feat(findmydevice): Add helm chart for find my device

This patch adds a helm chart for find my device along with an installation that should provide a first iteration of the service. Currently a public release of the chart is still waiting for upstream and it will require some minor tweaks if it's supposed to work with CRI rather than just docker.

feat(findmydevice): Add helm chart for find my device
9d3c56e7 · Sheogorath · f7677ecd · 9d3c56e7 · 9d3c56e7 · 9d3c56e7
Verified Commit 9d3c56e7 authored 1 year ago by Sheogorath
--- a/apps/base/findmydevice/kustomization.yaml
+++ b/apps/base/findmydevice/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: mastodon
+resources:
+  - namespace.yaml
+  - ca.yaml
+  - release.yaml
+  - database.yaml
+  - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
+  - ../../../shared/networkpolicies/allow-from-ingress.yaml
+  - ../../../shared/networkpolicies/allow-from-database.yaml
+  - ../../../shared/networkpolicies/allow-from-monitoring.yaml
+patchesStrategicMerge:
+  - networkpolicy.yaml
--- a/apps/base/findmydevice/namespace.yaml
+++ b/apps/base/findmydevice/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: findmydevice
+  labels:
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: v1.26
+    pod-security.kubernetes.io/enforce-version: v1.23
+    pod-security.kubernetes.io/warn-version: v1.26
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flux-reconciler
+  namespace: findmydevice
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: flux-reconciler
+  namespace: findmydevice
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+  - kind: ServiceAccount
+    name: flux-reconciler
+    namespace: findmydevice
--- a/apps/base/findmydevice/networkpolicy.yaml
+++ b/apps/base/findmydevice/networkpolicy.yaml
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-ingress
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: findmydevice
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: findmydevice
--- a/apps/base/findmydevice/release.yaml
+++ b/apps/base/findmydevice/release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: findmydevice
+  namespace: findmydevice
+spec:
+  serviceAccountName: flux-reconciler
+  timeout: 15m
+  releaseName: findmydevice
+  chart:
+    spec:
+      chart: ./charts/findmydevice
+      sourceRef:
+        kind: GitRepository
+        name: flux-system
+        namespace: flux-system
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  interval: 15m
+  valuesFrom:
+    - kind: ConfigMap
+      name: findmydevice-base-values
+      valuesKey: values.yaml
+    - kind: Secret
+      name: findmydevice-override-values
+      valuesKey: values-overrides.yaml
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: findmydevice-base-values
