From 5fc1e13d74991b4b9b772087f5f7098a5d900b29 Mon Sep 17 00:00:00 2001 From: oussama Dahmaz Date: Tue, 31 Dec 2024 19:31:43 +0100 Subject: [PATCH] feat!(app-version): update app version to v1.0.0-beta.10 --- charts/homarr/Chart.yaml | 6 +- charts/homarr/README.md | 217 ++++++++++++++----------- charts/homarr/README_CONFIG.md.gotmpl | 50 ++++-- charts/homarr/templates/homarr-dc.yaml | 5 + charts/homarr/values.yaml | 5 +- development/README.md | 11 +- hack/templates/README.md.gotmpl | 2 +- 7 files changed, 179 insertions(+), 117 deletions(-) diff --git a/charts/homarr/Chart.yaml b/charts/homarr/Chart.yaml index 2abdb4f..1e646d5 100644 --- a/charts/homarr/Chart.yaml +++ b/charts/homarr/Chart.yaml @@ -3,9 +3,9 @@ name: homarr description: A Helm chart to deploy homarr for Kubernetes home: https://homarr-labs.github.io/charts/charts/homarr/ type: application -version: 0.2.1 +version: 1.0.0 # renovate datasource=docker depName=ghcr.io/homarr-labs/homarr -appVersion: "v1.0.0-beta.4" +appVersion: "v1.0.0-beta.10" icon: https://raw.githubusercontent.com/homarr-labs/charts/refs/heads/main/charts/homarr/icon.svg kubeVersion: ">=1.22.0-0" dependencies: @@ -24,7 +24,7 @@ annotations: url: https://homarr-labs.github.io/charts/pgp_keys.asc artifacthub.io/changes: |- - kind: changed - description: update chart to version v1.0.0-beta.4 + description: update app version to v1.0.0-beta.10 artifacthub.io/links: |- - name: App Source url: https://github.com/homarr-labs/homarr diff --git a/charts/homarr/README.md b/charts/homarr/README.md index cbb1c8a..ae48d6c 100644 --- a/charts/homarr/README.md +++ b/charts/homarr/README.md @@ -2,9 +2,9 @@ homarr logo -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat) +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) -![AppVersion: v1.0.0-beta.4](https://img.shields.io/badge/AppVersion-v1.0.0--beta.4-informational?style=flat) +![AppVersion: v1.0.0-beta.10](https://img.shields.io/badge/AppVersion-v1.0.0--beta.10-informational?style=flat) A Helm chart to deploy homarr for Kubernetes @@ -80,12 +80,12 @@ Below is an exhaustive list of all secrets:
-| FEATURE | SECRET NAME | SECRET KEYS | Required | -|----------|-------------------------|--------------------------------------------------------------|--------------------------------| -| NEXT AUTH| auth-credentials-secret | auth-secret | Yes | -| OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No | -| LDAP | auth-ldap-secret | bind-password | No | -| DATABASE | db-secret | db-url
mysql-root-password
mysql-password | Depends (see Database section) | +| FEATURE | SECRET NAME | SECRET KEYS | Required | +|-----------|-------------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------| +| NEXT AUTH | auth-credentials-secret | auth-secret | Yes | +| OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No | +| LDAP | auth-ldap-secret | bind-password | No | +| DATABASE | db-secret | db-encryption-key
db-url
mysql-root-password
mysql-password | Depends (see Database section) at least db-encryption-key is required |
@@ -113,12 +113,12 @@ You have multiple options for configuring the database:
-| DRIVER TYPE | Persistence mode | -|---------------|---------------------------------| -| better-sqlite3| Pod disk | -| better-sqlite3| `homarr-database` PVC | -| mysql2 | MySql database chart dependency | -| mysql2 | External MySql database | +| DRIVER TYPE | Persistence mode | +|----------------|---------------------------------| +| better-sqlite3 | Pod disk | +| better-sqlite3 | `homarr-database` PVC | +| mysql2 | MySql database chart dependency | +| mysql2 | External MySql database |
@@ -126,6 +126,19 @@ You have multiple options for configuring the database: No additional configuration is required. However, keep in mind that if the pod restarts, all data will be lost. This setup is not *recommended* for production use. +To create the necessary database secret, execute the following command: + +
+Required Secrets + +````yaml +kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='' \ +--namespace homarr +```` + +
