diff --git a/.github/workflows/sync-docs.yaml b/.github/workflows/sync-docs.yaml
new file mode 100644
index 0000000..a290a28
--- /dev/null
+++ b/.github/workflows/sync-docs.yaml
@@ -0,0 +1,53 @@
+name: Sync Helm Chart Docs to Homarr documentation Repo
+
+on:
+ push:
+ branches:
+ - dev
+
+jobs:
+ sync-docs:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout helm chart Repo
+ uses: actions/checkout@v4
+ with:
+ sparse-checkout: |
+ charts/homarr/README.md
+ sparse-checkout-cone-mode: false
+
+ - name: Checkout Homarr documentation Repo
+ uses: actions/checkout@v4
+ with:
+ repository: homarr-labs/documentation
+ path: target-repo
+ token: ${{ secrets.GITHUB_TOKEN }}
+ # TODO: Change to the main branch on stable release
+ ref: docs/version-1.0
+
+ - name: Sync Documentation
+ run: |
+ cp charts/homarr/README.md target-repo/docs/getting-started/installation/helm.md
+ cd target-repo
+ git config user.name "github-actions[bot]"
+ git config user.email "github-actions[bot]@users.noreply.github.com"
+ git add .
+ git commit -m "docs(helm): Update Helm chart documentation" || echo "No changes to commit"
+
+ - name: Create Pull Request
+ uses: peter-evans/create-pull-request@v7
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}
+ branch: update-helm-docs
+ # TODO: Change to the main branch on stable release
+ base: docs/version-1.0
+ title: Update Helm chart documentation
+ delete-branch: true
+ path: target-repo
+ team-reviewers: homarr-labs/maintainers
+ body: |
+ This PR updates the documentation file to match the latest Helm chart changes.
+ labels: |
+ helm
+ docs
diff --git a/charts/homarr/Chart.yaml b/charts/homarr/Chart.yaml
index 2abdb4f..1e646d5 100644
--- a/charts/homarr/Chart.yaml
+++ b/charts/homarr/Chart.yaml
@@ -3,9 +3,9 @@ name: homarr
description: A Helm chart to deploy homarr for Kubernetes
home: https://homarr-labs.github.io/charts/charts/homarr/
type: application
-version: 0.2.1
+version: 1.0.0
# renovate datasource=docker depName=ghcr.io/homarr-labs/homarr
-appVersion: "v1.0.0-beta.4"
+appVersion: "v1.0.0-beta.10"
icon: https://raw.githubusercontent.com/homarr-labs/charts/refs/heads/main/charts/homarr/icon.svg
kubeVersion: ">=1.22.0-0"
dependencies:
@@ -24,7 +24,7 @@ annotations:
url: https://homarr-labs.github.io/charts/pgp_keys.asc
artifacthub.io/changes: |-
- kind: changed
- description: update chart to version v1.0.0-beta.4
+ description: update app version to v1.0.0-beta.10
artifacthub.io/links: |-
- name: App Source
url: https://github.com/homarr-labs/homarr
diff --git a/charts/homarr/README.md b/charts/homarr/README.md
index 4f85cba..ae48d6c 100644
--- a/charts/homarr/README.md
+++ b/charts/homarr/README.md
@@ -2,9 +2,9 @@
-
+
-
+
A Helm chart to deploy homarr for Kubernetes
@@ -54,7 +54,7 @@ The command removes all the Kubernetes components associated with the chart **in
## 🔧 Configuration
-Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Read through the [values.yaml](https://github.com/homarr-labs/charts/blob/dev/charts/homarr/values.yaml) file. It has several commented out suggested values.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
@@ -80,12 +80,12 @@ Below is an exhaustive list of all secrets:
-| FEATURE | SECRET NAME | SECRET KEYS | Required |
-|----------|-------------------------|--------------------------------------------------------------|--------------------------------|
-| NEXT AUTH| auth-credentials-secret | auth-secret | Yes |
-| OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No |
-| LDAP | auth-ldap-secret | bind-password | No |
-| DATABASE | db-secret | db-url
mysql-root-password
mysql-password | Depends (see Database section) |
+| FEATURE | SECRET NAME | SECRET KEYS | Required |
+|-----------|-------------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------|
+| NEXT AUTH | auth-credentials-secret | auth-secret | Yes |
+| OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No |
+| LDAP | auth-ldap-secret | bind-password | No |
+| DATABASE | db-secret | db-encryption-key
db-url
mysql-root-password
mysql-password | Depends (see Database section) at least db-encryption-key is required |
@@ -113,12 +113,12 @@ You have multiple options for configuring the database:
-| DRIVER TYPE | Persistence mode |
-|---------------|---------------------------------|
-| better-sqlite3| Pod disk |
-| better-sqlite3| `homarr-database` PVC |
-| mysql2 | MySql database chart dependency |
-| mysql2 | External MySql database |
+| DRIVER TYPE | Persistence mode |
+|----------------|---------------------------------|
+| better-sqlite3 | Pod disk |
+| better-sqlite3 | `homarr-database` PVC |
+| mysql2 | MySql database chart dependency |
+| mysql2 | External MySql database |
@@ -126,6 +126,19 @@ You have multiple options for configuring the database:
No additional configuration is required. However, keep in mind that if the pod restarts, all data will be lost. This setup is not *recommended* for production use.
