chore(deps): update helm release argo-cd to v8.0.1

Signed-off-by: Nikolai Rodionov <nikolai.rodionov@onpier.de>

.pre-commit-config.yaml

@@ -9,13 +9,13 @@ repos:
       - id: yamlfmt
         exclude: |
           (?x)(
+            ^charts/|
             ^.*secrets.*yaml|
-            ^charts/
           )
-  - repo: https://github.com/codespell-project/codespell
-    rev: v2.2.4
-    hooks:
-      - id: codespell
+          #  - repo: https://github.com/codespell-project/codespell
+          #    rev: v2.2.4
+          #    hooks:
+          #      - id: codespell
   - repo: local
     hooks:
       - id: check-sops-secrets

.sops.yaml

@@ -8,3 +8,7 @@ creation_rules:
     key_groups:
       - age:
           - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+  - path_regex: common/values/secrets.*
+    key_groups:
+      - age:
+          - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8

charts/apply-log/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-name: apply-log
-description: A Helm chart for Kubernetes
-type: application
-version: 0.1.0
-appVersion: "1.16.0"

charts/apply-log/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "apply-log.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "apply-log.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "apply-log.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "apply-log.labels" -}}
-helm.sh/chart: {{ include "apply-log.chart" . }}
-{{ include "apply-log.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "apply-log.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "apply-log.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "apply-log.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "apply-log.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

charts/apply-log/templates/configmap.yaml

@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-apply-log
-  namespace: {{ .Release.Namespace }}
-  labels:
-    k8s.badhouseplants.net/configmap-kind: helmfile-apply-log
-    {{- include "apply-log.labels" . | nindent 4 }}
-data:
-  author: {{ .Values.author }}
-  {{- if .Values.ci }}
-  ci: {{ .Values.ci | quote }}
-  {{- else }}
-  {{- with .Values.cdDisabled }}
-  cdDisabled: {{ . | quote }}
-  {{- end }}
-  branch: {{ .Values.branch }}
-  sha: {{ .Values.sha | quote | replace " " "" }}
-  status: {{ .Values.status }}
-  {{- end }}

charts/apply-log/values.yaml

@@ -1,7 +0,0 @@
-name: test
-ci: false
-branch: main
-author: test
-sha: dummy
-status: clean
-cdDisabled: false

charts/issuer/templates/issuer.yaml

@@ -1,10 +1,23 @@
+{{- range $name, $issuer := .Values.clusterIssuers }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   labels:
-    {{- include "issuer.labels" . | nindent 4 }}
-  name: "{{ .Values.name }}"
+    {{- include "issuer.labels" $ | nindent 4 }}
+  name: "{{ $name }}"
 spec:
-  acme:
-{{ .Values.spec | toYaml | indent 2 }}
+{{ $issuer.spec | toYaml | indent 2 }}
+{{- end }}
+{{- range $name, $issuer := .Values.issuers }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    {{- include "issuer.labels" $ | nindent 4 }}
+  name: "{{ $name }}"
+  namespace: {{ $issuer.namespace }}
+spec:
+{{ $issuer.spec | toYaml | indent 2 }}
+{{- end }}

charts/metallb-resources/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: metallb-resources
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/metallb-resources/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "root.name" -}}
+{{- define "metallb-resources.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "root.fullname" -}}
+{{- define "metallb-resources.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "root.chart" -}}
+{{- define "metallb-resources.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "root.labels" -}}
-helm.sh/chart: {{ include "root.chart" . }}
-{{ include "root.selectorLabels" . }}
+{{- define "metallb-resources.labels" -}}
+helm.sh/chart: {{ include "metallb-resources.chart" . }}
+{{ include "metallb-resources.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "root.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "root.name" . }}
+{{- define "metallb-resources.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "root.serviceAccountName" -}}
+{{- define "metallb-resources.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

charts/metallb-resources/templates/ip_address_pool.tpl

@@ -0,0 +1,7 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: {{ include "metallb-resources.fullname" . }}
+spec:
+  addresses:
+  - {{ .Values.addresses}}

charts/metallb-resources/values.yaml

@@ -0,0 +1 @@
+addresses: 1.1.1.1-1.1.1.1

charts/namespaces/templates/namespaces.yaml

@@ -15,5 +15,24 @@ metadata:
     {{- with $ns.annotations}}
     {{- toYaml . | nindent 4 }}
   {{- end }}
+{{- if $ns.defaultRegcred }}
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  name: regcred
+  namespace: {{ $ns.name }}
+data:
+  .dockerconfigjson: {{ $.Values.defaultRegcred }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: default
+  namespace: {{ $ns.name }}
+imagePullSecrets:
+  - name: regcred
+{{- end }}
 {{- end }}
 {{- end }}

charts/qbittorrent/.helmignore

@@ -21,3 +21,5 @@
 .idea/
 *.tmproj
 .vscode/
+# helm-docs templates
+*.gotmpl

charts/qbittorrent/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: https://bjw-s.github.io/helm-charts
+  version: 1.5.1
+digest: sha256:3588c89621170f198d4938664d3ea4c469bd91fd78183c83cfcf63f474d348c4
+generated: "2023-08-06T06:19:47.992738822Z"

charts/qbittorrent/Chart.yaml

@@ -0,0 +1,31 @@
+annotations:
+  artifacthub.io/changes: |-
+    - kind: changed
+      description: Update ghcr.io/linuxserver/qbittorrent docker tag to version-5.0.3-r0
+  artifacthub.io/links: |-
+    - name: App Source
+      url: https://github.com/qbittorrent/qBittorrent
+    - name: Container Source
+      url: https://github.com/linuxserver/docker-qbittorrent
+    - name: Chart Source
+      url: https://github.com/gabe565/charts/tree/main/charts/qbittorrent
+apiVersion: v2
+appVersion: version-5.0.3-r0
+dependencies:
+- name: common
+  repository: https://bjw-s-labs.github.io/helm-charts
+  version: 3.7.3
+description: The qBittorrent project aims to provide an open-source software alternative
+  to µTorrent.
+home: https://charts.gabe565.com/charts/qbittorrent/
+icon: https://raw.githubusercontent.com/qbittorrent/qBittorrent/master/src/icons/qbittorrent-tray.svg
+keywords:
+- torrent
+- bittorrent
+kubeVersion: '>=1.22.0-0'
+name: qbittorrent
+sources:
+- https://github.com/qbittorrent/qBittorrent
+- https://github.com/linuxserver/docker-qbittorrent
+type: application
+version: 0.4.1

charts/qbittorrent/README.md

@@ -0,0 +1,122 @@
+# qBittorrent
+
+![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
+![AppVersion: version-5.0.3-r0](https://img.shields.io/badge/AppVersion-version--5.0.3--r0-informational?style=flat)
+
+The qBittorrent project aims to provide an open-source software alternative to µTorrent.
+
+**Homepage:** <https://charts.gabe565.com/charts/qbittorrent/>
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised
+[here](https://github.com/gabe565/charts/issues/new?assignees=gabe565&labels=bug&template=bug_report.yaml&name=qbittorrent&version=0.4.1)**
+
+## Source Code
+
+* <https://github.com/qbittorrent/qBittorrent>
+* <https://github.com/linuxserver/docker-qbittorrent>
+
+## Requirements
+
+Kubernetes: `>=1.22.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| <https://bjw-s.github.io/helm-charts> | common | 1.5.1 |
+
+## Installing the Chart
+
+To install the chart with the release name `qbittorrent`
+
+### OCI (Recommended)
+
+```console
+helm install qbittorrent oci://ghcr.io/gabe565/charts/qbittorrent
+```
+
+### Traditional
+
+```console
+helm repo add gabe565 https://charts.gabe565.com
+helm repo update
+helm install qbittorrent gabe565/qbittorrent
+```
+
+## Uninstalling the Chart
+
+To uninstall the `qbittorrent` deployment
+
+```console
+helm uninstall qbittorrent
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/bjw-s/helm-charts/tree/a081de5/charts/library/common/values.yaml) from the [bjw-s common library](https://github.com/bjw-s/helm-charts/tree/a081de5/charts/library/common).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install qbittorrent \
+  --set env.TZ="America/New York" \
+    gabe565/qbittorrent
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install qbittorrent gabe565/qbittorrent -f values.yaml
+```
+
+## Custom configuration
+
+### VueTorrent
+
+[VueTorrent](https://github.com/WDaan/VueTorrent) is an alternative web UI for qBittorrent built with Vue.js.
+This chart uses the LinuxServer.io qBittorrent image, so VueTorrent can be installed as a
+[Docker mod](https://github.com/linuxserver/docker-mods).
+
+1. Add [gabe565/linuxserver-mod-vuetorrent](https://github.com/gabe565/linuxserver-mod-vuetorrent) as a
+Docker mod. In `values.yaml`:
+    ```yaml
+    env:
+      DOCKER_MODS: ghcr.io/gabe565/linuxserver-mod-vuetorrent
+    ```
+
+2. (Optional) Add an `emptyDir` volume at `/vuetorrent`:
+    ```yaml
+    persistence:
+      vuetorrent:
+        enabled: true
+        type: emptyDir
+    ```
+
+3. Upgrade the Helm chart with your changes.
+4. Go to `Options` > `Web UI`
+5. Check `Use alternative Web UI`
+6. Set `Files location` to `/vuetorrent`
+7. Scroll down and click `Save`.
+8. Refresh
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from the bjw-s common library chart [here](https://github.com/bjw-s/helm-charts/tree/a081de5/charts/library/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| env | object | See [values.yaml](./values.yaml) | environment variables. [[ref]](https://github.com/linuxserver/docker-qbittorrent#parameters) |
+| env.TZ | string | `"UTC"` | Set the container timezone |
+| image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| image.repository | string | `"ghcr.io/linuxserver/qbittorrent"` | image repository |
+| image.tag | string | `"version-5.0.3-r0"` | image tag |
+| ingress.main | object | See [values.yaml](./values.yaml) | Enable and configure ingress settings for the chart under this key. |
+| persistence | object | See values.yaml | Configure persistence settings for the chart under this key. Set `enabled` to `true' to create persistant volumes for each of these. |
+| service | object | See [values.yaml](./values.yaml) | Configures service settings for the chart. |
+
+---
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

charts/qbittorrent/charts/common/.helmignore

@@ -14,10 +14,15 @@
 *.swp
 *.bak
 *.tmp
-*.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl
+# Test files
+tests/

charts/qbittorrent/charts/common/Chart.yaml

@@ -0,0 +1,23 @@
+annotations:
+  artifacthub.io/changes: |-
+    - kind: fixed
+      description: Ingress secret name template is evaluated before deciding whether to omit it
+    - kind: changed
+      description: Updated code-server image tag to v4.13.0
+    - kind: changed
+      description: Updated netshoot image tag to v0.11
+    - kind: changed
+      description: Updated gluetun image tag to v3.34.3
+apiVersion: v2
+description: Function library for Helm charts
+home: https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+keywords:
+- common
+- library
+kubeVersion: '>=1.22.0-0'
+maintainers:
+- email: me@bjw-s.dev
+  name: bjw-s
+name: common
+type: library
+version: 1.5.1

