initial miniflux helm chart

author: Paul Buetow <paul@buetow.org> 2025-08-08 16:00:01 +0300
committer: Paul Buetow <paul@buetow.org> 2025-08-08 16:00:01 +0300
commit: dd81326dd7509c52d3ec0c59be1aa1becbe1dda8 (patch)
tree: 995a03a55ceb64ba2afa6b9d414626c7c9e6eaac
parent: 076b0acfa4222a85f484052abbeaa26abdd5a557 (diff)
6 files changed, 219 insertions, 0 deletions
diff --git a/f3s/miniflux/README.md b/f3s/miniflux/README.md
new file mode 100644
index 0000000..8795b45
--- /dev/null
+++ b/f3s/miniflux/README.md
@@ -0,0 +1,56 @@
+# Miniflux Helm Chart
+
+This chart deploys Miniflux.
+
+## Prerequisites
+
+Before installing the chart, you must manually create the following:
+
+1.  **Database Password Secret:**
+
+    Create a secret that contains only the database password. The chart reads
+    this value and constructs the Miniflux `DATABASE_URL` internally at runtime:
+
+    ```bash
+    kubectl create secret generic miniflux-db-password \
+      --from-literal=fluxdb_password='YOUR_PASSWORD' \
+      -n services
+    ```
+
+    Replace `YOUR_PASSWORD` with your desired database password. You do not
+    need to provide a full DSN in the secret; the chart uses the password from
+    `fluxdb_password` to build:
+
+    `postgres://miniflux:${POSTGRES_PASSWORD}@miniflux-postgres:5432/miniflux?sslmode=disable`
+
+2.  **Admin Password Secret:**
+
+    Create a secret for the initial Miniflux admin user password. The chart
+    reads this secret into the `ADMIN_PASSWORD` environment variable during
+    the first startup to create the admin user. The admin username is set
+    to `admin` in the deployment template.
+
+    ```bash
+    kubectl create secret generic miniflux-admin-password \
+      --from-literal=admin_password='YOUR_ADMIN_PASSWORD' \
+      -n services
+    ```
+
+    Replace `YOUR_ADMIN_PASSWORD` with your desired password. The secret key
+    used by the chart is `admin_password`.
+
+3.  **Persistent Volume Directory:**
+
+    You must manually create the directory on your host system to be used by the persistent volume:
+
+    ```bash
+    mkdir -p /data/nfs/k3svolumes/miniflux/data
+    ```
+
+## Installing the Chart
+
+To install the chart with the release name `miniflux`, run the following command:
+
+```bash
+helm install miniflux . --namespace services --create-namespace
+```
diff --git a/f3s/miniflux/helm-chart/Chart.yaml b/f3s/miniflux/helm-chart/Chart.yaml
new file mode 100644
index 0000000..f88e3f3
--- /dev/null
+++ b/f3s/miniflux/helm-chart/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: miniflux
+description: A Helm chart for deploying Miniflux.
+version: 0.1.0
+appVersion: "latest"
diff --git a/f3s/miniflux/helm-chart/templates/deployment.yaml b/f3s/miniflux/helm-chart/templates/deployment.yaml
new file mode 100644
index 0000000..0ad9d43
--- /dev/null
+++ b/f3s/miniflux/helm-chart/templates/deployment.yaml
@@ -0,0 +1,93 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: miniflux
+  labels:
+    app: miniflux
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: miniflux
+  template:
+    metadata:
+      labels:
+        app: miniflux
+    spec:
+      initContainers:
+        - name: wait-for-postgres
+          image: postgres:15
+          command: ["sh", "-c"]
+          args:
+            - |
+              for i in $(seq 1 10); do
+                pg_isready -h miniflux-postgres -p 5432 && exit 0
+                echo "Waiting for Postgres... attempt $i/10"
+                sleep 3
+              done
+              echo "Postgres is not ready after 10 attempts"
+              exit 1
+      containers:
+        - name: miniflux
+          image: miniflux/miniflux:latest
+          ports:
+            - containerPort: 8080
+          env:
+            - name: CREATE_ADMIN
+              value: "1"
+            - name: ADMIN_USERNAME
+              value: "admin"
+            - name: ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: miniflux-admin-password
+                  key: admin_password
+            - name: RUN_MIGRATIONS
+              value: "1"
+            - name: POLLING_FREQUENCY
+              value: "10"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: miniflux-db-password
+                  key: fluxdb_password
+          command: ["/bin/sh", "-c"]
+          args:
+            - export DATABASE_URL="postgres://miniflux:${POSTGRES_PASSWORD}@miniflux-postgres:5432/miniflux?sslmode=disable"; exec /usr/bin/miniflux
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: miniflux-postgres
+  labels:
+    app: miniflux-postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: miniflux-postgres
+  template:
+    metadata:
+      labels:
+        app: miniflux-postgres
+    spec:
+      containers:
+        - name: miniflux-postgres
+          image: postgres:15
+          ports:
+            - containerPort: 5432
+          env:
+            - name: POSTGRES_USER
+              value: "miniflux"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: miniflux-db-password
+                  key: fluxdb_password
+          volumeMounts:
+            - name: miniflux-postgres-data
+              mountPath: /var/lib/postgresql/data
+      volumes:
+        - name: miniflux-postgres-data
+          persistentVolumeClaim:
+            claimName: miniflux-postgres-pvc
diff --git a/f3s/miniflux/helm-chart/templates/ingress.yaml b/f3s/miniflux/helm-chart/templates/ingress.yaml
new file mode 100644
index 0000000..95f1838
--- /dev/null
+++ b/f3s/miniflux/helm-chart/templates/ingress.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: miniflux-ingress
+  namespace: services
+  annotations:
+    spec.ingressClassName: traefik
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  rules:
+    - host: flux.f3s.buetow.org
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: miniflux
+                port:
+                  number: 8080
diff --git a/f3s/miniflux/helm-chart/templates/persistent-volumes.yaml b/f3s/miniflux/helm-chart/templates/persistent-volumes.yaml
new file mode 100644
index 0000000..632c886
--- /dev/null
+++ b/f3s/miniflux/helm-chart/templates/persistent-volumes.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: miniflux-postgres-pv
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/data/nfs/k3svolumes/miniflux/data"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: miniflux-postgres-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/f3s/miniflux/helm-chart/templates/service.yaml b/f3s/miniflux/helm-chart/templates/service.yaml
new file mode 100644
index 0000000..ef1ce97
--- /dev/null
+++ b/f3s/miniflux/helm-chart/templates/service.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: miniflux
+spec:
+  selector:
+    app: miniflux
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: miniflux-postgres
+spec:
+  selector:
+    app: miniflux-postgres
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
author	Paul Buetow <paul@buetow.org>	2025-08-08 16:00:01 +0300
committer	Paul Buetow <paul@buetow.org>	2025-08-08 16:00:01 +0300
commit	dd81326dd7509c52d3ec0c59be1aa1becbe1dda8 (patch)
tree	995a03a55ceb64ba2afa6b9d414626c7c9e6eaac
parent	076b0acfa4222a85f484052abbeaa26abdd5a557 (diff)