+To create the necessary database secret, execute the following command:
+
+
+Required Secrets
+
+````yaml
+kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='' \
+--namespace homarr
+````
+
+
+
#### PVC
To persist data, you need to enable the `homarr-database` PVC. This will store the Homarr database on a mounted volume.
@@ -143,6 +156,17 @@ kubectl create secret generic auth-credentials-secret \
+
+DB Required Secrets
+
+````yaml
+kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='' \
+--namespace homarr
+````
+
+
+
Bellow an example of the override value file :
@@ -169,6 +193,7 @@ To create the necessary database secrets, execute the following command:
````yaml
kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='' \
--from-literal=db-url='mysql://homarr:your-db-password1@homarr-mysql:3306/homarrdb' \
--from-literal=mysql-root-password='your-db-password1' \
--from-literal=mysql-password='your-db-password2' \
@@ -200,6 +225,7 @@ To create the necessary database secrets, execute the following command:
````yaml
kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='' \
--from-literal=db-url='mysql://user:password@host:port/homarrdb' \
--namespace homarr
````
@@ -266,88 +292,89 @@ All available values are listed on the [artifacthub](https://artifacthub.io/pack
## 🗃 Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| affinity | object | `{}` | Node affinity for pod scheduling |
-| autoscaling.enabled | bool | `false` | Enable autoscaling |
-| autoscaling.maxReplicas | int | `100` | Maximum replicas |
-| autoscaling.minReplicas | int | `1` | Minimum replicas |
-| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization for autoscaling |
+| Key | Type | Default | Description |
+|-----|------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| affinity | object | `{}` | Node affinity for pod scheduling |
+| autoscaling.enabled | bool | `false` | Enable autoscaling |
+| autoscaling.maxReplicas | int | `100` | Maximum replicas |
+| autoscaling.minReplicas | int | `1` | Minimum replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization for autoscaling |
| containerPorts | object | `{"http":{"port":7575,"protocol":"TCP"}}` | containerPorts defines the ports to open on the container. It is a map where each entry specifies: - `port` (int) (required): The port number to expose inside the container. - `protocol` (string) (required): The network protocol (TCP or UDP) used for the port. - `disabled` (bool) : Optional flag to disable this port (defaults to false). Can be overridden via Helm values. By default, this configuration exposes TCP port 7575 with the name `http`. |
-| database.externalDatabaseEnabled | bool | `false` | Enable external database |
-| database.migrationEnabled | bool | `true` | Database migration configuration. DB_MIGRATIONS_DISABLED Set to `true` to disable database migrations. Migrations are enabled by default (`false`). |
-| env.AUTH_LDAP_ADMIN_GROUP | string | `"admin"` | Admin group |
-| env.AUTH_LDAP_BASE | string | `nil` | Base dn of your LDAP server |
-| env.AUTH_LDAP_BIND_DN | string | `nil` | User used for finding users and groups |
-| env.AUTH_LDAP_GROUP_CLASS | string | `"groupOfUniqueNames"` | Class used for querying groups |
-| env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE | string | `"member"` | Attribute used for querying group member |
-| env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE | string | `"dn"` | User attribute used for comparing with group member |
-| env.AUTH_LDAP_OWNER_GROUP | string | `"admin"` | Owner group |
-| env.AUTH_LDAP_SEARCH_SCOPE | string | `"base"` | LDAP search scope between base, one or sub |
-| env.AUTH_LDAP_URI | string | `nil` | URI of your LDAP server |
-| env.AUTH_LDAP_USERNAME_ATTRIBUTE | string | `"uid"` | Attribute used for username |
-| env.AUTH_OIDC_ADMIN_GROUP | string | `"admin"` | Admin group |
-| env.AUTH_OIDC_CLIENT_NAME | string | `"OIDC"` | Display name of provider (in login screen) |
