From 137a542ea68f9c1ffe0931a1de291c1d067b59b4 Mon Sep 17 00:00:00 2001 From: oussama Dahmaz Date: Thu, 2 Jan 2025 12:21:27 +0100 Subject: [PATCH 1/6] fix(sync-docs): use HOMARR_DOCS_SYNC_APP_PRIVATE_KEY token --- .github/workflows/sync-docs.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sync-docs.yaml b/.github/workflows/sync-docs.yaml index a290a28..e0ca738 100644 --- a/.github/workflows/sync-docs.yaml +++ b/.github/workflows/sync-docs.yaml @@ -35,10 +35,17 @@ jobs: git add . git commit -m "docs(helm): Update Helm chart documentation" || echo "No changes to commit" + - name: Obtain token + id: obtainToken + uses: tibdex/github-app-token@v2 + with: + private_key: ${{ secrets.HOMARR_DOCS_SYNC_APP_PRIVATE_KEY }} + app_id: ${{ vars.HOMARR_DOCS_SYNC_APP_ID }} + - name: Create Pull Request uses: peter-evans/create-pull-request@v7 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ steps.obtainToken.outputs.token }} branch: update-helm-docs # TODO: Change to the main branch on stable release base: docs/version-1.0 From 627f90443c90221b57fa1d4d0f03a08372312c3e Mon Sep 17 00:00:00 2001 From: oussama Dahmaz Date: Thu, 2 Jan 2025 12:42:57 +0100 Subject: [PATCH 2/6] fix(sync-docs): add installation_retrieval_mode and installation_retrieval_payload --- .github/workflows/sync-docs.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/sync-docs.yaml b/.github/workflows/sync-docs.yaml index e0ca738..a442c9a 100644 --- a/.github/workflows/sync-docs.yaml +++ b/.github/workflows/sync-docs.yaml @@ -41,6 +41,8 @@ jobs: with: private_key: ${{ secrets.HOMARR_DOCS_SYNC_APP_PRIVATE_KEY }} app_id: ${{ vars.HOMARR_DOCS_SYNC_APP_ID }} + installation_retrieval_mode: repository + installation_retrieval_payload: homarr-labs/documentation - name: Create Pull Request uses: peter-evans/create-pull-request@v7 From e1541d63d290ba6b352a78ab975e6a8f72c4c738 Mon Sep 17 00:00:00 2001 From: oussama Dahmaz Date: Thu, 2 Jan 2025 14:22:36 +0100 Subject: [PATCH 3/6] fix(sync-docs): remove team-reviewers and change branch --- .github/workflows/sync-docs.yaml | 3 +-- charts/homarr/README.md | 2 +- charts/homarr/values.yaml | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sync-docs.yaml b/.github/workflows/sync-docs.yaml index a442c9a..a0fefba 100644 --- a/.github/workflows/sync-docs.yaml +++ b/.github/workflows/sync-docs.yaml @@ -48,13 +48,12 @@ jobs: uses: peter-evans/create-pull-request@v7 with: token: ${{ steps.obtainToken.outputs.token }} - branch: update-helm-docs + branch: docs/update-helm-docs # TODO: Change to the main branch on stable release base: docs/version-1.0 title: Update Helm chart documentation delete-branch: true path: target-repo - team-reviewers: homarr-labs/maintainers body: | This PR updates the documentation file to match the latest Helm chart changes. labels: | diff --git a/charts/homarr/README.md b/charts/homarr/README.md index ae48d6c..7a4bd4b 100644 --- a/charts/homarr/README.md +++ b/charts/homarr/README.md @@ -346,7 +346,7 @@ All available values are listed on the [artifacthub](https://artifacthub.io/pack | ingress.tls | list | `[]` | Ingress TLS configuration | | livenessProbe.httpGet.path | string | `"/api/health/live"` | This is the liveness check endpoint used by Kubernetes to determine if the application is still running. | | livenessProbe.httpGet.port | int | `7575` | The port on which the liveness check will be performed. This must be the same as the container port exposed by the application. | -| mysql | object | See [values.yaml](./values.yaml) | Enable and configure Mysql database subchart under this key. For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) | +| mysql | object | See [values.yaml](https://github.com/homarr-labs/charts/blob/dev/charts/homarr/values.yaml) | Enable and configure Mysql database subchart under this key. For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) | | nameOverride | string | `""` | Overrides chart's name | | nodeSelector | object | `{}` | Node selectors for pod scheduling | | persistence.homarrDatabase.accessMode | string | `"ReadWriteOnce"` | homarr-database access mode | diff --git a/charts/homarr/values.yaml b/charts/homarr/values.yaml index f8717c3..f9f735d 100644 --- a/charts/homarr/values.yaml +++ b/charts/homarr/values.yaml @@ -255,7 +255,7 @@ affinity: {} # -- Enable and configure Mysql database subchart under this key. # For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) -# @default -- See [values.yaml](./values.yaml) +# @default -- See [values.yaml](https://github.com/homarr-labs/charts/blob/dev/charts/homarr/values.yaml) mysql: internal: false auth: From d88ea02b260b704365b6ddb1cd30ef19e08c2689 Mon Sep 17 00:00:00 2001 From: oussama Dahmaz Date: Thu, 2 Jan 2025 14:45:24 +0100 Subject: [PATCH 4/6] ci(sync-docs): enable AutoMerge --- .github/workflows/sync-docs.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/sync-docs.yaml b/.github/workflows/sync-docs.yaml index a0fefba..c8b8d2b 100644 --- a/.github/workflows/sync-docs.yaml +++ b/.github/workflows/sync-docs.yaml @@ -29,6 +29,7 @@ jobs: - name: Sync Documentation run: | cp charts/homarr/README.md target-repo/docs/getting-started/installation/helm.md + sed -i '1s/# Homarr/# Helm/' target-repo/docs/getting-started/installation/helm.md cd target-repo git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" @@ -46,6 +47,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@v7 + id: cpr with: token: ${{ steps.obtainToken.outputs.token }} branch: docs/update-helm-docs @@ -59,3 +61,8 @@ jobs: labels: | helm docs + + - name: Enable Pull Request Automerge + run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}" + env: + GH_TOKEN: ${{ steps.obtainToken.outputs.token }} \ No newline at end of file From e07d3c6da4938dac701793495c29036b72cfa937 Mon Sep 17 00:00:00 2001 From: oussama Dahmaz Date: Thu, 2 Jan 2025 14:50:55 +0100 Subject: [PATCH 5/6] ci(sync-docs): add documentation repo in autoMerge --- .github/workflows/sync-docs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-docs.yaml b/.github/workflows/sync-docs.yaml index c8b8d2b..9fa8533 100644 --- a/.github/workflows/sync-docs.yaml +++ b/.github/workflows/sync-docs.yaml @@ -63,6 +63,6 @@ jobs: docs - name: Enable Pull Request Automerge - run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}" + run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}" --repo https://github.com/homarr-labs/documentation env: GH_TOKEN: ${{ steps.obtainToken.outputs.token }} \ No newline at end of file From 14968c00421cb6f620ddf4763b46a942d75828d5 Mon Sep 17 00:00:00 2001 From: oussama Dahmaz Date: Thu, 2 Jan 2025 15:28:22 +0100 Subject: [PATCH 6/6] feat(env-variables): Update SSO variables --- charts/homarr/Chart.yaml | 4 +- charts/homarr/README.md | 196 +++++++++++-------------- charts/homarr/README_CONFIG.md.gotmpl | 31 ---- charts/homarr/templates/homarr-dc.yaml | 8 - charts/homarr/values.yaml | 34 ++--- development/README.md | 6 - 6 files changed, 101 insertions(+), 178 deletions(-) diff --git a/charts/homarr/Chart.yaml b/charts/homarr/Chart.yaml index 1e646d5..0b368b1 100644 --- a/charts/homarr/Chart.yaml +++ b/charts/homarr/Chart.yaml @@ -3,7 +3,7 @@ name: homarr description: A Helm chart to deploy homarr for Kubernetes home: https://homarr-labs.github.io/charts/charts/homarr/ type: application -version: 1.0.0 +version: 1.1.0 # renovate datasource=docker depName=ghcr.io/homarr-labs/homarr appVersion: "v1.0.0-beta.10" icon: https://raw.githubusercontent.com/homarr-labs/charts/refs/heads/main/charts/homarr/icon.svg @@ -24,7 +24,7 @@ annotations: url: https://homarr-labs.github.io/charts/pgp_keys.asc artifacthub.io/changes: |- - kind: changed - description: update app version to v1.0.0-beta.10 + description: update SSO env variables artifacthub.io/links: |- - name: App Source url: https://github.com/homarr-labs/homarr diff --git a/charts/homarr/README.md b/charts/homarr/README.md index 7a4bd4b..c75a776 100644 --- a/charts/homarr/README.md +++ b/charts/homarr/README.md @@ -2,7 +2,7 @@ homarr logo -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: v1.0.0-beta.10](https://img.shields.io/badge/AppVersion-v1.0.0--beta.10-informational?style=flat) @@ -82,31 +82,12 @@ Below is an exhaustive list of all secrets: | FEATURE | SECRET NAME | SECRET KEYS | Required | |-----------|-------------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------| -| NEXT AUTH | auth-credentials-secret | auth-secret | Yes | | OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No | | LDAP | auth-ldap-secret | bind-password | No | | DATABASE | db-secret | db-encryption-key