charts/qbittorrent/charts/common/README.md

@@ -0,0 +1,255 @@
+# common
+
+![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
+
+Function library for Helm charts
+
+Since a lot of the bjw-s charts follow a similar pattern, this library was built to reduce maintenance cost between the charts that use it and try achieve a goal of being DRY.
+
+## Requirements
+
+Kubernetes: `>=1.22.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+
+## Installing the Chart
+
+This is a [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm).
+
+**WARNING: THIS CHART IS NOT MEANT TO BE INSTALLED DIRECTLY**
+
+## Using this library
+
+Include this chart as a dependency in your `Chart.yaml` e.g.
+
+```yaml
+# Chart.yaml
+dependencies:
+- name: common
+  version: 1.5.0
+  repository: https://bjw-s.github.io/helm-charts/
+```
+
+For more information, take a look at the [Docs](http://bjw-s.github.io/helm-charts/docs/common-library/introduction/).
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+
+## Custom configuration
+
+N/A
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| addons | object | See below | The common chart supports several add-ons. These can be configured under this key. |
+| addons.codeserver | object | See values.yaml | The common library supports adding a code-server add-on to access files. It can be configured under this key. |
+| addons.codeserver.args | list | `["--auth","none"]` | Set codeserver command line arguments. Consider setting --user-data-dir to a persistent location to preserve code-server setting changes |
+| addons.codeserver.enabled | bool | `false` | Enable running a code-server container in the pod |
+| addons.codeserver.env | object | `{}` | Set any environment variables for code-server here |
+| addons.codeserver.git | object | See below | Optionally allow access a Git repository by passing in a private SSH key |
+| addons.codeserver.git.deployKey | string | `""` | Raw SSH private key |
+| addons.codeserver.git.deployKeyBase64 | string | `""` | Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence. |
+| addons.codeserver.git.deployKeySecret | string | `""` | Existing secret containing SSH private key The chart expects it to be present under the `id_rsa` key. |
+| addons.codeserver.image.pullPolicy | string | `"IfNotPresent"` | Specify the code-server image pull policy |
+| addons.codeserver.image.repository | string | `"ghcr.io/coder/code-server"` | Specify the code-server image |
+| addons.codeserver.image.tag | string | `"4.12.0"` | Specify the code-server image tag |
+| addons.codeserver.ingress.enabled | bool | `false` | Enable an ingress for the code-server add-on. |
+| addons.codeserver.ingress.ingressClassName | string | `nil` | Set the ingressClass that is used for this ingress. |
+| addons.codeserver.service.enabled | bool | `true` | Enable a service for the code-server add-on. |
+| addons.codeserver.volumeMounts | list | `[]` | Specify a list of volumes that get mounted in the code-server container. At least 1 volumeMount is required! |
+| addons.codeserver.workingDir | string | `""` | Specify the working dir that will be opened when code-server starts If not given, the app will default to the mountpah of the first specified volumeMount |
+| addons.netshoot | object | See values.yaml | The common library supports adding a netshoot add-on to troubleshoot network issues within a Pod. It can be configured under this key. |
+| addons.netshoot.enabled | bool | `false` | Enable running a netshoot container in the pod |
+| addons.netshoot.env | object | `{}` | Set any environment variables for netshoot here |
+| addons.netshoot.image.pullPolicy | string | `"IfNotPresent"` | Specify the netshoot image pull policy |
+| addons.netshoot.image.repository | string | `"ghcr.io/nicolaka/netshoot"` | Specify the netshoot image |
+| addons.netshoot.image.tag | string | `"v0.10"` | Specify the netshoot image tag |
+| addons.vpn | object | See values.yaml | The common chart supports adding a VPN add-on. It can be configured under this key. |
+| addons.vpn.args | list | `[]` | Override the args for the vpn sidecar container |
+| addons.vpn.configFile | string | `nil` | Provide a customized vpn configuration file to be used by the VPN. |
+| addons.vpn.configFileSecret | string | `nil` | Reference an existing secret that contains the VPN configuration file The chart expects it to be present under the `vpnConfigfile` key. |
+| addons.vpn.enabled | bool | `false` | Enable running a VPN in the pod to route traffic through a VPN |
+| addons.vpn.env | object | `{}` | All variables specified here will be added to the vpn sidecar container See the documentation of the VPN image for all config values |
+| addons.vpn.gluetun | object | See below | Make sure to read the [documentation](https://github.com/qdm12/gluetun/wiki) to see how to configure this addon! |
+| addons.vpn.gluetun.image.pullPolicy | string | `"IfNotPresent"` | Specify the Gluetun image pull policy |
+| addons.vpn.gluetun.image.repository | string | `"docker.io/qmcgaw/gluetun"` | Specify the Gluetun image |
+| addons.vpn.gluetun.image.tag | string | `"v3.33.0"` | Specify the Gluetun image tag |
+| addons.vpn.livenessProbe | object | `{}` | Optionally specify a livenessProbe, e.g. to check if the connection is still being protected by the VPN |
+| addons.vpn.networkPolicy.annotations | object | `{}` | Provide additional annotations which may be required. |
+| addons.vpn.networkPolicy.egress | string | `nil` | The egress configuration for your network policy, All outbound traffic from the pod will be blocked unless specified here. [[ref]](https://kubernetes.io/docs/concepts/services-networking/network-policies/) [[recipes]](https://github.com/ahmetb/kubernetes-network-policy-recipes) |
+| addons.vpn.networkPolicy.enabled | bool | `false` | If set to true, will deploy a network policy that blocks all outbound traffic except traffic specified as allowed |
+| addons.vpn.networkPolicy.labels | object | `{}` | Provide additional labels which may be required. |
+| addons.vpn.networkPolicy.podSelectorLabels | object | `{}` | Provide additional podSelector labels which may be required. |
+| addons.vpn.scripts | object | See values.yaml | Provide custom up/down scripts that can be used by the vpn configuration. |
+| addons.vpn.securityContext | object | See values.yaml | Set the VPN container securityContext |
+| addons.vpn.type | string | `"gluetun"` | Specify the VPN type. Valid options are `gluetun`. |
+| affinity | object | `{}` | Defines affinity constraint rules. [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
+| args | list | `[]` | Override the args for the default container |
+| automountServiceAccountToken | bool | `true` | Specifies whether a service account token should be automatically mounted. |
+| command | list | `[]` | Override the command(s) for the default container |
+| configMaps | object | See below | Configure configMaps for the chart here. Additional configMaps can be added by adding a dictionary key similar to the 'config' object. |
+| configMaps.config.annotations | object | `{}` | Annotations to add to the configMap |
+| configMaps.config.data | object | `{}` | configMap data content. Helm template enabled. |
+| configMaps.config.enabled | bool | `false` | Enables or disables the configMap |
+| configMaps.config.labels | object | `{}` | Labels to add to the configMap |
+| controller.annotations | object | `{}` | Set annotations on the deployment/statefulset/daemonset/cronjob |
+| controller.cronjob | object | See below | CronJob configuration. Required only when using `controller.type: cronjob`. |
+| controller.cronjob.backoffLimit | int | `6` | Limits the number of times a failed job will be retried |
+| controller.cronjob.concurrencyPolicy | string | `"Forbid"` | Specifies how to treat concurrent executions of a job that is created by this cron job valid values are Allow, Forbid or Replace |
+| controller.cronjob.failedJobsHistory | int | `1` | The number of failed Jobs to keep |
+| controller.cronjob.schedule | string | `"*/20 * * * *"` | Sets the CronJob time when to execute your jobs |
+| controller.cronjob.startingDeadlineSeconds | int | `30` | The deadline in seconds for starting the job if it misses its scheduled time for any reason |
+| controller.cronjob.successfulJobsHistory | int | `1` | The number of succesful Jobs to keep |
+| controller.cronjob.ttlSecondsAfterFinished | string | `nil` | If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. |
+| controller.enabled | bool | `true` | enable the controller. |
+| controller.labels | object | `{}` | Set labels on the deployment/statefulset/daemonset/cronjob |
+| controller.podManagementPolicy | string | `nil` | Set statefulset podManagementPolicy, valid values are Parallel and OrderedReady (default). |
+| controller.replicas | int | `1` | Number of desired pods. When using a HorizontalPodAutoscaler, set this to `null`. |
+| controller.restartPolicy | string | `Always`. When `controller.type` is `cronjob` it defaults to `Never`. | Set Container restart policy. |
+| controller.revisionHistoryLimit | int | `3` | ReplicaSet revision history limit |
+| controller.rollingUpdate.partition | string | `nil` | Set statefulset RollingUpdate partition |
+| controller.rollingUpdate.surge | string | `nil` | Set deployment RollingUpdate max surge |
+| controller.rollingUpdate.unavailable | string | `nil` | Set deployment RollingUpdate max unavailable |
+| controller.strategy | string | `nil` | Set the controller upgrade strategy For Deployments, valid values are Recreate (default) and RollingUpdate. For StatefulSets, valid values are OnDelete and RollingUpdate (default). DaemonSets/CronJobs ignore this. |
+| controller.type | string | `"deployment"` | Set the controller type. Valid options are deployment, daemonset, statefulset or cronjob |
+| dnsConfig | object | `{}` | Configuring the ndots option may resolve nslookup issues on some Kubernetes setups. |
+| dnsPolicy | string | `nil` | Defaults to "ClusterFirst" if hostNetwork is false and "ClusterFirstWithHostNet" if hostNetwork is true. |
+| enableServiceLinks | bool | `true` | Enable/disable the generation of environment variables for services. [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service) |
+| env | string | `nil` | Main environment variables. Template enabled. Syntax options: A) TZ: UTC B) PASSWD: '{{ .Release.Name }}' C) PASSWD:      configMapKeyRef:        name: config-map-name        key: key-name D) PASSWD:      valueFrom:        secretKeyRef:          name: secret-name          key: key-name      ... E) - name: TZ      value: UTC F) - name: TZ      value: '{{ .Release.Name }}' |
+| envFrom | list | `[]` | Secrets and/or ConfigMaps that will be loaded as environment variables. [[ref]](https://unofficial-kubernetes.readthedocs.io/en/latest/tasks/configure-pod-container/configmap/#use-case-consume-configmap-in-environment-variables) |
+| global.annotations | object | `{}` | Set additional global annotations. Helm templates can be used. |
+| global.fullnameOverride | string | `nil` | Set the entire name definition |
+| global.labels | object | `{}` | Set additional global labels. Helm templates can be used. |
+| global.nameOverride | string | `nil` | Set an override for the prefix of the fullname |
+| hostAliases | list | `[]` | Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames. [[ref]](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/) |
+| hostIPC | bool | `false` | Use the host's ipc namespace |
+| hostNetwork | bool | `false` | When using hostNetwork make sure you set dnsPolicy to `ClusterFirstWithHostNet` |
+| hostPID | bool | `false` | Use the host's pid namespace |
+| hostname | string | `nil` | Allows specifying explicit hostname setting |
+| image.pullPolicy | string | `nil` | image pull policy |
+| image.repository | string | `nil` | image repository |
+| image.tag | string | `nil` | image tag |
+| imagePullSecrets | list | `[]` | Set image pull secrets |
+| ingress | object | See below | Configure the ingresses for the chart here. Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. |
+| ingress.main.annotations | object | `{}` | Provide additional annotations which may be required. |
+| ingress.main.enabled | bool | `false` | Enables or disables the ingress |
+| ingress.main.hosts[0].host | string | `"chart-example.local"` | Host address. Helm template can be passed. |
+| ingress.main.hosts[0].paths[0].path | string | `"/"` | Path.  Helm template can be passed. |
+| ingress.main.hosts[0].paths[0].service.name | string | `nil` | Overrides the service name reference for this path |
+| ingress.main.hosts[0].paths[0].service.port | string | `nil` | Overrides the service port reference for this path |
+| ingress.main.ingressClassName | string | `nil` | Set the ingressClass that is used for this ingress. |
+| ingress.main.labels | object | `{}` | Provide additional labels which may be required. |
+| ingress.main.nameOverride | string | `nil` | Override the name suffix that is used for this ingress. |
+| ingress.main.primary | bool | `true` | Make this the primary ingress (used in probes, notes, etc...). If there is more than 1 ingress, make sure that only 1 ingress is marked as primary. |
+| ingress.main.tls | list | `[]` | Configure TLS for the ingress. Both secretName and hosts can process a Helm template. |
+| initContainers | object | `{}` | Specify any initContainers here as dictionary items. Each initContainer should have its own key. The dictionary item key will determine the order. Helm templates can be used. |
+| lifecycle | object | `{}` | Configure the lifecycle for the main container |
+| nodeSelector | object | `{}` | Node selection constraint [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) |
+| persistence | object | See below | Configure persistence for the chart here. Additional items can be added by adding a dictionary key similar to the 'config' key. [[ref]](https://bjw-s.github.io/helm-charts/docs/common-library/common-library-storage) |
+| persistence.config | object | See below | Default persistence for configuration files. |
+| persistence.config.accessMode | string | `"ReadWriteOnce"` | AccessMode for the persistent volume. Make sure to select an access mode that is supported by your storage provider! [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) |
+| persistence.config.enabled | bool | `false` | Enables or disables the persistence item |
+| persistence.config.existingClaim | string | `nil` | If you want to reuse an existing claim, the name of the existing PVC can be passed here. |
+| persistence.config.mountPath | string | `nil` | Where to mount the volume in the main container. Defaults to `/<name_of_the_volume>`, setting to '-' creates the volume but disables the volumeMount. |
+| persistence.config.nameOverride | string | `nil` | Override the name suffix that is used for this volume. |
+| persistence.config.readOnly | bool | `false` | Specify if the volume should be mounted read-only. |
+| persistence.config.retain | bool | `false` | Set to true to retain the PVC upon `helm uninstall` |
+| persistence.config.size | string | `"1Gi"` | The amount of storage that is requested for the persistent volume. |
+| persistence.config.storageClass | string | `nil` | Storage Class for the config volume. If set to `-`, dynamic provisioning is disabled. If set to something else, the given storageClass is used. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
+| persistence.config.subPath | string | `nil` | Used in conjunction with `existingClaim`. Specifies a sub-path inside the referenced volume instead of its root |
+| persistence.config.type | string | `"pvc"` | Sets the persistence type Valid options are pvc, emptyDir, hostPath, secret, configMap or custom |
+| persistence.shared | object | See below | Create an emptyDir volume to share between all containers [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) |
+| persistence.shared.medium | string | `nil` | Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead of the storage medium that backs the node. |
+| persistence.shared.sizeLimit | string | `nil` | If the `SizeMemoryBackedVolumes` feature gate is enabled, you can specify a size for memory backed volumes. |
+| podAnnotations | object | `{}` | Set annotations on the pod |
+| podLabels | object | `{}` | Set labels on the pod |
+| podSecurityContext | object | `{}` | Configure the Security Context for the Pod |
+| priorityClassName | string | `nil` | Custom priority class for different treatment by the scheduler |
+| probes | object | See below | [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| probes.liveness | object | See below | Liveness probe configuration |
+| probes.liveness.custom | bool | `false` | Set this to `true` if you wish to specify your own livenessProbe |
+| probes.liveness.enabled | bool | `true` | Enable the liveness probe |
+| probes.liveness.spec | object | See below | The spec field contains the values for the default livenessProbe. If you selected `custom: true`, this field holds the definition of the livenessProbe. |
+| probes.liveness.type | string | "TCP" | sets the probe type when not using a custom probe |
+| probes.readiness | object | See below | Redainess probe configuration |
+| probes.readiness.custom | bool | `false` | Set this to `true` if you wish to specify your own readinessProbe |
+| probes.readiness.enabled | bool | `true` | Enable the readiness probe |
+| probes.readiness.spec | object | See below | The spec field contains the values for the default readinessProbe. If you selected `custom: true`, this field holds the definition of the readinessProbe. |
+| probes.readiness.type | string | "TCP" | sets the probe type when not using a custom probe |
+| probes.startup | object | See below | Startup probe configuration |
+| probes.startup.custom | bool | `false` | Set this to `true` if you wish to specify your own startupProbe |
+| probes.startup.enabled | bool | `true` | Enable the startup probe |
+| probes.startup.spec | object | See below | The spec field contains the values for the default startupProbe. If you selected `custom: true`, this field holds the definition of the startupProbe. |
+| probes.startup.type | string | "TCP" | sets the probe type when not using a custom probe |
+| resources | object | `{}` | Set the resource requests / limits for the main container. |
+| route | object | See below | Configure the gateway routes for the chart here. Additional routes can be added by adding a dictionary key similar to the 'main' route. [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2) |
+| route.main.annotations | object | `{}` | Provide additional annotations which may be required. |
+| route.main.enabled | bool | `false` | Enables or disables the route |
+| route.main.hostnames | list | `[]` | Host addresses |
+| route.main.kind | string | `"HTTPRoute"` | Set the route kind Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute |
+| route.main.labels | object | `{}` | Provide additional labels which may be required. |
+| route.main.nameOverride | string | `nil` | Override the name suffix that is used for this route. |
+| route.main.parentRefs | list | `[{"group":"gateway.networking.k8s.io","kind":"Gateway","name":null,"namespace":null,"sectionName":null}]` | Configure the resource the route attaches to. |
+| route.main.rules | list | `[{"backendRefs":[{"group":"","kind":"Service","name":null,"namespace":null,"port":null,"weight":1}],"matches":[{"path":{"type":"PathPrefix","value":"/"}}]}]` | Configure rules for routing. Defaults to the primary service. |
+| route.main.rules[0].backendRefs | list | `[{"group":"","kind":"Service","name":null,"namespace":null,"port":null,"weight":1}]` | Configure backends where matching requests should be sent. |
+| runtimeClassName | string | `nil` | Allow specifying a runtimeClassName other than the default one (ie: nvidia) |
+| schedulerName | string | `nil` | Allows specifying a custom scheduler name |
+| secrets | object | See below | Use this to populate secrets with the values you specify. Be aware that these values are not encrypted by default, and could therefore visible to anybody with access to the values.yaml file. Additional Secrets can be added by adding a dictionary key similar to the 'secret' object. |
+| secrets.secret.annotations | object | `{}` | Annotations to add to the Secret |
+| secrets.secret.enabled | bool | `false` | Enables or disables the Secret |
+| secrets.secret.labels | object | `{}` | Labels to add to the Secret |
+| secrets.secret.stringData | object | `{}` | Secret stringData content. Helm template enabled. |
+| securityContext | object | `{}` | Configure the Security Context for the main container |
+| service | object | See below | Configure the services for the chart here. Additional services can be added by adding a dictionary key similar to the 'main' service. |
+| service.main.annotations | object | `{}` | Provide additional annotations which may be required. |
+| service.main.enabled | bool | `true` | Enables or disables the service |
+| service.main.externalTrafficPolicy | string | `nil` | [[ref](https://kubernetes.io/docs/tutorials/services/source-ip/)] |
+| service.main.ipFamilies | list | `[]` | The ip families that should be used. Options: IPv4, IPv6 |
+| service.main.ipFamilyPolicy | string | `nil` | Specify the ip policy. Options: SingleStack, PreferDualStack, RequireDualStack |
+| service.main.labels | object | `{}` | Provide additional labels which may be required. |
+| service.main.nameOverride | string | `nil` | Override the name suffix that is used for this service |
+| service.main.ports | object | See below | Configure the Service port information here. Additional ports can be added by adding a dictionary key similar to the 'http' service. |
+| service.main.ports.http.enabled | bool | `true` | Enables or disables the port |
+| service.main.ports.http.extraSelectorLabels | object | `{}` | Allow adding additional match labels |
+| service.main.ports.http.nodePort | string | `nil` | Specify the nodePort value for the LoadBalancer and NodePort service types. [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) |
+| service.main.ports.http.port | string | `nil` | The port number |
+| service.main.ports.http.primary | bool | `true` | Make this the primary port (used in probes, notes, etc...) If there is more than 1 service, make sure that only 1 port is marked as primary. |
+| service.main.ports.http.protocol | string | `"HTTP"` | Port protocol. Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`. HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation |
+| service.main.ports.http.targetPort | string | `nil` | Specify a service targetPort if you wish to differ the service port from the application port. If `targetPort` is specified, this port number is used in the container definition instead of the `port` value. Therefore named ports are not supported for this field. |
+| service.main.primary | bool | `true` | Make this the primary service (used in probes, notes, etc...). If there is more than 1 service, make sure that only 1 service is marked as primary. |
+| service.main.type | string | `"ClusterIP"` | Set the service type |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| serviceMonitor | object | See below | Configure the ServiceMonitors for the chart here. Additional ServiceMonitors can be added by adding a dictionary key similar to the 'main' ServiceMonitors. |
+| serviceMonitor.main.annotations | object | `{}` | Provide additional annotations which may be required. |
+| serviceMonitor.main.enabled | bool | `false` | Enables or disables the serviceMonitor. |
+| serviceMonitor.main.endpoints | list | See values.yaml | Configures the endpoints for the serviceMonitor. |
+| serviceMonitor.main.labels | object | `{}` | Provide additional labels which may be required. |
+| serviceMonitor.main.nameOverride | string | `nil` | Override the name suffix that is used for this serviceMonitor. |
+| serviceMonitor.main.selector | object | `{}` | Configures a custom selector for the serviceMonitor, this takes precedence over specifying a service name. Helm templates can be used. |
+| serviceMonitor.main.serviceName | string | `"{{ include \"bjw-s.common.lib.chart.names.fullname\" $ }}"` | Configures the target Service for the serviceMonitor. Helm templates can be used. |
+| sidecars | object | `{}` | Specify any sidecar containers here as dictionary items. Each sidecar container should have its own key. The dictionary item key will determine the order. Helm templates can be used. |
+| termination.gracePeriodSeconds | string | `nil` | [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle)] |
+| termination.messagePath | string | `nil` | [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] |
+| termination.messagePolicy | string | `nil` | [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] |
+| tolerations | list | `[]` | Specify taint tolerations [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
+| topologySpreadConstraints | list | `[]` | Defines topologySpreadConstraint rules. [[ref]](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) |
+| volumeClaimTemplates | list | `[]` | Used in conjunction with `controller.type: statefulset` to create individual disks for each instance. |
+
+## Support
+
+- See the [Docs](http://bjw-s.github.io/helm-charts/docs/)
+- Open an [issue](https://github.com/bjw-s/helm-charts/issues/new/choose)
+- Join the k8s-at-home [Discord](https://discord.gg/sTMX7Vh) community
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/qbittorrent/charts/common/templates/addons/code-server/_addon.tpl

@@ -0,0 +1,46 @@
+{{/*
+Template to render code-server addon
+It will include / inject the required templates based on the given values.
+*/}}
+{{- define "bjw-s.common.addon.codeserver" -}}
+  {{- if .Values.addons.codeserver.enabled -}}
+    {{/* Append the code-server container to the sidecars */}}
+    {{- $container := include "bjw-s.common.addon.codeserver.container" . | fromYaml -}}
+    {{- if $container -}}
+      {{- $_ := set .Values.sidecars "addon-codeserver" $container -}}
+    {{- end -}}
+
+    {{/* Include the deployKeySecret if not empty */}}
+    {{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 -}}
+      {{- $deployKeySecret := include "bjw-s.common.addon.codeserver.deployKeySecret" . -}}
+      {{- if $deployKeySecret -}}
+        {{- $_ := set .Values.secrets "addon-codeserver-deploykey" (dict "enabled" true "stringData" ($deployKeySecret | fromYaml)) -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{/* Append the secret volume to the volumes */}}
+    {{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 .Values.addons.codeserver.git.deployKeySecret }}
+      {{- $volume := include "bjw-s.common.addon.codeserver.deployKeyVolumeSpec" . | fromYaml -}}
+      {{- if $volume -}}
+        {{- $_ := set .Values.persistence "deploykey" (dict "enabled" true "mountPath" "-" "type" "custom" "volumeSpec" $volume) -}}
+      {{- end -}}
+    {{- end -}}
+
+    {{/* Add the code-server service */}}
+    {{- if .Values.addons.codeserver.service.enabled -}}
+      {{- $serviceValues := .Values.addons.codeserver.service -}}
+      {{- $_ := set $serviceValues "nameOverride" "addon-codeserver" -}}
+      {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
+      {{- include "bjw-s.common.class.service" $ -}}
+      {{- $_ := unset $.ObjectValues "service" -}}
+    {{- end -}}
+
+    {{/* Add the code-server ingress */}}
+    {{- $svcName := printf "%v-addon-codeserver" (include "bjw-s.common.lib.chart.names.fullname" .) -}}
+    {{- $svcPort := .Values.addons.codeserver.service.ports.codeserver.port -}}
+    {{- range $_, $host := .Values.addons.codeserver.ingress.hosts -}}
+      {{- $_ := set (index $host.paths 0) "service" (dict "name" $svcName "port" $svcPort) -}}
+    {{- end -}}
+    {{- $_ := set .Values.ingress "addon-codeserver" .Values.addons.codeserver.ingress -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/code-server/_container.tpl

@@ -0,0 +1,46 @@
+{{/*
+The code-server sidecar container to be inserted.
+*/}}
+{{- define "bjw-s.common.addon.codeserver.container" -}}
+{{- if lt (len .Values.addons.codeserver.volumeMounts) 1 }}
+{{- fail "At least 1 volumeMount is required for codeserver container" }}
+{{- end -}}
+name: codeserver
+image: "{{ .Values.addons.codeserver.image.repository }}:{{ .Values.addons.codeserver.image.tag }}"
+imagePullPolicy: {{ .Values.addons.codeserver.pullPolicy }}
+{{- with .Values.addons.codeserver.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.codeserver.env }}
+env:
+{{- range $k, $v := . }}
+  - name: {{ $k }}
+    value: {{ $v | quote }}
+{{- end }}
+{{- end }}
+ports:
+- name: codeserver
+  containerPort: {{ .Values.addons.codeserver.service.ports.codeserver.port }}
+  protocol: TCP
+args:
+{{- range .Values.addons.codeserver.args }}
+- {{ . | quote }}
+{{- end }}
+- "--port"
+- "{{ .Values.addons.codeserver.service.ports.codeserver.port }}"
+- {{ .Values.addons.codeserver.workingDir | default (first .Values.addons.codeserver.volumeMounts).mountPath }}
+volumeMounts:
+{{- with .Values.addons.codeserver.volumeMounts }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- if or .Values.addons.codeserver.git.deployKey .Values.addons.codeserver.git.deployKeyBase64 .Values.addons.codeserver.git.deployKeySecret }}
+  - name: deploykey
+    mountPath: /root/.ssh/id_rsa
+    subPath: id_rsa
+{{- end }}
+{{- with .Values.addons.codeserver.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/code-server/_secret.tpl

