Merge branch 'master' into media-common

charts/media-common-openvpn/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/media-common-openvpn/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: media-common-openvpn
+description: OpenVPN add-on for `media-common`-based charts
+type: library
+keywords:
+  - media-common
+home: https://github.com/k8s-at-home/charts/tree/master/charts/media-common-openvpn
+maintainers:
+  - name: bjw-s
+    email: bjw-s@users.noreply.github.com
+version: 1.0.0

charts/media-common-openvpn/README.md

@@ -0,0 +1,16 @@
+# Add-on chart for k8s@home media charts
+
+This chart provides a single maintainable OpenVPN add-on to the `meda-common` chart.
+
+## Configuration
+
+Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/media-common-openvpn/values.yaml) file.
+It has several commented out suggested values.
+
+These values will normally be nested as it is a dependency, for example:
+```yaml
+radarr:
+  openvpn:
+    enabled: true
+    <values>
+```

charts/media-common-openvpn/templates/_configmap.tpl

@@ -0,0 +1,24 @@
+{{/*
+The OpenVPN configmaps to be inserted
+*/}}
+{{- define "media-common.openvpn.configmap" -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "media-common.fullname" . }}-openvpn
+  labels:
+  {{- include "media-common.labels" . | nindent 4 }}
+data:
+{{- if .Values.openvpn.vpnConf }}
+  vpnConf: |-
+    {{- .Values.openvpn.vpnConf | nindent 4}}
+{{- end }}
+{{ if .Values.openvpn.scripts.up }}
+  up.sh: |-
+    {{- .Values.openvpn.scripts.up | nindent 4}}
+{{- end }}
+{{- if .Values.openvpn.scripts.down }}
+  down.sh: |-
+    {{- .Values.openvpn.scripts.down | nindent 4}}
+{{- end }}
+{{- end -}}

charts/media-common-openvpn/templates/_container.tpl

@@ -0,0 +1,50 @@
+{{/*
+The OpenVPN container(s) to be inserted
+*/}}
+{{- define "media-common.openvpn.container" -}}
+- name: openvpn
+  image: "{{ .Values.openvpn.image.repository }}:{{ .Values.openvpn.image.tag }}"
+  imagePullPolicy: {{ .Values.openvpn.image.pullPolicy }}
+  securityContext:
+    capabilities:
+      add: ["NET_ADMIN"]
+  {{- if .Values.openvpn.env }}
+  env:
+  {{- if .Values.openvpn.env }}
+  {{- range $k, $v := .Values.openvpn.env }}
+    - name: {{ $k }}
+      value: {{ $v }}
+  {{- end }}
+  {{- end }}  
+  envFrom:
+    {{- if or .Values.openvpn.auth .Values.openvpn.authSecret }}
+    - secretRef:
+      {{- if .Values.openvpn.authSecret }}
+      name: {{ .Values.openvpn.authSecret }}
+      {{- else }}
+      name: {{ template "media-common.fullname" . }}-openvpn
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  volumeMounts:
+    {{- if .Values.openvpn.vpnConf }}
+    - name: openvpnconf
+      mountPath: /vpn/vpn.conf
+      subPath: vpnConf
+    {{- end }}
+    {{- if .Values.openvpn.scripts.up }}
+    - name: openvpnconf
+      mountPath: /vpn/up.sh
+      subPath: up.sh
+    {{- end }}
+    {{- if .Values.openvpn.scripts.down }}
+    - name: openvpnconf
+      mountPath: /vpn/down.sh
+      subPath: down.sh
+    {{- end }}
+    {{- if .Values.openvpn.additionalVolumeMounts }}
+    {{- toYaml .Values.openvpn.additionalVolumeMounts | nindent 4 }}
+    {{- end }}
+  livenessProbe:
+    {{- toYaml .Values.openvpn.livenessProbe | nindent 4 }}
+{{- end -}}

charts/media-common-openvpn/templates/_networkpolicy.tpl

@@ -0,0 +1,22 @@
+{{/*
+The OpenVPN networkpolicy to be inserted
+*/}}
+{{- define "media-common.openvpn.networkpolicy" -}}
+{{- if .Values.openvpn.networkPolicy.enabled -}}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ template "media-common.fullname" . }}-deny-all-netpol
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "media-common.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  policyTypes:
+  - Egress
+  egress:
+  {{- if .Values.openvpn.networkPolicy.egress }} 
+  {{- .Values.openvpn.networkPolicy.egress | toYaml | nindent 4 }}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

