Merge 38c118c76f into 08d6328975

2024-05-16 13:09:29 +02:00 · 2024-05-16 13:09:29 +02:00 · 18d923a13d
parent 08d6328975 38c118c76f
commit 18d923a13d
13 changed files with 380 additions and 1 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -25,10 +25,14 @@ indent_style = tab
 [*.svg]
 indent_style = tab

+[*.tpl]
+indent_size = 2
+indent_style = space
+
 [*.xml]
 indent_style = tab

-[*.yml]
+[*.{yaml,yml}]
 indent_size = 2
 indent_style = space

--- a/charts/freshrss/Chart.yaml
+++ b/charts/freshrss/Chart.yaml
@ -0,0 +1,4 @@
+apiVersion: v2
+name: freshrss
+description: A Helm chart for FreshRSS
+version: 0.1.0
--- a/charts/freshrss/InstallingWithRancher.md
+++ b/charts/freshrss/InstallingWithRancher.md
@ -0,0 +1,21 @@
+This documentation needs heavy re-working.
+
+Step 1. Add Repo.
+
+![image](https://github.com/XtremeOwnageDotCom/FreshRSS/assets/5262735/b25b1cb5-91a0-48ca-ae00-a60edc6dc495)
+
+Step 2. View Charts. Click FreshRSS
+
+![image](https://github.com/XtremeOwnageDotCom/FreshRSS/assets/5262735/4e8f5982-fd38-41e1-8d42-336c1e826423)
+
+Step 3. Click Install
+
+Give unique namespace, and name. Click Customize.
+
+![image](https://github.com/XtremeOwnageDotCom/FreshRSS/assets/5262735/cbce0cb0-ca73-4ffb-94a2-2771901e71d7)
+
+At a minimum, set an ingress rule.
+
+Install.
+
+![image](https://github.com/XtremeOwnageDotCom/FreshRSS/assets/5262735/b10532de-bb51-4b13-b428-dddc68630154)
--- a/charts/freshrss/README.md
+++ b/charts/freshrss/README.md
@ -0,0 +1,24 @@
+## Manifests for deploying FreshRSS
+
+Note-
+
+1. Edit freshrss-config, and freshrss-secrets to add desired configuration.
+2. If you use traefik, and prefer IngressRoute, install Traefik-Ingressroute.yaml. Otherwise, use ingress.yaml.
+
+To install, download the manifests to your computer. Run the below script.
+
+```sh
+# Define the namespace
+kubectl apply -f namespace.yaml
+
+# Deploy resources in the namespace
+kubectl apply -n freshrss -f pvc.yaml
+kubectl apply -n freshrss -f freshrss-config.yaml
+kubectl apply -n freshrss -f freshrss-secrets.yaml
+kubectl apply -n freshrss -f deployment-freshrss.yaml
+kubectl apply -n freshrss -f service.yaml
+kubectl apply -n freshrss -f ingress.yaml
+
+# Apply Traefik IngressRoute if Traefik is your Ingress Controller
+# kubectl apply -n freshrss -f Traefik-IngressRoute.yaml
+```
--- a/charts/freshrss/templates/_helpers.tpl
+++ b/charts/freshrss/templates/_helpers.tpl
@ -0,0 +1,82 @@
+{{/*
+Generate a name based on the release name and chart name.
+*/}}
+
+{{- define "freshrss.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "freshrss.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "freshrss.namespace" -}}
+{{- if .Values.namespaceOverride }}
+{{- .Values.namespaceOverride }}
+{{- else }}
+{{- .Release.Namespace }}
+{{- end }}
+{{- end }}
+
+
+# Data PVC name.
+{{- define "freshrss.dataPVC" -}}
+{{- if .Values.persistence.existingPVCName }}
+{{- .Values.persistence.existingPVCName }}
+{{- else }}
+{{- .Release.Name }}-data
+{{- end }}
+{{- end }}
+
+
+{{/*
+Common labels
+*/}}
+{{- define "freshrss.labels" -}}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/name: {{ template "freshrss.name" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | default "" }}
+helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+{{- with .Values.extraLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "freshrss.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "freshrss.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
+{{/*
+Looks if there's an existing secret and reuse its password. If not it generates
+new password and use it.
