Skip to content

Feature/init charts#1

Merged
steveiliop56 merged 15 commits into
tinyauthapp:mainfrom
kdwils:feature/init-charts
Oct 6, 2025
Merged

Feature/init charts#1
steveiliop56 merged 15 commits into
tinyauthapp:mainfrom
kdwils:feature/init-charts

Conversation

@kdwils

@kdwils kdwils commented Sep 22, 2025

Copy link
Copy Markdown
Contributor

This initially pr adds support for deploying and configuring tinyauth via helm. It does not add support for configuring traefik or ingress-nginx yet.

I based the values.yaml configuration options from from https://tinyauth.app/docs/reference/configuration. The chart then maps the value provided to its respective environment variable.

I also added some basic github actions for CI and publishing a release. It may be the case that additional permissions are needed for the actions to run based on how the helm repo is configured.

The CI tests create a Kubernetes cluster using Kind, and deploys tinyauth to it based on the values in charts/tinyauth/ci. You can see an example CI build here: https://github.com/kdwils/tinyauth-helm/actions/runs/17930432879/job/50986341784

This aims to partially satisfy tinyauthapp/tinyauth#334. Additionally configurations could be added to simplify traefik configuration using Middleware, for example.

I don't have traefik or ingress-nginx in my cluster anymore unfortunately so I have not tested the capabilities beyond simply deploying tinyauth.

@steveiliop56

Copy link
Copy Markdown
Member

Wow this is amazing @kdwils! Didn't see it earlier because the email got lost somewhere. Will review and merge as soon as possible.

@kdwils

kdwils commented Sep 26, 2025

Copy link
Copy Markdown
Contributor Author

Wow this is amazing @kdwils! Didn't see it earlier because the email got lost somewhere. Will review and merge as soon as possible.

sounds good, to publish a chart version you just need to push a tag to main.

@steveiliop56 steveiliop56 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @kdwils,

Left you a small review mostly for me to understand how helm charts work and to adapt the chart with Tinyauth v4 in mind. Please let me know if there is anything I misunderstood in my review comments. Also, one small question, is the charts/tinyauth/templates directory automatically generated by the helm create command?

Comment thread charts/tinyauth/values.yaml Outdated
Comment thread charts/tinyauth/values.yaml Outdated
Comment thread charts/tinyauth/values.yaml Outdated
Comment thread charts/tinyauth/values.yaml Outdated
Comment thread charts/tinyauth/values.yaml Outdated
Comment thread charts/tinyauth/Chart.yaml Outdated
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v3.6.2"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's begin with v4.0.0.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you have an image tag I can use for testing the templates with the new v4.0.0 changes? I know its not release yet but I can make sure the app deploys correctly with the charts

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you can test with v4.0.0-alpha.2 or with the nightly tag.

@kdwils kdwils Oct 5, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay cool, I was able to deploy tinyauth and use pocketid for oauth with the charts.

Here are the values I used for reference

replicaCount: 1

image:
  repository: ghcr.io/steveiliop56/tinyauth
  pullPolicy: IfNotPresent
  tag: "nightly"

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  create: true
  automount: true
  annotations: {}
  name: ""

podAnnotations: {}
podLabels: {}

podSecurityContext: {}

securityContext: {}

service:
  type: ClusterIP
  port: 80

tinyauth:
  general:
    port: 3000
    address: "0.0.0.0"
    appUrl: "https://tinyauth.int.kyledev.co"
    users: ""
    usersFile: ""
    secureCookie: false
    disableContinue: false
    oauthWhitelist: ""
    sessionExpiry: 86400
    logLevel: info
    appTitle: ""
    loginMaxRetries: 5
    loginTimeout: 300
    forgotPasswordMessage: ""
    oauthAutoRedirect: "true"
    backgroundImage: ""

  providers:
    - id: "pocketid"
      clientId: "8b5808bd-9ca5-40c2-bd7e-f2f6f8d72a73"
      clientSecretSecretRef:
        name: "pocketid-oauth-secret"
        key: secret
      authUrl: "https://pocketid.kyledev.co/authorize"
      tokenUrl: "https://pocketid.kyledev.co/api/oidc/token"
      userInfoUrl: "https://pocketid.kyledev.co/api/oidc/userinfo"
      scopes: "openid email profile groups"
      name: ""
      skipSsl: false

livenessProbe:
  httpGet:
    path: /api/health
    port: http
readinessProbe:
  httpGet:
    path: /api/health
    port: http

httpRoute:
  enabled: true
  annotations: {}
  parentRefs:
    - name: homelab-gateway
      namespace: envoy-gateway-system
  hostnames:
    - tinyauth.ts.kyledev.co
    - tinyauth.int.kyledev.co
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /

persistence:
  enabled: true
  storageClass: ""
  accessMode: ReadWriteOnce
  size: 1Gi
  mountPath: /data
  annotations: {}

Comment thread charts/tinyauth/ci/all-features-values.yaml
Comment thread charts/tinyauth/ci/all-features-values.yaml
Comment thread charts/tinyauth/ci/all-features-values.yaml
Comment thread .github/workflows/release.yml Outdated
@kdwils

kdwils commented Oct 5, 2025

Copy link
Copy Markdown
Contributor Author

Hey @kdwils,

Left you a small review mostly for me to understand how helm charts work and to adapt the chart with Tinyauth v4 in mind. Please let me know if there is anything I misunderstood in my review comments. Also, one small question, is the charts/tinyauth/templates directory automatically generated by the helm create command?

All of the templates were generated by the helm create command except for the pvc and httproute yaml files. The PVC was added to persist the sqlite db, and the HTTPRoute is for the Kubernetes gateway API, which is an alternative to Ingresses

@kdwils kdwils requested a review from steveiliop56 October 5, 2025 23:49
@steveiliop56

Copy link
Copy Markdown
Member

@kdwils thank you! We can merge.

@steveiliop56 steveiliop56 merged commit 8b0d461 into tinyauthapp:main Oct 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants