Minimal and Opinionated Helm Charts
-... powered by a Norwegian bear 🐻
+... powered by a Norwegian whales and bears
... powered by a Norwegian bear 🐻
+... powered by a Norwegian whales and bears
@@ -30,7 +30,13 @@ Below you'll find an overview of the charts and an intro to get you started. 🟢 [Matrix Synapse](charts/matrix-synapse): An end-to-end encrypted, open source (not free) and UX-friendly alternative to Slack, Teams and Mattermost. I currently have simplified and use this. Based on the chart by ananace. -🟢 [Matrix Synapse](charts/sliding-sync-proxy): A proxy to Matrix servers for the new Element X client. +🟢 [Sliding Sync Proxy](charts/sliding-sync-proxy): A proxy to Matrix servers for the new Element X client. + +🟢 [Matrix Authentication Service](charts/matrix-authentication-service): Matrix auth system implementing MSC3861 + +🟢 [Maubot](charts/maubot): Matrix bot system. + +🟢 [nfty.sh](charts/nfty-sh): Push notification server for clients and phones. 🟢 [Dispatch](charts/dispatch): A incident management and coordination system developed by Netflix. @@ -38,96 +44,12 @@ Below you'll find an overview of the charts and an intro to get you started. 🚧 [Attic](charts/attic): Nix Binary Cache server that reduces the time to compile and distribute builds ([intro post](https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343)) -🚧 [Matrix Authentication Service](charts/matrix-authentication-service): Matrix auth system implementing MSC3861 - -🚧 [Maubot](charts/maubot): Matrix bot system. - -🚧 [nfty.sh](charts/nfty-sh): Push notification server for clients and phones. - 🚧 [Element Call](charts/element-call): WebRTC server for calls and video using Matrix for signalling. Not functional atm. ⚠️ [Conduit](charts/conduit): An efficient and self-contained Matrix server using an embedded RocksDB database. Currently I use Synapse instead. ⚠️ [Netbox](charts/netbox): Modeling and docs for IP address management (IPAM) and datacenter infrastructure management (DCIM). This deploys ok but has a few moving parts. -### Requirements - -You may need to bring your own: - -- S3 compatible object storage -- Block storage -- PostgreSQL, such as Cloudnative-PG -- Redis-compatible server, such as Dragonfly - -All tests are run on the latest version of Kubernetes and Helm and no consideration is taken to vendor-specific implementations. - -### Principles - -So what makes this repo different from others? It is KISS-Safe of course. - -- Secrets and ingresses are defined external from the chart -- Expect that an ingress terminates external connection and TLS -- Object storage over block storage when possible -- Never rely on vendor-specific components -- Prefer open source -- No plaintext secrets - be sane -- Leaving room for initContainers -- Use as few values as possible in values.yaml (making sane choices) -- Use external databases and transports -- Configure for OIDC when possible -- The values file should be possible to read up on in minutes -- Only support the current major version of Kubernetes and application -- Enable service accounts -- Use semver for versioning -- Charts should install on a small scale by default -- Charts are validated for structure, security and syntax before compilation -- Regardless of journey level everyone should be able to read or learn the chart - -Some of these principles are implicit and means you'll have to deploy with e.g. kustomize to get going. - -If you see a chart that does not comply with these principles, please open an issue. - -### 🧑💻 Usage - -#### Exploration - -You can explore this repo by using the following commands if you have the Kubernetes package manager installed: - -```shell -# add the package source -helm repo add 252 https://charts.253.no -# or update the repo -helm repo update 252 - -# search for a specific chart -helm search repo dispatch -# or list all available charts -helm search repo 252 -l - -# show configuration options -helm show values 252/dispatch - -# install a chart -helm install dispatch helm-charts/charts/dispatch --namespace=toolbox -```` - -#### As-code with FluxCD - -First take care to setup the chart: - -```yaml -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: 252-charts - namespace: flux-system -spec: - interval: 15m - url: https://charts.253.no -``` - -A reference kustomization directory is shown in [./kustomization-components](./kustomization-components). - ## 🤩 Licenses and Gratitude Parts of the repo was inspired by [ananace](https://gitlab.com/ananace/charts) (some parts imported and rewritten). diff --git a/docs/ingress.org b/docs/ingress.org deleted file mode 100644 index 2f0744b..0000000 --- a/docs/ingress.org +++ /dev/null @@ -1,64 +0,0 @@ -#+TITLE: Ingress -#+DATE: 2023-10-20 - -The charts maintains the internal networking and you wire the connection to the outside world. -I use two ingress classes: Tailscale and nginx, and you can wire a service by adding to kustomization -and [[https://fluxcd.io/][flux]] e.g. like the following. - -** Nginx - -To expose publicly via nginx: - -#+BEGIN_SRC yaml ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: matrix-synapse-ingress - namespace: messaging - annotations: - external-dns.alpha.kubernetes.io/target: ingress.${PUBLIC_DOMAIN} -spec: - ingressClassName: nginx - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: matrix-synapse - port: - number: 8008 - tls: - - hosts: - - matrix -#+END_SRC - -** Tailscale - -To use the [[https://tailscale.com/kb/1236/kubernetes-operator/][Tailscale operator]]: - -#+BEGIN_SRC yaml ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: hajimari-ingress - namespace: home -spec: - ingressClassName: tailscale - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: hajimari - port: - number: 3000 - tls: - - hosts: - - apps -#+END_SRC \ No newline at end of file