feat(helm): create the basics of the helm chart

charts/readur/Chart.yaml

@@ -1,46 +1,36 @@
 apiVersion: v2
 type: application
 name: readur
-home: https://github.com/readur/helm-charts
+home: https://github.com/readur/readur
-icon: https://github.com/readur/helm-charts/commit/icon.png
+icon: https://github.com/readur/readur/blob/main/assets/icon.png
 deprecated: false
 description: |-
-  Build your personal knowledge base with readur Notes. A hierarchical note taking application with focus on building large personal knowledge bases.
+  Readur is a document management and OCR processing service that automatically processes uploaded documents, extracts text using OCR, and makes content searchable.
 annotations:
-  category: Notes
+  category: Document Management
-version: 1.3.0
+version: 0.1.0
-appVersion: 0.92.4
+appVersion: latest
 kubeVersion: ">= 1.19"
 dependencies:
   - name: common
     repository: https://bjw-s.github.io/helm-charts
     version: 3.3.2
+  - name: postgresql
+    repository: https://charts.bitnami.com/bitnami
+    version: 15.5.38
+    condition: postgresql.enabled
 keywords:
-  - electron
+  - document-management
-  - wiki
+  - ocr
-  - notebook
+  - text-extraction
-  - notes
+  - file-processing
+  - rust
   - self-hosted
-  - knowledge-graph
+  - document-search
-  - electron-app
+  - pdf
-  - note-taking
+  - tesseract
-  - self-hosting
-  - knowledge-base
-  - personal-knowledge-base
-  - knowledge-management
-  - personal-wiki
-  - notes-app
-  - scriptable
-  - knowledge-management-graph
-  - note-managment
-  - note-taker
-  - local-first
 maintainers:
   - name: readur
-    url: https://github.com/perfectra1n/readur
+    url: https://github.com/readur/readur
-  - name: perfectra1n
-    email: jon@jonfuller.io
-    url: https://perf3ct.tech
 sources:
-  - https://github.com/readur/helm-charts
+  - https://github.com/readur/readur
-  - hhttps://github.com/perfectra1n/readur

charts/readur/templates/checks.yaml

@@ -1 +1,19 @@
-{{- $name := .Values.persistence.data.existingClaim | required "You need to specify an existing PVC in your values, at the path persistence.data.existingClaim" -}}
+{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.enabled) -}}
+  {{- fail "Either postgresql.enabled or externalDatabase.enabled must be set to true" -}}
+{{- end -}}
+
+{{- if and .Values.postgresql.enabled .Values.externalDatabase.enabled -}}
+  {{- fail "Only one of postgresql.enabled or externalDatabase.enabled can be set to true" -}}
+{{- end -}}
+
+{{- if .Values.persistence.uploads.enabled -}}
+  {{- if and (eq .Values.persistence.uploads.type "persistentVolumeClaim") (not .Values.persistence.uploads.existingClaim) -}}
+    {{- $name := .Values.persistence.uploads.existingClaim | required "You need to specify an existing PVC for uploads storage at persistence.uploads.existingClaim or let the chart create one" -}}
+  {{- end -}}
+{{- end -}}
+
+{{- if .Values.persistence.watch.enabled -}}
+  {{- if and (eq .Values.persistence.watch.type "persistentVolumeClaim") (not .Values.persistence.watch.existingClaim) -}}
+    {{- $name := .Values.persistence.watch.existingClaim | required "You need to specify an existing PVC for watch folder at persistence.watch.existingClaim or let the chart create one" -}}
+  {{- end -}}
+{{- end -}}