+  namespace: findmydevice
+data:
+  values.yaml: |
--- a/apps/k8s01/findmydevice/certificate.yaml
+++ b/apps/k8s01/findmydevice/certificate.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+    name: findmydevice-tls
+    namespace: findmydevice
+spec:
+    dnsNames:
+        - ENC[AES256_GCM,data:B1CzVFGN22Xpt1atpwwWNPGY5Yox148=,iv:XNcSxX/LUNurjwcoXM4IrtDoPWaclptdFZfYnwSBIJE=,tag:IJkYnNVH5qBveRZKiRiOMw==,type:str]
+    issuerRef:
+        name: letsencrypt
+        kind: ClusterIssuer
+    secretName: ingress-findmydevice-tls
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-09-03T17:30:06Z"
+    mac: ENC[AES256_GCM,data:ZKrBvAf0CYiFrQSvfFLtyPAsFOWXsjO0ec/IIBdxLaA9A0OKoeE/N9v4DoiPe1jH/53nH2K/xpfFjGWVhCwXWUZQJPGEeIVgs4mgQh6VszCyYzYB5to7zp1tKYvaimI1pHdItqb/zCFLi3AL9an3Wzaj+guosFI4krDXK2digcs=,iv:UmlIobjKDN517BF+72Xa8yrD3hRxj1qmBBuOxqyEO9c=,tag:Erz1lad7xi54vGcdXCXlog==,type:str]
+    pgp:
+        - created_at: "2022-01-21T18:13:48Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+            wcFMA7kpg2bgzVHcARAAHhDshl1OJqNRUolNvbIXzOuDzssJnvyi6cIZuMmVMsxf
+            a6wAWAtYOehvtn1ODL7/h4fIpBtfp7d8VuwfJSrh3ghUeiOl3zRzQbmaFA2L5/iG
+            Jd94tFAVwIl30qjcYqGVB2RF27VF1RElzgDLQh3hiXn1hDC+WmNSnBF5hwnwCFOL
+            wM4BHuE2AB4TX3PlYSo1n71VSzcCqRzbIxelZasYLnJQVL0VE6AjEd/fHS468R8N
+            aZ3mhmHW3sWzuLHNREMD2Q3ghkguLhau0VoETlYRI9103I4k7/khFrhAj5l2/PUr
+            2SWgpXyRqXVaKPeTiQs3QR8B5jNq3BlZj6Celw5Ig/wx3LY0EhI9e9WFgtSlZxM+
+            2yk65HQGvTIgsbys/z/0skA9vqik9csFRsH9iK42E/+XLvoAT6yxyl0cv1kBEyAS
+            ggPmKOq8+CT+voHzuh8kZHq9Sa8kH5xL1DQLzX2yIruV3OhTPSK+VlDpjUbycmI2
+            qR1oCo/snOJwwwvfl9vu0B8FCwhrz8554ZQBErFfJl6GFiUV8LElRlZh5S9Jiysr
+            nYJS5gxrcvjF/0Y6EHEfWDRDxvCHoWQpWhl2hRkh5UlQKH0ab+QWLYpISyNJxjfl
+            orQJdaVX3BQwhqMLwiMLGoaNGrSpmxXveLOZmsdK0obXC67lyE6ZM/Wy6gx2dFnS
+            5gFdXCLzQmmjYK8gIlsejQdnxZI2qWavZIN9T70OZQGaDE/S+U1uxKjuGBM7HTcP
+            7f1nUa6z96A9ydWs1xHjtm7k172V16PMSrvjQ8KLhFJd9eJDq3ksAA==
+            =XgF6
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2022-01-21T18:13:48Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hQIMA4oYbIHZIrAPAQ//S/9rOkbd3beNH20dxgZ7VuZxgnjiV3Hd3om717njcMm2
+            kCfTJ3AmpLtQsT2s1W221tIyCwtHOobj82ANP9KzNi4e6v3LlNTIVHTQiHXk9KJP
+            AX6JoCOLu3bAI0xcdApNBU2wAlHBVC+T4BUfhPqD5AdHpW++e1qUIsM/6TViunHj
+            BWoIA0bpXqyOhTm1GbkJrHMgczJn2qgR5lBf8wgGmASd8jlNyfA7SxoKHj8sl/Ji
+            nucP/90dmyD2eBIJYdYS3anJYa2uP96oioG5xxIyfppnL5dwozDAit3Z5vvnBZNb
+            1rrpUnN8H0cCcaj7tmDEmjGfjGwxLKegQRZX7Pg5hwaaOOPGheXf8Ip/DpDf6T0n
+            Sq24X6DC5gD1RBU+YY6ZayMt/OKpVVVwRlY4BTDIUe4M+ecK/fve5vpDW2M+KWMc
+            pOkO1B09/prsX0w5XjFh8hb/6HlDDhomiB+BszcRCUDzocRzSEIFwMf7/iTaExe8