@@ -0,0 +1,10 @@
+{{/*
+The deployKey secret to be included.
+*/}}
+{{- define "bjw-s.common.addon.codeserver.deployKeySecret" -}}
+  {{- $deployKeyValue := .Values.addons.codeserver.git.deployKey -}}
+  {{- if .Values.addons.codeserver.git.deployKeyBase64 -}}
+    {{- $deployKeyValue = .Values.addons.codeserver.git.deployKeyBase64 | b64dec -}}
+  {{- end -}}
+id_rsa: {{ $deployKeyValue | quote }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/code-server/_volume.tpl

@@ -0,0 +1,15 @@
+{{/*
+The volume (referencing git deploykey) to be inserted into additionalVolumes.
+*/}}
+{{- define "bjw-s.common.addon.codeserver.deployKeyVolumeSpec" -}}
+secret:
+  {{- if .Values.addons.codeserver.git.deployKeySecret }}
+  secretName: {{ .Values.addons.codeserver.git.deployKeySecret }}
+  {{- else }}
+  secretName: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-addon-codeserver-deploykey
+  {{- end }}
+  defaultMode: {{ "0400" | toDecimal }}
+  items:
+    - key: id_rsa
+      path: id_rsa
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/netshoot/_addon.tpl

@@ -0,0 +1,13 @@
+{{/*
+Template to render netshoot addon
+It will include / inject the required templates based on the given values.
+*/}}
+{{- define "bjw-s.common.addon.netshoot" -}}
+{{- if .Values.addons.netshoot.enabled -}}
+  {{/* Append the netshoot container to the sidecars */}}
+  {{- $container := include "bjw-s.common.addon.netshoot.container" . | fromYaml -}}
+  {{- if $container -}}
+    {{- $_ := set .Values.sidecars "addon-netshoot" $container -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/netshoot/_container.tpl

@@ -0,0 +1,27 @@
+{{/*
+The netshoot sidecar container to be inserted.
+*/}}
+{{- define "bjw-s.common.addon.netshoot.container" -}}
+name: netshoot
+image: "{{ .Values.addons.netshoot.image.repository }}:{{ .Values.addons.netshoot.image.tag }}"
+imagePullPolicy: {{ .Values.addons.netshoot.pullPolicy }}
+{{- with .Values.addons.netshoot.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.netshoot.env }}
+env:
+{{- range $k, $v := . }}
+  - name: {{ $k }}
+    value: {{ $v | quote }}
+{{- end }}
+{{- end }}
+command:
+  - /bin/sh
+  - -c
+  - sleep infinity
+{{- with .Values.addons.netshoot.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/vpn/_addon.tpl

@@ -0,0 +1,45 @@
+{{/*
+Template to render VPN addon
+It will include / inject the required templates based on the given values.
+*/}}
+{{- define "bjw-s.common.addon.vpn" -}}
+{{- if .Values.addons.vpn.enabled -}}
+  {{- if eq "gluetun" .Values.addons.vpn.type -}}
+    {{- include "bjw-s.common.addon.gluetun" . }}
+  {{- end -}}
+
+  {{/* Include the configmap if not empty */}}
+  {{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down }}
+    {{- $configmap := include "bjw-s.common.addon.vpn.configmap" . -}}
+    {{- if $configmap -}}
+      {{- $_ := set .Values.configMaps "addon-vpn" (dict "enabled" true "data" ($configmap | fromYaml)) -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{/* Include the secret if not empty */}}
+  {{- if and .Values.addons.vpn.configFile (not .Values.addons.vpn.configFileSecret) }}
+    {{- $secret := include "bjw-s.common.addon.vpn.secret" . -}}
+    {{- if $secret -}}
+      {{- $_ := set .Values.secrets "addon-vpn-config" (dict "enabled" true "stringData" ($secret | fromYaml)) -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{/* Append the vpn scripts volume to the volumes */}}
+  {{- $scriptVolume := include "bjw-s.common.addon.vpn.scriptsVolumeSpec" . | fromYaml -}}
+  {{- if $scriptVolume -}}
+    {{- $_ := set .Values.persistence "vpnscript" (dict "enabled" true "mountPath" "-" "type" "custom" "volumeSpec" $scriptVolume) -}}
+  {{- end -}}
+
+  {{/* Append the vpn config volume to the volumes */}}
+  {{- $configVolume := include "bjw-s.common.addon.vpn.configVolumeSpec" . | fromYaml }}
+  {{ if $configVolume -}}
+    {{- $_ := set .Values.persistence "vpnconfig" (dict "enabled" true "mountPath" "-" "type" "custom" "volumeSpec" $configVolume) -}}
+  {{- end -}}
+
+  {{/* Include the networkpolicy if not empty */}}
+  {{- $networkpolicy := include "bjw-s.common.addon.vpn.networkpolicy" . -}}
+  {{- if $networkpolicy -}}
+    {{- $networkpolicy | nindent 0 -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/vpn/_configmap.tpl

@@ -0,0 +1,14 @@
+{{/*
+The VPN config and scripts to be included.
+*/}}
+{{- define "bjw-s.common.addon.vpn.configmap" -}}
+{{- with .Values.addons.vpn.scripts.up }}
+up.sh: |-
+  {{- . | nindent 2}}
+{{- end }}
+
+{{- with .Values.addons.vpn.scripts.down }}
+down.sh: |-
+  {{- . | nindent 2}}
+{{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/vpn/_networkpolicy.tpl

@@ -0,0 +1,29 @@
+{{/*
+Blueprint for the NetworkPolicy object that can be included in the addon.
+*/}}
+{{- define "bjw-s.common.addon.vpn.networkpolicy" -}}
+{{- if .Values.addons.vpn.networkPolicy.enabled }}
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}
+  {{- with (merge (.Values.addons.vpn.networkPolicy.labels | default dict) (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (merge (.Values.addons.vpn.networkPolicy.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  podSelector:
+    {{- with (merge .Values.addons.vpn.networkPolicy.podSelectorLabels (include "bjw-s.common.lib.metadata.selectorLabels" . | fromYaml)) }}
+    matchLabels: {{- toYaml . | nindent 6 }}
+    {{- end }}
+  policyTypes:
+    - Egress
+  egress:
+    {{- with .Values.addons.vpn.networkPolicy.egress }}
+      {{- . | toYaml | nindent 4 }}
+    {{- end -}}
+{{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/vpn/_secret.tpl

@@ -0,0 +1,9 @@
+{{/*
+The OpenVPN config secret to be included.
+*/}}
+{{- define "bjw-s.common.addon.vpn.secret" -}}
+{{- if and .Values.addons.vpn.configFile (not .Values.addons.vpn.configFileSecret) -}}
+vpnConfigfile: |-
+  {{- .Values.addons.vpn.configFile | nindent 2 }}
+{{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/vpn/_volume.tpl

@@ -0,0 +1,37 @@
+{{/*
+The volume (referencing VPN scripts) to be inserted into additionalVolumes.
+*/}}
+{{- define "bjw-s.common.addon.vpn.scriptsVolumeSpec" -}}
+{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
+configMap:
+  name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-addon-vpn
+  items:
+    {{- if .Values.addons.vpn.scripts.up }}
+    - key: up.sh
+      path: up.sh
+      mode: 0777
+    {{- end }}
+    {{- if .Values.addons.vpn.scripts.down }}
+    - key: down.sh
+      path: down.sh
+      mode: 0777
+    {{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+The volume (referencing VPN config) to be inserted into additionalVolumes.
+*/}}
+{{- define "bjw-s.common.addon.vpn.configVolumeSpec" -}}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret -}}
+secret:
+  {{- if .Values.addons.vpn.configFileSecret }}
+  secretName: {{ .Values.addons.vpn.configFileSecret }}
+  {{- else }}
+  secretName: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-addon-vpn-config
+  {{- end }}
+  items:
+    - key: vpnConfigfile
+      path: vpnConfigfile
+{{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/vpn/gluetun/_addon.tpl

@@ -0,0 +1,11 @@
+{{/*
+Template to render gluetun addon. It will add the container to the list of additionalContainers.
+*/}}
+*/}}
+{{- define "bjw-s.common.addon.gluetun" -}}
+  {{/* Append the gluetun container to the sidecars */}}
+  {{- $container := fromYaml (include "bjw-s.common.addon.gluetun.container" .) -}}
+  {{- if $container -}}
+    {{- $_ := set .Values.sidecars "addon-gluetun" $container -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/addons/vpn/gluetun/_container.tpl

@@ -0,0 +1,57 @@
+{{/*
+The gluetun sidecar container to be inserted.
+*/}}
+{{- define "bjw-s.common.addon.gluetun.container" -}}
+name: gluetun
+image: "{{ .Values.addons.vpn.gluetun.image.repository }}:{{ .Values.addons.vpn.gluetun.image.tag }}"
+imagePullPolicy: {{ .Values.addons.vpn.gluetun.pullPolicy }}
+{{- with .Values.addons.vpn.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.vpn.env }}
+env:
+  {{- . | toYaml | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.vpn.envFrom }}
+envFrom:
+  {{- . | toYaml | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.vpn.args }}
+args:
+  {{- . | toYaml | nindent 2 }}
+{{- end }}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
+volumeMounts:
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }}
+  - name: vpnconfig
+    mountPath: /gluetun/config.conf
+    subPath: vpnConfigfile
+{{- end }}
+{{- if .Values.addons.vpn.scripts.up }}
+  - name: vpnscript
+    mountPath: /gluetun/scripts/up.sh
+    subPath: up.sh
+{{- end }}
+{{- if .Values.addons.vpn.scripts.down }}
+  - name: vpnscript
+    mountPath: /gluetun/scripts/down.sh
+    subPath: down.sh
+{{- end }}
+{{- if .Values.persistence.shared.enabled }}
+  - mountPath: {{ .Values.persistence.shared.mountPath }}
+    name: shared
+{{- end }}
+{{- with .Values.addons.vpn.additionalVolumeMounts }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- with .Values.addons.vpn.livenessProbe }}
+livenessProbe:
+  {{- toYaml . | nindent 2 }}
+{{- end -}}
+{{- with .Values.addons.vpn.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/classes/_configmap.tpl

@@ -0,0 +1,34 @@
+{{/*
+This template serves as a blueprint for all configMap objects that are created
+within the common library.
+*/}}
+{{- define "bjw-s.common.class.configmap" -}}
+  {{- $fullName := include "bjw-s.common.lib.chart.names.fullname" . -}}
+  {{- $configMapName := $fullName -}}
+  {{- $values := .Values.configmap -}}
+
+  {{- if hasKey . "ObjectValues" -}}
+    {{- with .ObjectValues.configmap -}}
+      {{- $values = . -}}
+    {{- end -}}
+  {{ end -}}
+
+  {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
+    {{- $configMapName = printf "%v-%v" $configMapName $values.nameOverride -}}
+  {{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $configMapName }}
+  {{- with (merge ($values.labels | default dict) (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (merge ($values.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+data:
+{{- with $values.data }}
+  {{- tpl (toYaml .) $ | nindent 2 }}
+{{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/classes/_cronjob.tpl

@@ -0,0 +1,47 @@
+{{/*
+This template serves as a blueprint for Cronjob objects that are created
+using the common library.
+*/}}
+{{- define "bjw-s.common.class.cronjob" -}}
+  {{- $restartPolicy := default "Never" .Values.controller.restartPolicy -}}
+  {{- if and (ne $restartPolicy "Never") (ne $restartPolicy "OnFailure") -}}
+    {{- fail (printf "Not a valid restartPolicy for CronJob (%s)" $restartPolicy) -}}
+  {{- end -}}
+  {{- $_ := set .Values.controller "restartPolicy" $restartPolicy -}}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}
+  {{- with include "bjw-s.common.lib.controller.metadata.labels" . }}
+  labels: {{- . | nindent 4 }}
+  {{- end }}
+  {{- with include "bjw-s.common.lib.controller.metadata.annotations" . }}
+  annotations: {{- . | nindent 4 }}
+  {{- end }}
+spec:
+  concurrencyPolicy: "{{ .Values.controller.cronjob.concurrencyPolicy }}"
+  startingDeadlineSeconds: {{ .Values.controller.cronjob.startingDeadlineSeconds }}
+  schedule: "{{ .Values.controller.cronjob.schedule }}"
+  successfulJobsHistoryLimit: {{ .Values.controller.cronjob.successfulJobsHistory }}
+  failedJobsHistoryLimit: {{ .Values.controller.cronjob.failedJobsHistory }}
+  jobTemplate:
+    spec:
+      {{- with .Values.controller.cronjob.ttlSecondsAfterFinished }}
+      ttlSecondsAfterFinished: {{ . }}
+      {{- end }}
+      backoffLimit: {{ .Values.controller.cronjob.backoffLimit }}
+      template:
+        metadata:
+          {{- with include ("bjw-s.common.lib.metadata.podAnnotations") . }}
+          annotations:
+            {{- . | nindent 12 }}
+          {{- end }}
+          labels:
+            {{- include "bjw-s.common.lib.metadata.selectorLabels" . | nindent 12 }}
+            {{- with .Values.podLabels }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+        spec:
+          {{- include "bjw-s.common.lib.controller.pod" . | nindent 10 }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/classes/_daemonset.tpl

@@ -0,0 +1,35 @@
+{{/*
+This template serves as the blueprint for the DaemonSet objects that are created
+within the common library.
+*/}}
+{{- define "bjw-s.common.class.daemonset" -}}
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}
+  {{- with include "bjw-s.common.lib.controller.metadata.labels" . }}
+  labels: {{- . | nindent 4 }}
+  {{- end }}
+  {{- with include "bjw-s.common.lib.controller.metadata.annotations" . }}
+  annotations: {{- . | nindent 4 }}
+  {{- end }}
+spec:
+  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
+  selector:
+    matchLabels:
+      {{- include "bjw-s.common.lib.metadata.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with include ("bjw-s.common.lib.metadata.podAnnotations") . }}
+      annotations:
+        {{- . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "bjw-s.common.lib.metadata.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- include "bjw-s.common.lib.controller.pod" . | nindent 6 }}
+{{- end }}

charts/qbittorrent/charts/common/templates/classes/_deployment.tpl

@@ -0,0 +1,55 @@
+{{/*
+This template serves as a blueprint for Deployment objects that are created
+using the common library.
+*/}}
+{{- define "bjw-s.common.class.deployment" -}}
+  {{- $strategy := default "Recreate" .Values.controller.strategy -}}
+  {{- if and (ne $strategy "Recreate") (ne $strategy "RollingUpdate") -}}
+    {{- fail (printf "Not a valid strategy type for Deployment (%s)" $strategy) -}}
+  {{- end -}}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}
+  {{- with include "bjw-s.common.lib.controller.metadata.labels" . }}
+  labels: {{- . | nindent 4 }}
+  {{- end }}
+  {{- with include "bjw-s.common.lib.controller.metadata.annotations" . }}
+  annotations: {{- . | nindent 4 }}
+  {{- end }}
+spec:
+  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
+  {{- if not (eq .Values.controller.replicas nil) }}
+  replicas: {{ .Values.controller.replicas }}
+  {{- end }}
+  strategy:
+    type: {{ $strategy }}
+    {{- with .Values.controller.rollingUpdate }}
+      {{- if and (eq $strategy "RollingUpdate") (or .surge .unavailable) }}
+    rollingUpdate:
+        {{- with .unavailable }}
+      maxUnavailable: {{ . }}
+        {{- end }}
+        {{- with .surge }}
+      maxSurge: {{ . }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  selector:
+    matchLabels:
+      {{- include "bjw-s.common.lib.metadata.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with include ("bjw-s.common.lib.metadata.podAnnotations") . }}
+      annotations:
+        {{- . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "bjw-s.common.lib.metadata.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- include "bjw-s.common.lib.controller.pod" . | nindent 6 }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/classes/_ingress.tpl

@@ -0,0 +1,75 @@
+{{/*
+This template serves as a blueprint for all Ingress objects that are created
+within the common library.
+*/}}
+{{- define "bjw-s.common.class.ingress" -}}
+  {{- $fullName := include "bjw-s.common.lib.chart.names.fullname" . -}}
+  {{- $ingressName := $fullName -}}
+  {{- $values := .Values.ingress -}}
+
+  {{- if hasKey . "ObjectValues" -}}
+    {{- with .ObjectValues.ingress -}}
+      {{- $values = . -}}
+    {{- end -}}
+  {{ end -}}
+
+  {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
+    {{- $ingressName = printf "%v-%v" $ingressName $values.nameOverride -}}
+  {{- end -}}
+
+  {{- $primaryService := get .Values.service (include "bjw-s.common.lib.service.primary" .) -}}
+  {{- $defaultServiceName := $fullName -}}
+  {{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
+    {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
+  {{- end -}}
+  {{- $defaultServicePort := get $primaryService.ports (include "bjw-s.common.lib.service.primaryPort" (dict "values" $primaryService)) -}}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $ingressName }}
+  {{- with (merge ($values.labels | default dict) (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (merge ($values.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if $values.ingressClassName }}
+  ingressClassName: {{ $values.ingressClassName }}
+  {{- end }}
+  {{- if $values.tls }}
+  tls:
+    {{- range $values.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ tpl . $ | quote }}
+        {{- end }}
+      {{- $secretName := tpl (default "" .secretName) $ }}
+      {{- if $secretName }}
+      secretName: {{ $secretName | quote}}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  rules:
+  {{- range $values.hosts }}
+    - host: {{ tpl .host $ | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          {{- $service := $defaultServiceName -}}
+          {{- $port := $defaultServicePort.port -}}
+          {{- if .service -}}
+            {{- $service = default $service .service.name -}}
+            {{- $port = default $port .service.port -}}
+          {{- end }}
+          - path: {{ tpl .path $ | quote }}
+            pathType: {{ default "Prefix" .pathType }}
+            backend:
+              service:
+                name: {{ $service }}
+                port:
+                  number: {{ $port }}
+          {{- end }}
+  {{- end }}
+{{- end }}

charts/qbittorrent/charts/common/templates/classes/_pvc.tpl

@@ -0,0 +1,45 @@
+{{/*
+This template serves as a blueprint for all PersistentVolumeClaim objects that are created
+within the common library.
+*/}}
+{{- define "bjw-s.common.class.pvc" -}}
+{{- $values := .Values.persistence -}}
+{{- if hasKey . "ObjectValues" -}}
+  {{- with .ObjectValues.persistence -}}
+    {{- $values = . -}}
+  {{- end -}}
+{{ end -}}
+{{- $pvcName := include "bjw-s.common.lib.chart.names.fullname" . -}}
+{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
+  {{- if not (eq $values.nameOverride "-") -}}
+    {{- $pvcName = printf "%v-%v" $pvcName $values.nameOverride -}}
+  {{ end -}}
+{{ end }}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ $pvcName }}
+  {{- with (merge ($values.labels | default dict) (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  annotations:
+    {{- if $values.retain }}
+    "helm.sh/resource-policy": keep
+    {{- end }}
+    {{- with (merge ($values.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  accessModes:
+    - {{ required (printf "accessMode is required for PVC %v" $pvcName) $values.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ required (printf "size is required for PVC %v" $pvcName) $values.size | quote }}
+  {{- if $values.storageClass }}
+  storageClassName: {{ if (eq "-" $values.storageClass) }}""{{- else }}{{ $values.storageClass | quote }}{{- end }}
+  {{- end }}
+  {{- if $values.volumeName }}
+  volumeName: {{ $values.volumeName | quote }}
+  {{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/classes/_route.tpl

