string
default: ""
required: true
- variable: issuer
label: Authentik Issuer
description: The Authentik Issuer.
schema:
type: string
default: ""
required: true
- variable: additionalEnvs
label: Additional Environment Variables
description: Configure additional environment variables for Briefkasten.
schema:
type: list
default: []
items:
- variable: env
label: Environment Variable
schema:
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: briefkastenNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: webPort
label: Web Port
description: The port for the Briefkasten Web UI.
schema:
type: int
default: 30080
min: 9000
max: 65535
required: true
- variable: hostNetwork
label: Host Network
description: |
Bind to the host network. It's recommended to keep this disabled.</br>
schema:
type: boolean
default: false
- variable: briefkastenStorage
label: ""
group: Storage Configuration
schema:
type: dict
attrs:
- variable: avatars
label: Briefkasten Avatars Storage
description: The path to store Briefkasten Avatars.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: "ixVolume"
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: "avatars"
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: backgroundImages
label: Briefkasten Background Images Storage
description: The path to store Briefkasten Background Images.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: "ixVolume"
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: "bg-img"
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: attachments
label: Briefkasten Attachments Storage
description: The path to store Briefkasten Attachments.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: "ixVolume"
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: "attachments"
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: pgData
label: Postgres Data Storage
description: The path to store Postgres Data.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: "ixVolume"
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: "pgData"
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: pgBackup
label: Postgres Backup Storage
description: The path to store Postgres Backup.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: "ixVolume"
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: "pgBackup"
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: additionalStorages
label: Additional Storage
description: Additional storage for Briefkasten.
schema:
type: list
default: []
items:
- variable: storageEntry
label: Storage Entry
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: "ixVolume"
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- variable: mountPath
label: Mount Path
description: The path inside the container to mount the storage.
schema:
type: path
required: true
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
required: true
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
immutable: true
default: "storage_entry"
$ref:
- "normalize/ixVolume"
- variable: resources
group: Resources Configuration
label: ""
schema:
type: dict
attrs:
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: cpu
label: CPU
description: CPU limit for Briefkasten.
schema:
type: string
max_length: 6
valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
valid_chars_error: |
Valid CPU limit formats are</br>
- Plain Integer - eg. 1</br>
- Float - eg. 0.5</br>
- Milicpu - eg. 500m
default: "4000m"
required: true
- variable: memory
label: Memory
description: Memory limit for Briefkasten.
schema:
type: string
max_length: 12
valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$'
valid_chars_error: |
Valid Memory limit formats are</br>
- Suffixed with E/P/T/G/M/K - eg. 1G</br>
- Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
- Plain Integer in bytes - eg. 1024</br>
- Exponent - eg. 134e6
default: "8Gi"
required: true

1
community/briefkasten/1.0.0/templates/NOTES.txt Normal file
View File

@@ -0,0 +1 @@
{{ include "ix.v1.common.lib.chart.notes" $ }}

70
community/briefkasten/1.0.0/templates/_briefkasten.tpl Normal file
View File

@@ -0,0 +1,70 @@
{{- define "briefkasten.workload" -}}
workload:
briefkasten:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: {{ .Values.briefkastenNetwork.hostNetwork }}
containers:
briefkasten:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 1001
runAsGroup: 1001
readOnlyRootFilesystem: false
envFrom:
- secretRef:
name: briefkasten
- configMapRef:
name: briefkasten
{{ with .Values.briefkastenConfig.additionalEnvs }}
envList:
{{ range $env := . }}
- name: {{ $env.name }}
value: {{ $env.value }}
{{ end }}
{{ end }}
probes:
liveness:
enabled: true
type: http
port: {{ .Values.briefkastenNetwork.webPort }}
path: /
readiness:
enabled: true
type: http
port: {{ .Values.briefkastenNetwork.webPort }}
path: /
startup:
enabled: true
type: http
port: {{ .Values.briefkastenNetwork.webPort }}
path: /
initContainers:
{{- include "ix.v1.common.app.postgresWait" (dict "name" "01-postgres-wait"
"secretName" "postgres-creds") | nindent 8 }}
02-migrate-db:
enabled: true
type: init
imageSelector: image
securityContext:
runAsUser: 1001
runAsGroup: 1001
readOnlyRootFilesystem: false
envFrom:
- secretRef:
name: briefkasten
- configMapRef:
name: briefkasten
command:
- /bin/sh
- -c
- |
echo "Migrating database"
pnpm db:push || (echo "DB migration failed..." && exit 1)
echo "DB migration successful. Application will now start"
exit 0
{{- end -}}

77
community/briefkasten/1.0.0/templates/_configuration.tpl Normal file
View File