+            2fKCCHB4kHo6GHpydlQOpnGMOvDmiNKopXxTkFQUFQjyRmHGXf/u79JNXBjHkniv
+            ZiokjTEarwMp68dyiaL4L/5Uk+4NG3MetobqSaeW2TbeBwif3G2eFleYscz7QPIR
+            5ZBBhU/CoUEz2Xge6t8rlp8PNcQ1yq/R+tZjaeqIIT4++ZxCErhA0lsxyFrgLefU
+            aAEJAhD7hR3IMDGN2zOZSiw1IBz9P8Jss/oERQiuVpe/eTv5Vqj9vuL+koKftwnF
+            vSVkNo0fLwNLtnU659Mkoj9utoUL9tAhcCMpP3NehKkBG5RjF9crnIP6zT3lvVU0
+            GYyW4Lsfrt/a
+            =FfV+
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
+    version: 3.7.3
--- a/apps/k8s01/findmydevice/kustomization.yaml
+++ b/apps/k8s01/findmydevice/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: findmydevice
+resources:
+  - ../../base/findmydevice
+  - certificate.yaml
+  - release-values.yaml
+  - slo.yaml
+  - ../../../shared/resourcequotas/default.yaml
--- a/apps/k8s01/findmydevice/release-values.yaml
+++ b/apps/k8s01/findmydevice/release-values.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+    name: findmydevice-override-values
+    namespace: findmydevice
+type: Opaque
+stringData:
+    values-overrides.yaml: ENC[AES256_GCM,data:3AIdCGUO/33pbv21q+tQIcIP1A9Q/kPGLMdsbKDd9d1WE1ynYVtsvD4uxGkVGtUKUbDjVWX+4GRGEQYZShomdbVDHXy2nuNwZHEhb+KEJXoX/1Ij9sBv4kS6ZwwJ6A9AK/8Mz/45vyLaJfBZKVLiHz8V6IQamwRMdQ1exYmEv7QameADS4GLppQ9b1lPAli28JUJLo9VSXAInX3QIU+SrZ5+mYFdUG5XoVeG7+dT1jDpE8+t6v673+1GrrqBYOPZ61+/S4uiytzry6xXov7nyFSDj4IgSBEmpdcwiV6VNuap/RlnOjLFR4744LX8cJsm6RZgRIwCh/JaJ2ZGfDW8ShsHtqIvUAflFxyQP0DZoF08TYSr+DYyMGUBqd8M3vJ+q7nr3KMDT2jO/Vj7gSmH6AiWwLJlrmlH+ofpbW3D+7C39EIuZv1YEIqMGF63obRPxEfck2mbNEji+6hPP9Rk4a0X/uE/CZc3JhLYlpkFhw4zT0jQ033ITl8M5y4eV5y+qzLv3ch6zQ==,iv:/NbaPtlSu/8aQ94TvhLd76GtI5VLPRuroYpHP8Q1XT8=,tag:3qi8SF/ZRGenVBkcZlXs/A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-09-03T17:28:58Z"
+    mac: ENC[AES256_GCM,data:YaTDaWGKJD3SkNx8ZMSX8qbnU/d8VwCBgb9sZ3HqLhI/W00KHanBb3ghXQGfn9Egl5XIG3BMBZUGX4Wt7Wnqrw/Zn2ukG0vklmyO6hDQBDuxZ5kbBvx6tKjlLpsam4HYyByp/qBn7l1yr3E8FWtEhrFqAU8f+/r4WChOxi4p8as=,iv:52VrHPpVDCKPdDaQIzwsVdkWRmzR18D33fL8ti9lzlQ=,tag:xulg9GpPlG1Im7shyoFSfA==,type:str]
+    pgp:
+        - created_at: "2022-03-22T22:26:35Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+            wcFMA7kpg2bgzVHcARAApcdDAfEgx93xGtkm4f7xTuRhvUyl8lw85rIHbWcAveYU
+            ayU88OLaoQyeZDZkOXbtxMHpry8GbId6vPAJ7KflT2eMP0A4uQGSSCQO6+5QcaYg
+            sbO/zT4vdprN7icLbvmmoK2Dh+hOo5Z7/7YGmdJfaaATzT2BGL/cVS1bonI83vXR
+            lzlW/DglIe7oNEKGVT5vWR5uGvq/dJwSRe/34eutEnJuV30imxHOcpxy3uXJFFXJ
+            3eKTk8dNLz3UE3IeUjbFdPFZYU+grOAOOCZRK0IOYFn+SF7E3dewgiwEdaXzz3gK
+            /6aEMEmf5vyVqn9jOaqZhKRqE7tW5HnhwIIlxcMPhkLVZvYf4F2EDA5f12C2hdp0
+            s7fFhU7v5GgFaHMJuaWVPxDnWTrNIst9bgeJv/N4RVfrLifrZJcqa9lE8ou0iCr5
+            dLi9d6UjsgWAREIViz+Uz7dJQ9QeJ6PGYgg/xgf0ihJFG7sx+TBG58DKb3G3tyUV