@@ -0,0 +1,73 @@
+{{/*
+This template serves as a blueprint for all Route objects that are created
+within the common library.
+*/}}
+{{- define "bjw-s.common.class.route" -}}
+{{- $values := .Values.route -}}
+{{- if hasKey . "ObjectValues" -}}
+  {{- with .ObjectValues.route -}}
+    {{- $values = . -}}
+  {{- end -}}
+{{ end -}}
+
+{{- $fullName := include "bjw-s.common.lib.chart.names.fullname" . -}}
+{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
+  {{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}}
+{{ end -}}
+{{- $routeKind := $values.kind | default "HTTPRoute" -}}
+{{- $primaryService := get .Values.service (include "bjw-s.common.lib.service.primary" .) -}}
+{{- $defaultServiceName := $fullName -}}
+{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}}
+  {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}}
+{{- end -}}
+{{- $defaultServicePort := get $primaryService.ports (include "bjw-s.common.lib.service.primaryPort" (dict "values" $primaryService)) -}}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") }}
+  {{- fail (printf "Not a valid route kind (%s)" $routeKind) }}
+{{- end }}
+kind: {{ $routeKind }}
+metadata:
+  name: {{ $fullName }}
+  {{- with (merge ($values.labels | default dict) (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (merge ($values.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+  {{- range $values.parentRefs }}
+    - group: {{ default "gateway.networking.k8s.io" .group }}
+      kind: {{ default "Gateway" .kind }}
+      name: {{ required (printf "parentRef name is required for %v %v" $routeKind $fullName) .name }}
+      namespace: {{ required (printf "parentRef namespace is required for %v %v" $routeKind $fullName) .namespace }}
+      {{- if .sectionName }}
+      sectionName: {{ .sectionName | quote }}
+      {{- end }}
+  {{- end }}
+  {{- if and (ne $routeKind "TCPRoute") (ne $routeKind "UDPRoute") $values.hostnames }}
+  hostnames:
+  {{- with $values.hostnames }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- end }}
+  rules:
+  {{- range $values.rules }}
+  - backendRefs:
+    {{- range .backendRefs }}
+    - group: {{ default "" .group | quote}}
+      kind: {{ default "Service" .kind }}
+      name: {{ default $defaultServiceName .name }}
+      namespace: {{ default $.Release.Namespace .namespace }}
+      port: {{ default $defaultServicePort.port .port }}
+      weight: {{ default 1 .weight }}
+    {{- end }}
+    {{- if (eq $routeKind "HTTPRoute") }}
+      {{- with .matches }}
+    matches:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/qbittorrent/charts/common/templates/classes/_secret.tpl

@@ -0,0 +1,37 @@
+{{/*
+This template serves as a blueprint for all Secret objects that are created
+within the common library.
+*/}}
+{{- define "bjw-s.common.class.secret" -}}
+  {{- $fullName := include "bjw-s.common.lib.chart.names.fullname" . -}}
+  {{- $secretName := $fullName -}}
+  {{- $values := .Values.configmap -}}
+
+  {{- if hasKey . "ObjectValues" -}}
+    {{- with .ObjectValues.secret -}}
+      {{- $values = . -}}
+    {{- end -}}
+  {{ end -}}
+
+  {{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
+    {{- $secretName = printf "%v-%v" $secretName $values.nameOverride -}}
+  {{- end }}
+---
+apiVersion: v1
+kind: Secret
+{{- with $values.type }}
+type: {{ . }}
+{{- end }}
+metadata:
+  name: {{ $secretName }}
+  {{- with (merge ($values.labels | default dict) (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (merge ($values.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- with $values.stringData }}
+stringData:
+  {{- tpl (toYaml .) $ | nindent 2 }}
+{{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/classes/_service.tpl

@@ -0,0 +1,100 @@
+{{/*
+This template serves as a blueprint for all Service objects that are created
+within the common library.
+*/}}
+{{- define "bjw-s.common.class.service" -}}
+{{- $values := .Values.service -}}
+{{- if hasKey . "ObjectValues" -}}
+  {{- with .ObjectValues.service -}}
+    {{- $values = . -}}
+  {{- end -}}
+{{ end -}}
+
+{{- $serviceName := include "bjw-s.common.lib.chart.names.fullname" . -}}
+{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
+  {{- $serviceName = printf "%v-%v" $serviceName $values.nameOverride -}}
+{{ end -}}
+{{- $svcType := $values.type | default "" -}}
+{{- $enabledPorts := include "bjw-s.common.lib.service.enabledPorts" (dict "serviceName" $serviceName "values" $values) | fromYaml }}
+{{- $primaryPort := get $values.ports (include "bjw-s.common.lib.service.primaryPort" (dict "values" $values)) }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $serviceName }}
+  labels:
+    app.kubernetes.io/service: {{ $serviceName }}
+    {{- with (merge ($values.labels | default dict) (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)) }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+  {{- if eq ( $primaryPort.protocol | default "" ) "HTTPS" }}
+    traefik.ingress.kubernetes.io/service.serversscheme: https
+  {{- end }}
+  {{- with (merge ($values.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if (or (eq $svcType "ClusterIP") (empty $svcType)) }}
+  type: ClusterIP
+  {{- if $values.clusterIP }}
+  clusterIP: {{ $values.clusterIP }}
+  {{end}}
+  {{- else if eq $svcType "LoadBalancer" }}
+  type: {{ $svcType }}
+  {{- if $values.loadBalancerIP }}
+  loadBalancerIP: {{ $values.loadBalancerIP }}
+  {{- end }}
+  {{- if $values.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+    {{ toYaml $values.loadBalancerSourceRanges | nindent 4 }}
+  {{- end -}}
+  {{- else }}
+  type: {{ $svcType }}
+  {{- end }}
+  {{- if $values.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ $values.externalTrafficPolicy }}
+  {{- end }}
+  {{- if $values.sessionAffinity }}
+  sessionAffinity: {{ $values.sessionAffinity }}
+  {{- if $values.sessionAffinityConfig }}
+  sessionAffinityConfig:
+    {{ toYaml $values.sessionAffinityConfig | nindent 4 }}
+  {{- end -}}
+  {{- end }}
+  {{- with $values.externalIPs }}
+  externalIPs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if $values.publishNotReadyAddresses }}
+  publishNotReadyAddresses: {{ $values.publishNotReadyAddresses }}
+  {{- end }}
+  {{- if $values.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ $values.ipFamilyPolicy }}
+  {{- end }}
+  {{- with $values.ipFamilies }}
+  ipFamilies:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  ports:
+  {{- range $name, $port := $enabledPorts }}
+    - port: {{ $port.port }}
+      targetPort: {{ $port.targetPort | default $name }}
+        {{- if $port.protocol }}
+          {{- if or ( eq $port.protocol "HTTP" ) ( eq $port.protocol "HTTPS" ) ( eq $port.protocol "TCP" ) }}
+      protocol: TCP
+          {{- else }}
+      protocol: {{ $port.protocol }}
+          {{- end }}
+        {{- else }}
+      protocol: TCP
+        {{- end }}
+      name: {{ $name }}
+        {{- if (and (eq $svcType "NodePort") (not (empty $port.nodePort))) }}
+      nodePort: {{ $port.nodePort }}
+        {{ end }}
+      {{- end -}}
+  {{- with (merge ($values.extraSelectorLabels | default dict) (include "bjw-s.common.lib.metadata.selectorLabels" . | fromYaml)) }}
+  selector: {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/qbittorrent/charts/common/templates/classes/_serviceAccount.tpl

@@ -0,0 +1,19 @@
+{{/*
+This template serves as a blueprint for ServiceAccount objects that are created
+using the common library.
+*/}}
+{{- define "bjw-s.common.class.serviceAccount" -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "bjw-s.common.lib.chart.names.serviceAccountName" . }}
+  {{- with include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (merge (.Values.serviceAccount.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+secrets:
+  - name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-sa-token
+{{- end -}}

charts/qbittorrent/charts/common/templates/classes/_serviceMonitor.tpl

@@ -0,0 +1,34 @@
+{{- define "bjw-s.common.class.serviceMonitor" -}}
+{{- $values := dict -}}
+{{- if hasKey . "ObjectValues" -}}
+  {{- with .ObjectValues.serviceMonitor -}}
+    {{- $values = . -}}
+  {{- end -}}
+{{ end -}}
+
+{{- $serviceMonitorName := include "bjw-s.common.lib.chart.names.fullname" . -}}
+{{- if and (hasKey $values "nameOverride") $values.nameOverride -}}
+  {{- $serviceMonitorName = printf "%v-%v" $serviceMonitorName $values.nameOverride -}}
+{{ end -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ $serviceMonitorName }}
+  {{- with (merge ($values.labels | default dict) (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (merge ($values.annotations | default dict) (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)) }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    {{- if $values.selector -}}
+      {{- tpl ($values.selector | toYaml) $ | nindent 4}}
+    {{- else }}
+    matchLabels:
+      app.kubernetes.io/service: {{ tpl $values.serviceName $ }}
+      {{- include "bjw-s.common.lib.metadata.selectorLabels" . | nindent 6 }}
+    {{- end }}
+  endpoints: {{- toYaml (required (printf "endpoints are required for serviceMonitor %v" $serviceMonitorName) $values.endpoints) | nindent 4 }}
+{{- end }}

charts/qbittorrent/charts/common/templates/classes/_statefulset.tpl

@@ -0,0 +1,68 @@
+{{/*
+This template serves as the blueprint for the StatefulSet objects that are created
+within the common library.
+*/}}
+{{- define "bjw-s.common.class.statefulset" -}}
+  {{- $strategy := default "RollingUpdate" .Values.controller.strategy -}}
+  {{- if and (ne $strategy "OnDelete") (ne $strategy "RollingUpdate") -}}
+    {{- fail (printf "Not a valid strategy type for StatefulSet (%s)" $strategy) -}}
+  {{- end -}}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}
+  {{- with include "bjw-s.common.lib.controller.metadata.labels" . }}
+  labels: {{- . | nindent 4 }}
+  {{- end }}
+  {{- with include "bjw-s.common.lib.controller.metadata.annotations" . }}
+  annotations: {{- . | nindent 4 }}
+  {{- end }}
+spec:
+  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
+  replicas: {{ .Values.controller.replicas }}
+  podManagementPolicy: {{ default "OrderedReady" .Values.controller.podManagementPolicy }}
+  updateStrategy:
+    type: {{ $strategy }}
+    {{- if and (eq $strategy "RollingUpdate") .Values.controller.rollingUpdate.partition }}
+    rollingUpdate:
+      partition: {{ .Values.controller.rollingUpdate.partition }}
+    {{- end }}
+  selector:
+    matchLabels:
+      {{- include "bjw-s.common.lib.metadata.selectorLabels" . | nindent 6 }}
+  serviceName: {{ include "bjw-s.common.lib.chart.names.fullname" . }}
+  template:
+    metadata:
+      {{- with include ("bjw-s.common.lib.metadata.podAnnotations") . }}
+      annotations:
+        {{- . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "bjw-s.common.lib.metadata.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- include "bjw-s.common.lib.controller.pod" . | nindent 6 }}
+  volumeClaimTemplates:
+    {{- range $index, $volumeClaimTemplate := .Values.volumeClaimTemplates }}
+    - metadata:
+        name: {{ $volumeClaimTemplate.name }}
+        {{- with ($volumeClaimTemplate.labels | default dict) }}
+        labels: {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with ($volumeClaimTemplate.annotations | default dict) }}
+        annotations: {{- toYaml . | nindent 10 }}
+        {{- end }}
+      spec:
+        accessModes:
+          - {{ required (printf "accessMode is required for volumeClaimTemplate %v" $volumeClaimTemplate.name) $volumeClaimTemplate.accessMode  | quote }}
+        resources:
+          requests:
+            storage: {{ required (printf "size is required for PVC %v" $volumeClaimTemplate.name) $volumeClaimTemplate.size | quote }}
+        {{- if $volumeClaimTemplate.storageClass }}
+        storageClassName: {{ if (eq "-" $volumeClaimTemplate.storageClass) }}""{{- else }}{{ $volumeClaimTemplate.storageClass | quote }}{{- end }}
+        {{- end }}
+    {{- end }}
+{{- end }}

charts/qbittorrent/charts/common/templates/lib/chart/_names.tpl

@@ -0,0 +1,45 @@
+{{/* Expand the name of the chart */}}
+{{- define "bjw-s.common.lib.chart.names.name" -}}
+  {{- $globalNameOverride := "" -}}
+  {{- if hasKey .Values "global" -}}
+    {{- $globalNameOverride = (default $globalNameOverride .Values.global.nameOverride) -}}
+  {{- end -}}
+  {{- default .Chart.Name (default .Values.nameOverride $globalNameOverride) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "bjw-s.common.lib.chart.names.fullname" -}}
+  {{- $name := include "bjw-s.common.lib.chart.names.name" . -}}
+  {{- $globalFullNameOverride := "" -}}
+  {{- if hasKey .Values "global" -}}
+    {{- $globalFullNameOverride = (default $globalFullNameOverride .Values.global.fullnameOverride) -}}
+  {{- end -}}
+  {{- if or .Values.fullnameOverride $globalFullNameOverride -}}
+    {{- $name = default .Values.fullnameOverride $globalFullNameOverride -}}
+  {{- else -}}
+    {{- if contains $name .Release.Name -}}
+      {{- $name = .Release.Name -}}
+    {{- else -}}
+      {{- $name = printf "%s-%s" .Release.Name $name -}}
+    {{- end -}}
+  {{- end -}}
+  {{- trunc 63 $name | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Create chart name and version as used by the chart label */}}
+{{- define "bjw-s.common.lib.chart.names.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Create the name of the ServiceAccount to use */}}
+{{- define "bjw-s.common.lib.chart.names.serviceAccountName" -}}
+  {{- if .Values.serviceAccount.create -}}
+    {{- default (include "bjw-s.common.lib.chart.names.fullname" .) .Values.serviceAccount.name -}}
+  {{- else -}}
+    {{- default "default" .Values.serviceAccount.name -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/chart/_notes.tpl

@@ -0,0 +1,56 @@
+{{/*
+Default NOTES.txt content.
+*/}}
+{{- define "bjw-s.common.lib.chart.notes" -}}
+
+{{- $primaryIngress := get .Values.ingress (include "bjw-s.common.lib.ingress.primary" .) -}}
+{{- $primaryService := get .Values.service (include "bjw-s.common.lib.service.primary" .) -}}
+{{- $primaryPort := "" -}}
+{{- if $primaryService -}}
+  {{- $primaryPort = get $primaryService.ports (include "bjw-s.common.lib.service.primaryPort" (dict "serviceName" (include "bjw-s.common.lib.service.primary" .) "values" $primaryService)) -}}
+{{- end -}}
+
+{{- $prefix := "http" -}}
+{{- if $primaryPort }}
+  {{- if hasKey $primaryPort "protocol" }}
+  {{- if eq $primaryPort.protocol "HTTPS" }}
+    {{- $prefix = "https" }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- if $primaryIngress }}
+1. Access the application by visiting one of these URL's:
+{{ range $primaryIngress.hosts }}
+  {{- $prefix = "http" -}}
+  {{ if $primaryIngress.tls -}}
+    {{- $prefix = "https" -}}
+  {{ end -}}
+  {{- $host := .host -}}
+  {{ if .hostTpl -}}
+    {{- $host = tpl .hostTpl $ -}}
+  {{ end }}
+  {{- $path := (first .paths).path | default "/" -}}
+  {{ if (first .paths).pathTpl -}}
+    {{- $path = tpl (first .paths).pathTpl $ -}}
+  {{ end }}
+  - {{ $prefix }}://{{- $host }}{{- $path }}
+{{- end }}
+{{- else if and $primaryService $primaryPort }}
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" $primaryService.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bjw-s.common.lib.chart.names.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo {{ $prefix }}://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" $primaryService.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ include "bjw-s.common.lib.chart.names.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bjw-s.common.lib.chart.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo {{ $prefix }}://$SERVICE_IP:{{ $primaryPort.port | toString | atoi }}
+{{- else if contains "ClusterIP" $primaryService.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bjw-s.common.lib.chart.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit {{ $prefix }}://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:{{ $primaryPort.port | toString | atoi }}
+{{- end }}
+{{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/container/_containerImage.tpl

@@ -0,0 +1,15 @@
+{{/*
+Image used by the main container.
+*/}}
+{{- define "bjw-s.common.lib.container.image" -}}
+  {{- $imageRepo := .Values.image.repository -}}
+  {{- $imageTag := default .Chart.AppVersion .Values.image.tag -}}
+
+  {{- if kindIs "float64" .Values.image.tag -}}
+    {{- $imageTag = .Values.image.tag | toString -}}
+  {{- end -}}
+
+  {{- if and $imageRepo $imageTag -}}
+    {{- printf "%s:%s" $imageRepo $imageTag -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/container/_env_vars.tpl

@@ -0,0 +1,43 @@
+{{/*
+Environment variables used by containers.
+*/}}
+{{- define "bjw-s.common.lib.container.envVars" -}}
+  {{- $values := .Values.env -}}
+  {{- if hasKey . "ObjectValues" -}}
+    {{- with .ObjectValues.envVars -}}
+      {{- $values = . -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- with $values -}}
+    {{- $result := list -}}
+    {{- range $k, $v := . -}}
+      {{- $name := $k -}}
+      {{- $value := $v -}}
+      {{- if kindIs "int" $name -}}
+        {{- $name = required "environment variables as a list of maps require a name field" $value.name -}}
+      {{- end -}}
+
+      {{- if kindIs "map" $value -}}
+        {{- if hasKey $value "value" -}}
+          {{- $envValue := $value.value | toString -}}
+          {{- $result = append $result (dict "name" $name "value" (tpl $envValue $)) -}}
+        {{- else if hasKey $value "valueFrom" -}}
+          {{- $result = append $result (dict "name" $name "valueFrom" $value.valueFrom) -}}
+        {{- else -}}
+          {{- $result = append $result (dict "name" $name "valueFrom" $value) -}}
+        {{- end -}}
+      {{- end -}}
+      {{- if not (kindIs "map" $value) -}}
+        {{- if kindIs "string" $value -}}
+          {{- $result = append $result (dict "name" $name "value" (tpl $value $)) -}}
+        {{- else if or (kindIs "float64" $value) (kindIs "bool" $value) -}}
+          {{- $result = append $result (dict "name" $name "value" ($value | toString)) -}}
+        {{- else -}}
+          {{- $result = append $result (dict "name" $name "value" $value) -}}
+        {{- end -}}
+      {{- end -}}
+    {{- end -}}
+    {{- toYaml (dict "env" $result) | nindent 0 -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/container/_ports.tpl

