feat(chart): v3.0.0 release with comprehensive improvements #107
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add support for Kubernetes Gateway API HTTPRoute resource as a modern alternative to Ingress. The implementation follows the same pattern as the existing Ingress template. Changes: - Add HTTPRoute template with configurable parentRefs, hostnames, and rules - Add httpRoute section to values.yaml with generic examples - Update Chart version from 2.5.0 to 2.6.0 - Add Artifact Hub changelog annotation - Add HTTPRoute documentation to README Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Change default health probes from tcpSocket to httpGet to fix issue jellyfin#68 where pods fail to start in IPv6-only clusters due to incompatible health checks. Changes: - Change default livenessProbe and readinessProbe to use httpGet with /health endpoint - Add comprehensive IPv6 and dual-stack configuration documentation - Document ipFamilyPolicy options (SingleStack, PreferDualStack, RequireDualStack) - Document ipFamilies configuration for IPv4-only, IPv6-only, and dual-stack setups - Add IPv6 Configuration section to README with examples - Update Chart version from 2.5.0 to 2.5.1 The httpGet probe works with both IPv4 and IPv6 out of the box, while tcpSocket may fail in IPv6-only environments. Jellyfin's /health endpoint is specifically designed for health checks and verifies both HTTP and database connectivity. Fixes: jellyfin#68 Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add dedicated cache volume configuration to reduce wear on SD cards and improve
performance by allowing cache to be stored on separate storage.
Changes:
- Add persistence.cache configuration in values.yaml with support for:
- PVC (default type when enabled)
- hostPath for direct host mount
- emptyDir (default when disabled)
- Add cache volume mount at /cache in deployment
- Add cache PersistentVolumeClaim template
- Support for existing PVC via existingClaim
- Configurable size (default 10Gi), accessMode, storageClass, and annotations
- Update Chart version from 2.5.0 to 2.5.1
- Add Artifact Hub changelog annotation
The cache volume is disabled by default to maintain backward compatibility.
Users can enable it via:
```yaml
persistence:
cache:
enabled: true
type: pvc
size: 10Gi
```
This addresses the use case mentioned in jellyfin#62 where users want to avoid SD card
wear by storing cache on separate persistent storage.
Fixes: jellyfin#62
Co-Authored-By: Claude <[email protected]>
Signed-off-by: Aleksei Sviridkin <[email protected]>
Add comprehensive troubleshooting documentation for inotify instance limit
errors that cause Jellyfin crashes in environments with many containers.
Changes:
- Add Troubleshooting section to README with inotify limits explanation
- Document proper solution: increase kernel limits via sysctl
- Provide workaround for managed clusters: DOTNET_USE_POLLING_FILE_WATCHER
- Add commented example in values.yaml for easy copy-paste
- Update Chart version from 2.5.0 to 2.5.1
- Add Artifact Hub changelog annotation
The proper solution is to increase inotify limits on Kubernetes nodes:
```bash
sysctl -w fs.inotify.max_user_instances=512
```
For managed Kubernetes where node access is restricted, users can use the
polling workaround (less efficient but functional):
```yaml
jellyfin:
env:
- name: DOTNET_USE_POLLING_FILE_WATCHER
value: "1"
```
This addresses the crash issue mentioned in jellyfin#64.