-| env.AUTH_OIDC_OWNER_GROUP | string | `"admin"` | Owner group |
-| env.AUTH_OIDC_SCOPE_OVERWRITE | string | `"openid email profile groups"` | Override the OIDC scopes |
-| env.AUTH_OIDC_URI | string | `nil` | URI of OIDC provider |
-| env.AUTH_PROVIDERS | string | `"credentials"` | Enabled authentication methods. Multiple providers can be enabled with by separating them with , (ex. AUTH_PROVIDERS=credentials,oidc, it is highly recommended to just enable one provider). |
-| env.DEFAULT_COLOR_SCHEME | string | `"dark"` | Colors and preferences, possible values dark / light |
-| env.TZ | string | `"Europe/Paris"` | Your local time zone |
-| envSecrets.authCredentials.authSecret | string | `"auth-secret"` | Next Auth secret key |
-| envSecrets.authCredentials.existingSecret | string | `"auth-credentials-secret"` | Name of existing secret containing Next Auth secret |
-| envSecrets.authLdapCredentials.existingSecret | string | `"auth-ldap-secret"` | Name of existing secret containing LDAP credentials |
-| envSecrets.authLdapCredentials.ldapBindingPassword | string | `"bind-password"` | Password for bind user secret key |
-| envSecrets.authOidcCredentials.existingSecret | string | `"auth-oidc-secret"` | Name of existing secret containing OIDC credentials |
-| envSecrets.authOidcCredentials.oidcClientId | string | `"oidc-client-id"` | ID of OIDC client (application) secret key |
-| envSecrets.authOidcCredentials.oidcClientSecret | string | `"oidc-client-secret"` | Secret of OIDC client (application) secret key |
-| envSecrets.dbCredentials.dbPasswordKey | string | `"mysql-root-password"` | Secret key for DB_PASSWORD |
-| envSecrets.dbCredentials.dbUrlKey | string | `"db-url"` | Secret key for DB_URL Example for internal database: `mysql://username:password@homarr-mysql:3306/homarrdb` |
-| envSecrets.dbCredentials.dbUserPasswordKey | string | `"mysql-password"` | Secret key for database user |
-| envSecrets.dbCredentials.existingSecret | string | `"db-secret"` | Name of existing secret containing DB credentials |
-| fullnameOverride | string | `""` | Overrides chart's fullname |
-| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
-| image.repository | string | `"ghcr.io/homarr-labs/homarr"` | Image repository |
-| image.tag | string | `"v1.0.0-beta.4"` | Overrides the image tag whose default is the chart appVersion |
-| imagePullSecrets | list | `[]` | Secrets for Docker registry |
-| imagesCopy.enabled | bool | `false` | Set to true to enable the init container for copying local images to the PVC. Requires homarr-images PVC to be enabled. |
-| imagesCopy.pathToLocalImages | string | `"/path-to-local-images"` | The path where local images are stored for copying to the PVC |
-| ingress.annotations | object | `{}` | Ingress annotations |
-| ingress.enabled | bool | `false` | Enable ingress |
-| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/"}]}]` | Ingress hosts configuration |
-| ingress.ingressClassName | string | `""` | Ingress class name |
-| ingress.tls | list | `[]` | Ingress TLS configuration |
-| livenessProbe.httpGet.path | string | `"/api/health/live"` | This is the liveness check endpoint used by Kubernetes to determine if the application is still running. |
-| livenessProbe.httpGet.port | int | `7575` | The port on which the liveness check will be performed. This must be the same as the container port exposed by the application. |
-| mysql | object | See [values.yaml](./values.yaml) | Enable and configure Mysql database subchart under this key. For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) |
-| nameOverride | string | `""` | Overrides chart's name |
-| nodeSelector | object | `{}` | Node selectors for pod scheduling |
-| persistence.homarrDatabase.accessMode | string | `"ReadWriteOnce"` | homarr-database access mode |
-| persistence.homarrDatabase.enabled | bool | `false` | Enable homarr-database persistent storage |