@@ -0,0 +1,41 @@
+{{/*
+Ports included by the controller.
+*/}}
+{{- define "bjw-s.common.lib.container.ports" -}}
+  {{- $ports := list -}}
+  {{- range $servicename, $service := .Values.service -}}
+    {{- $serviceEnabled := true -}}
+    {{- if hasKey $service "enabled" -}}
+      {{- $serviceEnabled = $service.enabled -}}
+    {{- end -}}
+    {{- if $serviceEnabled -}}
+      {{- $enabledPorts := include "bjw-s.common.lib.service.enabledPorts" (dict "serviceName" $servicename "values" $service) | fromYaml }}
+      {{- range $portname, $port := ($enabledPorts | default dict) -}}
+        {{- $_ := set $port "name" $portname -}}
+        {{- $ports = mustAppend $ports $port -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+{{/* export/render the list of ports */}}
+{{- if $ports -}}
+{{- range $_ := $ports }}
+{{- if default true .enabled | }}
+- name: {{ .name }}
+  {{- if and .targetPort (kindIs "string" .targetPort) }}
+  {{- fail (printf "Our charts do not support named ports for targetPort. (port name %s, targetPort %s)" .name .targetPort) }}
+  {{- end }}
+  containerPort: {{ .targetPort | default .port }}
+  {{- if .protocol }}
+  {{- if or ( eq .protocol "HTTP" ) ( eq .protocol "HTTPS" ) ( eq .protocol "TCP" ) }}
+  protocol: TCP
+  {{- else }}
+  protocol: {{ .protocol }}
+  {{- end }}
+  {{- else }}
+  protocol: TCP
+  {{- end }}
+{{- end}}
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/container/_probes.tpl

@@ -0,0 +1,67 @@
+{{/*
+Probes selection logic.
+*/}}
+{{- define "bjw-s.common.lib.container.probes" -}}
+  {{- $primaryService := get .Values.service (include "bjw-s.common.lib.service.primary" .) -}}
+  {{- $primaryPort := "" -}}
+  {{- if $primaryService -}}
+    {{- $primaryPort = get $primaryService.ports (include "bjw-s.common.lib.service.primaryPort" (dict "serviceName" (include "bjw-s.common.lib.service.primary" .) "values" $primaryService)) -}}
+  {{- end -}}
+
+  {{- range $probeName, $probe := .Values.probes -}}
+    {{- if $probe.enabled -}}
+      {{- $probeOutput := "" -}}
+      {{- if $probe.custom -}}
+        {{- if $probe.spec -}}
+          {{- $probeOutput = $probe.spec | toYaml -}}
+        {{- end -}}
+      {{- else -}}
+        {{- if $primaryPort -}}
+          {{- $probeType := "" -}}
+          {{- if eq $probe.type "AUTO" -}}
+            {{- $probeType = $primaryPort.protocol -}}
+          {{- else -}}
+            {{- $probeType = $probe.type | default "TCP" -}}
+          {{- end -}}
+
+          {{- $probeDefinition := dict
+            "initialDelaySeconds" $probe.spec.initialDelaySeconds
+            "failureThreshold" $probe.spec.failureThreshold
+            "timeoutSeconds" $probe.spec.timeoutSeconds
+            "periodSeconds" $probe.spec.periodSeconds
+          -}}
+
+          {{- $probeHeader := "" -}}
+          {{- if or ( eq $probeType "HTTPS" ) ( eq $probeType "HTTP" ) -}}
+            {{- $probeHeader = "httpGet" -}}
+
+            {{- $_ := set $probeDefinition $probeHeader (
+              dict
+                "path" $probe.path
+                "scheme" $probeType
+              )
+            -}}
+          {{- else }}
+            {{- $probeHeader = "tcpSocket" -}}
+            {{- $_ := set $probeDefinition $probeHeader dict -}}
+          {{- end -}}
+
+          {{- if $probe.port }}
+            {{- $_ := set (index $probeDefinition $probeHeader) "port" (tpl ( $probe.port | toString ) $) -}}
+          {{- else if $primaryPort.targetPort }}
+            {{- $_ := set (index $probeDefinition $probeHeader) "port" $primaryPort.targetPort -}}
+          {{- else }}
+            {{- $_ := set (index $probeDefinition $probeHeader) "port" ($primaryPort.port | toString | atoi ) -}}
+          {{- end }}
+
+          {{- $probeOutput = $probeDefinition | toYaml | trim -}}
+        {{- end -}}
+      {{- end -}}
+
+      {{- if $probeOutput -}}
+        {{- printf "%sProbe:" $probeName | nindent 0 -}}
+        {{- $probeOutput | nindent 2 -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/container/_volumemounts.tpl

@@ -0,0 +1,56 @@
+{{/* Volumes included by the controller */}}
+{{- define "bjw-s.common.lib.container.volumeMounts" -}}
+  {{- range $persistenceIndex, $persistenceItem := .Values.persistence }}
+    {{- if $persistenceItem.enabled -}}
+      {{- if kindIs "slice" $persistenceItem.subPath -}}
+        {{- if $persistenceItem.mountPath -}}
+          {{- fail (printf "Cannot use persistence.mountPath with a subPath list (%s)" $persistenceIndex) }}
+        {{- end -}}
+        {{- range $subPathIndex, $subPathItem := $persistenceItem.subPath }}
+- name: {{ $persistenceIndex }}
+  subPath: {{ required "subPaths as a list of maps require a path field" $subPathItem.path }}
+  mountPath: {{ required "subPaths as a list of maps require an explicit mountPath field" $subPathItem.mountPath }}
+          {{- with $subPathItem.readOnly }}
+  readOnly: {{ . }}
+          {{- end }}
+          {{- with $subPathItem.mountPropagation }}
+  mountPropagation: {{ . }}
+          {{- end }}
+        {{- end -}}
+      {{- else -}}
+        {{/* Set the default mountPath to /<name_of_the_peristence_item> */}}
+        {{- $mountPath := (printf "/%v" $persistenceIndex) -}}
+        {{- if eq "hostPath" (default "pvc" $persistenceItem.type) -}}
+          {{- $mountPath = $persistenceItem.hostPath -}}
+        {{- end -}}
+        {{/* Use the specified mountPath if provided */}}
+        {{- with $persistenceItem.mountPath -}}
+          {{- $mountPath = . -}}
+        {{- end }}
+        {{- if ne $mountPath "-" }}
+- name: {{ $persistenceIndex }}
+  mountPath: {{ $mountPath }}
+          {{- with $persistenceItem.subPath }}
+  subPath: {{ . }}
+          {{- end }}
+          {{- with $persistenceItem.readOnly }}
+  readOnly: {{ . }}
+          {{- end }}
+          {{- with $persistenceItem.mountPropagation }}
+  mountPropagation: {{ . }}
+          {{- end }}
+        {{- end }}
+      {{- end -}}
+    {{- end -}}
+  {{- end }}
+
+  {{- if eq .Values.controller.type "statefulset" }}
+    {{- range $index, $vct := .Values.volumeClaimTemplates }}
+- mountPath: {{ $vct.mountPath }}
+  name: {{ $vct.name }}
+      {{- if $vct.subPath }}
+  subPath: {{ $vct.subPath }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/controller/_mainContainer.tpl

@@ -0,0 +1,58 @@
+{{- /* The main container included in the controller */ -}}
+{{- define "bjw-s.common.lib.controller.mainContainer" -}}
+- name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}
+  image: {{ include "bjw-s.common.lib.container.image" . }}
+  imagePullPolicy: {{ .Values.image.pullPolicy }}
+  {{- with .Values.command }}
+  command:
+    {{- if kindIs "string" . }}
+    - {{ . | quote }}
+    {{- else }}
+      {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- with .Values.args }}
+  args:
+    {{- if kindIs "string" . }}
+    - {{ . | quote }}
+    {{- else }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- with .Values.securityContext }}
+  securityContext:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.lifecycle }}
+  lifecycle:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.termination.messagePath }}
+  terminationMessagePath: {{ . }}
+  {{- end }}
+  {{- with .Values.termination.messagePolicy }}
+  terminationMessagePolicy: {{ . }}
+  {{- end }}
+
+  {{- with .Values.env }}
+  env:
+    {{- get (fromYaml (include "bjw-s.common.lib.container.envVars" $)) "env" | toYaml | nindent 4 -}}
+  {{- end }}
+  {{- with .Values.envFrom }}
+  envFrom:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with (include "bjw-s.common.lib.container.ports" . | trim) }}
+  ports:
+    {{- nindent 4 . }}
+  {{- end }}
+  {{- with (include "bjw-s.common.lib.container.volumeMounts" . | trim) }}
+  volumeMounts:
+    {{- nindent 4 . }}
+  {{- end }}
+  {{- include "bjw-s.common.lib.container.probes" . | trim | nindent 2 }}
+  {{- with .Values.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/controller/_metadata.tpl

@@ -0,0 +1,25 @@
+{{- define "bjw-s.common.lib.controller.metadata.labels" -}}
+  {{-
+    $labels := (
+      merge
+        (.Values.controller.labels | default dict)
+        (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml)
+    )
+  -}}
+  {{- with $labels -}}
+    {{- toYaml . -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "bjw-s.common.lib.controller.metadata.annotations" -}}
+  {{-
+    $annotations := (
+      merge
+        (.Values.controller.annotations | default dict)
+        (include "bjw-s.common.lib.metadata.globalAnnotations" $ | fromYaml)
+    )
+  -}}
+  {{- with $annotations -}}
+    {{- toYaml . -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/controller/_pod.tpl

@@ -0,0 +1,114 @@
+{{- /*
+The pod definition included in the controller.
+*/ -}}
+{{- define "bjw-s.common.lib.controller.pod" -}}
+  {{- with .Values.imagePullSecrets }}
+imagePullSecrets:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+serviceAccountName: {{ include "bjw-s.common.lib.chart.names.serviceAccountName" . }}
+automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
+  {{- with .Values.podSecurityContext }}
+securityContext:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with .Values.priorityClassName }}
+priorityClassName: {{ . }}
+  {{- end }}
+  {{- with .Values.runtimeClassName }}
+runtimeClassName: {{ . }}
+  {{- end }}
+  {{- with .Values.schedulerName }}
+schedulerName: {{ . }}
+  {{- end }}
+  {{- with .Values.hostIPC }}
+hostIPC: {{ . }}
+  {{- end }}
+  {{- with .Values.hostNetwork }}
+hostNetwork: {{ . }}
+  {{- end }}
+  {{- with .Values.hostPID }}
+hostPID: {{ . }}
+  {{- end }}
+  {{- with .Values.hostname }}
+hostname: {{ . }}
+  {{- end }}
+  {{- if .Values.dnsPolicy }}
+dnsPolicy: {{ .Values.dnsPolicy }}
+  {{- else if .Values.hostNetwork }}
+dnsPolicy: ClusterFirstWithHostNet
+  {{- else }}
+dnsPolicy: ClusterFirst
+  {{- end }}
+  {{- with .Values.dnsConfig }}
+dnsConfig:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+enableServiceLinks: {{ .Values.enableServiceLinks }}
+  {{- with .Values.termination.gracePeriodSeconds }}
+terminationGracePeriodSeconds: {{ . }}
+  {{- end }}
+  {{- if .Values.initContainers }}
+initContainers:
+    {{- $initContainers := list }}
+    {{- range $index, $key := (keys .Values.initContainers | uniq | sortAlpha) }}
+      {{- $container := get $.Values.initContainers $key }}
+      {{- if not $container.name -}}
+        {{- $_ := set $container "name" $key }}
+      {{- end }}
+      {{- if $container.env -}}
+        {{- $_ := set $ "ObjectValues" (dict "envVars" $container.env) -}}
+        {{- $newEnv := fromYaml (include "bjw-s.common.lib.container.envVars" $) -}}
+        {{- $_ := unset $.ObjectValues "envVars" -}}
+        {{- $_ := set $container "env" $newEnv.env }}
+      {{- end }}
+      {{- $initContainers = append $initContainers $container }}
+    {{- end }}
+    {{- tpl (toYaml $initContainers) $ | nindent 2 }}
+  {{- end }}
+containers:
+  {{- include "bjw-s.common.lib.controller.mainContainer" . | nindent 2 }}
+  {{- with (merge .Values.sidecars .Values.additionalContainers) }}
+    {{- $sidecarContainers := list }}
+    {{- range $name, $container := . }}
+      {{- if not $container.name -}}
+        {{- $_ := set $container "name" $name }}
+      {{- end }}
+      {{- if $container.env -}}
+        {{- $_ := set $ "ObjectValues" (dict "envVars" $container.env) -}}
+        {{- $newEnv := fromYaml (include "bjw-s.common.lib.container.envVars" $) -}}
+        {{- $_ := set $container "env" $newEnv.env }}
+        {{- $_ := unset $.ObjectValues "envVars" -}}
+      {{- end }}
+      {{- $sidecarContainers = append $sidecarContainers $container }}
+    {{- end }}
+    {{- tpl (toYaml $sidecarContainers) $ | nindent 2 }}
+  {{- end }}
+  {{- with (include "bjw-s.common.lib.controller.volumes" . | trim) }}
+volumes:
+    {{- nindent 2 . }}
+  {{- end }}
+  {{- with .Values.hostAliases }}
+hostAliases:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with .Values.nodeSelector }}
+nodeSelector:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with .Values.affinity }}
+affinity:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with .Values.topologySpreadConstraints }}
+topologySpreadConstraints:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with .Values.tolerations }}
+tolerations:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- with .Values.controller.restartPolicy }}
+restartPolicy: {{ . }}
+  {{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/controller/_volumes.tpl

@@ -0,0 +1,68 @@
+{{/*
+Volumes included by the controller.
+*/}}
+{{- define "bjw-s.common.lib.controller.volumes" -}}
+{{- range $index, $persistence := .Values.persistence }}
+{{- if $persistence.enabled }}
+- name: {{ $index }}
+  {{- if eq (default "pvc" $persistence.type) "pvc" }}
+    {{- $pvcName := (include "bjw-s.common.lib.chart.names.fullname" $) -}}
+    {{- if $persistence.existingClaim }}
+      {{- /* Always prefer an existingClaim if that is set */}}
+      {{- $pvcName = $persistence.existingClaim -}}
+    {{- else -}}
+      {{- /* Otherwise refer to the PVC name */}}
+      {{- if $persistence.nameOverride -}}
+        {{- if not (eq $persistence.nameOverride "-") -}}
+          {{- $pvcName = (printf "%s-%s" (include "bjw-s.common.lib.chart.names.fullname" $) $persistence.nameOverride) -}}
+        {{- end -}}
+      {{- else -}}
+        {{- $pvcName = (printf "%s-%s" (include "bjw-s.common.lib.chart.names.fullname" $) $index) -}}
+      {{- end -}}
+    {{- end }}
+  persistentVolumeClaim:
+    claimName: {{ $pvcName }}
+  {{- else if or (eq $persistence.type "configMap") (eq $persistence.type "secret") }}
+    {{- $objectName := (required (printf "name not set for persistence item %s" $index) $persistence.name) }}
+    {{- $objectName = tpl $objectName $ }}
+    {{- if eq $persistence.type "configMap" }}
+  configMap:
+    name: {{ $objectName }}
+    {{- else }}
+  secret:
+    secretName: {{ $objectName }}
+    {{- end }}
+    {{- with $persistence.defaultMode }}
+    defaultMode: {{ . }}
+    {{- end }}
+    {{- with $persistence.items }}
+    items:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{- else if eq $persistence.type "emptyDir" }}
+    {{- $emptyDir := dict -}}
+    {{- with $persistence.medium -}}
+      {{- $_ := set $emptyDir "medium" . -}}
+    {{- end -}}
+    {{- with $persistence.sizeLimit -}}
+      {{- $_ := set $emptyDir "sizeLimit" . -}}
+    {{- end }}
+  emptyDir: {{- $emptyDir | toYaml | nindent 4 }}
+  {{- else if eq $persistence.type "hostPath" }}
+  hostPath:
+    path: {{ required "hostPath not set" $persistence.hostPath }}
+    {{- with $persistence.hostPathType }}
+    type: {{ . }}
+    {{- end }}
+  {{- else if eq $persistence.type "nfs" }}
+  nfs:
+    server: {{ required "server not set" $persistence.server }}
+    path: {{ required "path not set" $persistence.path }}
+  {{- else if eq $persistence.type "custom" }}
+    {{- toYaml $persistence.volumeSpec | nindent 2 }}
+  {{- else }}
+    {{- fail (printf "Not a valid persistence.type (%s)" $persistence.type) }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/qbittorrent/charts/common/templates/lib/ingress/_primary.tpl

@@ -0,0 +1,21 @@
+{{/* Return the name of the primary ingress object */}}
+{{- define "bjw-s.common.lib.ingress.primary" -}}
+  {{- $enabledIngresses := dict -}}
+  {{- range $name, $ingress := .Values.ingress -}}
+    {{- if $ingress.enabled -}}
+      {{- $_ := set $enabledIngresses $name . -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- $result := "" -}}
+  {{- range $name, $ingress := $enabledIngresses -}}
+    {{- if and (hasKey $ingress "primary") $ingress.primary -}}
+      {{- $result = $name -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if not $result -}}
+    {{- $result = keys $enabledIngresses | first -}}
+  {{- end -}}
+  {{- $result -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/metadata/_allLabels.tpl

@@ -0,0 +1,10 @@
+{{/* Common labels shared across objects */}}
+{{- define "bjw-s.common.lib.metadata.allLabels" -}}
+helm.sh/chart: {{ include "bjw-s.common.lib.chart.names.chart" . }}
+{{ include "bjw-s.common.lib.metadata.selectorLabels" . }}
+  {{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+  {{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{ include "bjw-s.common.lib.metadata.globalLabels" . }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/metadata/_globalAnnotations.tpl

@@ -0,0 +1,10 @@
+{{/* Common annotations shared across objects */}}
+{{- define "bjw-s.common.lib.metadata.globalAnnotations" -}}
+  {{- with .Values.global.annotations }}
+    {{- range $k, $v := . }}
+      {{- $name := $k }}
+      {{- $value := tpl $v $ }}
+{{ $name }}: {{ quote $value }}
+    {{- end }}
+  {{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/metadata/_globalLabels.tpl

