monicahq
diff --git a/‎.github/tests/external_database.yaml‎
Lines changed: 10 additions & 0 deletions b/‎.github/tests/external_database.yaml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.github/workflows/docs.yml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/docs.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/tests.yml‎
Lines changed: 28 additions & 7 deletions b/‎.github/workflows/tests.yml‎
Lines changed: 28 additions & 7 deletions
diff --git a/‎charts/monica/Chart.yaml‎
Lines changed: 2 additions & 2 deletions b/‎charts/monica/Chart.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎charts/monica/README.md‎
Lines changed: 24 additions & 1 deletion b/‎charts/monica/README.md‎
Lines changed: 24 additions & 1 deletion
diff --git a/‎charts/monica/files/nginx-config.tpl‎
Lines changed: 129 additions & 0 deletions b/‎charts/monica/files/nginx-config.tpl‎
Lines changed: 129 additions & 0 deletions
diff --git a/‎charts/monica/templates/NOTES.txt‎
Lines changed: 16 additions & 0 deletions b/‎charts/monica/templates/NOTES.txt‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎charts/monica/templates/_helpers.tpl‎
Lines changed: 2 additions & 3 deletions b/‎charts/monica/templates/_helpers.tpl‎
Lines changed: 2 additions & 3 deletions
@@ -0,0 +1,10 @@
+internalDatabase:
+   enabled: false
+
+externalDatabase:
+  enabled: true
+  type: mysql
+  user: root
+  password: root
+  database: monica
+  host: %DB_HOST%
@@ -5,8 +5,9 @@ on:
     types: [opened, synchronize, reopened]
 
 jobs:
-  release:
+  docs:
     runs-on: ubuntu-latest
+    name: Helm docs
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -12,6 +12,7 @@ env:
 
 jobs:
   release:
+    name: Release Charts
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
 
@@ -9,6 +9,7 @@ env:
 
 jobs:
   linter:
+    name: Lint chart files
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -39,24 +40,32 @@ jobs:
       fail-fast: false
       matrix:
         test_cases:
-          # test the plain helm chart with nothing changed
           - name: Default - no custom values
 
-          # test the helm chart with postgresql subchart enabled
           - name: PostgreSQL enabled
             helm_args: '--set=internalDatabase.enabled=false --set=postgresql.enabled=true'
 
-          # test the helm chart with mariadb subchart enabled
           - name: Mariadb enabled
             helm_args: '--set=internalDatabase.enabled=false --set=mariadb.enabled=true'
 
-          # test the helm chart with redis, queue and more
+          - name: Nodeport service enabled
+            helm_args: '--set=service.type=NodePort --set=service.nodePort=30001'
+
+          - name: nginx enabled
+            helm_args: '--set=nginx.enabled=true --set=image.tag=main-fpm'
+
+          - name: Horizontal Pod Autoscaling Enabled
+            helm_args: '--set=hpa.enabled=true --set=hpa.minPods=2 --set=hpa.maxPods=3 --set=hpa.targetCPUUtilizationPercentage=75'
+
           - name: Redis and queue enabled
             file: redis.yaml
 
-          # test the helm chart with meilisearch
           - name: Meilisearch and queue enabled
-            file: meilisearch.yaml          
+            file: meilisearch.yaml
+
+          # - name: External database
+          #   external_database: true
+          #   file: external_database.yaml
 
     steps:
       - name: Checkout
@@ -92,5 +101,17 @@ jobs:
         if: matrix.test_cases.file != ''
         run: cp .github/tests/${{ matrix.test_cases.file }} charts/monica/ci/test-values.yaml
 