+*/}}
+{{- define "freshrss.cryptokey" -}}
+{{- $secret := (lookup "v1" "Secret" (include "freshrss.namespace" .) (include "freshrss.fullname" .) ) }}
+{{- if $secret }}
+{{- index $secret "data" "OIDC_CLIENT_CRYPTO_KEY" }}
+{{- else }}
+{{- (randAlphaNum 40) | b64enc | quote }}
+{{- end }}
+{{- end }}
--- a/charts/freshrss/templates/configmap.yaml
+++ b/charts/freshrss/templates/configmap.yaml
@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "freshrss.fullname" . }}
+  namespace: {{ include "freshrss.namespace" . }}
+  labels:
+    {{- include "freshrss.labels" . | nindent 4 }}
+data:
+  {{- if .Values.oidc.enabled -}}
+  OIDC_ENABLED: "1"
+  OIDC_PROVIDER_METADATA_URL: {{ .Values.oidc.providerMetadataUrl | default "" | quote }}
+  OIDC_REMOTE_USER_CLAIM: {{ .Values.oidc.remoteUserClaim | default "preferred_username" | quote }}
+  OIDC_CLIENT_ID: {{ .Values.oidc.clientId | default "" | quote }}
+  OIDC_SCOPES: {{ .Values.oidc.scopes | default "openid profile" | quote }}
+  OIDC_X_FORWARDED_HEADERS: {{ .Values.oidc.xForwardedHeaders | default "X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto" | quote }}
+  {{- else }}
+  OIDC_ENABLED: "0"
+  {{- end }}
+  CRON_MIN: {{ .Values.freshrss.CRON_MIN | default "*/15" | quote }}
+  LISTEN: {{ .Values.freshrss.PORT | quote }}
+  FRESHRSS_ENV: {{ .Values.freshrss.FRESHRSS_ENV | default "production" | quote }}
--- a/charts/freshrss/templates/ingress.yaml
+++ b/charts/freshrss/templates/ingress.yaml
@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "freshrss.fullname" . }}-ingress
+  namespace: {{ include "freshrss.namespace" . }}
+  labels:
+    {{- include "freshrss.labels" . | nindent 4 }}
+    {{- with .Values.ingress.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ tpl $value $ | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  rules:
+    - host: {{ .Values.ingress.host  | quote }}
+      http:
+        paths:
+          - path: {{ .Values.ingress.path | quote}}
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "freshrss.fullname" . | quote}}
+                port:
+                  number: {{ .Values.freshrss.PORT }}
--- a/charts/freshrss/templates/persistentvolumeclaim.yaml
+++ b/charts/freshrss/templates/persistentvolumeclaim.yaml
@ -0,0 +1,22 @@
+{{- if .Values.persistence.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "freshrss.dataPVC" . }}
+  namespace: {{ include "freshrss.namespace" . }}
+  labels:
+    {{- include "freshrss.labels" . | nindent 4 }}
+spec:
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- end -}}
--- a/charts/freshrss/templates/secret.yaml
+++ b/charts/freshrss/templates/secret.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "freshrss.fullname" . }}
+  namespace: {{ include "freshrss.namespace" . }}
+  labels:
+    {{- include "freshrss.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- if .Values.oidc.secrets }}
+  OIDC_CLIENT_SECRET: {{ .Values.oidc.secrets.clientSecret | b64enc | quote }}
+
+  {{- if .Values.oidc.secrets.clientCryptoKey }}
+  OIDC_CLIENT_CRYPTO_KEY: {{ .Values.oidc.secrets.clientCryptoKey | b64enc | quote }}
+  {{- else }}
+  OIDC_CLIENT_CRYPTO_KEY: {{ include "freshrss.cryptokey" . }}
+  {{- end }}
+
+  {{- end }}
--- a/charts/freshrss/templates/service.yaml
+++ b/charts/freshrss/templates/service.yaml
@ -0,0 +1,52 @@
+{{- if .Values.service.enabled }}
+{{- $root := . }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "freshrss.fullname" . }}
+  namespace: {{ include "freshrss.namespace" . }}
+  labels:
+    {{- include "freshrss.labels" . | nindent 4 }}
+    {{- with .Values.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- tpl (toYaml . | nindent 4) $root }}
+  {{- end }}
+spec:
+  {{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+  type: ClusterIP
+  {{- with .Values.service.clusterIP }}
+  clusterIP: {{ . }}
+  {{- end }}
+  {{- else if eq .Values.service.type "LoadBalancer" }}
+  type: {{ .Values.service.type }}
+  {{- with .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ . }}
+  {{- end }}
+  {{- with .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- else }}
+  type: {{ .Values.service.type }}
+  {{- end }}
+  {{- with .Values.service.externalIPs }}
+  externalIPs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ . }}
+  {{- end }}
+  selector:
+    {{- include "freshrss.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: {{ .Values.service.portName }}