@@ -0,0 +1,9 @@
+{{- define "bjw-s.common.lib.metadata.globalLabels" -}}
+  {{- with .Values.global.labels }}
+    {{- range $k, $v := . }}
+      {{- $name := $k }}
+      {{- $value := tpl $v $ }}
+{{ $name }}: {{ quote $value }}
+    {{- end }}
+  {{- end }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/metadata/_podAnnotations.tpl

@@ -0,0 +1,26 @@
+{{/* Determine the Pod annotations used in the controller */}}
+{{- define "bjw-s.common.lib.metadata.podAnnotations" -}}
+  {{- if .Values.podAnnotations -}}
+    {{- tpl (toYaml .Values.podAnnotations) . | nindent 0 -}}
+  {{- end -}}
+
+  {{- $configMapsFound := dict -}}
+  {{- range $name, $configmap := .Values.configMaps -}}
+    {{- if $configmap.enabled -}}
+      {{- $_ := set $configMapsFound $name (toYaml $configmap.data | sha256sum) -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if $configMapsFound -}}
+    {{- printf "checksum/config: %v" (toYaml $configMapsFound | sha256sum) | nindent 0 -}}
+  {{- end -}}
+
+  {{- $secretsFound := dict -}}
+  {{- range $name, $secret := .Values.secrets -}}
+    {{- if $secret.enabled -}}
+      {{- $_ := set $secretsFound $name (toYaml $secret.data | sha256sum) -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if $secretsFound -}}
+    {{- printf "checksum/secrets: %v" (toYaml $secretsFound | sha256sum) | nindent 0 -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/metadata/_selectorLabels.tpl

@@ -0,0 +1,5 @@
+{{/* Selector labels shared across objects */}}
+{{- define "bjw-s.common.lib.metadata.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "bjw-s.common.lib.chart.names.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/routes/_primary.tpl

@@ -0,0 +1,21 @@
+{{/* Return the name of the primary route object */}}
+{{- define "bjw-s.common.lib.route.primary" -}}
+  {{- $enabledRoutes := dict -}}
+  {{- range $name, $route := .Values.route -}}
+    {{- if $route.enabled -}}
+      {{- $_ := set $enabledRoutes $name . -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- $result := "" -}}
+  {{- range $name, $route := $enabledRoutes -}}
+    {{- if and (hasKey $route "primary") $route.primary -}}
+      {{- $result = $name -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if not $result -}}
+    {{- $result = keys $enabledRoutes | first -}}
+  {{- end -}}
+  {{- $result -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/service/_enabled_ports.tpl

@@ -0,0 +1,19 @@
+{{/*
+Return the enabled ports for a given Service object.
+*/}}
+{{- define "bjw-s.common.lib.service.enabledPorts" -}}
+  {{- $enabledPorts := dict -}}
+
+  {{- range $name, $port := .values.ports -}}
+    {{- if kindIs "map" $port -}}
+      {{- $portEnabled := true -}}
+      {{- if hasKey $port "enabled" -}}
+        {{- $portEnabled = $port.enabled -}}
+      {{- end -}}
+      {{- if $portEnabled -}}
+        {{- $_ := set $enabledPorts $name . -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+  {{- $enabledPorts | toYaml -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/service/_enabled_services.tpl

@@ -0,0 +1,18 @@
+{{/*
+Return the enabled services.
+*/}}
+{{- define "bjw-s.common.lib.service.enabledServices" -}}
+  {{- $enabledServices := dict -}}
+  {{- range $name, $service := .Values.service -}}
+    {{- if kindIs "map" $service -}}
+      {{- $serviceEnabled := true -}}
+      {{- if hasKey $service "enabled" -}}
+        {{- $serviceEnabled = $service.enabled -}}
+      {{- end -}}
+      {{- if $serviceEnabled -}}
+        {{- $_ := set $enabledServices $name . -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+  {{- $enabledServices | toYaml -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/service/_primary.tpl

@@ -0,0 +1,18 @@
+{{/*
+Return the primary service object
+*/}}
+{{- define "bjw-s.common.lib.service.primary" -}}
+  {{- $enabledServices := (include "bjw-s.common.lib.service.enabledServices" $ | fromYaml ) }}
+
+  {{- $result := "" -}}
+  {{- range $name, $service := $enabledServices -}}
+    {{- if and (hasKey $service "primary") $service.primary -}}
+      {{- $result = $name -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if not $result -}}
+    {{- $result = keys $enabledServices | first -}}
+  {{- end -}}
+  {{- $result -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/lib/service/_primary_port.tpl

@@ -0,0 +1,18 @@
+{{/*
+Return the primary port for a given Service object.
+*/}}
+{{- define "bjw-s.common.lib.service.primaryPort" -}}
+  {{- $enabledPorts := (include "bjw-s.common.lib.service.enabledPorts" . | fromYaml) }}
+
+  {{- $result := "" -}}
+  {{- range $name, $port := $enabledPorts -}}
+    {{- if and (hasKey $port "primary") $port.primary -}}
+      {{- $result = $name -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if not $result -}}
+    {{- $result = keys $enabledPorts | first -}}
+  {{- end -}}
+  {{- $result -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/loader/_all.tpl

@@ -0,0 +1,10 @@
+{{/*
+Main entrypoint for the common library chart. It will render all underlying templates based on the provided values.
+*/}}
+{{- define "bjw-s.common.loader.all" -}}
+  {{- /* Generate chart and dependency values */ -}}
+  {{- include "bjw-s.common.loader.init" . -}}
+
+  {{- /* Generate remaining objects */ -}}
+  {{- include "bjw-s.common.loader.generate" . -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/loader/_generate.tpl

@@ -0,0 +1,30 @@
+{{/*
+Secondary entrypoint and primary loader for the common chart
+*/}}
+{{- define "bjw-s.common.loader.generate" -}}
+  {{- /* Enable code-server add-on if required */ -}}
+  {{- if .Values.addons.codeserver.enabled -}}
+    {{- include "bjw-s.common.addon.codeserver" . | nindent 0 -}}
+  {{- end -}}
+
+  {{- /* Enable VPN add-on if required */ -}}
+  {{- if .Values.addons.vpn.enabled -}}
+    {{- include "bjw-s.common.addon.vpn" . | nindent 0 -}}
+  {{- end -}}
+
+  {{- /* Enable netshoot add-on if required */ -}}
+  {{- if .Values.addons.netshoot.enabled -}}
+    {{- include "bjw-s.common.addon.netshoot" . | nindent 0 -}}
+  {{- end -}}
+
+  {{- /* Build the templates */ -}}
+  {{- include "bjw-s.common.render.pvcs" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.serviceAccount" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.controller" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.services" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.ingresses" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.serviceMonitors" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.routes" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.configmaps" . | nindent 0 -}}
+  {{- include "bjw-s.common.render.secrets" . | nindent 0 -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/loader/_init.tpl

@@ -0,0 +1,4 @@
+{{- define "bjw-s.common.loader.init" -}}
+  {{- /* Merge the local chart values and the common chart defaults */ -}}
+  {{- include "bjw-s.common.values.init" . }}
+{{- end -}}

charts/qbittorrent/charts/common/templates/render/_configmaps.tpl

@@ -0,0 +1,19 @@
+{{/*
+Renders the configMap objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.configmaps" -}}
+  {{- /* Generate named configMaps as required */ -}}
+  {{- range $name, $configmap := .Values.configMaps -}}
+    {{- if $configmap.enabled -}}
+      {{- $configmapValues := $configmap -}}
+
+      {{- /* set the default nameOverride to the configMap name */ -}}
+      {{- if not $configmapValues.nameOverride -}}
+        {{- $_ := set $configmapValues "nameOverride" $name -}}
+      {{ end -}}
+
+      {{- $_ := set $ "ObjectValues" (dict "configmap" $configmapValues) -}}
+      {{- include "bjw-s.common.class.configmap" $ | nindent 0 -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/render/_controller.tpl

@@ -0,0 +1,18 @@
+{{/*
+Renders the controller object required by the chart.
+*/}}
+{{- define "bjw-s.common.render.controller" -}}
+  {{- if .Values.controller.enabled -}}
+    {{- if eq .Values.controller.type "deployment" -}}
+      {{- include "bjw-s.common.class.deployment" . | nindent 0 -}}
+    {{- else if eq .Values.controller.type "cronjob" -}}
+      {{- include "bjw-s.common.class.cronjob" . | nindent 0 -}}
+    {{ else if eq .Values.controller.type "daemonset" -}}
+      {{- include "bjw-s.common.class.daemonset" . | nindent 0 -}}
+    {{ else if eq .Values.controller.type "statefulset"  -}}
+      {{- include "bjw-s.common.class.statefulset" . | nindent 0 -}}
+    {{ else -}}
+      {{- fail (printf "Not a valid controller.type (%s)" .Values.controller.type) -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/render/_ingresses.tpl

@@ -0,0 +1,19 @@
+{{/*
+Renders the Ingress objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.ingresses" -}}
+  {{- /* Generate named ingresses as required */ -}}
+  {{- range $name, $ingress := .Values.ingress }}
+    {{- if $ingress.enabled -}}
+      {{- $ingressValues := $ingress -}}
+
+      {{/* set defaults */}}
+      {{- if and (not $ingressValues.nameOverride) (ne $name (include "bjw-s.common.lib.ingress.primary" $)) -}}
+        {{- $_ := set $ingressValues "nameOverride" $name -}}
+      {{- end -}}
+
+      {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}}
+      {{- include "bjw-s.common.class.ingress" $ | nindent 0 -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/render/_pvcs.tpl

@@ -0,0 +1,16 @@
+{{/*
+Renders the Persistent Volume Claim objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.pvcs" -}}
+  {{- /* Generate pvc as required */ -}}
+  {{- range $index, $PVC := .Values.persistence -}}
+    {{- if and $PVC.enabled (eq (default "pvc" $PVC.type) "pvc") (not $PVC.existingClaim) -}}
+      {{- $persistenceValues := $PVC -}}
+      {{- if not $persistenceValues.nameOverride -}}
+        {{- $_ := set $persistenceValues "nameOverride" $index -}}
+      {{- end -}}
+      {{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}}
+      {{- include "bjw-s.common.class.pvc" $ | nindent 0 -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/render/_routes.tpl

@@ -0,0 +1,18 @@
+{{/* Renders the Route objects required by the chart */}}
+{{- define "bjw-s.common.render.routes" -}}
+  {{- /* Generate named routes as required */ -}}
+  {{- range $name, $route := .Values.route }}
+    {{- if $route.enabled -}}
+      {{- $routeValues := $route -}}
+
+      {{/* set defaults */}}
+      {{- if and (not $routeValues.nameOverride) (ne $name (include "bjw-s.common.lib.route.primary" $)) -}}
+        {{- $_ := set $routeValues "nameOverride" $name -}}
+      {{- end -}}
+
+      {{- $_ := set $ "ObjectValues" (dict "route" $routeValues) -}}
+      {{- include "bjw-s.common.class.route" $ | nindent 0 -}}
+      {{- $_ := unset $.ObjectValues "route" -}}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/qbittorrent/charts/common/templates/render/_secrets.tpl

@@ -0,0 +1,19 @@
+{{/*
+Renders the Secret objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.secrets" -}}
+  {{- /* Generate named Secrets as required */ -}}
+  {{- range $name, $secret := .Values.secrets -}}
+    {{- if $secret.enabled -}}
+      {{- $secretValues := $secret -}}
+
+      {{- /* set the default nameOverride to the Secret name */ -}}
+      {{- if not $secretValues.nameOverride -}}
+        {{- $_ := set $secretValues "nameOverride" $name -}}
+      {{ end -}}
+
+      {{- $_ := set $ "ObjectValues" (dict "secret" $secretValues) -}}
+      {{- include "bjw-s.common.class.secret" $ | nindent 0 -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/render/_serviceMonitors.tpl

@@ -0,0 +1,20 @@
+{{/*
+Renders the serviceMonitor objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.serviceMonitors" -}}
+  {{- /* Generate named services as required */ -}}
+  {{- range $name, $serviceMonitor := .Values.serviceMonitor -}}
+    {{- if $serviceMonitor.enabled -}}
+      {{- $serviceMonitorValues := $serviceMonitor -}}
+
+      {{- if and (not $serviceMonitorValues.nameOverride) (ne $name "main") -}}
+        {{- $_ := set $serviceMonitorValues "nameOverride" $name -}}
+      {{- end -}}
+
+      {{/* Include the serviceMonitor class */}}
+      {{- $_ := set $ "ObjectValues" (dict "serviceMonitor" $serviceMonitorValues) -}}
+      {{- include "bjw-s.common.class.serviceMonitor" $ | nindent 0 -}}
+      {{- $_ := unset $.ObjectValues "serviceMonitor" -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/render/_serviceaccount.tpl

@@ -0,0 +1,13 @@
+{{/*
+Renders the serviceAccount object required by the chart.
+*/}}
+{{- define "bjw-s.common.render.serviceAccount" -}}
+  {{- if .Values.serviceAccount.create -}}
+
+    {{- /* Create a service account secret */ -}}
+    {{- $serviceAccountName := include "bjw-s.common.lib.chart.names.serviceAccountName" . -}}
+    {{- $_ := set .Values.secrets "sa-token" (dict "enabled" true "annotations" (dict "kubernetes.io/service-account.name" $serviceAccountName) "type" "kubernetes.io/service-account-token") -}}
+
+    {{- include "bjw-s.common.class.serviceAccount" $ | nindent 0 -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/render/_services.tpl

@@ -0,0 +1,25 @@
+{{/*
+Renders the Service objects required by the chart.
+*/}}
+{{- define "bjw-s.common.render.services" -}}
+  {{- /* Generate named services as required */ -}}
+  {{- range $name, $service := .Values.service -}}
+    {{- $serviceEnabled := true -}}
+    {{- if hasKey $service "enabled" -}}
+      {{- $serviceEnabled = $service.enabled -}}
+    {{- end -}}
+    {{- if $serviceEnabled -}}
+      {{- $serviceValues := $service -}}
+
+      {{/* set the default nameOverride to the service name */}}
+      {{- if and (not $serviceValues.nameOverride) (ne $name (include "bjw-s.common.lib.service.primary" $)) -}}
+        {{- $_ := set $serviceValues "nameOverride" $name -}}
+      {{ end -}}
+
+      {{/* Include the Service class */}}
+      {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}}
+      {{- include "bjw-s.common.class.service" $ | nindent 0 -}}
+      {{- $_ := unset $.ObjectValues "service" -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/templates/values/_init.tpl

@@ -0,0 +1,12 @@
+{{/*
+Merge the local chart values and the common chart defaults
+*/}}
+{{- define "bjw-s.common.values.init" -}}
+  {{- if .Values.common -}}
+    {{- $defaultValues := deepCopy .Values.common -}}
+    {{- $userValues := deepCopy (omit .Values "common") -}}
+    {{- $_ := set $defaultValues "additionalContainers" dict -}}
+    {{- $mergedValues := mustMergeOverwrite $defaultValues $userValues -}}
+    {{- $_ := set . "Values" (deepCopy $mergedValues) -}}
+  {{- end -}}
+{{- end -}}

