Initial commit

Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: homey
+description: Deploy a fancy home environment!
+type: application
+version: 0.1.0
+appVersion: "1.16.0"
+
+dependencies:
+- name: kubernetes-secret-generator
+  repository: "https://helm.mittwald.de"
+  version: ">= 1.0.0"
+- name: ingress-nginx
+  repository: "https://kubernetes.github.io/ingress-nginx"
+  version: ">= 1.12.0"
+

templates/homey.yaml

@@ -0,0 +1,226 @@
+#_STORAGE______________
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: homey-pv-nfs-a
+  labels:
+    isbackup: "true"
+spec:
+  capacity:
+    storage: {{ .Values.homey.homeyStorage.backupStorageCapacity }}
+  storageClassName: standard
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Recycle
+  nfs:
+    path: /homey-backup
+    server: {{ .Values.homey.homeyStorage.ip }}
+    readOnly: false
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: homey-pvc-nfs-a
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+     requests:
+       storage: {{ .Values.homey.homeyStorage.backupStorageCapacity }}
+  storageClassName: standard
+  selector:
+    matchLabels:
+      isbackup: "true"
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: homey-pv-nfs-b
+  labels:
+    isbackup: "false"
+spec:
+  capacity:
+    storage: {{ .Values.homey.homeyStorage.nobackupStorageCapacity }}
+  storageClassName: standard
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Recycle
+  nfs:
+    path: /homey-nobackup
+    server: {{ .Values.homey.homeyStorage.ip }}
+    readOnly: false
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: homey-pvc-nfs-b
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+     requests:
+       storage: {{ .Values.homey.homeyStorage.nobackupStorageCapacity }}
+  storageClassName: standard
+  selector:
+    matchLabels:
+      isbackup: "false"
+---
+#_LDAP______
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openldap-admin
+  annotations:
+    secret-generator.v1.mittwald.de/autogenerate: password
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openldap-config
+  annotations:
+    secret-generator.v1.mittwald.de/autogenerate: password
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openldap-ro
+  annotations:
+    secret-generator.v1.mittwald.de/autogenerate: password
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: openldap
+  labels:
+    app.kubernetes.io/name: openldap
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: openldap
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: openldap
+    spec:
+      # securityContext:
+      #   fsGroup: 0
+      containers:
+        - name: openldap
+          image: osixia/openldap
+          imagePullPolicy: "Always"
+          env:
+            - name: LDAP_ORGANISATION
+              value: {{ .Values.homey.organization }}
+            - name: LDAP_DOMAIN
+              value: {{ .Values.homey.url }}
+            - name: LDAP_ADMIN_USERNAME
+              value: "admin"
+            - name: LDAP_READONLY_USER
+              value: "true"
+            - name: LDAP_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: openldap-admin
+            - name: LDAP_CONFIG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: openldap-config
+            - name: LDAP_READONLY_USER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: openldap-ro
+          ports:
+            - name: tcp-ldap
+              containerPort: 389
+            - name: ssl-ldap
+              containerPort: 636
+          volumeMounts:
+            - mountPath: /etc/ldap/slapd.d
+              subPath: openldap/etc/ldap/slapd.d
+              name: openldap-volume
+            - mountPath: /var/lib/ldap
+              subPath: openldap/var/lib/ldap
+              name: openldap-volume
+      volumes:
+      - name: openldap-volume
+        persistentVolumeClaim:
+           claimName: homey-pvc-nfs-a
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: openldap
+  labels:
+    app.kubernetes.io/name: openldap
+spec:
+  type: ClusterIP
+  ports:
+    - name: tcp-ldap
+      port: 389
+      targetPort: tcp-ldap
+    - name: ssl-ldap
+      port: 636
+      targetPort: ssl-ldap
+  selector:
+    app.kubernetes.io/name: openldap
+---
+#_PHPADMIN________
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpldapadmin
+  labels:
+    app: phpldapadmin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phpldapadmin
+  template:
+    metadata:
+      labels:
+        app: phpldapadmin
+    spec:
+      containers:
+      - env:
+        - name: PHPLDAPADMIN_HTTPS
+          value: "false"
+        - name: PHPLDAPADMIN_LDAP_HOSTS
+          value: ldap://openldap:389
+        image: osixia/phpldapadmin:0.7.1
+        name: phpldapadmin
+        ports:
+          - containerPort: 80
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: phpldapadmin
+spec:
+  ports:
+  - port: 80
+    targetPort: 80
+  selector:
+    app: phpldapadmin
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: phpldapadmin
+spec:
+  tls:
+    - hosts:
+      - phpldapadmin.{{ .Values.homey.url }}
+  rules:
+  - host: phpldapadmin.{{ .Values.homey.url }}
+    http:
+      paths:
+      - backend:
+          serviceName: phpldapadmin
+          servicePort: 80

values.yaml

@@ -0,0 +1,89 @@
+replicaCount: 1
+
+homeyNamespace: homey
+
+image:
+  repository: nginx
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: "homey-app"
+fullnameOverride: "homey-chart"
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: "homey"
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+homey:
+    organization: "Zakobar Home Server"
+    homeyStorage:
+        ip: "192.168.0.101"
+        backupStorageCapacity: 30Gi
+        nobackupStorageCapacity: 400Gi
+    url: "home.zakobar.io"
+