+            8hfK8Ou9m+zYnd13mJ2mV3rY0rmXusT+NcqTG2G4bBG5NimGpJS3rO7tAjjp/8sN
+            hMM46ay0vVTUXx1FwmjUFDG1e4sc7fKxTaCBizMjeUfZpAOiy/10YQmrFHBsftpo
+            K5j0nFMoG9NeO+2ffEmLhRtxvMe3WpINk7du3F624rYIGCB0aNUP69FCeJKuUQHS
+            5gH5AwnxOAtQakDksfLxJhUG1NlaS0iAFkZkTTibvOJwsY9L/scDDQlseb5zBKaZ
+            sOPwmn6hL4KavxF9BPG33ILkZKbkcvlaTlAMMY3iBs+MZeIB4+i/AA==
+            =SQqg
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2022-03-22T22:26:35Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hQIMA4oYbIHZIrAPAQ//fGGoDT5KfsG/o6r5xhDHSc0IFH6zT2TFIB6TuA5SwHfV
+            8t3IeKD0bE//4f8AxGAVocw+AetolwrQL/Tl+n0UV9P44Jeh5VlCAGltHcowR53o
+            zdjS3+i9K3OOvQFhF+aYrPcnc+aTn9KbptHCam0w+Lr2UkYSAPAZHsBcoMp24mHX
+            6A+5kP1kaRzFzEn4TCNeTt13W1AsJIoSagkBWfYRBkRPk1OzGOuYqX6yeqj7a0kM
+            8uiloTQgWOiBSOyRtxUJi87CTrMXyb0F2E9HMyhgRnzF0YX0ZU0UVG8MNdRL8eFD
+            WYY68OK7DQw3zlJubscYQ2jltxKcq5g9qUCw/sXaNurtohIx9UeaHtfp036EMb22
+            5StgGEnBirUzfSrQGT3kuj20lcMtQAr/d1UsmQNjB36eOZSrx0m80pO8JVYL62/O
+            HLYnAHU52aAPtE7brNEVg4yRLCbWyVY3Z3H9OaTVXwNIMFoMEgkHHnNlsb+1ZnhV
+            cStKMO3H6W8eXQi3VGIVNhuC1ltsxHQL1I22Kr41JEnuaB9Jy5bsEbrO4XGyDdte
+            hMI8Gx+0KZAMlKuZKLS6sMa4oVnQTy8w20PtVrrS0zDrQRPpxBrOgzjrNeMj9FpS
+            q/efiCAOBc8eVd8N/7j66UItwrysfmIfsHWfoPotS7F6WmUHeAyoWjfcvTZyd4bU
+            ZgEJAhAtdCnHNvUSl5O9XZuSu51pRwj+O72kZXRSJWv7GTT9dsRfuM5Dy9A/tuVI
+            BuZraI4JyAWb2KbkM6onp3Rh9IcLuzqEYm/ETktxTtO1HlcVPJ2NMcFgTCzaIGX9
+            +rtkG7tPbA==
+            =tvBa
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$
+    version: 3.7.3
--- a/apps/k8s01/findmydevice/slo.yaml
+++ b/apps/k8s01/findmydevice/slo.yaml
+apiVersion: sloth.slok.dev/v1
+kind: PrometheusServiceLevel
+metadata:
+  name: requests-findmydevice
+  namespace: findmydevice
+spec:
+  service: "FMD"
+  slos:
+    - name: "requests-availability"
+      objective: 99
+      description: "Find My Device: SLO based on availability for HTTP request responses."
+      sli:
+        events:
+          errorQuery: sum(rate(nginx_ingress_controller_requests{exported_namespace="findmydevice",ingress="blog",status=~"(5..|429)"}[{{.window}}]))
+          totalQuery: sum(rate(nginx_ingress_controller_requests{exported_namespace="findmydevice",ingress="blog"}[{{.window}}])) > 0 OR vector(1)
+      alerting:
+        name: FMDHighErrorRate
+        labels:
+          category: "availability"
+        annotations:
+          summary: "High error rate on 'Find My Device' requests responses"
+    - name: "requests-latency"
+      objective: 99
+      description: "Find My Device: SLO based on latency for HTTP request responses. Warns if requests take longer than 250ms. When responses are slower than 200ms they become noticable slow."