charts/media-common-openvpn/templates/_secret.tpl

@@ -0,0 +1,15 @@
+{{/*
+The OpenVPN secrets to be inserted
+*/}}
+{{- define "media-common.openvpn.secret" -}}
+{{- if .Values.openvpn.auth -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "media-common.fullname" . }}-openvpn
+  labels:
+  {{- include "media-common.labels" . | nindent 4 }}
+data:
+  VPN_AUTH: {{ .Values.openvpn.auth | b64enc }}
+{{- end -}}
+{{- end -}}

charts/media-common-openvpn/templates/_volume.tpl

@@ -0,0 +1,25 @@
+{{/*
+The OpenVPN volumes to be inserted
+*/}}
+{{- define "media-common.openvpn.volume" -}}
+{{- if or .Values.openvpn.vpnConf .Values.openvpn.scripts.up .Values.openvpn.scripts.down -}}
+- name: openvpnconf
+  configMap:
+    name: {{ template "media-common.fullname" . }}-openvpn
+    items:
+      {{- if .Values.openvpn.vpnConf }}
+      - key: vpnConf
+        path: vpnConf
+      {{- end }}
+      {{- if .Values.openvpn.scripts.up }}
+      - key: up.sh
+        path: up.sh
+        mode: 0777
+      {{- end }}
+      {{- if .Values.openvpn.scripts.down }}
+      - key: down.sh
+        path: down.sh
+        mode: 0777
+      {{- end }}
+{{- end -}}
+{{- end -}}

charts/media-common-openvpn/values.yaml

@@ -0,0 +1,67 @@
+# Default values for media-common-openvpn.
+
+image:
+  repository: dperson/openvpn-client
+  tag: latest
+  pullPolicy: IfNotPresent
+
+# All variables specified here will be added to the openvpn sidecar container
+# Ref https://hub.docker.com/r/dperson/openvpn-client for all config values
+env: []
+# TZ: UTC
+
+# Provide a customized vpn.conf file to be used by openvpn.
+vpnConf:  # |-
+  # Some Example Config
+  # remote greatvpnhost.com 8888
+  # auth-user-pass
+  # Cipher AES
+
+# Provide custom up/down scripts that can be used by the vpnConf
+scripts:
+  up:  # |-
+    # #!/bin/bash
+    # echo "connected" > /shared/vpnstatus
+  down:  # |-
+    # #!/bin/bash
+    # echo "disconnected" > /shared/vpnstatus
+
+# Credentials to connect to the VPN Service (used with -a)
+auth:  # "user;password"
+# OR specify an existing secret that contains the credentials. Credentials should be stored
+# under the VPN_AUTH key
+authSecret:  # my-vpn-secret
+
+additionalVolumeMounts: []
+
+# Optionally specify a livenessProbe, e.g. to check if the connection is still
+# being protected by the VPN
+livenessProbe: {}
+# exec:
+#    command:
+#      - sh
+#      - -c
+#      - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi
+#  initialDelaySeconds: 30
+#  periodSeconds: 60
+#  failureThreshold: 1
+
+# If set to true, will deploy a network policy that blocks all outbound
+# traffic except traffic specified as allowed
+networkPolicy:
+  enabled: false
+
+  # The egress configuration for your network policy, All outbound traffic
+  # From the pod will be blocked unless specified here. Your cluster must
+  # have a CNI that supports network policies (Canal, Calico, etc...)
+  # https://kubernetes.io/docs/concepts/services-networking/network-policies/
+  # https://github.com/ahmetb/kubernetes-network-policy-recipes
+  egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 0.0.0.0/0
+    #   ports:
+    #   - port: 53
+    #     protocol: UDP
+    #   - port: 53
+    #     protocol: TCP

charts/mosquitto/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/mosquitto/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+appVersion: "1.6.12"
+description: Eclipse Mosquitto - An open source MQTT broker
+name: mosquitto
+version: 0.3.3
+keywords:
+  - message queue
+  - MQTT
+  - mosquitto
+  - eclipse-iot
+home: https://mosquitto.org/
+icon: https://mosquitto.org/images/mosquitto-text-side-28.png
+sources:
+  - https://github.com/eclipse/mosquitto
+maintainers:
+  - name: ishioni
+    email: helm@movishell.pl

charts/mosquitto/README.md

@@ -0,0 +1,46 @@
+# Mosquitto: A small MQTT broker
+
+This is a helm chart for [mosquitto](https://mosquitto.org/)
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/mosquitto
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/mosquitto
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/mosquitto/values.yaml) file. It has several commented out suggested values.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install --name my-release \
+  --set persistence.enabled=true \
+    k8s-at-home/mosquitto
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install --name my-release -f values.yaml k8s-at-home/mosquitto
+```