-| persistence.homarrDatabase.mountPath | string | `"/appdata/db"` | homarr-database mount path inside the pod |
-| persistence.homarrDatabase.name | string | `"homarr-database"` | homarr-database persistent storage name |
-| persistence.homarrDatabase.size | string | `"50Mi"` | homarr-database storage size |
-| persistence.homarrDatabase.storageClassName | string | `"local-path"` | homarr-database storage class name |
-| persistence.homarrImages.accessMode | string | `"ReadWriteOnce"` | homarr-images access mode |
-| persistence.homarrImages.enabled | bool | `false` | Enable homarr-images persistent storage |
-| persistence.homarrImages.mountPath | string | `"/images"` | homarr-images mount path inside the pod |
-| persistence.homarrImages.name | string | `"homarr-images"` | homarr-images persistent storage name |
-| persistence.homarrImages.size | string | `"50Mi"` | homarr-images storage size |
-| persistence.homarrImages.storageClassName | string | `"local-path"` | homarr-images storage class name |
-| podAnnotations | object | `{}` | Pod annotations |
-| podLabels | object | `{}` | Pod labels |
-| podSecurityContext | object | `{}` | Pod security context |
-| readinessProbe.httpGet.path | string | `"/api/health/ready"` | This is the readiness check endpoint used by Kubernetes to determine if the application is ready to handle traffic. |
-| readinessProbe.httpGet.port | int | `7575` | The port on which the readiness check will be performed. This must match the container's exposed port. |
-| replicaCount | int | `1` | Number of replicas |
-| resources | object | `{}` | Resource configuration |
-| securityContext | object | `{}` | Security context |
-| service.enabled | bool | `true` | Enable service |
-| service.ports.app.port | int | `7575` | Service port |
-| service.ports.app.protocol | string | `"TCP"` | Service protocol |
-| service.ports.app.targetPort | string | `"http"` | Service target port |
-| service.type | string | `"ClusterIP"` | Service type |
-| tolerations | list | `[]` | Node tolerations for pod scheduling |
+| database.externalDatabaseEnabled | bool | `false` | Enable external database |
+| database.migrationEnabled | bool | `true` | Database migration configuration. DB_MIGRATIONS_DISABLED Set to `true` to disable database migrations. Migrations are enabled by default (`false`). |
+| env.AUTH_LDAP_ADMIN_GROUP | string | `"admin"` | Admin group |
+| env.AUTH_LDAP_BASE | string | `nil` | Base dn of your LDAP server |
+| env.AUTH_LDAP_BIND_DN | string | `nil` | User used for finding users and groups |
+| env.AUTH_LDAP_GROUP_CLASS | string | `"groupOfUniqueNames"` | Class used for querying groups |
+| env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE | string | `"member"` | Attribute used for querying group member |
+| env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE | string | `"dn"` | User attribute used for comparing with group member |
+| env.AUTH_LDAP_OWNER_GROUP | string | `"admin"` | Owner group |
+| env.AUTH_LDAP_SEARCH_SCOPE | string | `"base"` | LDAP search scope between base, one or sub |
+| env.AUTH_LDAP_URI | string | `nil` | URI of your LDAP server |
+| env.AUTH_LDAP_USERNAME_ATTRIBUTE | string | `"uid"` | Attribute used for username |
+| env.AUTH_OIDC_ADMIN_GROUP | string | `"admin"` | Admin group |
+| env.AUTH_OIDC_CLIENT_NAME | string | `"OIDC"` | Display name of provider (in login screen) |
+| env.AUTH_OIDC_OWNER_GROUP | string | `"admin"` | Owner group |
+| env.AUTH_OIDC_SCOPE_OVERWRITE | string | `"openid email profile groups"` | Override the OIDC scopes |
+| env.AUTH_OIDC_URI | string | `nil` | URI of OIDC provider |
+| env.AUTH_PROVIDERS | string | `"credentials"` | Enabled authentication methods. Multiple providers can be enabled with by separating them with , (ex. AUTH_PROVIDERS=credentials,oidc, it is highly recommended to just enable one provider). |
+| env.DEFAULT_COLOR_SCHEME | string | `"dark"` | Colors and preferences, possible values dark / light |