+ #### PVC To persist data, you need to enable the `homarr-database` PVC. This will store the Homarr database on a mounted volume. @@ -143,6 +156,17 @@ kubectl create secret generic auth-credentials-secret \ +
+DB Required Secrets + +````yaml +kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='' \ +--namespace homarr +```` + +
+ Bellow an example of the override value file :
@@ -169,6 +193,7 @@ To create the necessary database secrets, execute the following command: ````yaml kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='' \ --from-literal=db-url='mysql://homarr:your-db-password1@homarr-mysql:3306/homarrdb' \ --from-literal=mysql-root-password='your-db-password1' \ --from-literal=mysql-password='your-db-password2' \ @@ -200,6 +225,7 @@ To create the necessary database secrets, execute the following command: ````yaml kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='' \ --from-literal=db-url='mysql://user:password@host:port/homarrdb' \ --namespace homarr ```` @@ -266,88 +292,89 @@ All available values are listed on the [artifacthub](https://artifacthub.io/pack ## 🗃 Values -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | Node affinity for pod scheduling | -| autoscaling.enabled | bool | `false` | Enable autoscaling | -| autoscaling.maxReplicas | int | `100` | Maximum replicas | -| autoscaling.minReplicas | int | `1` | Minimum replicas | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization for autoscaling | +| Key | Type | Default | Description | +|-----|------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| affinity | object | `{}` | Node affinity for pod scheduling | +| autoscaling.enabled | bool | `false` | Enable autoscaling | +| autoscaling.maxReplicas | int | `100` | Maximum replicas | +| autoscaling.minReplicas | int | `1` | Minimum replicas | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization for autoscaling | | containerPorts | object | `{"http":{"port":7575,"protocol":"TCP"}}` | containerPorts defines the ports to open on the container. It is a map where each entry specifies: - `port` (int) (required): The port number to expose inside the container. - `protocol` (string) (required): The network protocol (TCP or UDP) used for the port. - `disabled` (bool) : Optional flag to disable this port (defaults to false). Can be overridden via Helm values. By default, this configuration exposes TCP port 7575 with the name `http`. | -| database.externalDatabaseEnabled | bool | `false` | Enable external database | -| database.migrationEnabled | bool | `true` | Database migration configuration. DB_MIGRATIONS_DISABLED Set to `true` to disable database migrations. Migrations are enabled by default (`false`). | -| env.AUTH_LDAP_ADMIN_GROUP | string | `"admin"` | Admin group | -| env.AUTH_LDAP_BASE | string | `nil` | Base dn of your LDAP server | -| env.AUTH_LDAP_BIND_DN | string | `nil` | User used for finding users and groups | -| env.AUTH_LDAP_GROUP_CLASS | string | `"groupOfUniqueNames"` | Class used for querying groups | -| env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE | string | `"member"` | Attribute used for querying group member | -| env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE | string | `"dn"` | User attribute used for comparing with group member | -| env.AUTH_LDAP_OWNER_GROUP | string | `"admin"` | Owner group | -| env.AUTH_LDAP_SEARCH_SCOPE | string | `"base"` | LDAP search scope between base, one or sub | -| env.AUTH_LDAP_URI | string | `nil` | URI of your LDAP server | -| env.AUTH_LDAP_USERNAME_ATTRIBUTE | string | `"uid"` | Attribute used for username | -| env.AUTH_OIDC_ADMIN_GROUP | string | `"admin"` | Admin group | -| env.AUTH_OIDC_CLIENT_NAME | string | `"OIDC"` | Display name of provider (in login screen) | -| env.AUTH_OIDC_OWNER_GROUP | string | `"admin"` | Owner group | -| env.AUTH_OIDC_SCOPE_OVERWRITE | string | `"openid email profile groups"` | Override the OIDC scopes | -| env.AUTH_OIDC_URI | string | `nil` | URI of OIDC provider | -| env.AUTH_PROVIDERS | string | `"credentials"` | Enabled authentication methods. Multiple