charts/readur/templates/config.yaml

@@ -1,42 +1,17 @@
 apiVersion: v1
-kind: ConfigMap
+kind: Secret
 metadata:
-  name: {{ .Release.Name }}-config
+  name: readur-db-secret
   labels:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/name: {{ .Chart.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-data:
+type: Opaque
-  config.ini: |
+stringData:
-    [General]
+  {{- if .Values.postgresql.enabled }}
-    # Instance name can be used to distinguish between different instances using backend api.getInstanceName()
+  database-url: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.auth.database }}"
-    instanceName={{ .Values.configini.general.instanceName }}
+  {{- else if .Values.externalDatabase.enabled }}
-
+  database-url: "postgresql://{{ .Values.externalDatabase.username }}:{{ .Values.externalDatabase.password }}@{{ .Values.externalDatabase.host }}:{{ .Values.externalDatabase.port }}/{{ .Values.externalDatabase.database }}"
-    # set to true to allow using readur without authentication (makes sense for server build only, desktop build doesn't need password)
+  {{- end }}
-    noAuthentication={{ .Values.configini.general.noAuthentication }}
-
-    # set to true to disable backups (e.g. because of limited space on server)
-    noBackup={{ .Values.configini.general.noBackup }}
-
-    # Disable automatically generating desktop icon
-    # noDesktopIcon=true
-
-    [Network]
-    # host setting is relevant only for web deployments - set the host on which the server will listen
-    host={{ .Values.configini.network.host }}
-    # port setting is relevant only for web deployments, desktop builds run on a fixed port (changeable with readur_PORT environment variable)
-    port={{ .Values.configini.network.port }}
-    # true for TLS/SSL/HTTPS (secure), false for HTTP (unsecure).
-    https={{ .Values.configini.network.https }}
-    # path to certificate (run "bash bin/generate-cert.sh" to generate self-signed certificate). Relevant only if https=true
-    certPath={{ .Values.configini.network.certPath }}
-    keyPath={{ .Values.configini.network.keyPath }}
-    # setting to give trust to reverse proxies, a comma-separated list of trusted rev. proxy IPs can be specified (CIDR notation is permitted),
-    # alternatively 'true' will make use of the leftmost IP in X-Forwarded-For, ultimately an integer can be used to tell about the number of hops between
-    # readur (which is hop 0) and the first trusted rev. proxy.
-    # once set, expressjs will use the X-Forwarded-For header set by the rev. proxy to determinate the real IPs of clients.
-    # expressjs shortcuts are supported: loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7)
-    trustedReverseProxy={{ .Values.configini.network.trustedReverseProxy }}
-

charts/readur/templates/release.yaml

@@ -1,72 +1,74 @@
 {{- define "readur.hardcodedValues" -}}
 controllers:
   main:
-    initContainers:
-      fixperms:
-        image:
-          repository: busybox
-          tag: latest
-        args: ["sh", "-c", "chown -R 1000:1000 /home/node/readur-data"]
-        securityContext:
-          runAsUser: 0
-          runAsGroup: 0
     containers:
       readur:
         image:
-          repository: perfectra1n/readur
+          repository: readur/readur
-          tag: v0.90.8
+          tag: latest
           pullPolicy: IfNotPresent
         
+        securityContext:
+          runAsUser: 1000
+          runAsGroup: 1000
+          runAsNonRoot: true
+          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+
         probes:
           startup:
             enabled: true
             custom: true
-            type: TCP
+            type: HTTP
             spec:
-              initialDelaySeconds: 45  # Time to wait before starting the probe
+              initialDelaySeconds: 30
-              periodSeconds: 10        # How often to perform the probe
+              periodSeconds: 10
-              timeoutSeconds: 5        # Number of seconds after which the probe times out
+              timeoutSeconds: 5
-              failureThreshold: 10     # Number of times to try the probe before giving up
+              failureThreshold: 30
               httpGet: &probesPath
-                path: /login
+                path: /api/health
-                port: 8080
+                port: 8000
           readiness: &probes
             enabled: true
             custom: true
             spec:
-              initialDelaySeconds: 5   # Time to wait before starting the probe after startup probe succeeds
+              initialDelaySeconds: 5
-              periodSeconds: 10        # How often to perform the probe
+              periodSeconds: 10
-              timeoutSeconds: 10       # Number of seconds after which the probe times out
+              timeoutSeconds: 10
-              failureThreshold: 3      # Number of times to try the probe before considering the container not ready
+              failureThreshold: 3
               httpGet: *probesPath
-
           liveness: *probes
 
-
+        resources:
+          limits:
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 512Mi
 
 persistence:
-  data:
+  uploads:
     enabled: true
     type: persistentVolumeClaim
-    size: 20Gi
+    size: 10Gi
     retain: true
-    # Since it's SQLite, the PVC should only be RWO
     accessMode: ReadWriteOnce
     globalMounts:
-      - path: /home/node/readur-data
+      - path: /app/uploads
         readOnly: false
-  config:
+  
+  watch:
     enabled: true
-    type: configMap
+    type: persistentVolumeClaim
-    name: {{ .Release.Name }}-config
+    size: 5Gi
-    readOnly: true
+    retain: true
-    advancedMounts:
+    accessMode: ReadWriteOnce
-      main:
+    globalMounts:
-        readur:
+      - path: /app/watch
-          - path: /home/node/readur-data/config.ini
+        readOnly: false
-            subPath: config.ini
-    
-
 
 service:
   main:
@@ -74,15 +76,11 @@ service:
     enabled: true
     ports:
       http:
-        # What port the cluster is listening on
+        port: 8000
-        port: 8080
+        targetPort: 8000
-        # What port the container is listening on
-        targetPort: 8080
 