+| env.TZ | string | `"Europe/Paris"` | Your local time zone |
+| envSecrets.authCredentials.authSecret | string | `"auth-secret"` | Next Auth secret key |
+| envSecrets.authCredentials.existingSecret | string | `"auth-credentials-secret"` | Name of existing secret containing Next Auth secret |
+| envSecrets.authLdapCredentials.existingSecret | string | `"auth-ldap-secret"` | Name of existing secret containing LDAP credentials |
+| envSecrets.authLdapCredentials.ldapBindingPassword | string | `"bind-password"` | Password for bind user secret key |
+| envSecrets.authOidcCredentials.existingSecret | string | `"auth-oidc-secret"` | Name of existing secret containing OIDC credentials |
+| envSecrets.authOidcCredentials.oidcClientId | string | `"oidc-client-id"` | ID of OIDC client (application) secret key |
+| envSecrets.authOidcCredentials.oidcClientSecret | string | `"oidc-client-secret"` | Secret of OIDC client (application) secret key |
+| envSecrets.dbCredentials.dbEncryptionKey | string | `"db-encryption-key"` | Secret key for SECRET_ENCRYPTION_KEY can be generated with `openssl rand -hex 32` |
+| envSecrets.dbCredentials.dbPasswordKey | string | `"mysql-root-password"` | Secret key for DB_PASSWORD |
+| envSecrets.dbCredentials.dbUrlKey | string | `"db-url"` | Secret key for DB_URL Example for internal database: `mysql://username:password@homarr-mysql:3306/homarrdb` |
+| envSecrets.dbCredentials.dbUserPasswordKey | string | `"mysql-password"` | Secret key for database user |
+| envSecrets.dbCredentials.existingSecret | string | `"db-secret"` | Name of existing secret containing DB credentials |
+| fullnameOverride | string | `""` | Overrides chart's fullname |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.repository | string | `"ghcr.io/homarr-labs/homarr"` | Image repository |
+| image.tag | string | `"v1.0.0-beta.10"` | Overrides the image tag whose default is the chart appVersion |
+| imagePullSecrets | list | `[]` | Secrets for Docker registry |
+| imagesCopy.enabled | bool | `false` | Set to true to enable the init container for copying local images to the PVC. Requires homarr-images PVC to be enabled. |
+| imagesCopy.pathToLocalImages | string | `"/path-to-local-images"` | The path where local images are stored for copying to the PVC |
+| ingress.annotations | object | `{}` | Ingress annotations |
+| ingress.enabled | bool | `false` | Enable ingress |
+| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/"}]}]` | Ingress hosts configuration |
+| ingress.ingressClassName | string | `""` | Ingress class name |
+| ingress.tls | list | `[]` | Ingress TLS configuration |
+| livenessProbe.httpGet.path | string | `"/api/health/live"` | This is the liveness check endpoint used by Kubernetes to determine if the application is still running. |
+| livenessProbe.httpGet.port | int | `7575` | The port on which the liveness check will be performed. This must be the same as the container port exposed by the application. |
+| mysql | object | See [values.yaml](./values.yaml) | Enable and configure Mysql database subchart under this key. For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) |
+| nameOverride | string | `""` | Overrides chart's name |
+| nodeSelector | object | `{}` | Node selectors for pod scheduling |
+| persistence.homarrDatabase.accessMode | string | `"ReadWriteOnce"` | homarr-database access mode |
+| persistence.homarrDatabase.enabled | bool | `false` | Enable homarr-database persistent storage |
+| persistence.homarrDatabase.mountPath | string | `"/appdata/db"` | homarr-database mount path inside the pod |
+| persistence.homarrDatabase.name | string | `"homarr-database"` | homarr-database persistent storage name |
+| persistence.homarrDatabase.size | string | `"50Mi"` | homarr-database storage size |
+| persistence.homarrDatabase.storageClassName | string | `"local-path"` | homarr-database storage class name |
+| persistence.homarrImages.accessMode | string | `"ReadWriteOnce"` | homarr-images access mode |