@@ -0,0 +1,77 @@
{{- define "briefkasten.configuration" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $secretKey := randAlphaNum 64 -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-briefkasten" $fullname)) -}}
{{- $secretKey = ((index .data "NEXTAUTH_SECRET") | b64dec) -}}
{{- end -}}
{{- $dbHost := (printf "%s-postgres" $fullname) -}}
{{- $dbUser := "briefkasten" -}}
{{- $dbName := "briefkasten" -}}
{{- $dbPass := (randAlphaNum 32) -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
{{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
{{- end -}}
{{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) -}}
{{/* Temporary set dynamic db details on values,
so we can print them on the notes */}}
{{- $_ := set .Values "briefkastenDbPass" $dbPass -}}
{{- $_ := set .Values "briefkastenDbHost" $dbHost -}}
{{- $smtp := .Values.briefkastenConfig.smtp -}}
{{- $github := .Values.briefkastenConfig.github -}}
{{- $google := .Values.briefkastenConfig.google -}}
{{- $keycloak := .Values.briefkastenConfig.keycloak -}}
{{- $authentik := .Values.briefkastenConfig.authentik }}
secret:
briefkasten:
enabled: true
data:
NEXTAUTH_SECRET: {{ $secretKey }}
DATABASE_URL: {{ $dbURL }}
{{- if $smtp.enabled }}
SMTP_SERVER: {{ $smtp.server }}
SMTP_FROM: {{ $smtp.from }}
{{- end -}}
{{- if $github.enabled }}
GITHUB_ID: {{ $github.id }}
GITHUB_SECRET: {{ $github.secret }}
{{- end -}}
{{- if $google.enabled }}
GOOGLE_ID: {{ $google.id }}
GOOGLE_SECRET: {{ $google.secret }}
{{- end -}}
{{- if $keycloak.enabled }}
KEYCLOAK_NAME: {{ $keycloak.name }}
KEYCLOAK_ID: {{ $keycloak.id }}
KEYCLOAK_SECRET: {{ $keycloak.secret }}
KEYCLOAK_ISSUER: {{ $keycloak.issuer }}
{{- end -}}
{{- if $authentik.enabled }}
AUTHENTIK_NAME: {{ $authentik.name }}
AUTHENTIK_ID: {{ $authentik.id }}
AUTHENTIK_SECRET: {{ $authentik.secret }}
AUTHENTIK_ISSUER: {{ $authentik.issuer }}
{{- end }}
postgres-creds:
enabled: true
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $dbHost }}
POSTGRES_URL: {{ $dbURL }}
configmap:
briefkasten:
enabled: true
data:
NEXTAUTH_URL: {{ .Values.briefkastenConfig.url }}
NEXTAUTH_URL_INTERNAL: http://127.0.0.1:{{ .Values.briefkastenNetwork.webPort }}
PORT: {{ .Values.briefkastenNetwork.webPort | quote }}
NODE_ENV: production
{{- end -}}

53
community/briefkasten/1.0.0/templates/_persistence.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{- define "briefkasten.persistence" -}}
persistence:
tmp:
enabled: true
type: emptyDir
targetSelector:
briefkasten:
briefkasten:
mountPath: /tmp
{{- range $idx, $storage := .Values.briefkastenStorage.additionalStorages }}
{{ printf "briefkasten-%v" (int $idx) }}:
enabled: true
type: {{ $storage.type }}
datasetName: {{ $storage.datasetName | default "" }}
hostPath: {{ $storage.hostPath | default "" }}
targetSelector:
briefkasten:
briefkasten:
mountPath: {{ $storage.mountPath }}
{{- end }}
{{/* Database */}}
postgresdata:
enabled: true
type: {{ .Values.briefkastenStorage.pgData.type }}
datasetName: {{ .Values.briefkastenStorage.pgData.datasetName | default "" }}
hostPath: {{ .Values.briefkastenStorage.pgData.hostPath | default "" }}
targetSelector:
# Postgres pod
postgres:
# Postgres container
postgres:
mountPath: /var/lib/postgresql/data
# Postgres - Permissions container
# Different than the 01-permissions
permissions:
mountPath: /mnt/directories/postgres_data
postgresbackup:
enabled: true
type: {{ .Values.briefkastenStorage.pgBackup.type }}
datasetName: {{ .Values.briefkastenStorage.pgBackup.datasetName | default "" }}
hostPath: {{ .Values.briefkastenStorage.pgBackup.hostPath | default "" }}
targetSelector:
# Postgres backup pod
postgresbackup:
# Postgres backup container
postgresbackup:
mountPath: /postgres_backup
# Postgres - Permissions container
# Different than the 01-permissions
permissions:
mountPath: /mnt/directories/postgres_backup
{{- end -}}

35
community/briefkasten/1.0.0/templates/_portal.tpl Normal file
View File

@@ -0,0 +1,35 @@
{{- define "briefkasten.portal" -}}
{{- $host := "$node_ip" -}}
{{- $port := "" -}}
{{- $protocol := "http" -}}
{{- if hasPrefix "https://" .Values.briefkastenConfig.url -}}
{{- $protocol = "https" -}}
{{- end -}}
{{- with .Values.briefkastenConfig.url -}} {{/* Trim protocol and trailing slash */}}
{{- $host = . | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/" -}}
{{- if contains ":" $host -}}
{{- $port = (split ":" $host)._1 -}}
{{- $host = (split ":" $host)._0 -}}
{{- end -}}
{{- if not $port -}}
{{- if eq $protocol "https" -}}
{{- $port = "443" -}}
{{- else -}}
{{- $port = "80" -}}
{{- end -}}
{{- end -}}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
path: "/"
port: {{ $port | quote }}
protocol: {{ $protocol }}
host: {{ $host }}
{{- end -}}