db-url
mysql-root-password
mysql-password | Depends (see Database section) at least db-encryption-key is required | -Example: Creating and Applying NEXT AUTH Secret - -To generate the NEXT AUTH secret, use the following command: - -```bash -openssl rand -base64 32 -``` - -You can apply the generated secret with: - -```bash -kubectl create secret generic auth-credentials-secret \ - --from-literal=auth-secret='' \ ---namespace homarr -``` - -For further information see [next-auth-secret](https://next-auth.js.org/configuration/options#secret) - ### 🗃️ Database You have multiple options for configuring the database: @@ -145,17 +126,6 @@ To persist data, you need to enable the `homarr-database` PVC. This will store t Associated secret to create : -
-Next Auth secret - -````yaml -kubectl create secret generic auth-credentials-secret \ - --from-literal=auth-secret='' \ ---namespace homarr -```` - -
-
DB Required Secrets @@ -292,89 +262,89 @@ All available values are listed on the [artifacthub](https://artifacthub.io/pack ## 🗃 Values -| Key | Type | Default | Description | -|-----|------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| affinity | object | `{}` | Node affinity for pod scheduling | -| autoscaling.enabled | bool | `false` | Enable autoscaling | -| autoscaling.maxReplicas | int | `100` | Maximum replicas | -| autoscaling.minReplicas | int | `1` | Minimum replicas | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization for autoscaling | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Node affinity for pod scheduling | +| autoscaling.enabled | bool | `false` | Enable autoscaling | +| autoscaling.maxReplicas | int | `100` | Maximum replicas | +| autoscaling.minReplicas | int | `1` | Minimum replicas | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization for autoscaling | | containerPorts | object | `{"http":{"port":7575,"protocol":"TCP"}}` | containerPorts defines the ports to open on the container. It is a map where each entry specifies: - `port` (int) (required): The port number to expose inside the container. - `protocol` (string) (required): The network protocol (TCP or UDP) used for the port. - `disabled` (bool) : Optional flag to disable this port (defaults to false). Can be overridden via Helm values. By default, this configuration exposes TCP port 7575 with the name `http`. | -| database.externalDatabaseEnabled | bool | `false` | Enable external database | -| database.migrationEnabled | bool | `true` | Database migration configuration. DB_MIGRATIONS_DISABLED Set to `true` to disable database migrations. Migrations are enabled by default (`false`). | -| env.AUTH_LDAP_ADMIN_GROUP | string | `"admin"` | Admin group | -| env.AUTH_LDAP_BASE | string | `nil` | Base dn of your LDAP server | -| env.AUTH_LDAP_BIND_DN | string | `nil` | User used for finding users and groups | -| env.AUTH_LDAP_GROUP_CLASS | string | `"groupOfUniqueNames"` | Class used for querying groups | -| env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE | string | `"member"` | Attribute used for querying group member | -| env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE | string | `"dn"` | User attribute used for comparing with group member | -| env.AUTH_LDAP_OWNER_GROUP | string | `"admin"` | Owner group | -| env.AUTH_LDAP_SEARCH_SCOPE | string | `"base"` | LDAP search scope between base, one or sub | -| env.AUTH_LDAP_URI | string | `nil` | URI of your LDAP server | -| env.AUTH_LDAP_USERNAME_ATTRIBUTE | string | `"uid"` | Attribute used for username | -| env.AUTH_OIDC_ADMIN_GROUP | string | `"admin"` | Admin group | -| env.AUTH_OIDC_CLIENT_NAME | string | `"OIDC"` | Display name of provider (in login screen) | -| env.AUTH_OIDC_OWNER_GROUP | string | `"admin"` | Owner group | -| env.AUTH_OIDC_SCOPE_OVERWRITE | string | `"openid email profile groups"` | Override the OIDC scopes | -| env.AUTH_OIDC_URI | string | `nil` | URI of OIDC provider | -| env.AUTH_PROVIDERS | string | `"credentials"` | Enabled authentication methods. Multiple providers can be enabled with by separating them with , (ex. AUTH_PROVIDERS=credentials,oidc, it is highly recommended to just enable one provider). | -| env.DEFAULT_COLOR_SCHEME | string | `"dark"` | Colors and preferences, possible values dark / light | -| env.TZ | string | `"Europe/Paris"` | Your local time zone | -| envSecrets.authCredentials.authSecret | string | `"auth-secret"` | Next Auth secret key | -| envSecrets.authCredentials.existingSecret | string | `"auth-credentials-secret"` | Name of existing secret containing Next Auth secret | -| envSecrets.authLdapCredentials.existingSecret | string | `"auth-ldap-secret"` | Name of existing secret containing LDAP credentials | -| envSecrets.authLdapCredentials.ldapBindingPassword | string | `"bind-password"` | Password for bind user secret key | -| envSecrets.authOidcCredentials.existingSecret | string | `"auth-oidc-secret"` | Name of existing secret containing OIDC credentials | -| envSecrets.authOidcCredentials.oidcClientId | string | `"oidc-client-id"` | ID of OIDC client (application) secret key | -| envSecrets.authOidcCredentials.oidcClientSecret | string | `"oidc-client-secret"` | Secret of OIDC client (application) secret key | -| envSecrets.dbCredentials.dbEncryptionKey | string | `"db-encryption-key"` | Secret key for SECRET_ENCRYPTION_KEY can be generated with `openssl rand -hex 32` | -| envSecrets.dbCredentials.dbPasswordKey | string | `"mysql-root-password"` | Secret key for DB_PASSWORD | -| envSecrets.dbCredentials.dbUrlKey | string | `"db-url"` | Secret key for DB_URL Example for internal database: `mysql://username:password@homarr-mysql:3306/homarrdb` | -| envSecrets.dbCredentials.dbUserPasswordKey | string | `"mysql-password"` | Secret key for database user | -| envSecrets.dbCredentials.existingSecret | string | `"db-secret"` | Name of existing secret containing DB credentials | -| fullnameOverride | string | `""` | Overrides chart's fullname | -| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| image.repository | string | `"ghcr.io/homarr-labs/homarr"` | Image repository | -| image.tag | string | `"v1.0.0-beta.10"` | Overrides the image tag whose default is the chart appVersion | -| imagePullSecrets | list | `[]` | Secrets for Docker registry | -| imagesCopy.enabled | bool | `false` | Set to true to enable the init container for copying local images to the PVC. Requires homarr-images PVC to be enabled. | -| imagesCopy.pathToLocalImages | string | `"/path-to-local-images"` | The path where local images are stored for copying to the PVC | -| ingress.annotations | object | `{}` | Ingress annotations | -| ingress.enabled | bool | `false` | Enable ingress | -| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/"}]}]` | Ingress hosts configuration | -| ingress.ingressClassName | string | `""` | Ingress class name | -| ingress.tls | list | `[]` | Ingress TLS configuration | -| livenessProbe.httpGet.path | string | `"/api/health/live"` | This is the liveness check endpoint used by Kubernetes to determine if the application is still running. | -| livenessProbe.httpGet.port | int | `7575` | The port on which the liveness check will be performed. This must be the same as the container port exposed by the application. | -| mysql | object | See [values.yaml](https://github.com/homarr-labs/charts/blob/dev/charts/homarr/values.yaml) | Enable and configure Mysql database subchart under this key. For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) | -| nameOverride | string | `""` | Overrides chart's name | -| nodeSelector | object | `{}` | Node selectors for pod scheduling | -| persistence.homarrDatabase.accessMode | string | `"ReadWriteOnce"` | homarr-database access mode | -| persistence.homarrDatabase.enabled | bool | `false` | Enable homarr-database persistent storage | -| persistence.homarrDatabase.mountPath | string | `"/appdata/db"` | homarr-database mount path inside the pod | -| persistence.homarrDatabase.name | string | `"homarr-database"` | homarr-database persistent storage name | -| persistence.homarrDatabase.size | string | `"50Mi"` | homarr-database storage size | -| persistence.homarrDatabase.storageClassName | string | `"local-path"` | homarr-database storage class name | -| persistence.homarrImages.accessMode | string | `"ReadWriteOnce"` | homarr-images access mode | -| persistence.homarrImages.enabled | bool | `false` | Enable homarr-images persistent storage | -| persistence.homarrImages.mountPath | string | `"/images"` | homarr-images mount path inside the pod | -| persistence.homarrImages.name | string | `"homarr-images"` | homarr-images persistent storage name | -| persistence.homarrImages.size | string | `"50Mi"` | homarr-images storage size | -| persistence.homarrImages.storageClassName | string | `"local-path"` | homarr-images storage class name | -| podAnnotations | object | `{}` | Pod annotations | -| podLabels | object | `{}` | Pod labels | -| podSecurityContext | object | `{}` | Pod security context | -| readinessProbe.httpGet.path | string | `"/api/health/ready"` | This is the readiness check endpoint used by Kubernetes to determine if the application is ready to handle traffic. | -| readinessProbe.httpGet.port | int | `7575` | The port on which the readiness check will be performed. This must match the container's exposed port. | -| replicaCount | int | `1` | Number of replicas | -| resources | object | `{}` | Resource configuration | -| securityContext | object | `{}` | Security context | -| service.enabled | bool | `true` | Enable service | -| service.ports.app.port | int | `7575` | Service port | -| service.ports.app.protocol | string | `"TCP"` | Service protocol | -| service.ports.app.targetPort | string | `"http"` | Service target port | -| service.type | string | `"ClusterIP"` | Service type | -| tolerations | list | `[]` | Node tolerations for pod scheduling | +| database.externalDatabaseEnabled | bool | `false` | Enable external database | +| database.migrationEnabled | bool | `true` | Database migration configuration. DB_MIGRATIONS_DISABLED Set to `true` to disable database migrations. Migrations are enabled by default (`false`). | +| env.AUTH_LDAP_BASE | string | `nil` | Base dn of your LDAP server | +| env.AUTH_LDAP_BIND_DN | string | `nil` | User used for finding users and groups | +| env.AUTH_LDAP_GROUP_CLASS | string | `"groupOfUniqueNames"` | Class used for querying groups | +| env.AUTH_LDAP_GROUP_FILTER_EXTRA_ARG | string | `nil` | Extra arguments for user's groups search filter (& based) | +| env.AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE | string | `"member"` | Attribute used for querying group member | +| env.AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE | string | `"dn"` | User attribute used for comparing with group member | +| env.AUTH_LDAP_SEARCH_SCOPE | string | `"base"` | LDAP search scope between base, one or sub | +| env.AUTH_LDAP_URI | string | `nil` | URI of your LDAP server | +| env.AUTH_LDAP_USERNAME_ATTRIBUTE | string | `"uid"` | Attribute used for username | +| env.AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG | string | `nil` | Extra arguments for user search filter (& based) | +| env.AUTH_LDAP_USER_MAIL_ATTRIBUTE | string | `"mail"` | Attribute used for mail field | +| env.AUTH_LOGOUT_REDIRECT_URL | string | `nil` | URL to redirect to after clicking logging out. | +| env.AUTH_OIDC_AUTO_LOGIN | string | `"false"` | Automatically redirect to OIDC login | +| env.AUTH_OIDC_CLIENT_NAME | string | `"OIDC"` | Display name of provider (in login screen) | +| env.AUTH_OIDC_GROUPS_ATTRIBUTE | string | `"groups"` | Attribute used for groups (roles) claim | +| env.AUTH_OIDC_ISSUER | string | `nil` | Issuer URI of OIDC provider without trailing slash (/) | +| env.AUTH_OIDC_SCOPE_OVERWRITE | string | `"openid email profile groups"` | Override the OIDC scopes | +| env.AUTH_PROVIDERS | string | `"credentials"` | Enabled authentication methods. Multiple providers can be enabled with by separating them with , (ex. AUTH_PROVIDERS=credentials,oidc, it is highly recommended to just enable one provider). | +| env.AUTH_SESSION_EXPIRY_TIME | string | `"30d"` | Time for the session to time out. Can be set as pure number, which will automatically be used in seconds, or followed by s, m, h or d for seconds, minutes, hours or days. (ex: "30m") | +| env.TZ | string | `"Europe/Paris"` | Your local time zone | +| envSecrets.authLdapCredentials.existingSecret | string | `"auth-ldap-secret"` | Name of existing secret containing LDAP credentials | +| envSecrets.authLdapCredentials.ldapBindingPassword | string | `"bind-password"` | Password for bind user secret key | +| envSecrets.authOidcCredentials.existingSecret | string | `"auth-oidc-secret"` | Name of existing secret containing OIDC credentials | +| envSecrets.authOidcCredentials.oidcClientId | string | `"oidc-client-id"` | ID of OIDC client (application) secret key | +| envSecrets.authOidcCredentials.oidcClientSecret | string | `"oidc-client-secret"` | Secret of OIDC client (application) secret key | +| envSecrets.dbCredentials.dbEncryptionKey | string | `"db-encryption-key"` | Secret key for SECRET_ENCRYPTION_KEY can be generated with `openssl rand -hex 32` | +| envSecrets.dbCredentials.dbPasswordKey | string | `"mysql-root-password"` | Secret key for DB_PASSWORD | +| envSecrets.dbCredentials.dbUrlKey | string | `"db-url"` | Secret key for DB_URL Example for internal database: `mysql://username:password@homarr-mysql:3306/homarrdb` | +| envSecrets.dbCredentials.dbUserPasswordKey | string | `"mysql-password"` | Secret key for database user | +| envSecrets.dbCredentials.existingSecret | string | `"db-secret"` | Name of existing secret containing DB credentials | +| fullnameOverride | string | `""` | Overrides chart's fullname | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.repository | string | `"ghcr.io/homarr-labs/homarr"` | Image repository | +| image.tag | string | `"v1.0.0-beta.10"` | Overrides the image tag whose default is the chart appVersion | +| imagePullSecrets | list | `[]` | Secrets for Docker registry | +| imagesCopy.enabled | bool | `false` | Set to true to enable the init container for copying local images to the PVC. Requires homarr-images PVC to be enabled. | +| imagesCopy.pathToLocalImages | string | `"/path-to-local-images"` | The path where local images are stored for copying to the PVC | +| ingress.annotations | object | `{}` | Ingress annotations | +| ingress.enabled | bool | `false` | Enable ingress | +| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/"}]}]` | Ingress hosts configuration | +| ingress.ingressClassName | string | `""` | Ingress class name | +| ingress.tls | list | `[]` | Ingress TLS configuration | +| livenessProbe.httpGet.path | string | `"/api/health/live"` | This is the liveness check endpoint used by Kubernetes to determine if the application is still running. | +| livenessProbe.httpGet.port | int | `7575` | The port on which the liveness check will be performed. This must be the same as the container port exposed by the application. | +| mysql | object | See [values.yaml](https://github.com/homarr-labs/charts/blob/dev/charts/homarr/values.yaml) | Enable and configure Mysql database subchart under this key. For more options see [Mysql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/mysql) | +| nameOverride | string | `""` | Overrides chart's name | +| nodeSelector | object | `{}` | Node selectors for pod scheduling | +| persistence.homarrDatabase.accessMode | string | `"ReadWriteOnce"` | homarr-database access mode | +| persistence.homarrDatabase.enabled | bool | `false` | Enable homarr-database persistent storage | +| persistence.homarrDatabase.mountPath | string | `"/appdata/db"` | homarr-database mount path inside the pod | +| persistence.homarrDatabase.name | string | `"homarr-database"` | homarr-database persistent storage name | +| persistence.homarrDatabase.size | string | `"50Mi"` | homarr-database storage size | +| persistence.homarrDatabase.storageClassName | string | `"local-path"` | homarr-database storage class name | +| persistence.homarrImages.accessMode | string | `"ReadWriteOnce"` | homarr-images access mode | +| persistence.homarrImages.enabled | bool | `false` | Enable homarr-images persistent storage | +| persistence.homarrImages.mountPath | string | `"/images"` | homarr-images mount path inside the pod | +| persistence.homarrImages.name | string | `"homarr-images"` | homarr-images persistent storage name | +| persistence.homarrImages.size | string | `"50Mi"` | homarr-images storage size | +| persistence.homarrImages.storageClassName | string | `"local-path"` | homarr-images storage class name | +| podAnnotations | object | `{}` | Pod annotations | +| podLabels | object | `{}` | Pod labels | +| podSecurityContext | object | `{}` | Pod security context | +| readinessProbe.httpGet.path | string | `"/api/health/ready"` | This is the readiness check endpoint used by Kubernetes to determine if the application is ready to handle traffic. | +| readinessProbe.httpGet.port | int | `7575` | The port on which the readiness check will be performed. This must match the container's exposed port. | +| replicaCount | int | `1` | Number of replicas | +| resources | object | `{}` | Resource configuration | +| securityContext | object | `{}` | Security context | +| service.enabled | bool | `true` | Enable service | +| service.ports.app.port | int | `7575` | Service port | +| service.ports.app.protocol | string | `"TCP"` | Service protocol | +| service.ports.app.targetPort | string | `"http"` | Service target port | +| service.type | string | `"ClusterIP"` | Service type | +| tolerations | list | `[]` | Node tolerations for pod scheduling | --- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/homarr/README_CONFIG.md.gotmpl b/charts/homarr/README_CONFIG.md.gotmpl index 6c7ef6e..216714b 100644 --- a/charts/homarr/README_CONFIG.md.gotmpl +++ b/charts/homarr/README_CONFIG.md.gotmpl @@ -19,32 +19,12 @@ Below is an exhaustive list of all secrets: | FEATURE | SECRET NAME | SECRET KEYS | Required | |-----------|-------------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------| -| NEXT AUTH | auth-credentials-secret | auth-secret | Yes | | OIDC | auth-oidc-secret | oidc-client-id
oidc-client-secret | No | | LDAP | auth-ldap-secret | bind-password | No | | DATABASE | db-secret | db-encryption-key
db-url
mysql-root-password
mysql-password | Depends (see Database section) at least db-encryption-key is required | -Example: Creating and Applying NEXT AUTH Secret - -To generate the NEXT AUTH secret, use the following command: - -```bash -openssl rand -base64 32 -``` - -You can apply the generated secret with: - -```bash -kubectl create secret generic auth-credentials-secret \ - --from-literal=auth-secret='' \ ---namespace homarr -``` - -For further information see [next-auth-secret](https://next-auth.js.org/configuration/options#secret) - - ### 🗃️ Database You have multiple options for configuring the database: @@ -83,17 +63,6 @@ To persist data, you need to enable the `homarr-database` PVC. This will store t Associated secret to create : -
-Next Auth secret - -````yaml -kubectl create secret generic auth-credentials-secret \ - --from-literal=auth-secret='' \ ---namespace homarr -```` - -
-