+| persistence.homarrImages.enabled | bool | `false` | Enable homarr-images persistent storage |
+| persistence.homarrImages.mountPath | string | `"/images"` | homarr-images mount path inside the pod |
+| persistence.homarrImages.name | string | `"homarr-images"` | homarr-images persistent storage name |
+| persistence.homarrImages.size | string | `"50Mi"` | homarr-images storage size |
+| persistence.homarrImages.storageClassName | string | `"local-path"` | homarr-images storage class name |
+| podAnnotations | object | `{}` | Pod annotations |
+| podLabels | object | `{}` | Pod labels |
+| podSecurityContext | object | `{}` | Pod security context |
+| readinessProbe.httpGet.path | string | `"/api/health/ready"` | This is the readiness check endpoint used by Kubernetes to determine if the application is ready to handle traffic. |
+| readinessProbe.httpGet.port | int | `7575` | The port on which the readiness check will be performed. This must match the container's exposed port. |
+| replicaCount | int | `1` | Number of replicas |
+| resources | object | `{}` | Resource configuration |
+| securityContext | object | `{}` | Security context |
+| service.enabled | bool | `true` | Enable service |
+| service.ports.app.port | int | `7575` | Service port |
+| service.ports.app.protocol | string | `"TCP"` | Service protocol |
+| service.ports.app.targetPort | string | `"http"` | Service target port |
+| service.type | string | `"ClusterIP"` | Service type |
+| tolerations | list | `[]` | Node tolerations for pod scheduling |
---
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
diff --git a/charts/homarr/README_CONFIG.md.gotmpl b/charts/homarr/README_CONFIG.md.gotmpl
index 156ed3b..6c7ef6e 100644
--- a/charts/homarr/README_CONFIG.md.gotmpl
+++ b/charts/homarr/README_CONFIG.md.gotmpl
@@ -17,12 +17,12 @@ Below is an exhaustive list of all secrets:
-| FEATURE | SECRET NAME | SECRET KEYS | Required |
-|----------|-------------------------|--------------------------------------------------------------|--------------------------------|
-| NEXT AUTH| auth-credentials-secret | auth-secret | Yes |
-| OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No |
-| LDAP | auth-ldap-secret | bind-password | No |
-| DATABASE | db-secret | db-url
mysql-root-password
mysql-password | Depends (see Database section) |
+| FEATURE | SECRET NAME | SECRET KEYS | Required |
+|-----------|-------------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------|
+| NEXT AUTH | auth-credentials-secret | auth-secret | Yes |
+| OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No |
+| LDAP | auth-ldap-secret | bind-password | No |
+| DATABASE | db-secret | db-encryption-key
db-url
mysql-root-password
mysql-password | Depends (see Database section) at least db-encryption-key is required |
@@ -51,12 +51,12 @@ You have multiple options for configuring the database:
-| DRIVER TYPE | Persistence mode |
-|---------------|---------------------------------|
-| better-sqlite3| Pod disk |
-| better-sqlite3| `homarr-database` PVC |
-| mysql2 | MySql database chart dependency |
-| mysql2 | External MySql database |
+| DRIVER TYPE | Persistence mode |
+|----------------|---------------------------------|
+| better-sqlite3 | Pod disk |
+| better-sqlite3 | `homarr-database` PVC |
+| mysql2 | MySql database chart dependency |
+| mysql2 | External MySql database |
@@ -64,6 +64,19 @@ You have multiple options for configuring the database:
No additional configuration is required. However, keep in mind that if the pod restarts, all data will be lost. This setup is not *recommended* for production use.
+To create the necessary database secret, execute the following command:
+
+
+Required Secrets
+
+````yaml
+kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='' \
+--namespace homarr
+````
+
+
+
#### PVC
To persist data, you need to enable the `homarr-database` PVC. This will store the Homarr database on a mounted volume.
