wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity

feat(paperless-ngx): add paperless-ngx

Browse source
This commit is contained in:
WrenIX 2025-02-23 13:11:44 +01:00
parent 568eba8017
commit fde4f02619
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
21 changed files with 1060 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
paperless-ngx/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
charts/*.tgz
values_test.yaml

23
paperless-ngx/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
paperless-ngx/Chart.lock Normal file
View file

@ -0,0 +1,9 @@
dependencies:
- name: postgresql
repository: oci://docker.io/bitnamicharts
version: 16.4.14
- name: redis
repository: oci://docker.io/bitnamicharts
version: 20.8.0
digest: sha256:fdf0248d6b962b14c31dd1c124a0201a922ebc4da131e7e2bb30da85a0c8fe19
generated: "2025-02-23T13:49:04.061387344+01:00"

31
paperless-ngx/Chart.yaml Normal file
View file

@ -0,0 +1,31 @@
apiVersion: v2
name: paperless-ngx
description: A document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
type: application
icon: https://github.com/paperless-ngx/paperless-ngx/raw/main/resources/logo/web/svg/square.svg
home: https://wrenix.eu/docs/helm-charts/paperless-ngx/
version: "0.1.0"
# renovate: image=ghcr.io/paperless-ngx/paperless-ngx
appVersion: "2.14.7"
keywords:
- paperless
- paperless-ng
- paperless-ngx
- dms
- document
maintainers:
- name: WrenIX
url: https://wrenix.eu
sources:
- https://github.com/paperless-ngx/paperless-ngx
- https://git.chaos.fyi/wrenix/helm-charts/src/branch/main/paperless-ngx
- https://codeberg.org/wrenix/helm-charts/src/branch/main/paperless-ngx
dependencies:
- name: postgresql
version: "^16.3.1"
repository: "oci://docker.io/bitnamicharts"
condition: postgresql.enabled
- name: redis
version: "20.8.0"
repository: "oci://docker.io/bitnamicharts"
condition: redis.enabled