charts/qbittorrent/charts/common/values.yaml

@@ -0,0 +1,840 @@
+---
+global:
+  # -- Set an override for the prefix of the fullname
+  nameOverride:
+  # -- Set the entire name definition
+  fullnameOverride:
+  # -- Set additional global labels. Helm templates can be used.
+  labels: {}
+  # -- Set additional global annotations. Helm templates can be used.
+  annotations: {}
+
+controller:
+  # -- enable the controller.
+  enabled: true
+  # -- Set the controller type.
+  # Valid options are deployment, daemonset, statefulset or cronjob
+  type: deployment
+  # -- Set annotations on the deployment/statefulset/daemonset/cronjob
+  annotations: {}
+  # -- Set labels on the deployment/statefulset/daemonset/cronjob
+  labels: {}
+  # -- Number of desired pods. When using a HorizontalPodAutoscaler, set this to `null`.
+  replicas: 1
+  # -- Set the controller upgrade strategy
+  # For Deployments, valid values are Recreate (default) and RollingUpdate.
+  # For StatefulSets, valid values are OnDelete and RollingUpdate (default).
+  # DaemonSets/CronJobs ignore this.
+  strategy:
+  rollingUpdate:
+    # -- Set deployment RollingUpdate max unavailable
+    unavailable:
+    # -- Set deployment RollingUpdate max surge
+    surge:
+    # -- Set statefulset RollingUpdate partition
+    partition:
+  # -- ReplicaSet revision history limit
+  revisionHistoryLimit: 3
+  # -- Set statefulset podManagementPolicy, valid values are Parallel and OrderedReady (default).
+  podManagementPolicy:
+  # -- Set Container restart policy.
+  # @default -- `Always`. When `controller.type` is `cronjob` it defaults to `Never`.
+  restartPolicy:
+  # -- CronJob configuration. Required only when using `controller.type: cronjob`.
+  # @default -- See below
+  cronjob:
+    # -- Specifies how to treat concurrent executions of a job that is created by this cron job
+    # valid values are Allow, Forbid or Replace
+    concurrencyPolicy: Forbid
+    # -- Sets the CronJob time when to execute your jobs
+    schedule: "*/20 * * * *"
+    # -- The deadline in seconds for starting the job if it misses its scheduled time for any reason
+    startingDeadlineSeconds: 30
+    # -- The number of succesful Jobs to keep
+    successfulJobsHistory: 1
+    # -- The number of failed Jobs to keep
+    failedJobsHistory: 1
+    # --  If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to
+    # be automatically deleted.
+    ttlSecondsAfterFinished:
+    # -- Limits the number of times a failed job will be retried
+    backoffLimit: 6
+
+image:
+  # -- image repository
+  repository:
+  # -- image tag
+  tag:
+  # -- image pull policy
+  pullPolicy:
+
+# -- Set image pull secrets
+imagePullSecrets: []
+
+# -- Override the command(s) for the default container
+command: []
+# -- Override the args for the default container
+args: []
+
+# -- Set annotations on the pod
+podAnnotations: {}
+
+# -- Set labels on the pod
+podLabels: {}
+
+serviceAccount:
+  # -- Specifies whether a service account should be created
+  create: false
+
+  # -- Annotations to add to the service account
+  annotations: {}
+
+  # -- The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+# -- Specifies whether a service account token should be automatically mounted.
+automountServiceAccountToken: true
+
+# -- Use this to populate secrets with the values you specify.
+# Be aware that these values are not encrypted by default, and could therefore visible
+# to anybody with access to the values.yaml file.
+# Additional Secrets can be added by adding a dictionary key similar to the 'secret' object.
+# @default -- See below
+secrets:
+  secret:
+    # -- Enables or disables the Secret
+    enabled: false
+    # -- Labels to add to the Secret
+    labels: {}
+    # -- Annotations to add to the Secret
+    annotations: {}
+    # -- Secret stringData content. Helm template enabled.
+    stringData:
+      {}
+      # foo: bar
+
+# -- Configure configMaps for the chart here.
+# Additional configMaps can be added by adding a dictionary key similar to the 'config' object.
+# @default -- See below
+configMaps:
+  config:
+    # -- Enables or disables the configMap
+    enabled: false
+    # -- Labels to add to the configMap
+    labels: {}
+    # -- Annotations to add to the configMap
+    annotations: {}
+    # -- configMap data content. Helm template enabled.
+    data:
+      {}
+      # foo: bar
+
+# -- Main environment variables. Template enabled.
+# Syntax options:
+# A) TZ: UTC
+# B) PASSWD: '{{ .Release.Name }}'
+# C) PASSWD:
+#      configMapKeyRef:
+#        name: config-map-name
+#        key: key-name
+# D) PASSWD:
+#      valueFrom:
+#        secretKeyRef:
+#          name: secret-name
+#          key: key-name
+#      ...
+# E) - name: TZ
+#      value: UTC
+# F) - name: TZ
+#      value: '{{ .Release.Name }}'
+env:
+
+# -- Secrets and/or ConfigMaps that will be loaded as environment variables.
+# [[ref]](https://unofficial-kubernetes.readthedocs.io/en/latest/tasks/configure-pod-container/configmap/#use-case-consume-configmap-in-environment-variables)
+envFrom: []
+# - configMapRef:
+#     name: config-map-name
+# - secretRef:
+#     name: secret-name
+
+# -- Custom priority class for different treatment by the scheduler
+priorityClassName: # system-node-critical
+
+# -- Allow specifying a runtimeClassName other than the default one (ie: nvidia)
+runtimeClassName: # nvidia
+
+# -- Allows specifying a custom scheduler name
+schedulerName: # awkward-dangerous-scheduler
+
+# -- Allows specifying explicit hostname setting
+hostname:
+
+# -- Use the host's ipc namespace
+hostIPC: false
+
+# -- When using hostNetwork make sure you set dnsPolicy to `ClusterFirstWithHostNet`
+hostNetwork: false
+
+# -- Use the host's pid namespace
+hostPID: false
+
+# -- Defaults to "ClusterFirst" if hostNetwork is false
+# and "ClusterFirstWithHostNet" if hostNetwork is true.
+dnsPolicy: # ClusterFirst
+
+# -- Configuring the ndots option may resolve nslookup issues on some Kubernetes setups.
+dnsConfig: {}
+#   options:
+#     - name: ndots
+#       value: "1"
+
+# -- Enable/disable the generation of environment variables for services.
+# [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service)
+enableServiceLinks: true
+
+# -- Configure the Security Context for the Pod
+podSecurityContext: {}
+
+# -- Configure the Security Context for the main container
+securityContext: {}
+
+# -- Configure the lifecycle for the main container
+lifecycle: {}
+
+# -- Specify any initContainers here as dictionary items.
+# Each initContainer should have its own key. The dictionary item key will determine the order.
+# Helm templates can be used.
+initContainers: {}
+
+# -- Specify any sidecar containers here as dictionary items.
+# Each sidecar container should have its own key. The dictionary item key will determine the order.
+# Helm templates can be used.
+sidecars: {}
+
+# -- Probe configuration
+# -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+# @default -- See below
+probes:
+  # -- Liveness probe configuration
+  # @default -- See below
+  liveness:
+    # -- Enable the liveness probe
+    enabled: true
+    # -- Set this to `true` if you wish to specify your own livenessProbe
+    custom: false
+    # -- sets the probe type when not using a custom probe
+    # @default -- "TCP"
+    type: TCP
+    # -- The spec field contains the values for the default livenessProbe.
+    # If you selected `custom: true`, this field holds the definition of the livenessProbe.
+    # @default -- See below
+    spec:
+      initialDelaySeconds: 0
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+
+  # -- Redainess probe configuration
+  # @default -- See below
+  readiness:
+    # -- Enable the readiness probe
+    enabled: true
+    # -- Set this to `true` if you wish to specify your own readinessProbe
+    custom: false
+    # -- sets the probe type when not using a custom probe
+    # @default -- "TCP"
+    type: TCP
+    # -- The spec field contains the values for the default readinessProbe.
+    # If you selected `custom: true`, this field holds the definition of the readinessProbe.
+    # @default -- See below
+    spec:
+      initialDelaySeconds: 0
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+
+  # -- Startup probe configuration
+  # @default -- See below
+  startup:
+    # -- Enable the startup probe
+    enabled: true
+    # -- Set this to `true` if you wish to specify your own startupProbe
+    custom: false
+    # -- sets the probe type when not using a custom probe
+    # @default -- "TCP"
+    type: TCP
+    # -- The spec field contains the values for the default startupProbe.
+    # If you selected `custom: true`, this field holds the definition of the startupProbe.
+    # @default -- See below
+    spec:
+      initialDelaySeconds: 0
+      timeoutSeconds: 1
+      ## This means it has a maximum of 5*30=150 seconds to start up before it fails
+      periodSeconds: 5
+      failureThreshold: 30
+
+termination:
+  # -- Configure the path at which the file to which the main container's termination message will be written.
+  # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)]
+  messagePath:
+
+  # -- Indicate how the main container's termination message should be populated.
+  # Valid options are `File` and `FallbackToLogsOnError`.
+  # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)]
+  messagePolicy:
+
+  # -- Duration in seconds the pod needs to terminate gracefully
+  # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle)]
+  gracePeriodSeconds:
+
+# -- Configure the services for the chart here.
+# Additional services can be added by adding a dictionary key similar to the 'main' service.
+# @default -- See below
+service:
+  main:
+    # -- Enables or disables the service
+    enabled: true
+
+    # -- Make this the primary service (used in probes, notes, etc...).
+    # If there is more than 1 service, make sure that only 1 service is marked as primary.
+    primary: true
+
+    # -- Override the name suffix that is used for this service
+    nameOverride:
+
+    # -- Set the service type
+    type: ClusterIP
+
+    # -- Specify the externalTrafficPolicy for the service. Options: Cluster, Local
+    # -- [[ref](https://kubernetes.io/docs/tutorials/services/source-ip/)]
+    externalTrafficPolicy:
+
+    # -- Specify the ip policy. Options: SingleStack, PreferDualStack, RequireDualStack
+    ipFamilyPolicy:
+    # -- The ip families that should be used. Options: IPv4, IPv6
+    ipFamilies: []
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Configure the Service port information here.
+    # Additional ports can be added by adding a dictionary key similar to the 'http' service.
+    # @default -- See below
+    ports:
+      http:
+        # -- Enables or disables the port
+        enabled: true
+
+        # -- Make this the primary port (used in probes, notes, etc...)
+        # If there is more than 1 service, make sure that only 1 port is marked as primary.
+        primary: true
+
+        # -- The port number
+        port:
+
+        # -- Port protocol.
+        # Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`.
+        # HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation
+        protocol: HTTP
+
+        # -- Specify a service targetPort if you wish to differ the service port from the application port.
+        # If `targetPort` is specified, this port number is used in the container definition instead of
+        # the `port` value. Therefore named ports are not supported for this field.
+        targetPort:
+
+        # -- Specify the nodePort value for the LoadBalancer and NodePort service types.
+        # [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)
+        nodePort:
+
+        # -- Allow adding additional match labels
+        extraSelectorLabels: {}
+
+# -- Configure the ServiceMonitors for the chart here.
+# Additional ServiceMonitors can be added by adding a dictionary key similar to the 'main' ServiceMonitors.
+# @default -- See below
+serviceMonitor:
+  main:
+    # -- Enables or disables the serviceMonitor.
+    enabled: false
+
+    # -- Override the name suffix that is used for this serviceMonitor.
+    nameOverride:
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Configures a custom selector for the serviceMonitor, this takes precedence over
+    # specifying a service name.
+    # Helm templates can be used.
+    selector: {}
+
+    # -- Configures the target Service for the serviceMonitor. Helm templates can be used.
+    serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
+
+    # -- Configures the endpoints for the serviceMonitor.
+    # @default -- See values.yaml
+    endpoints:
+      - port: http
+        scheme: http
+        path: /metrics
+        interval: 1m
+        scrapeTimeout: 10s
+
+# -- Configure the ingresses for the chart here.
+# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
+# @default -- See below
+ingress:
+  main:
+    # -- Enables or disables the ingress
+    enabled: false
+
+    # -- Make this the primary ingress (used in probes, notes, etc...).
+    # If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
+    primary: true
+
+    # -- Override the name suffix that is used for this ingress.
+    nameOverride:
+
+    # -- Provide additional annotations which may be required.
+    annotations:
+      {}
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Set the ingressClass that is used for this ingress.
+    ingressClassName: # "nginx"
+
+    ## Configure the hosts for the ingress
+    hosts:
+      - # -- Host address. Helm template can be passed.
+        host: chart-example.local
+        ## Configure the paths for the host
+        paths:
+          - # -- Path.  Helm template can be passed.
+            path: /
+            pathType: Prefix
+            service:
+              # -- Overrides the service name reference for this path
+              name:
+              # -- Overrides the service port reference for this path
+              port:
+
+    # -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+
+# -- Configure the gateway routes for the chart here.
+# Additional routes can be added by adding a dictionary key similar to the 'main' route.
+# [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)
+# @default -- See below
+route:
+  main:
+    # -- Enables or disables the route
+    enabled: false
+
+    # -- Set the route kind
+    # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
+    kind: HTTPRoute
+
+    # -- Override the name suffix that is used for this route.
+    nameOverride:
+
+    # -- Provide additional annotations which may be required.
+    annotations: {}
+
+    # -- Provide additional labels which may be required.
+    labels: {}
+
+    # -- Configure the resource the route attaches to.
+    parentRefs:
+      - # Group of the referent resource.
+        group: gateway.networking.k8s.io
+        # Kind of the referent resource.
+        kind: Gateway
+        # Name of the referent resource
+        name:
+        # Namespace of the referent resource
+        namespace:
+        # Name of the section within the target resource.
+        sectionName:
+
+    # -- Host addresses
+    hostnames: []
+
+    # -- Configure rules for routing. Defaults to the primary service.
+    rules:
+      - # -- Configure backends where matching requests should be sent.
+        backendRefs:
+          - group: ""
+            kind: Service
+            name:
+            namespace:
+            port:
+            weight: 1
+        ## Configure conditions used for matching incoming requests. Only for HTTPRoutes
+        matches:
+          - path:
+              type: PathPrefix
+              value: /
+
+# -- Configure persistence for the chart here.
+# Additional items can be added by adding a dictionary key similar to the 'config' key.
+# [[ref]](https://bjw-s.github.io/helm-charts/docs/common-library/common-library-storage)
+# @default -- See below
+persistence:
+  # -- Default persistence for configuration files.
+  # @default -- See below
+  config:
+    # -- Enables or disables the persistence item
+    enabled: false
+
+    # -- Sets the persistence type
+    # Valid options are pvc, emptyDir, hostPath, secret, configMap or custom
+    type: pvc
+
+    # -- Where to mount the volume in the main container.
+    # Defaults to `/<name_of_the_volume>`,
+    # setting to '-' creates the volume but disables the volumeMount.
+    mountPath: # /config
+    # -- Specify if the volume should be mounted read-only.
+    readOnly: false
+    # -- Override the name suffix that is used for this volume.
+    nameOverride:
+
+    # -- Storage Class for the config volume.
+    # If set to `-`, dynamic provisioning is disabled.
+    # If set to something else, the given storageClass is used.
+    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
+    storageClass: # "-"
+
+    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
+    existingClaim: # your-claim
+
+    # -- Used in conjunction with `existingClaim`. Specifies a sub-path inside the referenced volume instead of its root
+    subPath: # some-subpath
+
+    # -- AccessMode for the persistent volume.
+    # Make sure to select an access mode that is supported by your storage provider!
+    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
+    accessMode: ReadWriteOnce
+
+    # -- The amount of storage that is requested for the persistent volume.
+    size: 1Gi
+
+    # -- Set to true to retain the PVC upon `helm uninstall`
+    retain: false
+
+  # -- Create an emptyDir volume to share between all containers
+  # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir)
+  # @default -- See below
+  shared:
+    enabled: false
+    type: emptyDir
+    mountPath: /shared
+
+    # -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead
+    # of the storage medium that backs the node.
+    medium: # Memory
+
+    # -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can
+    # specify a size for memory backed volumes.
+    sizeLimit: # 1Gi
+
+# -- Used in conjunction with `controller.type: statefulset` to create individual disks for each instance.
+volumeClaimTemplates: []
+# - name: data
+#   labels: {}
+#   annotations: {}
+#   mountPath: /data
+#   accessMode: "ReadWriteOnce"
+#   size: 1Gi
+# - name: backup
+#   labels: {}
+#   annotations: {}
+#   mountPath: /backup
+#   subPath: theSubPath
+#   accessMode: "ReadWriteOnce"
+#   size: 2Gi
+#   storageClass: cheap-storage-class
+
+# -- Node selection constraint
+# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)
+nodeSelector: {}
+
+# -- Defines affinity constraint rules.
+# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
+affinity: {}
+
+# -- Defines topologySpreadConstraint rules.
+# [[ref]](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/)
+topologySpreadConstraints: []
+# - maxSkew: <integer>
+#   topologyKey: <string>
+#   whenUnsatisfiable: <string>
+#   labelSelector: <object>
+
+# -- Specify taint tolerations
+# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
+tolerations: []
+
+# -- Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
+# [[ref]](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/)
+hostAliases: []
+# - ip: "192.168.1.100"
+#   hostnames:
+#   - "example.com"
+#   - "www.example.com"
+
+# -- Set the resource requests / limits for the main container.
+resources:
+  {}
+  ## We usually recommend not to specify default resources and to leave this as a conscious
+  ## choice for the user. This also increases chances charts run on environments with little
+  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# -- The common chart supports several add-ons. These can be configured under this key.
+# @default -- See below
+addons:
+  # -- The common chart supports adding a VPN add-on. It can be configured under this key.
+  # @default -- See values.yaml
+  vpn:
+    # -- Enable running a VPN in the pod to route traffic through a VPN
+    enabled: false
+
+    # -- Specify the VPN type. Valid options are `gluetun`.
+    type: gluetun
+
+    # -- Gluetun specific configuration
+    # -- Make sure to read the [documentation](https://github.com/qdm12/gluetun/wiki)
+    # to see how to configure this addon!
+    # @default -- See below
+    gluetun:
+      image:
+        # -- Specify the Gluetun image
+        repository: docker.io/qmcgaw/gluetun
+        # -- Specify the Gluetun image tag
+        tag: v3.34.3
+        # -- Specify the Gluetun image pull policy
+        pullPolicy: IfNotPresent
+
+    # -- Set the VPN container securityContext
+    # @default -- See values.yaml
+    securityContext:
+      capabilities:
+        add:
+          - NET_ADMIN
+          - SYS_MODULE
+
+    # -- All variables specified here will be added to the vpn sidecar container
+    # See the documentation of the VPN image for all config values
+    env:
+      {}
+      # TZ: UTC
+
+    # -- Override the args for the vpn sidecar container
+    args: []
+
+    # -- Provide a customized vpn configuration file to be used by the VPN.
+    configFile:
+      # |-
+      # Some Example Config
+      # remote greatvpnhost.com 8888
+      # auth-user-pass
+      # Cipher AES
+
+    # -- Reference an existing secret that contains the VPN configuration file
+    # The chart expects it to be present under the `vpnConfigfile` key.
+    configFileSecret:
+
+    # -- Provide custom up/down scripts that can be used by the vpn configuration.
+    # @default -- See values.yaml
+    scripts:
+      # @default -- See below
+      up:
+      # |-
+      # !/bin/bash
+      # echo "connected" > /shared/vpnstatus
+
+      # @default -- See below
+      down:
+        # |-
+        # #!/bin/bash
+        # echo "disconnected" > /shared/vpnstatus
+
+    additionalVolumeMounts: []
+
+    # -- Optionally specify a livenessProbe, e.g. to check if the connection is still
+    # being protected by the VPN
+    livenessProbe:
+      {}
+      # exec:
+      #   command:
+      #     - sh
+      #     - -c
+      #     - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi
+      # initialDelaySeconds: 30
+      # periodSeconds: 60
+      # failureThreshold: 1
+
+    networkPolicy:
+      # -- If set to true, will deploy a network policy that blocks all outbound
+      # traffic except traffic specified as allowed
+      enabled: false
+
+      # -- Provide additional annotations which may be required.
+      annotations: {}
+
+      # -- Provide additional labels which may be required.
+      labels: {}
+
+      # -- Provide additional podSelector labels which may be required.
+      podSelectorLabels: {}
+
+      # -- The egress configuration for your network policy, All outbound traffic
+      # from the pod will be blocked unless specified here.
+      # [[ref]](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+      # [[recipes]](https://github.com/ahmetb/kubernetes-network-policy-recipes)
+      egress:
+        # - to:
+        #   - ipBlock:
+        #       cidr: 0.0.0.0/0
+        #   ports:
+        #   - port: 53
+        #     protocol: UDP
+        #   - port: 53
+        #     protocol: TCP
+
+  # -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
+  # @default -- See values.yaml
+  codeserver:
+    # -- Enable running a code-server container in the pod
+    enabled: false
+
+    image:
+      # -- Specify the code-server image
+      repository: ghcr.io/coder/code-server
+      # -- Specify the code-server image tag
+      tag: 4.13.0
+      # -- Specify the code-server image pull policy
+      pullPolicy: IfNotPresent
+
+    # -- Set any environment variables for code-server here
+    env:
+      {}
+      # TZ: UTC
+
+    # -- Set codeserver command line arguments.
+    # Consider setting --user-data-dir to a persistent location to preserve code-server setting changes
+    args:
+      - --auth
+      - none
+      # - --user-data-dir
+      # - "/config/.vscode"
+
+    # -- Specify a list of volumes that get mounted in the code-server container.
+    # At least 1 volumeMount is required!
+    volumeMounts: []
+    # - name: config
+    #   mountPath: /data/config
+
+    # -- Specify the working dir that will be opened when code-server starts
+    # If not given, the app will default to the mountpah of the first specified volumeMount
+    workingDir: ""
+
+    # -- Optionally allow access a Git repository by passing in a private SSH key
+    # @default -- See below
+    git:
+      # -- Raw SSH private key
+      deployKey: ""
+      # -- Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence.
+      deployKeyBase64: ""
+      # -- Existing secret containing SSH private key
+      # The chart expects it to be present under the `id_rsa` key.
+      deployKeySecret: ""
+
+    service:
+      # -- Enable a service for the code-server add-on.
+      enabled: true
+      type: ClusterIP
+      # Specify the default port information
+      ports:
+        codeserver:
+          port: 12321
+          enabled: true
+          protocol: TCP
+          targetPort: 12321
+          ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+          ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+          ##
+          # nodePort:
+      annotations: {}
+      labels: {}
+
+    ingress:
+      # -- Enable an ingress for the code-server add-on.
+      enabled: false
+
+      annotations:
+        {}
+        # kubernetes.io/ingress.class: nginx
+        # kubernetes.io/tls-acme: "true"
+
+      labels: {}
+
+      # -- Set the ingressClass that is used for this ingress.
+      ingressClassName: # "nginx"
+
+      hosts:
+        - host: code.chart-example.local
+          paths:
+            - path: /
+              pathType: Prefix
+      tls: []
+      #  - secretName: chart-example-tls
+      #    hosts:
+      #      - code.chart-example.local
+
+    securityContext:
+      runAsUser: 0
+
+  # -- The common library supports adding a netshoot add-on to troubleshoot network issues within a Pod.
+  # It can be configured under this key.
+  # @default -- See values.yaml
+  netshoot:
+    # -- Enable running a netshoot container in the pod
+    enabled: false
+
+    image:
+      # -- Specify the netshoot image
+      repository: ghcr.io/nicolaka/netshoot
+      # -- Specify the netshoot image tag
+      tag: v0.11
+      # -- Specify the netshoot image pull policy
+      pullPolicy: IfNotPresent
+
+    # -- Set any environment variables for netshoot here
+    env: {}
+
+    securityContext:
+      capabilities:
+        add:
+          - NET_ADMIN