+      labels:
+        category: latency
+      sli:
+        events:
+          errorQuery: |
+            (
+              sum(rate(nginx_ingress_controller_request_duration_seconds_count{exported_namespace="findmydevice",ingress="blog",method!="WATCH"}[{{.window}}]))
+              -
+              sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{exported_namespace="findmydevice",ingress="blog",le="0.25",verb!="WATCH"}[{{.window}}]))
+            )
+          totalQuery: sum(rate(nginx_ingress_controller_request_duration_seconds_count{exported_namespace="findmydevice",ingress="blog",method!="WATCH"}[{{.window}}])) > 0 OR vector(1)
+      alerting:
+        name: FMDLatencyAlert
+        labels:
+          category: "latency"
+        annotations:
+          summary: "Slow responses on 'Find My Device' requests responses. More than 1% take more than 250ms."
--- a/charts/findmydevice/.helmignore
+++ b/charts/findmydevice/.helmignore
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/charts/findmydevice/Chart.yaml
+++ b/charts/findmydevice/Chart.yaml
+apiVersion: v2
+name: findmydevice
+description: A Helm chart for the findmydevice (FMD) server. A project for Android and linux that allows "Find my Phone"-functionality as known from Apple and Google, without handing data over to them.
+home: https://gitlab.com/Nulide/findmydeviceserver
+icon: https://gitlab.com/uploads/-/system/project/avatar/24557720/favicon.ico
+keywords:
+    - android
+    - findmydevice
+sources:
+    - https://gitlab.com/Nulide/findmydeviceserver
+    - https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/findmydevice
+type: application
+version: 0.1.0
+appVersion: "0.4.1-deploy"
--- a/charts/findmydevice/README.md
+++ b/charts/findmydevice/README.md
+# findmydevice
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.1-deploy](https://img.shields.io/badge/AppVersion-0.4.1--deploy-informational?style=flat-square)
+A Helm chart for the findmydevice (FMD) server. A project for Android and linux that allows "Find my Phone"-functionality as known from Apple and Google, without handing data over to them.
+**Homepage:** <https://gitlab.com/Nulide/findmydeviceserver>
+## Source Code
+* <https://gitlab.com/Nulide/findmydeviceserver>
+* <https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/findmydevice>
+## Values
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` | Pull policy allows to configure whether an image should be used if already on the host or pulled freshly regardless. |
+| image.repository | string | `"registry.shivering-isles.com/sheogorath/findmydevice-server"` | Container registry image to use |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| persistentVolumeClaim.accessMode | string | `"ReadWriteOnce"` | Volume Access mode, ReadWriteOnce is recommended |
+| persistentVolumeClaim.size | string | `"20Gi"` | Requested Volume size of the PVC |
+| persistentVolumeClaim.storageClass | string | `nil` | Storage class used for objectbox database |
+| podAnnotations | object | `{}` |  |
+| podSecurityContext.fsGroup | int | `1000` | Sets the filesystem permissions. Since the application requires the data directory to be owned by uid 1000 |
+| resources.limits.cpu | string | `"1"` |  |
+| resources.limits.memory | string | `"512Mi"` |  |
+| resources.requests.cpu | string | `"200m"` |  |
+| resources.requests.memory | string | `"256Mi"` |  |
+| securityContext.capabilities.add | list | `["NET_BIND_SERVICE"]` | needs to add CAP_NET_BIND_SERVICE due to port < 1024 |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.runAsNonRoot | bool | `true` | Enforces that the application can't run as root |
+| securityContext.runAsUser | int | `1000` | Starts the application as uid 1000 |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| tolerations | list | `[]` |  |
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
--- a/charts/findmydevice/deploy.yaml
+++ b/charts/findmydevice/deploy.yaml
+---
+# Source: findmydevice/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fmd-findmydevice
+  labels:
+    helm.sh/chart: findmydevice-0.1.0
+    app.kubernetes.io/name: findmydevice
+    app.kubernetes.io/instance: fmd
+    app.kubernetes.io/version: "0.4.1-deploy"
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: findmydevice/templates/persistentvolumeclaim.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: fmd-findmydevice
+  labels:
+    helm.sh/chart: findmydevice-0.1.0
+    app.kubernetes.io/name: findmydevice
+    app.kubernetes.io/instance: fmd
+    app.kubernetes.io/version: "0.4.1-deploy"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 20Gi
+---
+# Source: findmydevice/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: fmd-findmydevice
+  labels:
+    helm.sh/chart: findmydevice-0.1.0
+    app.kubernetes.io/name: findmydevice
+    app.kubernetes.io/instance: fmd
+    app.kubernetes.io/version: "0.4.1-deploy"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: findmydevice
+    app.kubernetes.io/instance: fmd
+---
+# Source: findmydevice/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fmd-findmydevice
+  labels:
+    helm.sh/chart: findmydevice-0.1.0
+    app.kubernetes.io/name: findmydevice
+    app.kubernetes.io/instance: fmd