6
community/briefkasten/1.0.0/templates/_postgres.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{- define "postgres.workload" -}}
workload:
{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds"
"resources" .Values.resources
"ixChartContext" .Values.ixChartContext) | nindent 2 }}
{{- end -}}

26
community/briefkasten/1.0.0/templates/_service.tpl Normal file
View File

@@ -0,0 +1,26 @@
{{- define "briefkasten.service" -}}
service:
briefkasten:
enabled: true
primary: true
type: NodePort
targetSelector: briefkasten
ports:
webui:
enabled: true
primary: true
port: {{ .Values.briefkastenNetwork.webPort }}
nodePort: {{ .Values.briefkastenNetwork.webPort }}
targetSelector: briefkasten
postgres:
enabled: true
type: ClusterIP
targetSelector: postgres
ports:
postgres:
enabled: true
primary: true
port: 5432
targetPort: 5432
targetSelector: postgres
{{- end -}}

65
community/briefkasten/1.0.0/templates/_validation.tpl Normal file
View File

@@ -0,0 +1,65 @@
{{- define "briefkasten.validation" -}}
{{- $smtp := .Values.briefkastenConfig.smtp -}}
{{- $github := .Values.briefkastenConfig.github -}}
{{- $google := .Values.briefkastenConfig.google -}}
{{- $keycloak := .Values.briefkastenConfig.keycloak -}}
{{- $authentik := .Values.briefkastenConfig.authentik -}}
{{- $providers := (list "smtp" "github" "google" "keycloak" "authentik") -}}
{{- $found := false -}}
{{- range $p := $providers -}}
{{- $provider := get $.Values.briefkastenConfig $p -}}
{{- if $provider.enabled -}}
{{- $found = true -}}
{{- end -}}
{{- end -}}
{{- if not $found -}}
{{- fail (printf "Briefkasten - One or more auth provider [%s] must be enabled" (join ", " $providers)) -}}
{{- end -}}
{{- if $smtp.enabled -}}
{{- $required := (list "server" "from") -}}
{{- range $key := $required -}}
{{- if not (get $smtp $key) -}}
{{- fail (printf "Briefkasten - Key [%s] is required for SMTP auth provider" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $github.enabled -}}
{{- $required := (list "id" "secret") -}}
{{- range $key := $required -}}
{{- if not (get $github $key) -}}
{{- fail (printf "Briefkasten - Key [%s] is required for Github auth provider" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $google.enabled -}}
{{- $required := (list "id" "secret") -}}
{{- range $key := $required -}}
{{- if not (get $google $key) -}}
{{- fail (printf "Briefkasten - Key [%s] is required for Google auth provider" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $keycloak.enabled -}}
{{- $required := (list "name" "id" "secret" "issuer") -}}
{{- range $key := $required -}}
{{- if not (get $keycloak $key) -}}
{{- fail (printf "Briefkasten - Key [%s] is required for Keycloak auth provider" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $authentik.enabled -}}
{{- $required := (list "name" "id" "secret" "issuer") -}}
{{- range $key := $required -}}
{{- if not (get $authentik $key) -}}
{{- fail (printf "Briefkasten - Key [%s] is required for Authentik auth provider" $key) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

14
community/briefkasten/1.0.0/templates/common.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- include "ix.v1.common.loader.init" . -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "briefkasten.validation" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "briefkasten.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "briefkasten.service" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "briefkasten.persistence" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "briefkasten.configuration" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
{{/* Create the configmap for portal manually*/}}
{{- include "briefkasten.portal" $ -}}
{{- include "ix.v1.common.loader.apply" . -}}

31
community/briefkasten/1.0.0/upgrade_strategy_disable Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/python3
import json
import re
import sys
from catalog_update.upgrade_strategy import semantic_versioning
RE_STABLE_VERSION = re.compile(r'\d+\.\d+\.\d+')
def newer_mapping(image_tags):
key = list(image_tags.keys())[0]
tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)}
version = semantic_versioning(list(tags))
if not version:
return {}
return {
'tags': {key: tags[version]},
'app_version': version,
}
if __name__ == '__main__':
try:
versions_json = json.loads(sys.stdin.read())
except ValueError:
raise ValueError('Invalid json specified')
print(json.dumps(newer_mapping(versions_json)))

10
community/briefkasten/item.yaml Normal file
View File

@@ -0,0 +1,10 @@
icon_url: https://docs.briefkastenhq.com/logo.svg
categories:
- productivity
screenshots:
- https://raw.githubusercontent.com/ndom91/briefkasten/main/public/screenshot_app01.png
- https://raw.githubusercontent.com/ndom91/briefkasten/main/public/screenshot_app05.png
- https://raw.githubusercontent.com/ndom91/briefkasten/main/public/screenshot_app04.png
- https://raw.githubusercontent.com/ndom91/briefkasten/main/public/screenshot_app06.png
tags:
- bookmark