162
paperless-ngx/README.md Normal file
View file

@ -0,0 +1,162 @@
---
title: "paperless-ngx"
description: "A document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper."
---
# paperless-ngx
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.14.7](https://img.shields.io/badge/AppVersion-2.14.7-informational?style=flat-square)
A document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
**Homepage:** <https://wrenix.eu/docs/helm-charts/paperless-ngx/>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| WrenIX | | <https://wrenix.eu> |
## Source Code
* <https://github.com/paperless-ngx/paperless-ngx>
* <https://git.chaos.fyi/wrenix/helm-charts/src/branch/main/paperless-ngx>
* <https://codeberg.org/wrenix/helm-charts/src/branch/main/paperless-ngx>
## Usage
Helm must be installed and setup to your kubernetes cluster to use the charts.
Refer to Helm's [documentation](https://helm.sh/docs) to get started.
Once Helm has been set up correctly, fetch the charts as follows:
```bash
helm pull oci://codeberg.org/wrenix/helm-charts/paperless-ngx
```
You can install a chart release using the following command:
```bash
helm install paperless-ngx-release oci://codeberg.org/wrenix/helm-charts/paperless-ngx --values values.yaml
```
To uninstall a chart release use `helm`'s delete command:
```bash
helm uninstall paperless-ngx-release
```
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| oci://docker.io/bitnamicharts | postgresql | ^16.3.1 |
| oci://docker.io/bitnamicharts | redis | 20.8.0 |
## Values
### NetworkPolicy
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| networkPolicy.egress.database | list | `[]` | rule to access Database (e.g. postgresql, redis) |
| networkPolicy.egress.dns | list | `[{"namespaceSelector":{"matchLabels":{"kubernetes.io/metadata.name":"kube-system"}},"podSelector":{"matchLabels":{"k8s-app":"kube-dns"}}}]` | rule to access DNS |
| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy |
| networkPolicy.egress.extra | list | `[]` | allow additinal egress (e.g. smtp, imap) |
| networkPolicy.enabled | bool | `false` | deploy networkpolicy |
| networkPolicy.ingress.http | list | `[]` | allow to http ports should be your ingress-controller |
| networkPolicy.ingress.metrics | list | `[]` | ingress for metrics port (e.g. prometheus) |
### Other Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| autoscaling.enabled | bool | `false` | |
| autoscaling.maxReplicas | int | `100` | |
| autoscaling.minReplicas | int | `1` | |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| config.apps | string | `nil` | |
| config.database.engine | string | `"postgresql"` | |
| config.database.host | string | `""` | |
| config.database.name | string | `"paperless"` | |
| config.database.pass | string | `"paperless"` | |
| config.database.port | int | `5432` | |
| config.database.sslmode | string | `"prefer"` | |
| config.database.user | string | `"paperless"` | |
| config.oidcProviders | string | `nil` | |
| config.redis.prefix | string | `""` | |
| config.redis.url | string | `""` | |
| config.url | string | `nil` | default first ingress host |
| env.PAPERLESS_ENABLE_FLOWER | bool | `true` | start service for monitor background jobs e.g. for prometheus (example value for env) |
| env.PAPERLESS_USE_X_FORWARD_HOST | bool | `true` | correct ip-address by X-Forwarded-For (example value for env) |
| fullnameOverride | string | `""` | |
| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
| global.image.registry | string | `nil` | if set it will overwrite all registry entries |
| grafana.dashboards.annotations | object | `{}` | |
| grafana.dashboards.enabled | bool | `false` | |
| grafana.dashboards.labels.grafana_dashboard | string | `"1"` | |
| image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. |
| image.registry | string | `"ghcr.io"` | |
| image.repository | string | `"paperless-ngx/paperless-ngx"` | |
| image.tag | string | `""` | |
| imagePullSecrets | list | `[]` | This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| ingress.annotations | object | `{}` | |
| ingress.className | string | `""` | |
| ingress.enabled | bool | `false` | |
| ingress.hosts[0].host | string | `"chart-example.local"` | |
| ingress.hosts[0].paths[0].path | string | `"/"` | |
| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
| ingress.tls | list | `[]` | |
| livenessProbe.httpGet.path | string | `"/"` | |
| livenessProbe.httpGet.port | string | `"http"` | |
| nameOverride | string | `""` | This is to override the chart name. |
| nodeSelector | object | `{}` | |
| persistence.accessMode | string | `"ReadWriteOnce"` | |
| persistence.annotations | object | `{}` | |
| persistence.enabled | bool | `true` | |
| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound |
| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod |
| persistence.size | string | `"5Gi"` | |
| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) |
| podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
| podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
| podSecurityContext | object | `{}` | |
| postgresql.auth.database | string | `"pretix"` | |
| postgresql.auth.password | string | `"pretix"` | |
| postgresql.auth.postgresPassword | string | `"supersecureadminpassword"` | |
| postgresql.auth.username | string | `"pretix"` | |
| postgresql.enabled | bool | `true` | |
| prometheus.rules.additionalRules | list | `[]` | |
| prometheus.rules.enabled | bool | `false` | |
| prometheus.rules.labels | object | `{}` | |
| prometheus.servicemonitor.enabled | bool | `false` | broken, Host need to be localhost on request (instatt of ip) needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003 |
| prometheus.servicemonitor.interval | string | `nil` | interval |
| prometheus.servicemonitor.labels | object | `{}` | |
| prometheus.servicemonitor.scrapeTimeout | string | `nil` | scrape timeout |
| readinessProbe.httpGet.path | string | `"/"` | |
| readinessProbe.httpGet.port | string | `"http"` | |
| redis.architecture | string | `"standalone"` | |
| redis.auth.enabled | bool | `true` | |
| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time |
| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret |
| redis.auth.password | string | `"changeme"` | |
| redis.enabled | bool | `true` | |
| redis.global.storageClass | string | `""` | |
| redis.master.persistence.enabled | bool | `true` | |
| redis.replica.persistence.enabled | bool | `true` | |
| replicaCount | int | `1` | |
| resources | object | `{}` | |
| securityContext | object | `{}` | |
| service.port | int | `80` | This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports |
| service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | |
| volumeMounts | list | `[]` | |
| volumes | list | `[]` | |
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

0
paperless-ngx/_docs.gotmpl Normal file
View file

22
paperless-ngx/templates/NOTES.txt Normal file
View file

@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "paperless-ngx.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "paperless-ngx.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "paperless-ngx.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "paperless-ngx.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

62
paperless-ngx/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "paperless-ngx.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "paperless-ngx.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "paperless-ngx.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "paperless-ngx.labels" -}}
helm.sh/chart: {{ include "paperless-ngx.chart" . }}
{{ include "paperless-ngx.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "paperless-ngx.selectorLabels" -}}
app.kubernetes.io/name: {{ include "paperless-ngx.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "paperless-ngx.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "paperless-ngx.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