+    app.kubernetes.io/version: "0.4.1-deploy"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: findmydevice
+      app.kubernetes.io/instance: fmd
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: findmydevice
+        app.kubernetes.io/instance: fmd
+    spec:
+      serviceAccountName: fmd-findmydevice
+      securityContext:
+        fsGroup: 1000
+      containers:
+        - name: findmydevice
+          securityContext:
+            capabilities:
+              add:
+              - NET_BIND_SERVICE
+              drop:
+              - ALL
+            runAsNonRoot: true
+            runAsUser: 1000
+          image: "registry.shivering-isles.com/sheogorath/findmydevice-server:0.4.1-deploy"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            limits:
+              cpu: "1"
+              memory: 512Mi
+            requests:
+              cpu: 200m
+              memory: 256Mi
+          volumeMounts:
+          - name: data
+            mountPath: /fmd/objectbox/
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: fmd-findmydevice
+---
+# Source: findmydevice/templates/tests/test-connection.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "fmd-findmydevice-test-connection"
+  labels:
+    helm.sh/chart: findmydevice-0.1.0
+    app.kubernetes.io/name: findmydevice
+    app.kubernetes.io/instance: fmd
+    app.kubernetes.io/version: "0.4.1-deploy"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['fmd-findmydevice:80']
+  restartPolicy: Never
--- a/charts/findmydevice/templates/NOTES.txt
+++ b/charts/findmydevice/templates/NOTES.txt
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "findmydevice.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "findmydevice.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "findmydevice.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "findmydevice.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
--- a/charts/findmydevice/templates/_helpers.tpl
+++ b/charts/findmydevice/templates/_helpers.tpl
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "findmydevice.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "findmydevice.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "findmydevice.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{/*
+Common labels
+*/}}
+{{- define "findmydevice.labels" -}}
+helm.sh/chart: {{ include "findmydevice.chart" . }}
+{{ include "findmydevice.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{/*
+Selector labels
+*/}}
+{{- define "findmydevice.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "findmydevice.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "findmydevice.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "findmydevice.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
--- a/charts/findmydevice/templates/deployment.yaml
+++ b/charts/findmydevice/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "findmydevice.fullname" . }}
+  labels:
+    {{- include "findmydevice.labels" . | nindent 4 }}
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "findmydevice.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "findmydevice.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "findmydevice.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+          - name: data
+            mountPath: /fmd/objectbox/
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ include "findmydevice.fullname" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
--- a/charts/findmydevice/templates/ingress.yaml
+++ b/charts/findmydevice/templates/ingress.yaml
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "findmydevice.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "findmydevice.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
--- a/charts/findmydevice/templates/persistentvolumeclaim.yaml
+++ b/charts/findmydevice/templates/persistentvolumeclaim.yaml
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "findmydevice.fullname" . }}
+  labels:
+    {{- include "findmydevice.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - {{ .Values.persistentVolumeClaim.accessMode }}
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: {{ .Values.persistentVolumeClaim.size }}
+  {{- with .Values.persistentVolumeClaim.storageClass }}
+  storageClassName: {{ . }}
+  {{- end }}
\ No newline at end of file
--- a/charts/findmydevice/templates/service.yaml
+++ b/charts/findmydevice/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "findmydevice.fullname" . }}
+  labels:
+    {{- include "findmydevice.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "findmydevice.selectorLabels" . | nindent 4 }}
--- a/charts/findmydevice/templates/serviceaccount.yaml
+++ b/charts/findmydevice/templates/serviceaccount.yaml
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "findmydevice.serviceAccountName" . }}
+  labels:
+    {{- include "findmydevice.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
--- a/charts/findmydevice/templates/tests/test-connection.yaml
+++ b/charts/findmydevice/templates/tests/test-connection.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "findmydevice.fullname" . }}-test-connection"
+  labels:
+    {{- include "findmydevice.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "findmydevice.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never