charts/qbittorrent/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "bjw-s.common.lib.chart.notes" . -}}

charts/qbittorrent/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "bjw-s.common.loader.all" . }}

charts/qbittorrent/values.yaml

@@ -0,0 +1,77 @@
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/bjw-s/helm-charts/blob/a081de5/charts/library/common/values.yaml
+#
+
+image:
+  # -- image repository
+  repository: ghcr.io/linuxserver/qbittorrent
+  # -- image pull policy
+  pullPolicy: IfNotPresent
+  # -- image tag
+  tag: version-5.0.3-r0
+
+# -- environment variables. [[ref]](https://github.com/linuxserver/docker-qbittorrent#parameters)
+# @default -- See [values.yaml](./values.yaml)
+env:
+  # -- Set the container timezone
+  TZ: UTC
+
+# -- Configures service settings for the chart.
+# @default -- See [values.yaml](./values.yaml)
+service:
+  main:
+    ports:
+      http:
+        port: 8080
+  bittorrent:
+    enabled: false
+    ports:
+      bittorrent:
+        enabled: true
+        port: 6881
+        protocol: TCP
+
+ingress:
+  # -- Enable and configure ingress settings for the chart under this key.
+  # @default -- See [values.yaml](./values.yaml)
+  main:
+    enabled: false
+    # hosts:
+    #   - host: chart-example.local
+    #     paths:
+    #       - path: /
+    # tls:
+    #   - secretName: chart-example.local-tls
+    #     hosts:
+    #       - chart-example.local
+
+# -- Configure persistence settings for the chart under this key.
+# Set `enabled` to `true' to create persistant volumes for each of these.
+# @default -- See values.yaml
+persistence:
+  # Configuration files
+  config:
+    enabled: false
+    # retain: true
+    # storageClass: ""
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+
+  # Optional - Download location - Allows dedicated volume for storage of downloaded files.
+  downloads:
+    enabled: false
+    # mountPath: /downloads
+    # storageClass: ""
+    # accessMode: ReadWriteOnce
+    # size: 10Gi
+
+  # Optional - Allows linking to an existing media library scraping location.
+  media:
+    enabled: false
+    # mountPath: /media
+    # storageClass: ""
+    # accessMode: ReadWriteOnce
+    # size: 10Gi

charts/root/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-name: root
-description: A Helm chart for Kubernetes
-type: application
-version: 0.1.5
-appVersion: "1.16.0"

charts/root/templates/root.yaml

@@ -1,25 +0,0 @@
-{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: root
-spec:
-  interval: 30s
-  url: {{ .Values.url }}
-  ref:
-    branch: {{ .Values.branch }}
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: root
-spec:
-  interval: 30s
-  targetNamespace: flux-system
-  sourceRef:
-    kind: GitRepository
-    name: root
-  path: "."
-  prune: false
-  timeout: 1m
-{{- end }}

charts/root/templates/self.yaml

@@ -1,25 +0,0 @@
-{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: root-self
-spec:
-  interval: 30s
-  url: {{ .Values.self.url }}
-  ref:
-    branch: {{ .Values.self.branch }}
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: root-self
-spec:
-  interval: 30s
-  targetNamespace: flux-system
-  sourceRef:
-    kind: GitRepository
-    name: root-self
-  path: "."
-  prune: false
-  timeout: 1m
-{{- end }}

charts/root/values.yaml

@@ -1,5 +0,0 @@
-url: https://git.badhouseplants.net/giantswarm/cluster-example.git
-branch: main
-self:
-  url: git@git.badhouseplants.net:giantswarm/root-config.git
-  branch: master

charts/tf-ocloud/Chart.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: helm-library
-  repository: oci://ghcr.io/allanger/allangers-helm-library
-  version: 0.1.4
-digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
-generated: "2024-10-16T20:01:59.337767+02:00"

charts/tf-ocloud/Chart.yaml

@@ -1,15 +0,0 @@
-apiVersion: v2
-name: tf-ocloud
-type: application
-version: 0.1.0
-appVersion: 0.1.5
-maintainers:
-  - name: allanger
-    email: allanger@zohomail.com
-    url: https://badhouseplants.net
-dependencies:
-  - name: helm-library
-    version: 0.1.5
-    repository: oci://ghcr.io/allanger/allangers-helm-library
-annotations:
-  allowed_workload_kinds: "Deployment"

charts/tf-ocloud/templates/install.yaml

@@ -1,3 +0,0 @@
-{{ include "lib.component.workload" . }}
-{{ include "lib.component.files" . }}
-{{ include "lib.component.env" . }}

charts/tf-ocloud/values.yaml

@@ -1,67 +0,0 @@
----
-workload:
-  kind: Deployment
-  strategy:
-    type: RollingUpdate
-  securityContext: {}
-  containers:
-    tf:
-      securityContext: {}
-      image:
-        registry: zot.badhouseplants.net
-        repository: badhouseplants/terraform-ocloud
-        tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
-        pullPolicy: Always
-      envFrom:
-        - main
-      mounts:
-        files:
-          ocloudkey:
-            path: /src/key.pem
-            subPath: key.pem
-          publickey:
-            path: /src/public_key
-            subPath: public-key
-          privatekey:
-            path: /src/ssh_key
-            subPath: ssh-key
-          tfvars:
-            path: /src/terraform.tfvars
-            subPath: terraform.tfvars
-        extraVolumes:
-          dottf:
-            path: /src/.terraform
-
-extraVolumes:
-  dottf:
-    emptyDir: {}
-
-files:
-  ocloudkey:
-    enabled: true
-    sensitive: false
-    remove: []
-    entries:
-      key.pem:
-        data: dummy
-  publickey:
-    enabled: true
-    sensitive: false
-    remove: []
-    entries:
-      public-key:
-        data: dummy
-  privatekey:
-    enabled: true
-    sensitive: false
-    remove: []
-    entries:
-      ssh-key:
-        data: dummy
-  tfvars:
-    enabled: true
-    sensitive: false
-    remove: []
-    entries:
-      terraform.tfvars:
-        data: dummy

common/environments.yaml

@@ -2,6 +2,7 @@ environments:
   badhouseplants:
     kubeContext: badhouseplants
     values:
+      - ./common/values/values.badhouseplants.yaml
       - base:
           enabled: true
       - velero:
@@ -21,10 +22,15 @@ environments:
       - redis:
           enabled: true
       - istio:
-          enabled: false
+          enabled: true
+      - dbOperator:
+          enabled: true
+      - monitoring:
+          enabled: true
   etersoft:
     kubeContext: etersoft
     values:
+      - ./common/values/values.etersoft.yaml
       - base:
           enabled: true
       - velero:
@@ -41,53 +47,11 @@ environments:
           enabled: false
       - redis:
           enabled: false
-      - postgres16:
-          enabled: true
-      - istio:
-          enabled: false
-  xray-1:
-    kubeContext: xray-1
-    values:
-      - base:
-          enabled: false
-      - velero:
-          enabled: false
-      - workload:
-          enabled: false
-      - backups:
-          enabled: false
-      - openebs:
-          enabled: false
-      - localpath:
-          enabled: false
-      - postgres17:
-          enabled: false
-      - redis:
-          enabled: false
       - postgres16:
           enabled: false
       - istio:
           enabled: false
-  xray-2:
-    kubeContext: xray-2
-    values:
-      - base:
+      - dbOperator:
           enabled: false
-      - velero:
-          enabled: false
-      - workload:
-          enabled: false
-      - backups:
-          enabled: false
-      - openebs:
-          enabled: false
-      - localpath:
-          enabled: false
-      - postgres17:
-          enabled: false
-      - redis:
-          enabled: false
-      - postgres16:
-          enabled: false
-      - istio:
+      - monitoring:
           enabled: false

common/repositories.yaml

@@ -1,24 +0,0 @@
-repositories:
-  - name: bedag
-    url: https://bedag.github.io/helm-charts/
-  - name: metrics-server
-    url: https://kubernetes-sigs.github.io/metrics-server/
-  - name: jetstack
-    url: https://charts.jetstack.io
-  - name: metallb
-    url: https://metallb.github.io/metallb
-  - name: traefik
-    url: https://traefik.github.io/charts
-  - name: coredns
-    url: https://coredns.github.io/helm
-  - name: cilium
-    url: https://helm.cilium.io/
-  - name: vmware-tanzu
-    url: https://vmware-tanzu.github.io/helm-charts/
-  - name: openebs
-    url: https://openebs.github.io/openebs
-  - name: local-path-provisioner
-    url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
-  - name: istio
-    url: https://istio-release.storage.googleapis.com/charts
-

common/templates.gotmpl

@@ -1,4 +1,10 @@
+helmDefaults:
+  kubeContext: {{ .StateValues.kubeContext }}
+
 templates:
+  # ---------------------------
+  # -- Hooks
+  # ---------------------------
   crd-management-hook:
     hooks:
       - events: ["preapply"]
@@ -22,42 +28,33 @@ templates:
         args:
           - -c
           - "helm show crds {{ `{{ .Release.Chart }}` }} --version {{ `{{ .Release.Version }}` }} | kubectl delete -f - || true"
-  apply-log:
-    disableOpenAPIValidation: true
-    disableValidation: true
-    dependencies:
-      - chart: ./charts/apply-log
-        version: '0.1.0'
-        alias: apply-log
-    set:
-      - name: apply-log.ci
-        value: '{{ env "CI" }}'
-      - name: apply-log.author
-        value: '{{ env "USER" }}'
-      - name: apply-log.branch
-        value: '{{ exec "git" (list "rev-parse" "--abbrev-ref" "HEAD") }}'
-      - name: apply-log.sha
-        value: '{{exec "git" (list "rev-parse" "--short" "HEAD") }}'
-      - name: apply-log.status
-        value: '{{ exec "sh" (list "-c" "test -z $(git status --porcelain) && echo clean || echo dirty") }}'
-  disable-cd:
-    labels:
-      k8s.onpier.de/cd-disabled: 'true'
-    set:
-      - name: apply-log.cdDisabled
-        value: "true"
   # ----------------------------
   # -- Configs
   # ----------------------------
   default-common-values:
     values:
-      - ./values/common/values.{{ `{{ .Release.Name }}` }}.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.{{ `{{ .Release.Name }}` }}.yaml'
   default-env-values:
     values:
-      - ./values/{{ .Environment.Name }}/values.{{ `{{ .Release.Name }}` }}.yaml
+      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/values.{{ `{{ .Release.Name }}` }}.yaml'
   default-env-secrets:
     secrets:
-      - ./values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml
+      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
+  common-values:
+    values:
+      - '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
+  common-values-tpl:
+    values:
+      - '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
+  env-values:
+    values:
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
+  env-values-tpl:
+    values:
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
+  env-secrets:
+    secrets:
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
   # ----------------------------
   # -- Extensions
   # ----------------------------
@@ -67,56 +64,56 @@ templates:
         version: 2.0.0
         alias: istio-gateway
     values:
-      - ./values/common/values.istio-gateway.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.istio-gateway.yaml'
   ext-tcp-routes:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: traefik
     values:
-      - ./values/common/values.tcp-route.yaml
+      - '../values/common/values.tcp-route.yaml'
   ext-udp-routes:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: traefik-udp
     values:
-      - ./values/common/values.udp-route.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.udp-route.yaml'
   ext-traefik-middleware:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: middleware
     values:
-      - ./values/common/values.middleware.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.middleware.yaml'
   ext-istio-resource:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: istio
     values:
-      - ./values/common/values.istio.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.istio.yaml'
   ext-certificate:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: certificate
     values:
-      - ./values/common/values.certificate.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.certificate.yaml'
   ext-metallb:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: metallb
     values:
-      - ./common/extensions/metallb.yaml
+      - '{{ requiredEnv "PWD" }}/common/extensions/metallb.yaml'
   service-monitor:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: service-monitor
     values:
-      - ./values/common/values.service-monitor.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.service-monitor.yaml'
   namespace:
     dependencies:
       - chart: bedag/raw
@@ -131,18 +128,25 @@ templates:
         version: 2.0.0
         alias: ext-database
     values:
-      - ./values/common/values.database.yaml
+      - '../values/common/values.database.yaml'
   ext-secret:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: ext-secret
     values:
-      - ./values/common/values.secret.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.secret.yaml'
   ext-cilium:
     dependencies:
       - chart: bedag/raw
         version: 2.0.0
         alias: ext-cilium
     values:
-      - ./values/common/values.ext-cilium.yaml
+      - '{{ requiredEnv "PWD" }}/values/common/values.ext-cilium.yaml'
+  ext-self-signed-cert:
+    dependencies:
+      - chart: bedag/raw
+        version: 2.0.0
+        alias: ext-self-signed-cert
+    values:
+      - '{{ requiredEnv "PWD" }}/common/extensions/self-signed-cert.yaml'

common/values/values.badhouseplants.yaml

@@ -1,4 +1,6 @@
-namespaces:
-  kubeSystem: kube-system
-  kubePublic: kube-public
-  
+registry: registry.badhouseplants.net/containers
+registry_url: registry.badhouseplants.net
+main_ip: 195.201.249.91
+tools:
+  openebs:
+    enabled: true

common/values/values.etersoft.yaml

@@ -0,0 +1,6 @@
+registry: registry.ru.badhouseplants.net/containers
+registry_url: registry.ru.badhouseplants.net
+main_ip: 91.232.225.63
+tools:
+  openebs:
+    enabled: false

helmfile.yaml

@@ -1,158 +0,0 @@
-bases:
-  - ./common/environments.yaml
-  - ./common/templates.yaml
-  - ./common/repositories.yaml
-helmDefaults:
-  postRenderer: ./scripts/post_render_apply_log.sh
-releases:
-  # -------------------------------------------------------------------
-  # -- Bootstrap the cluster resources
-  # -------------------------------------------------------------------
-  # -- Prepare all the required namespaces
-  - name: namespaces
-    postRendererArgs:
-      - "{{` {{ . }} `}}"
-    chart: ./charts/namespaces
-    namespace: kube-public
-    createNamespace: false
-    inherit:
-      - template: default-env-values
-
-  # -------------------------------------------------------------------
-  # -- Prepare all the required roles
-  - name: roles
-    chart: ./charts/roles
-    namespace: kube-public
-    createNamespace: false
-    needs:
-      - kube-public/namespaces
-    inherit:
-      - template: default-env-values
-      - template: apply-log
-        # -------------------------------------------------------------------
-        # -- Deploy the core cluster workload
-        # -------------------------------------------------------------------
-
-  - name: coredns
-    chart: coredns/coredns
-    version: 1.37.0
-    namespace: kube-system
-    inherit:
-      - template: default-common-values
-      - template: apply-log
-
-  - name: cilium
-    chart: cilium/cilium
-    version: 1.16.4
-    condition: base.enabled
-    namespace: kube-system
-    needs:
-      - kube-system/coredns
-    inherit:
-      - template: default-env-values
-      - template: apply-log
-
-  - name: cert-manager
-    chart: jetstack/cert-manager
-    version: v1.16.2
-    namespace: kube-system
-    condition: base.enabled
-    missingFileHandler: Warn
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-common-values
-      - template: default-env-values
-      - template: apply-log
-
-  - name: issuer
-    chart: ./charts/issuer
-    namespace: kube-public
-    missingFileHandler: Warn
-    condition: base.enabled
-    needs:
-      - kube-system/cert-manager
-    inherit:
-      - template: default-common-values
-      - template: default-env-values
-      - template: apply-log
-
-  - name: metrics-server
-    chart: metrics-server/metrics-server
-    version: 3.12.2
-    namespace: kube-system
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-common-values
-      - template: apply-log
-
-  - name: metallb
-    chart: metallb/metallb
-    namespace: kube-system
-    condition: base.enabled
-    version: 0.14.8
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-common-values
-      - template: apply-log
-
-  - name: metallb-resources
-    chart: bedag/raw
-    version: 2.0.0
-    condition: base.enabled
-    namespace: kube-system
-    needs:
-      - kube-system/metallb
-    inherit:
-      - template: ext-metallb
-      - template: default-env-values
-      - template: apply-log
-
-  - name: traefik
-    chart: traefik/traefik
-    version: 33.1.0
-    condition: base.enabled
-    namespace: kube-system
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-common-values
-      - template: default-env-values
-      - template: apply-log
-
-  - name: velero
-    chart: vmware-tanzu/velero
-    namespace: velero
-    version: 8.1.0
-    condition: velero.enabled
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
-      - template: crd-management-hook
-      - template: apply-log
-
-  - name: openebs
-    chart: openebs/openebs
-    condition: openebs.enabled
-    namespace: kube-system
-    version: 4.1.1
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-env-values
-      - template: apply-log
-
-  # -- Not versions since it's idnstalled from git
-  - name: local-path-provisioner
-    chart: local-path-provisioner/local-path-provisioner
-    condition: localpath.enabled
-    namespace: kube-system
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-env-values
-      - template: apply-log

helmfile.yaml.gotmpl

@@ -0,0 +1,29 @@
+---
+bases:
+  - ./common/environments.yaml
+---
+helmfiles:
+  - path: ./helmfiles/base.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/system.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/platform.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/databases.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/monitoring.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/{{ .Environment.Name }}-applications.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}