@@ -7,28 +7,55 @@ Deploy the [TaskChampion Sync Server](https://github.com/GothenburgBitFactory/ta
77- Kubernetes 1.23+
88- Helm 3+
99
10+ ## Installing
11+
12+ ``` console
13+ helm repo add taskchampion https://gothenburgbitfactory.org/taskchampion-sync-server
14+ helm repo update
15+ helm install my-release taskchampion/taskchampion-sync-server --set sqlite.enabled=true
16+ ```
17+
1018## Storage Backends
1119
12- Exactly one storage backend must be enabled. The chart will fail validation if both or neither are enabled.
20+ Exactly one storage backend must be enabled. The chart fails validation if neither or both are enabled.
1321
1422### SQLite
1523
16- ``` console
17- helm install my-release ./helm/taskchampion-sync-server -f helm/taskchampion-sync-server/examples/sqlite-values.yaml
18- ```
24+ | Parameter | Default | Description |
25+ | -----------| ---------| -------------|
26+ | ` sqlite.enabled ` | ` false ` | Enable SQLite backend |
27+ | ` sqlite.dataDir ` | ` /var/lib/taskchampion-sync-server/data ` | Data directory path |
28+ | ` sqlite.existingPV ` | ` "" ` | Use an existing PVC name |
29+ | ` sqlite.persistence.enabled ` | ` false ` | Create a PVC |
30+ | ` sqlite.persistence.size ` | ` 1Gi ` | PVC size |
31+ | ` sqlite.persistence.accessMode ` | ` ReadWriteOnce ` | PVC access mode |
32+ | ` sqlite.emptyDir ` | — | emptyDir volume settings |
1933
2034### PostgreSQL
2135
22- ``` console
23- helm install my-release ./helm/taskchampion-sync-server -f helm/taskchampion-sync-server/examples/postgres-values.yaml
24- ```
36+ | Parameter | Default | Description |
37+ | -----------| ---------| -------------|
38+ | ` postgres.enabled ` | ` false ` | Enable PostgreSQL backend |
39+ | ` postgres.host ` | ` "" ` | PostgreSQL host |
40+ | ` postgres.port ` | ` 5432 ` | PostgreSQL port |
41+ | ` postgres.db ` | ` taskchampion ` | Database name |
42+ | ` postgres.username ` | ` "" ` | Database user |
43+ | ` postgres.password ` | ` "" ` | Database password |
44+ | ` postgres.sslMode ` | ` disable ` | SSL mode |
45+ | ` postgres.existingSecret ` | ` "" ` | Use existing secret by name |
2546
26- ## Secrets
47+ ** Secret** — When ` existingSecret ` is empty (default), a secret named ` {release-name}-connection ` is created with a ` conn ` key. When set, the chart reads that secret. It accepts either a ` conn ` key with a full URI or individual keys (` host ` , ` port ` , ` username ` , ` password ` , ` database ` ) that override ` postgres.* ` values.
48+
49+ ** Init container** — Enabled by default. Waits for PG readiness, downloads and applies the schema (from the chart's ` appVersion ` URL), and seeds client IDs if ` clientIdSecret ` is set. Override with ` postgres.initContainer.schemaUrl ` .
2750
28- The chart expects pre-created secrets referenced by name:
51+ ** Replicas** — Only apply with PostgreSQL (` replicas.enabled=true ` , ` replicas.count=N ` ). SQLite is single-replica.
52+
53+ ## Secrets
2954
3055### Client ID Secret
3156
57+ Restrict which client IDs the server accepts. Create a Secret with comma-separated UUIDs (base64-encoded) under a ` client-ids ` key:
58+
3259``` yaml
3360apiVersion : v1
3461kind : Secret
@@ -39,22 +66,73 @@ data:
3966 client-ids : <base64-encoded comma-separated UUIDs>
4067` ` `
4168
42- Reference it via ` clientIdSecret: "my-client-ids"`.
69+ Reference via ` clientIdSecret: "my-client-ids"`.
70+
71+ # # Networking
72+
73+ The chart does not implement TLS. Terminate TLS at the ingress or gateway.
74+
75+ # ## Service
76+
77+ | Parameter | Default | Description |
78+ |-----------|---------|-------------|
79+ | `service.type` | `ClusterIP` | Service type |
80+ | `service.port` | `8080` | Service port |
81+ | `service.targetPort` | `8080` | Container port |
82+
83+ # ## Ingress (NGINX)
84+
85+ | Parameter | Default | Description |
86+ |-----------|---------|-------------|
87+ | `ingress.enabled` | `false` | Enable NGINX ingress |
88+ | `ingress.className` | `""` | Ingress class name |
89+ | `ingress.annotations` | `{}` | Ingress annotations |
90+ | `ingress.hosts` | `[]` | Host list |
91+ | `ingress.tls` | `[]` | TLS configuration |
92+
93+ # ## HTTPRoute (Kubernetes Gateway API)
94+
95+ | Parameter | Default | Description |
96+ |-----------|---------|-------------|
97+ | `httpRoute.enabled` | `false` | Enable HTTPRoute |
98+ | `httpRoute.parentRefs` | `[]` | Parent gateway references (primary) |
99+ | `httpRoute.hostnames` | `[]` | Hostnames |
100+ | `httpRoute.rules` | `[]` | Routing rules |
101+ | `httpRoute.gateway` | `""` | (Deprecated) Single gateway name |
102+ | `httpRoute.host` | `""` | (Deprecated) Single hostname |
103+ | `httpRoute.path` | `"/"` | (Deprecated) Single path |
104+ | `httpRoute.port` | `8080` | (Deprecated) Single port |
105+
106+ **Recommended** — use `parentRefs`, `hostnames`, `rules`. The deprecated
107+ single-value fields (`gateway`, `host`, `path`, `port`) are used as a fallback
108+ when the arrays are empty.
109+
110+ # # ServiceAccount and RBAC
111+
112+ | Parameter | Default | Description |
113+ |-----------|---------|-------------|
114+ | `serviceAccount.create` | `true` | Create SA, Role, and RoleBinding |
115+ | `serviceAccount.name` | `""` | Use existing SA name |
116+
117+ When created, the chart provisions a ServiceAccount, a Role with
118+ ` get` /`create`/`update`/`patch` on secrets, and a RoleBinding.
119+
120+ # # Image Configuration
43121
44- # ## PostgreSQL Secret
122+ | Parameter | Default | Description |
123+ |-----------|---------|-------------|
124+ | `image.repo` | `ghcr.io/gothenburgbitfactory/taskchampion-sync-server` | Image repository |
125+ | `image.tag` | `"0.7.0"` | Image tag |
126+ | `image.pullPolicy` | `IfNotPresent` | Pull policy |
127+ | `image.pullSecrets` | `[]` | Pull secrets |
45128
46- For PostgreSQL, the chart can automatically create a secret with the connection string, or use an existing secret.
129+ PostgreSQL appends `-postgres` to the image repo automatically.
47130
48- **Automatic Secret Creation**:
49- - When `postgres.existingSecret` is empty (default), the chart automatically creates a secret
50- - Secret is named using Helm naming convention : ` release-name-taskchampion-sync-server`
51- - Secret contains only a `connection` key with the built connection string
131+ # # Environment Variables
52132
53- **Existing Secret Usage**:
54- - When `postgres.existingSecret` is provided, the chart uses that secret
55- - The secret **must** contain a `connection` key with the PostgreSQL connection string
56- - If the secret doesn't have a `connection` key, the deployment will fail with a clear error
133+ Custom env vars are passed via `env`. `DATA_DIR` (SQLite) and `conn`
134+ (PostgreSQL) are set automatically and must not be set manually.
57135
58- # # Configuration
136+ # # Full Configuration
59137
60- See [values.yaml](values.yaml) for all configurable options .
138+ See [values.yaml](values.yaml).
0 commit comments