DB Required Secrets diff --git a/charts/homarr/templates/homarr-dc.yaml b/charts/homarr/templates/homarr-dc.yaml index 58abac2..a20078d 100644 --- a/charts/homarr/templates/homarr-dc.yaml +++ b/charts/homarr/templates/homarr-dc.yaml @@ -108,14 +108,6 @@ spec: key: {{ .Values.envSecrets.dbCredentials.dbUrlKey }} {{- end }} - {{- if has "credentials" (splitList "," .Values.env.AUTH_PROVIDERS) }} - - name: AUTH_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.envSecrets.authCredentials.existingSecret }} - key: {{ .Values.envSecrets.authCredentials.authSecret }} - {{- end }} - {{- if has "ldap" (splitList "," .Values.env.AUTH_PROVIDERS) }} - name: AUTH_LDAP_BIND_PASSWORD valueFrom: diff --git a/charts/homarr/values.yaml b/charts/homarr/values.yaml index f9f735d..27ca6df 100644 --- a/charts/homarr/values.yaml +++ b/charts/homarr/values.yaml @@ -15,10 +15,12 @@ image: env: # -- Your local time zone TZ: "Europe/Paris" - # -- Colors and preferences, possible values dark / light - DEFAULT_COLOR_SCHEME: "dark" # -- Enabled authentication methods. Multiple providers can be enabled with by separating them with , (ex. AUTH_PROVIDERS=credentials,oidc, it is highly recommended to just enable one provider). AUTH_PROVIDERS: "credentials" + # -- URL to redirect to after clicking logging out. + AUTH_LOGOUT_REDIRECT_URL: + # -- Time for the session to time out. Can be set as pure number, which will automatically be used in seconds, or followed by s, m, h or d for seconds, minutes, hours or days. (ex: "30m") + AUTH_SESSION_EXPIRY_TIME: "30d" # -- URI of your LDAP server AUTH_LDAP_URI: # -- Base dn of your LDAP server @@ -27,28 +29,30 @@ env: AUTH_LDAP_BIND_DN: # -- Attribute used for username AUTH_LDAP_USERNAME_ATTRIBUTE: "uid" + # -- Attribute used for mail field + AUTH_LDAP_USER_MAIL_ATTRIBUTE: "mail" # -- Class used for querying groups AUTH_LDAP_GROUP_CLASS: "groupOfUniqueNames" # -- Attribute used for querying group member AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: "member" # -- User attribute used for comparing with group member AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: "dn" - # -- Admin group - AUTH_LDAP_ADMIN_GROUP: "admin" - # -- Owner group - AUTH_LDAP_OWNER_GROUP: "admin" # -- LDAP search scope between base, one or sub AUTH_LDAP_SEARCH_SCOPE: "base" - # -- URI of OIDC provider - AUTH_OIDC_URI: + # -- Extra arguments for user search filter (& based) + AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: + # -- Extra arguments for user's groups search filter (& based) + AUTH_LDAP_GROUP_FILTER_EXTRA_ARG: + # -- Issuer URI of OIDC provider without trailing slash (/) + AUTH_OIDC_ISSUER: # -- Display name of provider (in login screen) AUTH_OIDC_CLIENT_NAME: "OIDC" - # -- Admin group - AUTH_OIDC_ADMIN_GROUP: "admin" - # -- Owner group - AUTH_OIDC_OWNER_GROUP: "admin" + # -- Automatically redirect to OIDC login + AUTH_OIDC_AUTO_LOGIN: "false" # -- Override the OIDC scopes AUTH_OIDC_SCOPE_OVERWRITE: "openid email profile groups" + # -- Attribute used for groups (roles) claim + AUTH_OIDC_GROUPS_ATTRIBUTE: "groups" database: # -- Enable external database @@ -62,12 +66,6 @@ database: # to use this, create the secret in your target namespace before applying this helm chart. If you really want to, # you CAN just put these in the env block above, but that is not recommended. envSecrets: - # The name of Next Auth existing secret - authCredentials: - # -- Name of existing secret containing Next Auth secret - existingSecret: "auth-credentials-secret" - # -- Next Auth secret key - authSecret: "auth-secret" # The name of Auth OIDC existing secret authOidcCredentials: # -- Name of existing secret containing OIDC credentials diff --git a/development/README.md b/development/README.md index 78a98a6..cc4fdd7 100644 --- a/development/README.md +++ b/development/README.md @@ -46,12 +46,6 @@ kubectl create namespace homarr ## Create homarr secrets -```bash -kubectl create secret generic auth-credentials-secret \ ---from-literal=auth-secret='mAxnWLFaQE59MauTrCTm5sUq5xf3sdG5m0eKnp2e3OU' \ ---namespace homarr -``` - ```bash kubectl create secret generic db-secret \ --from-literal=db-encryption-key='d4d0dd977c9795b988e68f115f444c40334a63a391cfb9b3a0857d2d77deff03' \