charts/mosquitto/templates/NOTES.txt

@@ -0,0 +1,38 @@
+** Please be patient while the chart is being deployed **
+
+Mosquitto can be accessed within the cluster on port 1883 at {{ template "mosquitto.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+
+To access for outside the cluster, perform the following steps:
+
+{{- if contains "NodePort" .Values.service.type }}
+
+Obtain the NodePort IP and ports:
+
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ template "mosquitto.fullname" . }})
+
+To Access the Mosquitto MQTT port:
+
+    echo "URL : amqp://$NODE_IP:$NODE_PORT/"
+
+{{- else if contains "LoadBalancer" .Values.service.type }}
+
+Obtain the LoadBalancer IP:
+
+NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+      Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "mosquitto.fullname" . }}'
+
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mosquitto.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+
+To Access the Moquitto port:
+
+    echo "URL : mqtt://$SERVICE_IP:1883/"
+
+{{- else if contains "ClusterIP"  .Values.service.type }}
+
+To Access the Mosquitto MQTT port:
+
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mosquitto.fullname" . }} 1883:1883
+    echo "URL : mqtt://127.0.0.1:1883/"
+
+{{- end }}

charts/mosquitto/templates/_helpers.tpl

@@ -0,0 +1,56 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mosquitto.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mosquitto.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mosquitto.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "mosquitto.labels" -}}
+app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+helm.sh/chart: {{ include "mosquitto.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "mosquitto.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "mosquitto.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/mosquitto/templates/service.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "mosquitto.fullname" . }}
+  labels:
+{{ include "mosquitto.labels" . | indent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: 1883
+      targetPort: default
+      protocol: TCP
+      name: default
+    - port: 9001
+      targetPort: websocket
+      protocol: TCP
+      name: websocket
+  selector:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/mosquitto/templates/serviceaccount.yaml

@@ -0,0 +1,8 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "mosquitto.serviceAccountName" . }}
+  labels:
+{{ include "mosquitto.labels" . | indent 4 }}
+{{- end -}}

charts/mosquitto/templates/statefullset.yaml

@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "mosquitto.fullname" . }}
+  labels:
+{{ include "mosquitto.labels" . | indent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  serviceName: {{ include "mosquitto.name" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "mosquitto.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: default
+              containerPort: 1883
+              protocol: TCP
+            - name: websocket
+              containerPort: 9001
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: configmap
+              mountPath: /mosquitto/config
+            - name: data
+              mountPath: /mosquitto/data
+      volumes:
+        - name: configmap
+          configMap:
+            name: {{ template "mosquitto.fullname" . }}
+        {{- if not .Values.persistence.enabled }}
+        - name: data
+          emptyDir: {}
+        {{- end }}
+        {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+  volumeClaimTemplates:
+  {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+  - metadata:
+      name: data
+      labels:
+        app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- if .Values.persistence.annotations }}
+      annotations:
+    {{ toYaml .Values.persistence.annotations | indent 4 }}
+    {{- end }}
+    spec:
+      accessModes: [ {{ .Values.persistence.accessMode | quote }} ]
+      resources:
+        requests:
+          storage: {{ .Values.persistence.size | quote }}
+    {{- if .Values.persistence.storageClass }}
+    {{- if (eq "-" .Values.persistence.storageClass) }}
+      storageClassName: ""
+    {{- else }}
+      storageClassName: {{ .Values.persistence.storageClass | quote }}
+    {{- end }}
+    {{- end }}
+  {{- end }}

charts/mosquitto/values.yaml

@@ -0,0 +1,76 @@
+# Default values for mosquitto.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: eclipse-mosquitto
+  tag: "{{ .Chart.AppVersion }}"
+  pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  annotations: {}
+  type: ClusterIP
+  # externalTrafficPolicy:
+  # loadBalancerIP:
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+persistence:
+  enabled: False
+  annotations: {}
+  ## mosquitto data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+  ##
+  ## If you want to reuse an existing claim, you can pass the name of the PVC using
+  ## the existingClaim variable
+  # existingClaim: mosquitto-data
+  accessMode: ReadWriteOnce
+  size: 5Gi
+
+# customConfig:

ct.yaml

@@ -4,3 +4,5 @@ chart-dirs:
 chart-repos:
   - bitnami=https://charts.bitnami.com/bitnami
   - k8s-at-home=https://k8s-at-home.com/charts
+excluded-charts:
+  - media-common-openvpn