fixed issue #2

charts/norish/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: norish
 description: Norish helm chart for Kubernetes - A recipe management and meal planning application
 type: application
-version: 0.0.1
+version: 0.0.3
 appVersion: "v0.13.6-beta"
 maintainers:
   - name: Richard Tomik

charts/norish/templates/deployment-app.yaml

@@ -219,6 +219,9 @@ spec:
                   key: google-client-secret
                   {{- end }}
             {{- end }}
+            {{- with .Values.config.extraEnv }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
           volumeMounts:
             - name: uploads
               mountPath: /app/uploads

charts/norish/values.yaml

@@ -120,6 +120,18 @@ config:
   # This should match your ingress hostname
   authUrl: "http://norish.domain.com"
 
+  # Extra environment variables
+  # Example:
+  # extraEnv:
+  #   - name: MY_CUSTOM_VAR
+  #     value: "my-value"
+  #   - name: SECRET_VAR
+  #     valueFrom:
+  #       secretKeyRef:
+  #         name: my-secret
+  #         key: secret-key
+  extraEnv: []
+
   # Master encryption key (required)
   # Generate with: openssl rand -base64 32
   # For production, use an existing Kubernetes Secret
@@ -209,7 +221,7 @@ chrome:
     pullPolicy: IfNotPresent
 
   # Chrome port for remote debugging
-  port: 3000
+  port: 9222
 
   # Chrome security context - requires specific capabilities
   securityContext:

charts/qbittorrent-vpn/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: qbittorrent-vpn
 description: qBittorrent with Gluetun VPN sidecar for Kubernetes
 type: application
-version: 0.0.1
+version: 0.0.2
 appVersion: 5.1.0
 maintainers:
   - name: Richard Tomik

charts/qbittorrent-vpn/readme.md

@@ -222,6 +222,45 @@ gluetun:
     STATUS_FILE: "/tmp/gluetun-status.json"
 ```
 
+### Custom Sidecar Containers
+
+The chart supports adding custom sidecar containers to the pod. This is useful for adding additional functionality like port forwarding management (NATMap), monitoring, or other helper containers.
+
+Sidecars are specified using the standard Kubernetes container specification:
+
+```yaml
+sidecars:
+  - name: natmap
+    image: ghcr.io/muink/natmap:latest
+    imagePullPolicy: IfNotPresent
+    env:
+      - name: GATEWAY
+        value: "10.2.0.1"
+      - name: INTERFACE
+        value: "tun0"
+      - name: INTERVAL
+        value: "30"
+    volumeMounts:
+      - name: config
+        mountPath: /config
+        subPath: natmap
+```
+
+**Common Use Cases:**
+
+1. **NATMap**: Automatically update port forwarding configurations
+2. **Monitoring**: Add monitoring agents or exporters
+3. **Custom Scripts**: Run periodic maintenance or update tasks
+
+**Sharing Volumes:**
+
+Sidecars can access the same volumes as the main containers:
+- `config`: qBittorrent configuration volume
+- `downloads`: Downloads volume
+- `gluetun-config`: Gluetun configuration volume (if enabled)
+
+For the full Kubernetes container specification reference, see the [Kubernetes documentation](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#container-v1-core).
+
 ## Troubleshooting
 
 ### VPN Connection Issues

charts/qbittorrent-vpn/templates/deployment.yaml

@@ -255,7 +255,11 @@ spec:
           
           resources:
             {{- toYaml .Values.qbittorrent.resources | nindent 12 }}
-      
+
+        {{- with .Values.sidecars }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+
       volumes:
         # Create /dev/net/tun as a device
         - name: tun

charts/qbittorrent-vpn/values.yaml

@@ -225,4 +225,21 @@ extraVolumes: []
 
 # Temporary options for development/debugging
 hostNetwork: false
-initContainers: []
+initContainers: []
+
+# Additional sidecar containers
+# This allows you to add custom sidecar containers to the pod
+# Each sidecar is specified using standard Kubernetes container spec
+# Example: Add NATMap for port forwarding with VPN
+# sidecars:
+#   - name: natmap
+#     image: ghcr.io/muink/natmap:latest
+#     env:
+#       - name: GATEWAY
+#         value: "10.2.0.1"
+#       - name: INTERFACE
+#         value: "tun0"
+#     volumeMounts:
+#       - name: config
+#         mountPath: /config
+sidecars: []

charts/values.yaml

@@ -1,84 +0,0 @@
-## Ingress settings
-image:
-  repository: norishapp/norish
-  tag: "v0.13.6-beta"
-  pullPolicy: IfNotPresent
-
-ingress:
-  enabled: true
-  className: "traefik"
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-  hosts:
-    - host: norish.tomik.lat
-      paths:
-        - path: /
-          pathType: Prefix
-  tls:
-    - hosts:
-        - norish.tomik.lat
-
-## Persistence settings
-persistence:
-  enabled: true
-  storageClass: "longhorn"
-  accessMode: ReadWriteOnce
-  size: 5Gi
-
-config:
-  # Application URL (required)
-  # This should match your ingress hostname
-  authUrl: "https://norish.tomik.lat"
-
-  # Master encryption key (required)
-  # Generate with: openssl rand -base64 32
-  # For production, use an existing Kubernetes Secret
-  masterKey:
-    existingSecret: ""        # Name of existing Kubernetes secret
-    secretKey: "master-key"   # Key in the secret where master key is stored
-    value: "cp6eVbe4ddmJxlJCJyux5Nlk39gbJR3M9mWjAqEon1c="                 # Only used if existingSecret is not set (must be 32-byte base64)
-
-  # Authentication provider configuration
-  # Configure ONE provider for initial admin account creation
-  # After first login, manage additional providers via Settings → Admin
-  auth:
-    # OIDC/OAuth2 provider
-    oidc:
-      enabled: true
-      name: "Authentik"
-      issuer: "https://authentik.tomik.lat/application/o/norish/"
-      clientId: "tSQZSJDBs479OVLyEzwDYAVaVYJhQuaFouIRWHyg"
-      clientSecret: "SpCQGIhXXF9iVT6qc37ApPC8epy1ZhukDtPp6Ipy8XqI7HK4LQUJmsbNTGhLaz25rNgM3GUUDo0vqoGe4INiEjiPeQ4tpiokrvnjPQ2tXf8AFCiu79eyFttB7TCEdtfI"
-
-    # GitHub OAuth
-    github:
-      enabled: false
-      clientId: ""
-      clientSecret: ""
-      # Use existing secret for GitHub credentials
-      existingSecret: ""
-      clientIdKey: "github-client-id"
-      clientSecretKey: "github-client-secret"
-
-    # Google OAuth
-    google:
-      enabled: false
-      clientId: ""
-      clientSecret: ""
-      # Use existing secret for Google credentials
-      existingSecret: ""
-      clientIdKey: "google-client-id"
-      clientSecretKey: "google-client-secret"
-
-## External PostgreSQL database configuration (REQUIRED)
-## Norish requires a central PostgreSQL database
-## You must have a PostgreSQL server available before deploying this chart
-database:
-  # Database connection details
-  host: "postgres-cluster-pooler.dbs.svc.cluster.local"                 # Required: PostgreSQL server hostname
-  port: 5432
-  # Use existing secret for database credentials (recommended for production)
-  existingSecret: "norish3-db-credentials"          # Name of existing Kubernetes secret
-  usernameKey: "username"     # Key in the secret for database username
-  passwordKey: "password"     # Key in the secret for database password
-  databaseKey: "database"     # Key in the secret for database name (optional)