14
paperless-ngx/templates/configmap_grafana_dashboards.yaml Normal file
View file

@ -0,0 +1,14 @@
{{- if .Values.grafana.dashboards.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "paperless-ngx.fullname" . }}-grafana-dashboards
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
{{- toYaml .Values.grafana.dashboards.labels | nindent 4 }}
annotations:
{{- toYaml .Values.grafana.dashboards.annotations | nindent 4 }}
data:
{{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }}
{{- end }}

129
paperless-ngx/templates/deployment.yaml Normal file
View file

@ -0,0 +1,129 @@
---
{{- $fullname := include "paperless-ngx.fullname" . }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullname }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "paperless-ngx.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
"checksum/config": {{ toYaml .Values.config | sha256sum }}
"checksum/env": {{ toYaml .Values.env | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "paperless-ngx.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "paperless-ngx.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.image }}
image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
{{- end }}
ports:
- name: http
containerPort: 8000
protocol: TCP
{{- if .Values.env.PAPERLESS_ENABLE_FLOWER }}
- name: metrics
containerPort: 5555
protocol: TCP
{{- end }}
envFrom:
- secretRef:
name: {{ $fullname }}
{{- with .Values.redis.auth }}
{{- if and .enabled .existingSecret }}
env:
- name: "REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ .existingSecret }}
key: {{ .existingSecretPasswordKey }}
{{- end }}
{{- end }}{{/* end-with redis.auth */}}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /usr/src/paperless/data
name: storage
subPath: data
- mountPath: /usr/src/paperless/media
name: storage
subPath: media
- mountPath: /usr/src/paperless/consume
name: storage
subPath: consume
- mountPath: /usr/src/paperless/export
name: storage
subPath: export
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumes:
- name: storage
{{- with .Values.persistence }}
{{- with .hostPath }}
hostPath:
type: Directory
path: {{ . | quote }}
{{- else }}
{{- if .enabled }}
persistentVolumeClaim:
claimName: {{ coalesce .existingClaim $fullname }}
{{- else }}
emptyDir: {}
{{- end }}{{/* end-if persistence.enabled */}}
{{- end }}{{/* end-else-with hostPath */}}
{{- end }}{{/* end-with persistence */}}
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

32
paperless-ngx/templates/hpa.yaml Normal file
View file

@ -0,0 +1,32 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "paperless-ngx.fullname" . }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "paperless-ngx.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

43
paperless-ngx/templates/ingress.yaml Normal file
View file

@ -0,0 +1,43 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "paperless-ngx.fullname" . }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.ingress.className }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- with .pathType }}
pathType: {{ . }}
{{- end }}
backend:
service:
name: {{ include "paperless-ngx.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- end }}

73
paperless-ngx/templates/networkpolicy.yaml Normal file
View file

@ -0,0 +1,73 @@
{{- with .Values.networkPolicy }}
{{- if .enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "paperless-ngx.fullname" $ }}
labels:
{{- include "paperless-ngx.labels" $ | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "paperless-ngx.selectorLabels" $ | nindent 6 }}
policyTypes:
- Ingress
{{- if .egress.enabled }}
- Egress
{{- end }}
ingress:
{{- with .ingress.http }}
- ports:
- port: 8000
protocol: TCP
from:
{{- toYaml . | nindent 8 }}
{{- end }}{{/* end-with .ingress.http */}}
{{- with .ingress.metrics }}
- ports:
- port: 5555
protocol: TCP
from:
{{- toYaml . | nindent 8 }}
{{- end }}{{/* end-with .ingress.metrics */}}
{{- with .egress }}
{{- if .enabled }}
egress:
{{- with .dns }}
- ports:
- port: 53
protocol: UDP
to:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .database }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ports:
- port: 5432
protocol: TCP
to:
- podSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: postgresql
- ports:
- port: 6379
protocol: TCP
to:
- podSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: redis
app.kubernetes.io/component: master
{{- end }}
{{- with .extra }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}{{/* end-if egress.enabled */}}
{{- end }}{{/* end-with .egress */}}
{{- end }}
{{- end }}

20
paperless-ngx/templates/prometheus-rules.yaml Normal file
View file

@ -0,0 +1,20 @@
{{- if and .Values.prometheus.rules.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "paperless-ngx.fullname" . }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
{{- with .Values.prometheus.rules.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
groups:
- name: {{ template "paperless-ngx.fullname" . }}-Additional
rules: []
{{- with .Values.prometheus.rules.additionalRules }}
- name: {{ template "paperless-ngx.fullname" $ }}-Additional
rules:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