+      - name: Create mysql database
+        if: matrix.test_cases.external_database
+        run: |
+          sudo systemctl start mysql.service
+          mysql --protocol=tcp -u root -proot -e "CREATE DATABASE IF NOT EXISTS monica CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
+          hostname -I
+          IFS=' '
+          read -ra hostname <<< $(hostname -I)
+          DB_HOST=${hostname[1]}
+          sed -i "s/%DB_HOST%/$DB_HOST/" charts/monica/ci/test-values.yaml
+
       - name: Run chart-testing (install)
-        run: ct install --config ct.yaml --helm-extra-args '--timeout 600s' --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set=image.repository=ghcr.io/monicahq/monica-next --set=image.tag=main ${{ matrix.test_cases.helm_args }}"
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --config ct.yaml --helm-extra-args '--timeout 600s' --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "${{ matrix.test_cases.helm_args }}"
@@ -2,9 +2,9 @@ apiVersion: v2
 name: monica
 description: A Helm chart for Kubernetes to install Monica
 type: application
-version: 1.0.7
+version: 1.0.8
 appVersion: "5.0.0"
-icon: https://www.monicahq.com/favicon.ico
+icon: https://raw.githubusercontent.com/monicahq/monica/aa98c09/public/img/favicon.svg
 maintainers:
   - name: MonicaHQ
     url: https://github.com/monicahq/monica
 
@@ -1,6 +1,6 @@
 # monica
 
-![Version: 1.0.7](https://img.shields.io/badge/Version-1.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 1.0.8](https://img.shields.io/badge/Version-1.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 A Helm chart for Kubernetes to install Monica
 
@@ -42,6 +42,10 @@ Kubernetes: `>=1.16.0-0`
 | externalDatabase.type | string | `"mysql"` |  |
 | externalDatabase.user | string | `"monica"` |  |
 | fullnameOverride | string | `""` |  |
+| hpa.cputhreshold | int | `60` |  |
+| hpa.enabled | bool | `false` |  |
+| hpa.maxPods | int | `10` |  |
+| hpa.minPods | int | `1` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/monicahq/monica-next"` |  |
 | image.tag | string | `"main"` |  |
@@ -53,6 +57,12 @@ Kubernetes: `>=1.16.0-0`
 | internalDatabase.enabled | bool | `true` |  |
 | internalDatabase.name | string | `"/var/www/html/database/monica.sqlite"` |  |
 | lifecycle | object | `{}` |  |
+| livenessProbe.enabled | bool | `true` |  |
+| livenessProbe.failureThreshold | int | `3` |  |
+| livenessProbe.initialDelaySeconds | int | `10` |  |
+| livenessProbe.periodSeconds | int | `10` |  |
+| livenessProbe.successThreshold | int | `1` |  |
+| livenessProbe.timeoutSeconds | int | `5` |  |
 | mariadb.architecture | string | `"standalone"` |  |
 | mariadb.auth.database | string | `"monica"` |  |
 | mariadb.auth.password | string | `"secret"` |  |
@@ -92,6 +102,7 @@ Kubernetes: `>=1.16.0-0`
 | monica.strategy.type | string | `"Recreate"` |  |
 | nameOverride | string | `""` |  |
 | nginx.config.default | bool | `true` |  |
+| nginx.containerPort | int | `80` |  |
 | nginx.enabled | bool | `false` |  |
 | nginx.image.pullPolicy | string | `"IfNotPresent"` |  |
 | nginx.image.repository | string | `"nginx"` |  |
@@ -109,6 +120,12 @@ Kubernetes: `>=1.16.0-0`
 | postgresql.global.postgresql.auth.password | string | `"secret"` |  |
 | postgresql.global.postgresql.auth.username | string | `"monica"` |  |
 | postgresql.primary.persistence.enabled | bool | `false` |  |
+| readinessProbe.enabled | bool | `true` |  |
+| readinessProbe.failureThreshold | int | `3` |  |
+| readinessProbe.initialDelaySeconds | int | `10` |  |
+| readinessProbe.periodSeconds | int | `10` |  |
+| readinessProbe.successThreshold | int | `1` |  |
+| readinessProbe.timeoutSeconds | int | `5` |  |
 | redis.auth.enabled | bool | `true` |  |
 | redis.auth.password | string | `"secret"` |  |
 | redis.enabled | bool | `false` |  |
@@ -122,6 +139,12 @@ Kubernetes: `>=1.16.0-0`
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
+| startupProbe.enabled | bool | `false` |  |
+| startupProbe.failureThreshold | int | `30` |  |
+| startupProbe.initialDelaySeconds | int | `30` |  |
+| startupProbe.periodSeconds | int | `10` |  |
+| startupProbe.successThreshold | int | `1` |  |
+| startupProbe.timeoutSeconds | int | `5` |  |
 | tests.unitTests.resources.limits.cpu | string | `"200m"` |  |
 | tests.unitTests.resources.limits.memory | string | `"256Mi"` |  |
 | tests.unitTests.resources.requests.cpu | string | `"100m"` |  |
 
