Feature/init charts#1
Conversation
|
Wow this is amazing @kdwils! Didn't see it earlier because the email got lost somewhere. Will review and merge as soon as possible. |
sounds good, to publish a chart version you just need to push a tag to main. |
steveiliop56
left a comment
There was a problem hiding this comment.
Hey @kdwils,
Left you a small review mostly for me to understand how helm charts work and to adapt the chart with Tinyauth v4 in mind. Please let me know if there is anything I misunderstood in my review comments. Also, one small question, is the charts/tinyauth/templates directory automatically generated by the helm create command?
| # incremented each time you make changes to the application. Versions are not expected to | ||
| # follow Semantic Versioning. They should reflect the version the application is using. | ||
| # It is recommended to use it with quotes. | ||
| appVersion: "v3.6.2" |
There was a problem hiding this comment.
do you have an image tag I can use for testing the templates with the new v4.0.0 changes? I know its not release yet but I can make sure the app deploys correctly with the charts
There was a problem hiding this comment.
Yes, you can test with v4.0.0-alpha.2 or with the nightly tag.
There was a problem hiding this comment.
Okay cool, I was able to deploy tinyauth and use pocketid for oauth with the charts.
Here are the values I used for reference
replicaCount: 1
image:
repository: ghcr.io/steveiliop56/tinyauth
pullPolicy: IfNotPresent
tag: "nightly"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
create: true
automount: true
annotations: {}
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
securityContext: {}
service:
type: ClusterIP
port: 80
tinyauth:
general:
port: 3000
address: "0.0.0.0"
appUrl: "https://tinyauth.int.kyledev.co"
users: ""
usersFile: ""
secureCookie: false
disableContinue: false
oauthWhitelist: ""
sessionExpiry: 86400
logLevel: info
appTitle: ""
loginMaxRetries: 5
loginTimeout: 300
forgotPasswordMessage: ""
oauthAutoRedirect: "true"
backgroundImage: ""
providers:
- id: "pocketid"
clientId: "8b5808bd-9ca5-40c2-bd7e-f2f6f8d72a73"
clientSecretSecretRef:
name: "pocketid-oauth-secret"
key: secret
authUrl: "https://pocketid.kyledev.co/authorize"
tokenUrl: "https://pocketid.kyledev.co/api/oidc/token"
userInfoUrl: "https://pocketid.kyledev.co/api/oidc/userinfo"
scopes: "openid email profile groups"
name: ""
skipSsl: false
livenessProbe:
httpGet:
path: /api/health
port: http
readinessProbe:
httpGet:
path: /api/health
port: http
httpRoute:
enabled: true
annotations: {}
parentRefs:
- name: homelab-gateway
namespace: envoy-gateway-system
hostnames:
- tinyauth.ts.kyledev.co
- tinyauth.int.kyledev.co
rules:
- matches:
- path:
type: PathPrefix
value: /
persistence:
enabled: true
storageClass: ""
accessMode: ReadWriteOnce
size: 1Gi
mountPath: /data
annotations: {}
All of the templates were generated by the helm create command except for the pvc and httproute yaml files. The PVC was added to persist the sqlite db, and the HTTPRoute is for the Kubernetes gateway API, which is an alternative to Ingresses |
|
@kdwils thank you! We can merge. |
This initially pr adds support for deploying and configuring tinyauth via helm. It does not add support for configuring traefik or ingress-nginx yet.
I based the values.yaml configuration options from from https://tinyauth.app/docs/reference/configuration. The chart then maps the value provided to its respective environment variable.
I also added some basic github actions for CI and publishing a release. It may be the case that additional permissions are needed for the actions to run based on how the helm repo is configured.
The CI tests create a Kubernetes cluster using Kind, and deploys tinyauth to it based on the values in
charts/tinyauth/ci. You can see an example CI build here: https://github.com/kdwils/tinyauth-helm/actions/runs/17930432879/job/50986341784This aims to partially satisfy tinyauthapp/tinyauth#334. Additionally configurations could be added to simplify traefik configuration using Middleware, for example.
I don't have traefik or ingress-nginx in my cluster anymore unfortunately so I have not tested the capabilities beyond simply deploying tinyauth.