providers can be enabled with by separating them with , (ex. AUTH_PROVIDERS=credentials,oidc, it is highly recommended to just enable one provider). | -| env.DEFAULT_COLOR_SCHEME | string | `"dark"` | Colors and preferences, possible values dark / light | -| env.TZ | string | `"Europe/Paris"` | Your local time zone | -| envSecrets.authCredentials.authSecret | string | `"auth-secret"` | Next Auth secret key | -| envSecrets.authCredentials.existingSecret | string | `"auth-credentials-secret"` | Name of existing secret containing Next Auth secret | -| envSecrets.authLdapCredentials.existingSecret | string | `"auth-ldap-secret"` | Name of existing secret containing LDAP credentials | -| envSecrets.authLdapCredentials.ldapBindingPassword | string | `"bind-password"` | Password for bind user secret key | -| envSecrets.authOidcCredentials.existingSecret | string | `"auth-oidc-secret"` | Name of existing secret containing OIDC credentials | -| envSecrets.authOidcCredentials.oidcClientId | string | `"oidc-client-id"` | ID of OIDC client (application) secret key | -| envSecrets.authOidcCredentials.oidcClientSecret | string | `"oidc-client-secret"` | Secret of OIDC client (application) secret key | -| envSecrets.dbCredentials.dbPasswordKey | string | `"mysql-root-password"` | Secret key for DB_PASSWORD | -| envSecrets.dbCredentials.dbUrlKey | string | `"db-url"` | Secret key for DB_URL Example for internal database: `mysql://username:password@homarr-mysql:3306/homarrdb` | -| envSecrets.dbCredentials.dbUserPasswordKey | string | `"mysql-password"` | Secret key for database user | -| envSecrets.dbCredentials.existingSecret | string | `"db-secret"` | Name of existing secret containing DB credentials | -| fullnameOverride | string | `""` | Overrides chart's fullname | -| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| image.repository | string | `"ghcr.io/homarr-labs/homarr"` | Image repository | -| image.tag | string | `"v1.0.0-beta.4"` | Overrides the image tag whose default is the chart appVersion | -| imagePullSecrets | list | `[]` | Secrets for Docker registry | -| imagesCopy.enabled | bool | `false` | Set to true to enable the init container for copying local images to the PVC. Requires homarr-images PVC to be enabled. | -| imagesCopy.pathToLocalImages | string | `"/path-to-local-images"` | The path where local images are stored for copying to the PVC | -| ingress.annotations | object | `{}` | Ingress annotations | -| ingress.enabled | bool | `false` | Enable ingress | -| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/"}]}]` | Ingress hosts configuration | -| ingress.ingressClassName | string | `""` | Ingress class name | -| ingress.tls | list | `[]` | Ingress TLS configuration | -| livenessProbe.httpGet.path | string | `"/api/health/live"` | This is the liveness check endpoint used by Kubernetes to determine if the application is still running. | -| livenessProbe.httpGet.port | int | `7575` | The port on which the liveness check will be performed. This must be the same as the container port exposed by the application. | -| mysql | object | See [values.yaml](./values.yaml) | Enable and configure Mysql database subchart under this key. For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) | -| nameOverride | string | `""` | Overrides chart's name | -| nodeSelector | object | `{}` | Node selectors for pod scheduling | -| persistence.homarrDatabase.accessMode | string | `"ReadWriteOnce"` | homarr-database access mode | -| persistence.homarrDatabase.enabled | bool | `false` | Enable homarr-database persistent storage | -| persistence.homarrDatabase.mountPath | string | `"/appdata/db"` | homarr-database mount path inside the pod | -| persistence.homarrDatabase.name | string | `"homarr-database"` | homarr-database persistent storage name | -| persistence.homarrDatabase.size | string | `"50Mi"` | homarr-database storage size | -| persistence.homarrDatabase.storageClassName | string | `"local-path"` | homarr-database storage class name | -| persistence.homarrImages.accessMode | string | `"ReadWriteOnce"` | homarr-images access mode | -| persistence.homarrImages.enabled | bool | `false` | Enable homarr-images persistent storage | -| persistence.homarrImages.mountPath | string | `"/images"` | homarr-images mount path inside the pod | -| persistence.homarrImages.name | string | `"homarr-images"` | homarr-images persistent storage name | -| persistence.homarrImages.size | string | `"50Mi"` | homarr-images storage size | -| persistence.homarrImages.storageClassName | string | `"local-path"` | homarr-images storage class name | -| podAnnotations | object | `{}` | Pod annotations | -| podLabels | object | `{}` | Pod labels | -| podSecurityContext | object | `{}` | Pod security context | -| readinessProbe.httpGet.path | string | `"/api/health/ready"` | This is the readiness check endpoint used by Kubernetes to determine if the application is ready to handle traffic. | -| readinessProbe.httpGet.port | int | `7575` | The port on which the readiness check will be performed. This must match the container's exposed port. | -| replicaCount | int | `1` | Number of replicas | -| resources | object | `{}` | Resource configuration | -| securityContext | object | `{}` | Security context | -| service.enabled | bool | `true` | Enable service | -| service.ports.app.port | int | `7575` | Service port | -| service.ports.app.protocol | string | `"TCP"` | Service protocol | -| service.ports.app.targetPort | string | `"http"` | Service target port | -| service.type | string | `"ClusterIP"` | Service type | -| tolerations | list | `[]` | Node tolerations for pod scheduling | +| database.externalDatabaseEnabled | bool | `false` | Enable external database | +| database.migrationEnabled | bool | `true` | Database migration configuration. DB_MIGRATIONS_DISABLED Set to `true` to disable database migrations. Migrations are enabled by default (`false`). | +| env.AUTH_LDAP_ADMIN_GROUP | string | `"admin"` | Admin group | +| env.AUTH_LDAP_BASE | string | `nil` | Base dn of your LDAP server | +| env.AUTH_LDAP_BIND_DN | string | `nil` | User used for finding users and groups | +| env.AUTH_LDAP_GROUP_CLASS | string | `"groupOfUniqueNames"` | Class used for querying groups | +| env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE | string | `"member"` | Attribute used for querying group member | +| env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE | string | `"dn"` | User attribute used for comparing with group member | +| env.AUTH_LDAP_OWNER_GROUP | string | `"admin"` | Owner group | +| env.AUTH_LDAP_SEARCH_SCOPE | string | `"base"` | LDAP search scope between base, one or sub | +| env.AUTH_LDAP_URI | string | `nil` | URI of your LDAP server | +| env.AUTH_LDAP_USERNAME_ATTRIBUTE | string | `"uid"` | Attribute used for username | +| env.AUTH_OIDC_ADMIN_GROUP | string | `"admin"` | Admin group | +| env.AUTH_OIDC_CLIENT_NAME | string | `"OIDC"` | Display name of provider (in login screen) | +| env.AUTH_OIDC_OWNER_GROUP | string | `"admin"` | Owner group | +| env.AUTH_OIDC_SCOPE_OVERWRITE | string | `"openid email profile groups"` | Override the OIDC scopes | +| env.AUTH_OIDC_URI | string | `nil` | URI of OIDC provider | +| env.AUTH_PROVIDERS | string | `"credentials"` | Enabled authentication methods. Multiple providers can be enabled with by separating them with , (ex. AUTH_PROVIDERS=credentials,oidc, it is highly recommended to just enable one provider). | +| env.DEFAULT_COLOR_SCHEME | string | `"dark"` | Colors and preferences, possible values dark / light | +| env.TZ | string | `"Europe/Paris"` | Your local time zone | +| envSecrets.authCredentials.authSecret | string | `"auth-secret"` | Next Auth secret key | +| envSecrets.authCredentials.existingSecret | string | `"auth-credentials-secret"` | Name of existing secret containing Next Auth secret | +| envSecrets.authLdapCredentials.existingSecret | string | `"auth-ldap-secret"` | Name of existing secret containing LDAP credentials | +| envSecrets.authLdapCredentials.ldapBindingPassword | string | `"bind-password"` | Password for bind user secret key | +| envSecrets.authOidcCredentials.existingSecret | string | `"auth-oidc-secret"` | Name of existing secret containing OIDC credentials | +| envSecrets.authOidcCredentials.oidcClientId | string | `"oidc-client-id"` | ID of OIDC client (application) secret key | +| envSecrets.authOidcCredentials.oidcClientSecret | string | `"oidc-client-secret"` | Secret of OIDC client (application) secret key | +| envSecrets.dbCredentials.dbEncryptionKey | string | `"db-encryption-key"` | Secret key for SECRET_ENCRYPTION_KEY can be generated with `openssl rand -hex 32` | +| envSecrets.dbCredentials.dbPasswordKey | string | `"mysql-root-password"` | Secret key for DB_PASSWORD | +| envSecrets.dbCredentials.dbUrlKey | string | `"db-url"` | Secret key for DB_URL Example for internal database: `mysql://username:password@homarr-mysql:3306/homarrdb` | +| envSecrets.dbCredentials.dbUserPasswordKey | string | `"mysql-password"` | Secret key for database user | +| envSecrets.dbCredentials.existingSecret | string | `"db-secret"` | Name of existing secret containing DB credentials | +| fullnameOverride | string | `""` | Overrides chart's fullname | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.repository | string | `"ghcr.io/homarr-labs/homarr"` | Image repository | +| image.tag | string | `"v1.0.0-beta.10"` | Overrides the image tag whose default is the chart appVersion | +| imagePullSecrets | list | `[]` | Secrets for Docker registry | +| imagesCopy.enabled | bool | `false` | Set to true to enable the init container for copying local images to the PVC. Requires homarr-images PVC to be enabled. | +| imagesCopy.pathToLocalImages | string | `"/path-to-local-images"` | The path where local images are stored for copying to the PVC | +| ingress.annotations | object | `{}` | Ingress annotations | +| ingress.enabled | bool | `false` | Enable ingress | +| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/"}]}]` | Ingress hosts configuration | +| ingress.ingressClassName | string | `""` | Ingress class name | +| ingress.tls | list | `[]` | Ingress TLS configuration | +| livenessProbe.httpGet.path | string | `"/api/health/live"` | This is the liveness check endpoint used by Kubernetes to determine if the application is still running. | +| livenessProbe.httpGet.port | int | `7575` | The port on which the liveness check will be performed. This must be the same as the container port exposed by the application. | +| mysql | object | See [values.yaml](./values.yaml) | Enable and configure Mysql database subchart under this key. For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) | +| nameOverride | string | `""` | Overrides chart's name | +| nodeSelector | object | `{}` | Node selectors for pod scheduling | +| persistence.homarrDatabase.accessMode | string | `"ReadWriteOnce"` | homarr-database access mode | +| persistence.homarrDatabase.enabled | bool | `false` | Enable homarr-database persistent storage | +| persistence.homarrDatabase.mountPath | string | `"/appdata/db"` | homarr-database mount path inside the pod | +| persistence.homarrDatabase.name | string | `"homarr-database"` | homarr-database persistent storage name | +| persistence.homarrDatabase.size | string | `"50Mi"` | homarr-database storage size | +| persistence.homarrDatabase.storageClassName | string | `"local-path"` | homarr-database storage class name | +| persistence.homarrImages.accessMode | string | `"ReadWriteOnce"` | homarr-images access mode | +| persistence.homarrImages.enabled | bool | `false` | Enable homarr-images persistent storage | +| persistence.homarrImages.mountPath | string | `"/images"` | homarr-images mount path inside the pod | +| persistence.homarrImages.name | string | `"homarr-images"` | homarr-images persistent storage name | +| persistence.homarrImages.size | string | `"50Mi"` | homarr-images storage size | +| persistence.homarrImages.storageClassName | string | `"local-path"` | homarr-images storage class name | +| podAnnotations | object | `{}` | Pod annotations | +| podLabels | object | `{}` | Pod labels | +| podSecurityContext | object | `{}` | Pod security context | +| readinessProbe.httpGet.path | string | `"/api/health/ready"` | This is the readiness check endpoint used by Kubernetes to determine if the application is ready to handle traffic. | +| readinessProbe.httpGet.port | int | `7575` | The port on which the readiness check will be performed. This must match the container's exposed port. | +| replicaCount | int | `1` | Number of replicas | +| resources | object | `{}` | Resource configuration | +| securityContext | object | `{}` | Security context | +| service.enabled | bool | `true` | Enable service | +| service.ports.app.port | int | `7575` | Service port | +| service.ports.app.protocol | string | `"TCP"` | Service protocol | +| service.ports.app.targetPort | string | `"http"` | Service target port | +| service.type | string | `"ClusterIP"` | Service type | +| tolerations | list | `[]` | Node tolerations for pod scheduling | --- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/homarr/README_CONFIG.md.gotmpl b/charts/homarr/README_CONFIG.md.gotmpl index 156ed3b..6c7ef6e 100644 --- a/charts/homarr/README_CONFIG.md.gotmpl +++ b/charts/homarr/README_CONFIG.md.gotmpl @@ -17,12 +17,12 @@ Below is an exhaustive list of all secrets:
-| FEATURE | SECRET NAME | SECRET KEYS | Required | -|----------|-------------------------|--------------------------------------------------------------|--------------------------------| -| NEXT AUTH| auth-credentials-secret | auth-secret | Yes | -| OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No | -| LDAP | auth-ldap-secret | bind-password | No | -| DATABASE | db-secret | db-url
mysql-root-password
mysql-password | Depends (see Database section) | +| FEATURE | SECRET NAME | SECRET KEYS | Required | +|-----------|-------------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------| +| NEXT AUTH | auth-credentials-secret | auth-secret | Yes | +| OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No | +| LDAP | auth-ldap-secret | bind-password | No | +| DATABASE | db-secret | db-encryption-key
db-url
mysql-root-password
mysql-password | Depends (see Database section) at least db-encryption-key is required |
@@ -51,12 +51,12 @@ You have multiple options for configuring the database:
-| DRIVER TYPE | Persistence mode | -|---------------|---------------------------------| -| better-sqlite3| Pod disk | -| better-sqlite3| `homarr-database` PVC | -| mysql2 | MySql database chart dependency | -| mysql2 | External MySql database | +| DRIVER TYPE | Persistence mode | +|----------------|---------------------------------| +| better-sqlite3 | Pod disk | +| better-sqlite3 | `homarr-database` PVC | +| mysql2 | MySql database chart dependency | +| mysql2 | External MySql database |
@@ -64,6 +64,19 @@ You have multiple options for configuring the database: No additional configuration is required. However, keep in mind that if the pod restarts, all data will be lost. This setup is not *recommended* for production use. +To create the necessary database secret, execute the following command: + +
+Required Secrets + +````yaml +kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='' \ +--namespace homarr +```` + +
+ #### PVC To persist data, you need to enable the `homarr-database` PVC. This will store the Homarr database on a mounted volume. @@ -81,6 +94,17 @@ kubectl create secret generic auth-credentials-secret \
+
+DB Required Secrets + +````yaml +kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='' \ +--namespace homarr +```` + +
+ Bellow an example of the override value file :
@@ -107,6 +131,7 @@ To create the necessary database secrets, execute the following command: ````yaml kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='' \ --from-literal=db-url='mysql://homarr:your-db-password1@homarr-mysql:3306/homarrdb' \ --from-literal=mysql-root-password='your-db-password1' \ --from-literal=mysql-password='your-db-password2' \ @@ -140,6 +165,7 @@ To create the necessary database secrets, execute the following command: ````yaml kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='' \ --from-literal=db-url='mysql://user:password@host:port/homarrdb' \ --namespace homarr ```` diff --git a/charts/homarr/templates/homarr-dc.yaml b/charts/homarr/templates/homarr-dc.yaml index bb8fa48..58abac2 100644 --- a/charts/homarr/templates/homarr-dc.yaml +++ b/charts/homarr/templates/homarr-dc.yaml @@ -136,6 +136,11 @@ spec: name: {{ .Values.envSecrets.authOidcCredentials.existingSecret }} key: {{ .Values.envSecrets.authOidcCredentials.oidcClientSecret }} {{- end }} + - name: SECRET_ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.envSecrets.dbCredentials.existingSecret }} + key: {{ .Values.envSecrets.dbCredentials.dbEncryptionKey }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/homarr/values.yaml b/charts/homarr/values.yaml index 4434bba..f8717c3 100644 --- a/charts/homarr/values.yaml +++ b/charts/homarr/values.yaml @@ -10,7 +10,7 @@ image: # -- Image pull policy pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion - tag: "v1.0.0-beta.4" + tag: "v1.0.0-beta.10" env: # -- Your local time zone @@ -86,6 +86,9 @@ envSecrets: dbCredentials: # -- Name of existing secret containing DB credentials existingSecret: "db-secret" + # -- Secret key for SECRET_ENCRYPTION_KEY + # can be generated with `openssl rand -hex 32` + dbEncryptionKey: "db-encryption-key" # -- Secret key for DB_URL # Example for internal database: `mysql://username:password@homarr-mysql:3306/homarrdb` dbUrlKey: "db-url" diff --git a/development/README.md b/development/README.md index 953cf1f..78a98a6 100644 --- a/development/README.md +++ b/development/README.md @@ -48,12 +48,13 @@ kubectl create namespace homarr ```bash kubectl create secret generic auth-credentials-secret \ - --from-literal=auth-secret='mAxnWLFaQE59MauTrCTm5sUq5xf3sdG5m0eKnp2e3OU' \ +--from-literal=auth-secret='mAxnWLFaQE59MauTrCTm5sUq5xf3sdG5m0eKnp2e3OU' \ --namespace homarr ``` ```bash kubectl create secret generic db-secret \ +--from-literal=db-encryption-key='d4d0dd977c9795b988e68f115f444c40334a63a391cfb9b3a0857d2d77deff03' \ --from-literal=db-url='mysql://homarr:your-db-password@homarr-mysql:3306/homarrdb' \ --from-literal=mysql-root-password='your-db-password' \ --from-literal=mysql-password='your-db-password' \ @@ -67,25 +68,25 @@ kubectl create secret generic db-secret \ #### Internal Database ```bash -helm install homarr ../charts/homarr/homarr-0.0.1.tgz --namespace homarr --values=internal-db/override-internal-db-local-docker-img.yaml +helm install homarr ../charts/homarr/homarr-1.0.0.tgz --namespace homarr --values=internal-db/override-internal-db-local-docker-img.yaml ``` #### External Database ```bash -helm install homarr ../charts/homarr/homarr-0.0.1.tgz --namespace homarr --values=external-db/override-external-db-local-docker-img.yaml +helm install homarr ../charts/homarr/homarr-1.0.0.tgz --namespace homarr --values=external-db/override-external-db-local-docker-img.yaml ``` ### Use github docker image ```bash -helm install homarr ../charts/homarr/homarr-0.0.1.tgz --namespace homarr --values=internal-db/override-internal-db.yaml +helm install homarr ../charts/homarr/homarr-1.0.0.tgz --namespace homarr --values=internal-db/override-internal-db.yaml ``` #### External Database ```bash -helm install homarr ../charts/homarr/homarr-0.0.1.tgz --namespace homarr --values=external-db/override-external-db.yaml +helm install homarr ../charts/homarr/homarr-1.0.0.tgz --namespace homarr --values=external-db/override-external-db.yaml ``` ## Port forwarding Homarr diff --git a/hack/templates/README.md.gotmpl b/hack/templates/README.md.gotmpl index 1e43d28..a74ac44 100644 --- a/hack/templates/README.md.gotmpl +++ b/hack/templates/README.md.gotmpl @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart **in {{- end -}} {{- define "custom.configuration.readValues" -}} -Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values. +Read through the [values.yaml](https://github.com/homarr-labs/charts/blob/dev/charts/homarr/values.yaml) file. It has several commented out suggested values. {{- end -}} {{- define "custom.configuration.example.set" -}}