+      port: {{ .Values.service.port }}
+      protocol: TCP
+      targetPort: {{ .Values.freshrss.PORT }}
+      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
+      nodePort: {{ .Values.service.nodePort }}
+      {{- end }}
+{{- end }}
--- a/charts/freshrss/templates/statefulset.yaml
+++ b/charts/freshrss/templates/statefulset.yaml
@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "freshrss.fullname" . }}
+  namespace: {{ include "freshrss.namespace" . }}
+  labels:
+    {{- include "freshrss.labels" . | nindent 4 }}
+    app.kubernetes.io/component: app
+spec:
+  replicas: 1
+  serviceName: freshrss
+  selector:
+    matchLabels:
+        {{- include "freshrss.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "freshrss.selectorLabels" . | nindent 8 }}
+    spec:
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ include "freshrss.dataPVC" . }}
+      containers:
+        - name: freshrss
+          image: freshrss/freshrss:{{ .Values.image.tag }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "freshrss.fullname" . }}
+                optional: true
+            - secretRef:
+                name: {{ include "freshrss.fullname" . }}
+                optional: true
+          volumeMounts:
+            # Add other volume mounts / subpaths as needed.
+            - mountPath: "/var/www/FreshRSS/data"
+              name: data
+              subPath: www/freshrss/data
+          ports:
+          - containerPort: {{ .Values.freshrss.PORT }}
+            name: http
+          livenessProbe:
+            exec:
+              command:
+                - "/bin/sh"
+                - "-c"
+                - "curl -fsS 'http://localhost/i/' | grep -q 'jsonVars' || exit 1"
+            initialDelaySeconds: 8
+            periodSeconds: 67
+            timeoutSeconds: 5
+            failureThreshold: 3
--- a/charts/freshrss/values.yaml
+++ b/charts/freshrss/values.yaml
@ -0,0 +1,51 @@
+# Configuration for the Docker image used in the deployment
+image:
+  tag: latest
+
+# FreshRSS specific configuration
+# See https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/README.md
+freshrss:
+  CRON_MIN: "*/15"                      # Cron timer schedule for FreshRSS. See https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/README.md#environment-variables -> CRON_MIN
+  FRESHRSS_ENV: "production"            # Set to "development" to increase logging verbosity.
+  PORT: 80                              # Port which freshrss will listen on. This also updates the ingress.
+
+# OpenID Connect (OIDC) configuration
+# See https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html
+oidc:
+  enabled: false                        # Enable or disable OIDC
+  providerMetadataUrl: ""               # URL to OIDC provider metadata
+  remoteUserClaim: preferred_username   # OIDC claim for remote user
+  clientId: ""                          # OIDC client ID This comes from your SSO/OIDC Provider)
+  scopes: "openid profile"              # OIDC scopes
+  xForwardedHeaders: "X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto" # Headers for OIDC
+  secrets:
+    clientSecret: ""                    # OIDC Secret. (This comes from your SSO/OIDC Provider)
+    clientCryptoKey: ""                 # Random value will be automatically generated, if not provided.
+
+# Ingress configuration
+ingress:
+  enabled: true                         # Enable or disable Ingress
+  host: "freshrss.yourdomain.com"       # Host for Ingress.
+  path: "/"                             # Path for Ingress
+  annotations: {}
+
+# Persistence configuration for storage
+persistence:
+  enabled: true                         # Enable or disable persistent storage
+  existingPVCName: ""                   # Name of an existing PVC to reuse (leave empty to create a new PVC)
+  # storageClassName: "-"               # Storage class name (uncomment to specify)
+  accessMode: ReadWriteOnce             # Access mode for storage
+  size: "5Gi"                           # Size of the persistent volume
+
+# Kubernetes Service Configuration
+service:
+  enabled: true
+  type: ClusterIP
+  port: 80
+  ## Service annotations. Can be templated.
+  annotations: {}
+  labels: {}
+  portName: service
+
+# Extra labels which will be applied to all created resources.
+extraLabels: {}
--- a/freshrss-0.1.0.tgz
+++ b/freshrss-0.1.0.tgz