29
paperless-ngx/templates/pvc.yaml Normal file
View file

@ -0,0 +1,29 @@
{{- if and
.Values.persistence.enabled
(not .Values.persistence.hostPath)
(not .Values.persistence.existingClaim)
}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "paperless-ngx.fullname" . }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- with .Values.persistence.storageClass }}
{{- if (eq "-" .) }}
storageClassName: ""
{{- else }}
storageClassName: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

81
paperless-ngx/templates/secrets.yaml Normal file
View file

@ -0,0 +1,81 @@
---
{{- $fullname := include "paperless-ngx.fullname" . }}
{{- $secret := (lookup "v1" "Secret" .Release.Namespace $fullname) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $fullname }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
annotations:
"checksum/config": {{ toYaml .Values.config | sha256sum }}
"checksum/env": {{ toYaml .Values.env | sha256sum }}
data:
{{- with .Values.config.url }}
PAPERLESS_URL: {{ toYaml . | b64enc }}
{{- else }}
{{- $ingressTLS := ne ( len .Values.ingress.tls ) 0 }}
PAPERLESS_URL: {{ printf "%s://%s" (ternary "https" "http" $ingressTLS) (first .Values.ingress.hosts).host | b64enc }}
{{- end }}
{{- with .Values.config.redis }}
{{- with .url }}
PAPERLESS_REDIS: {{ toYaml . | b64enc }}
{{- else }}
{{- if $.Values.redis.auth.enabled }}
{{- if $.Values.redis.auth.existingSecret }}
PAPERLESS_REDIS: {{ printf "redis://:$(REDIS_PASSWORD)@%s-redis-master" (include "paperless-ngx.fullname" $)| b64enc }}
{{- else }}
PAPERLESS_REDIS: {{ printf "redis://:%s@%s-redis-master" $.Values.redis.auth.password (include "paperless-ngx.fullname" $)| b64enc }}
{{- end }}
{{- else }}
PAPERLESS_REDIS: {{ printf "redis://%s-redis-master" (include "paperless-ngx.fullname" $)| b64enc }}
{{- end }}
{{- end }}
{{- with .prefix }}
PAPERLESS_REDIS_PREFIX: {{ toYaml . | b64enc }}
{{- end }}
{{- end }}
{{- with .Values.config.database }}
{{- with .engine }}
PAPERLESS_DBENGINE: {{ toYaml . | b64enc }}
{{- end }}
{{- with .host }}
PAPERLESS_DBHOST: {{ toYaml . | b64enc }}
{{- else }}
PAPERLESS_DBHOST: {{ printf "%s-postgresql" (include "paperless-ngx.fullname" $) | b64enc }}
{{- end }}
{{- with .port }}
PAPERLESS_DBPORT: {{ toYaml . | b64enc }}
{{- end }}
{{- with .name }}
PAPERLESS_DBNAME: {{ toYaml . | b64enc }}
{{- end }}
{{- with .user }}
PAPERLESS_DBUSER: {{ toYaml . | b64enc }}
{{- end }}
{{- with .pass }}
PAPERLESS_DBPASS: {{ toYaml . | b64enc }}
{{- end }}
{{- with .sslmode }}
PAPERLESS_DBSSLMODE: {{ toYaml . | b64enc }}
{{- end }}
{{- end }}{{/* end-with .config.database */}}
{{- with .Values.config.apps }}
PAPERLESS_APPS: {{ toYaml . | b64enc }}
{{- end }}
{{- with .Values.config.oidcProviders }}
PAPERLESS_SOCIALACCOUNT_PROVIDERS: {{ toJson . | b64enc }}
{{- end }}
PAPERLESS_SECRET_KEY: {{ .Values.env.PAPERLESS_SECRET_KEY
| default (dig "data" "PAPERLESS_SECRET_KEY" "" $secret | b64dec)
| default (randAlphaNum 64)
| b64enc
}}
{{- range $name, $value := .Values.env }}
{{ $name }}: {{ toString $value | b64enc }}
{{- end }}

21
paperless-ngx/templates/service.yaml Normal file
View file

@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "paperless-ngx.fullname" . }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
selector:
{{- include "paperless-ngx.selectorLabels" . | nindent 4 }}
ports:
- name: http
port: {{ .Values.service.port }}
protocol: TCP
targetPort: http
{{- if .Values.env.PAPERLESS_ENABLE_FLOWER }}
- name: metrics
port: 9100
protocol: TCP
targetPort: metrics
{{- end }}