 {{ end }}
 
-
-
 {{- $ctx := deepCopy . -}}
 # Merge with ALL the values in `values.yaml`
 {{- $_ := mergeOverwrite .Values $ctx.Values -}}

charts/readur/values.yaml

@@ -8,42 +8,115 @@ controllers:
     containers:
       readur:
         image:
-          repository: perfectra1n/readur
+          repository: readur/readur
-          tag: v0.92.4
+          tag: latest
           pullPolicy: IfNotPresent
         env:
-          key: "value"
+          # Server Configuration
+          SERVER_HOST: "0.0.0.0"
+          SERVER_PORT: "8000"
+          
+          # Security
+          JWT_SECRET: "changeme-in-production"
+          
+          # File Management
+          UPLOAD_PATH: "/app/uploads"
+          WATCH_FOLDER: "/app/watch"
+          ALLOWED_FILE_TYPES: "pdf,txt,doc,docx,png,jpg,jpeg"
+          MAX_FILE_SIZE_MB: "50"
+          MAX_FILE_AGE_HOURS: "24"
+          
+          # OCR Settings
+          OCR_LANGUAGE: "eng"
+          CONCURRENT_OCR_JOBS: "4"
+          OCR_TIMEOUT_SECONDS: "300"
+          
+          # Performance
+          MEMORY_LIMIT_MB: "512"
+          CPU_PRIORITY: "normal"
+          
+          # File Watching
+          WATCH_INTERVAL_SECONDS: "30"
+          FILE_STABILITY_CHECK_MS: "1000"
+          
+          # Database URL will be set automatically when PostgreSQL is enabled
+          DATABASE_URL:
+            valueFrom:
+              secretKeyRef:
+                name: readur-db-secret
+                key: database-url
 
 persistence:
-  data:
+  uploads:
     enabled: true
     type: persistentVolumeClaim
-    existingClaim:
+    storageClass:
+    accessMode: ReadWriteOnce
+    size: 10Gi
+    globalMounts:
+      - path: /app/uploads
   
-# This is used to modify the config.ini of the readur instance
+  watch:
-configini:
+    enabled: true
-  general:
+    type: persistentVolumeClaim
-    instanceName: ""
+    storageClass:
-    # Disable authentication to readur? (if you're running it on a private network, or have authentication handled by another component)
+    accessMode: ReadWriteOnce
-    noAuthentication: false
+    size: 5Gi
-    # Disable backups of the database?
+    globalMounts:
-    noBackup: false
+      - path: /app/watch
-  network:
-    host: "0.0.0.0"
-    port: 8080
-    https: false
-    certPath: ""
-    keyPath: ""
-    trustedReverseProxy: true
-#ingress:
-#  main:
-#    enabled: true
-#    annotations:
-#      # proxy-body-size is set to 0 to remove the body limit on file uploads
-#      nginx.ingress.kubernetes.io/proxy-body-size: "0"
-#    hosts:
-#      - host: readur.local
-#        paths:
-#          - path: "/api/v1"
-#    tls: []
 
+service:
+  main:
+    controller: main
+    enabled: true
+    ports:
+      http:
+        port: 8000
+        targetPort: 8000
+
+ingress:
+  main:
+    enabled: false
+    className: nginx
+    annotations:
+      # proxy-body-size is set to 100m to match Nginx config
+      nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+    hosts:
+      - host: readur.local
+        paths:
+          - path: /
+            pathType: Prefix
+            service:
+              identifier: main
+              port: http
+    tls: []
+
+# PostgreSQL subchart configuration
+postgresql:
+  enabled: true
+  auth:
+    username: readur
+    password: readur
+    database: readur
+  primary:
+    persistence:
+      enabled: true
+      size: 10Gi
+    resources:
+      limits:
+        memory: 256Mi
+      requests:
+        cpu: 250m
+        memory: 256Mi
+
+# Optional: External PostgreSQL configuration
+# Use this if you want to connect to an existing PostgreSQL instance
+externalDatabase:
+  enabled: false
+  host: ""
+  port: 5432
+  username: readur
+  password: ""
+  database: readur
+  # existingSecret: ""
+  # existingSecretPasswordKey: ""