@@ -81,6 +94,17 @@ kubectl create secret generic auth-credentials-secret \
+
+DB Required Secrets
+
+````yaml
+kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='' \
+--namespace homarr
+````
+
+
+
Bellow an example of the override value file :
@@ -107,6 +131,7 @@ To create the necessary database secrets, execute the following command:
````yaml
kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='' \
--from-literal=db-url='mysql://homarr:your-db-password1@homarr-mysql:3306/homarrdb' \
--from-literal=mysql-root-password='your-db-password1' \
--from-literal=mysql-password='your-db-password2' \
@@ -140,6 +165,7 @@ To create the necessary database secrets, execute the following command:
````yaml
kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='' \
--from-literal=db-url='mysql://user:password@host:port/homarrdb' \
--namespace homarr
````
diff --git a/charts/homarr/templates/homarr-dc.yaml b/charts/homarr/templates/homarr-dc.yaml
index bb8fa48..58abac2 100644
--- a/charts/homarr/templates/homarr-dc.yaml
+++ b/charts/homarr/templates/homarr-dc.yaml
@@ -136,6 +136,11 @@ spec:
name: {{ .Values.envSecrets.authOidcCredentials.existingSecret }}
key: {{ .Values.envSecrets.authOidcCredentials.oidcClientSecret }}
{{- end }}
+ - name: SECRET_ENCRYPTION_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.envSecrets.dbCredentials.existingSecret }}
+ key: {{ .Values.envSecrets.dbCredentials.dbEncryptionKey }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
diff --git a/charts/homarr/values.yaml b/charts/homarr/values.yaml
index 4434bba..f8717c3 100644
--- a/charts/homarr/values.yaml
+++ b/charts/homarr/values.yaml
@@ -10,7 +10,7 @@ image:
# -- Image pull policy
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion
- tag: "v1.0.0-beta.4"
+ tag: "v1.0.0-beta.10"
env:
# -- Your local time zone
@@ -86,6 +86,9 @@ envSecrets:
dbCredentials:
# -- Name of existing secret containing DB credentials
existingSecret: "db-secret"
+ # -- Secret key for SECRET_ENCRYPTION_KEY
+ # can be generated with `openssl rand -hex 32`
+ dbEncryptionKey: "db-encryption-key"
# -- Secret key for DB_URL
# Example for internal database: `mysql://username:password@homarr-mysql:3306/homarrdb`
dbUrlKey: "db-url"
diff --git a/development/README.md b/development/README.md
index 953cf1f..78a98a6 100644
--- a/development/README.md
+++ b/development/README.md
@@ -48,12 +48,13 @@ kubectl create namespace homarr
```bash
kubectl create secret generic auth-credentials-secret \
- --from-literal=auth-secret='mAxnWLFaQE59MauTrCTm5sUq5xf3sdG5m0eKnp2e3OU' \
+--from-literal=auth-secret='mAxnWLFaQE59MauTrCTm5sUq5xf3sdG5m0eKnp2e3OU' \
--namespace homarr
```
```bash
kubectl create secret generic db-secret \
+--from-literal=db-encryption-key='d4d0dd977c9795b988e68f115f444c40334a63a391cfb9b3a0857d2d77deff03' \
--from-literal=db-url='mysql://homarr:your-db-password@homarr-mysql:3306/homarrdb' \
--from-literal=mysql-root-password='your-db-password' \
--from-literal=mysql-password='your-db-password' \
@@ -67,25 +68,25 @@ kubectl create secret generic db-secret \
#### Internal Database
```bash
-helm install homarr ../charts/homarr/homarr-0.0.1.tgz --namespace homarr --values=internal-db/override-internal-db-local-docker-img.yaml
+helm install homarr ../charts/homarr/homarr-1.0.0.tgz --namespace homarr --values=internal-db/override-internal-db-local-docker-img.yaml
```
#### External Database
```bash
-helm install homarr ../charts/homarr/homarr-0.0.1.tgz --namespace homarr --values=external-db/override-external-db-local-docker-img.yaml
+helm install homarr ../charts/homarr/homarr-1.0.0.tgz --namespace homarr --values=external-db/override-external-db-local-docker-img.yaml
```
### Use github docker image
```bash
-helm install homarr ../charts/homarr/homarr-0.0.1.tgz --namespace homarr --values=internal-db/override-internal-db.yaml
+helm install homarr ../charts/homarr/homarr-1.0.0.tgz --namespace homarr --values=internal-db/override-internal-db.yaml
```
#### External Database
```bash
-helm install homarr ../charts/homarr/homarr-0.0.1.tgz --namespace homarr --values=external-db/override-external-db.yaml
+helm install homarr ../charts/homarr/homarr-1.0.0.tgz --namespace homarr --values=external-db/override-external-db.yaml
```
## Port forwarding Homarr
diff --git a/hack/templates/README.md.gotmpl b/hack/templates/README.md.gotmpl
index 1e43d28..a74ac44 100644
--- a/hack/templates/README.md.gotmpl
+++ b/hack/templates/README.md.gotmpl
@@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart **in
{{- end -}}
{{- define "custom.configuration.readValues" -}}
-Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Read through the [values.yaml](https://github.com/homarr-labs/charts/blob/dev/charts/homarr/values.yaml) file. It has several commented out suggested values.
{{- end -}}
{{- define "custom.configuration.example.set" -}}