@@ -0,0 +1,129 @@
+upstream php-handler {
+    server 127.0.0.1:9000;
+}
+
+server {
+    listen {{ .Values.nginx.containerPort | default 80 }};
+    listen [::]:{{ .Values.nginx.containerPort | default 80 }};
+
+    ## HSTS ##
+    # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
+    # WARNING: Only add the preload option once you read about the consequences: https://hstspreload.org/.
+    # This form will add the domain to a hardcoded list that is shipped in all major browsers and getting
+    # removed from this list could take several months.
+    #
+    #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
+
+    add_header Referrer-Policy "no-referrer" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Download-Options "noopen" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Permitted-Cross-Domain-Policies "none" always;
+    add_header X-Robots-Tag "none" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    root /var/www/html/public;
+
+    index index.php index.html index.htm;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ ^/(?:robots.txt|security.txt) {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    error_page 404 500 502 503 504 /index.php;
+
+    location ~ /\.well-known/(?:carddav|caldav) {
+        return 301 $scheme://$host/dav;
+    }
+    location = /.well-known/security.txt {
+        return 301 $scheme://$host/security.txt;
+    }
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+
+    # set max upload size
+    client_max_body_size 10G;
+    fastcgi_buffers 64 4K;
+
+    # Enable gzip but do not remove ETag headers
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+    # Uncomment if your server is build with the ngx_pagespeed module
+    # This module is currently not supported.
+    #pagespeed off;
+
+    location ~ \.php(?:$|/) {
+        # regex to split $uri to $fastcgi_script_name and $fastcgi_path
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+        # Check that the PHP script exists before passing it
+        # try_files $fastcgi_script_name =404;
+
+        fastcgi_pass php-handler;
+        fastcgi_index index.php;
+
+        include fastcgi_params;
+
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        # Bypass the fact that try_files resets $fastcgi_path_info
+        # see: http://trac.nginx.org/nginx/ticket/321
+        set $path_info $fastcgi_path_info;
+        fastcgi_param PATH_INFO $path_info;
+    }
+
+    # Adding the cache control header for js and css files
+    # Make sure it is BELOW the PHP block
+    location ~ \.(?:css|js|woff2?|svg|gif|json)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463";
+
+        ## HSTS ##
+        # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
+        # Note it is intended to have those duplicated to the ones above.
+        # WARNING: Only add the preload option once you read about the consequences: https://hstspreload.org/.
+        # This form will add the domain to a hardcoded list that is shipped in all major browsers and getting
+        # removed from this list could take several months.
+        #
+        #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
+
+        add_header Referrer-Policy "no-referrer" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Download-Options "noopen" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
+        add_header X-Robots-Tag "none" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        try_files $uri /index.php$request_uri;
+
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    # deny access to .htaccess files
+    location ~ /\.ht {
+        deny all;
+    }
+}
@@ -0,0 +1,16 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.monica.host }}{{ $.Values.ingress.path }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "monica.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ include "monica.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "monica.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "monica.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} &
+  echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application"
+{{- end }}
@@ -35,12 +35,12 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "monica.labels" -}}
-helm.sh/chart: {{ include "monica.chart" . }}
 {{ include "monica.selectorLabels" . }}
+helm.sh/chart: {{ include "monica.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- if or .Chart.AppVersion .Values.image.tag }}
 app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
 {{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 
 {{/*
@@ -49,7 +49,6 @@ Selector labels
 {{- define "monica.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "monica.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/component: app
 {{- end -}}
 
 {{/*