13
paperless-ngx/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "paperless-ngx.serviceAccountName" . }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

27
paperless-ngx/templates/servicemonitor.yaml Normal file
View file

@ -0,0 +1,27 @@
{{- if and .Values.prometheus.servicemonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "paperless-ngx.fullname" . }}
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
{{- with .Values.prometheus.servicemonitor.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "paperless-ngx.selectorLabels" . | nindent 6 }}
endpoints:
- port: metrics
path: "/metrics"
{{- with .Values.prometheus.servicemonitor }}
{{- with .interval }}
interval: {{ . }}
{{- end }}
{{- with .scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
{{- end }}
{{- end }}

15
paperless-ngx/templates/tests/test-connection.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "paperless-ngx.fullname" . }}-test-connection"
labels:
{{- include "paperless-ngx.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "paperless-ngx.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

252
paperless-ngx/values.yaml Normal file
View file

@ -0,0 +1,252 @@
global:
image:
# -- if set it will overwrite all registry entries
registry:
# -- if set it will overwrite all pullPolicy
pullPolicy:
# -- This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# -- This is to override the chart name.
nameOverride: ""
fullnameOverride: ""
replicaCount: 1
image:
registry: "ghcr.io"
repository: paperless-ngx/paperless-ngx
# -- This sets the pull policy for images.
pullPolicy: IfNotPresent
tag: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Automatically mount a ServiceAccount's API credentials?
automount: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- This is for setting Kubernetes Annotations to a Pod.
# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# -- This is for setting Kubernetes Labels to a Pod.
# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
config:
# -- default first ingress host
url:
apps:
redis:
url: ""
prefix: ""
database:
engine: "postgresql"
host: ""
port: 5432
name: "paperless"
user: "paperless"
pass: "paperless"
sslmode: "prefer"
oidcProviders:
env:
# -- correct ip-address by X-Forwarded-For (example value for env)
PAPERLESS_USE_X_FORWARD_HOST: true
# -- start service for monitor background jobs e.g. for prometheus (example value for env)
PAPERLESS_ENABLE_FLOWER: true
# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
service:
# -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: ClusterIP
# -- This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
port: 80
# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
networkPolicy:
# -- deploy networkpolicy
# @section -- NetworkPolicy
enabled: false
ingress:
# -- allow to http ports
# should be your ingress-controller
# @section -- NetworkPolicy
http: []
# -- ingress for metrics port (e.g. prometheus)
# @section -- NetworkPolicy
metrics: []
egress:
# -- activate egress no networkpolicy
# @section -- NetworkPolicy
enabled: true
# -- rule to access DNS
# @section -- NetworkPolicy
dns:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
# -- rule to access Database (e.g. postgresql, redis)
# @section -- NetworkPolicy
database: []
# -- allow additinal egress (e.g. smtp, imap)
# @section -- NetworkPolicy
extra: []
persistence:
enabled: true
annotations: {}
# -- Persistent Volume Storage Class
# If defined, storageClassName: <storageClass>
# If set to "-", storageClassName: "", which disables dynamic provisioning
# If undefined (the default) or set to null, no storageClassName spec is
# set, choosing the default provisioner. (gp2 on AWS, standard on
# GKE, AWS & OpenStack)
#
storageClass:
# -- A manually managed Persistent Volume and Claim
# Requires persistence.enabled: true
# If defined, PVC must be created manually before volume will be bound
existingClaim:
# -- Do not create an PVC, direct use hostPath in Pod
hostPath:
accessMode: ReadWriteOnce
size: 5Gi
# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
nodeSelector: {}
tolerations: []
affinity: {}
prometheus:
servicemonitor:
# -- broken, Host need to be localhost on request (instatt of ip)
# needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003
enabled: false
labels: {}
# -- interval
interval:
# -- scrape timeout
scrapeTimeout:
rules:
enabled: false
labels: {}
# current no default alertrules are provided
additionalRules: []
grafana:
dashboards:
enabled: false
labels:
grafana_dashboard: "1"
annotations: {}
postgresql:
enabled: true
auth:
database: pretix
username: pretix
password: pretix
postgresPassword: supersecureadminpassword
redis:
enabled: true
architecture: standalone
auth:
enabled: true
password: 'changeme'
# -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time
existingSecret: ""
# -- Password key to be retrieved from existing secret
existingSecretPasswordKey: ""
global:
storageClass: ""
master:
persistence:
enabled: true
replica:
persistence:
enabled: true