Fixes: jellyfin#64
Co-Authored-By: Claude <[email protected]>
Signed-off-by: Aleksei Sviridkin <[email protected]>
Add startupProbe to give Jellyfin sufficient time to start, especially with large media libraries or slow storage. This prevents Kubernetes from killing the pod during initial startup phase. Changes: - Add startupProbe configuration in values.yaml with sensible defaults - failureThreshold: 30 (allows up to 5 minutes for startup) - periodSeconds: 10 - Uses tcpSocket check on http port - Update deployment.yaml to include startupProbe from values - Bump chart version 2.5.0 -> 2.5.1 - Add changelog annotation for Artifact Hub Benefits: - Prevents pod restarts during slow initial startup (large media libraries) - Liveness and readiness probes remain responsive after successful startup - Fully configurable and can be disabled by setting startupProbe: null - No breaking changes, backward compatible The startup probe gives Jellyfin up to 5 minutes (30 attempts * 10 seconds) to complete initialization. After the first success, liveness and readiness probes take over with their normal timing. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
…ners BREAKING CHANGE: The 'initContainers' parameter is now deprecated in favor of 'extraInitContainers' for naming consistency with 'extraContainers'. Both parameters will work until 2030 for backward compatibility. The previous implementation used '.Values.initContainers' in the template but 'extraInitContainers' was defined in values.yaml, causing the feature to be completely non-functional. Changes: - Fix extraInitContainers not working (was referencing wrong parameter) - Add deprecated 'initContainers' parameter to values.yaml with @deprecated tag - Update deployment.yaml to support both parameters with OR logic - Add TODO comment to remove initContainers support after 2030 - Create NOTES.txt with: - Deprecation warning when using initContainers - Post-installation instructions for accessing Jellyfin - Persistence status information - Links to documentation - Improve extraInitContainers documentation with usage example - Bump chart version 2.5.0 -> 3.0.0 (major due to deprecation) - Add comprehensive changelog to artifacthub.io/changes Migration guide: Old: initContainers: [...] New: extraInitContainers: [...] The old parameter will continue to work but users will see a deprecation warning in NOTES.txt after installation. Follows best practices from community charts (Prometheus, Elastic, etc.) where 'extra*' prefix indicates user-provided extension points. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
…t variables
Add support for loading environment variables from ConfigMap or Secret
resources using envFrom field, following Kubernetes best practices for
configuration management.
Changes:
- Add jellyfin.envFrom parameter in values.yaml
- Add envFrom section in deployment.yaml template (before env)
- Provide comprehensive documentation with examples
- Bump chart version 2.5.0 -> 2.6.0 (minor - new feature)
- Add changelog annotation for Artifact Hub
Use cases:
- Load multiple environment variables from ConfigMap without defining each one
- Load secrets from external secret management systems
- Separate configuration from chart values (12-factor app pattern)
- Simplify configuration for complex deployments
Example usage:
jellyfin:
envFrom:
- configMapRef:
name: jellyfin-config
- secretRef:
name: jellyfin-secrets
Follows standard Kubernetes patterns used by most community Helm charts.
Co-Authored-By: Claude <[email protected]>
Signed-off-by: Aleksei Sviridkin <[email protected]>
Add comprehensive NetworkPolicy support for Jellyfin pod with: - Ingress rules: configurable external access or namespace/pod selectors - Egress rules: DNS resolution, metadata providers, custom rules - Automatic Prometheus integration when metrics are enabled - DLNA/hostNetwork detection with fail-safe error message - Support for restrictedEgress mode for high-security environments The NetworkPolicy is disabled by default to maintain backward compatibility. When enabled, it provides fine-grained control over network traffic: - Who can access Jellyfin (ingress) - What external connections Jellyfin can make (egress) NetworkPolicy requires CNI plugin support (Calico, Cilium, etc.) and cannot be used with hostNetwork mode (DLNA). The template includes validation to prevent misconfiguration. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add networkPolicy section to values.yaml with comprehensive configuration options: - enabled: boolean flag to enable/disable NetworkPolicy (default: false) - policyTypes: configure Ingress and/or Egress policies - ingress: control which pods/namespaces can access Jellyfin - allowExternal: permit access from any namespace (default: true) - podSelector/namespaceSelector: restrict access to specific pods/namespaces - customRules: advanced ingress rules for complex scenarios - egress: control outbound connections from Jellyfin - allowDNS: permit DNS resolution (default: true, required) - allowAllEgress: permit all internet access (default: true) - restrictedEgress: high-security mode with HTTPS-only metadata access - customRules: advanced egress rules - metrics: automatic Prometheus integration configuration All parameters include detailed documentation explaining: - Purpose and usage - Default values and recommended settings - Examples for common scenarios - Security implications The configuration supports use cases from simple deployments to zero-trust environments while maintaining sensible defaults. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add NOTES.txt template that displays helpful information after deployment: - How to access Jellyfin (via Ingress or port-forward) - NetworkPolicy status and configuration summary when enabled - Ingress policy details (allowExternal, selectors, Prometheus) - Egress policy details (DNS, internet access, restrictions) - Warnings for misconfigurations (no selectors, DNS disabled) - Compatibility note about CNI requirements - Warning if NetworkPolicy + hostNetwork are both enabled The NOTES provide immediate visibility into the deployment configuration and help users quickly identify and troubleshoot network access issues. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add 20+ unit tests for NetworkPolicy template covering: Creation conditions: - Not created by default (enabled: false) - Created when enabled: true - Fails with clear error when hostNetwork + NetworkPolicy enabled - Fails when DLNA + NetworkPolicy enabled Ingress rules: - Default allowExternal behavior (no 'from' restriction) - Restricted access with podSelector/namespaceSelector - Custom ingress rules application - Automatic Prometheus ingress when metrics enabled - Prometheus namespace selector when specified Egress rules: - DNS egress with default kube-system/kube-dns - Custom DNS namespace and pod selector - AllowAllEgress default behavior - Restricted egress modes (metadata, in-cluster) - Custom CIDR blocks - Custom egress rules application - DNS disabled scenario Policy configuration: - Correct policyTypes (Ingress, Egress) - Pod selector labels matching chart labels Tests ensure NetworkPolicy works correctly across all supported configurations and fails safely when misconfigured. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add "Network Security" section to README.md.gotmpl with: Requirements: - CNI plugin support (Calico, Cilium, Weave, Canal) - DLNA incompatibility explanation Configuration examples: - Basic usage (default settings) - Production configuration (Ingress controller only) - High security (restricted egress) - Monitoring integration (Prometheus) - Advanced scenarios (multiple namespaces, custom rules) Security considerations: - Metadata provider requirements (TMDB, TheTVDB, OpenSubtitles) - DNS access importance - Local metadata alternative - Testing recommendations Troubleshooting guide: - Metadata download issues - Web interface access problems - Prometheus scraping failures - Deployment validation errors The documentation provides complete guidance for users to implement NetworkPolicy according to their security requirements, from basic isolation to zero-trust configurations. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Bump chart version from 2.5.0 to 2.6.0 (minor version) for new feature. Added artifacthub.io/changes annotations: - NetworkPolicy support for network isolation and security hardening - NOTES.txt with deployment status and configuration summary This is a backward-compatible change: - NetworkPolicy is disabled by default - Existing installations will not be affected - Users can opt-in to NetworkPolicy by setting networkPolicy.enabled=true The NetworkPolicy feature provides enterprise-grade network security controls for Jellyfin deployments in Kubernetes environments with CNI plugin support. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Regenerate README.md from README.md.gotmpl template using helm-docs. This adds the complete NetworkPolicy documentation section and updates the values table with all networkPolicy configuration parameters. The generated documentation includes: - Updated version badge (2.6.0) - Complete networkPolicy values table with descriptions - Network Security section with examples and troubleshooting - All parameters from values.yaml with auto-generated descriptions Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add helm-unittest test suite for HTTPRoute (Gateway API) covering: - Not created by default (enabled: false) - Created when enabled with required configuration - Annotations support - parentRefs configuration (name, namespace, sectionName) - Hostnames support (single and multiple) - Path matching rules (PathPrefix, Exact) - Multiple rules and multiple matches per rule - Backend references to Jellyfin service - Custom service port handling Add NOTES.txt with HTTPRoute-specific deployment information: - Gateway references and configuration status - Configured hostnames - Number of routes - Backend service details - Access URLs when hostnames configured - Warnings for missing parentRefs Tests ensure HTTPRoute works correctly across all Gateway API scenarios. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add helm-unittest tests for IPv6 and dual-stack Service configuration: - Default behavior (no ipFamilyPolicy/ipFamilies set) - SingleStack, PreferDualStack, RequireDualStack policies - IPv4 only, IPv6 only configurations - Dual-stack with IPv4 primary and IPv6 primary - Combined policy and families configurations Add NOTES.txt with IPv6/dual-stack information: - Display configured IP family policy - Show IP families list - Warning when IPv6 is primary (probe compatibility note) - Warning when IPv6 used without policy Tests ensure IPv6 and dual-stack work correctly for all scenarios. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add helm-unittest tests for dedicated cache volume persistence: - Default emptyDir behavior - PVC creation when enabled - hostPath configuration - Volume mount verification - PVC size, access mode, storage class configuration - Annotations support - Existing claim usage - Type-specific behavior (pvc vs hostPath vs emptyDir) Add NOTES.txt with persistence information: - Show config, media, and cache volume types - Display cache volume details when enabled - Benefits explanation for cache volume - Warning for hostPath usage Tests ensure cache persistence works correctly for all scenarios. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add NOTES.txt with: - Basic access instructions (Ingress or port-forward) - Reference to troubleshooting documentation in README - Links to Jellyfin documentation This complements the inotify troubleshooting documentation added in README.md.gotmpl, making users aware of available resources. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add helm-unittest tests for startup probe: - Default configuration verification (tcpSocket, timing) - Custom timing parameters (initialDelaySeconds, periodSeconds, failureThreshold) - Alternative probe types (httpGet) - Custom port support - Timeout window calculation Add NOTES.txt with startup probe information: - Display max startup time calculation - Explain startup probe purpose for large libraries - Warning for very long startup timeouts Tests ensure startup probe works correctly for slow initial startup scenarios. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
…tainers Add helm-unittest tests for init containers: - No init containers by default - extraInitContainers support (single and multiple) - Full container spec preservation (command, args, volumeMounts, securityContext) - Backward compatibility with deprecated initContainers parameter - Merging of initContainers and extraInitContainers - Correct ordering when both are specified Add NOTES.txt with init containers information: - Show count of configured init containers - Deprecation warning when old initContainers parameter is used - Migration guidance to extraInitContainers This fixes the critical bug where extraInitContainers didn't work and provides clear migration path from deprecated initContainers. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add helm-unittest tests for envFrom functionality: - No envFrom by default - ConfigMap reference support - Secret reference support - Multiple envFrom sources - Optional ConfigMap/Secret support - Prefix support for variable namespacing - Compatibility with regular env variables Add NOTES.txt with envFrom information: - Show count of envFrom sources - List each source (ConfigMap or Secret) - Display optional and prefix settings Tests ensure envFrom works correctly for loading environment variables from ConfigMaps and Secrets. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
…tory control Add revisionHistoryLimit parameter to control how many old ReplicaSets are retained for rollback purposes, reducing etcd storage usage compared to Kubernetes default of 10. Changes: - Add revisionHistoryLimit parameter in values.yaml (default: 3) - Add revisionHistoryLimit to deployment.yaml spec - Provide comprehensive documentation with recommendations - Bump chart version 2.5.0 -> 2.5.1 (patch - minor enhancement) - Add changelog annotation for Artifact Hub Benefits: - Reduce etcd storage usage (especially important in large clusters) - Maintain reasonable rollback capability (3 previous versions) - Allow customization based on deployment needs - Can be set to null to use Kubernetes default (10) Default rationale: - 3 revisions provides sufficient rollback capability for most use cases - Reduces cluster resource usage (etcd storage, API server load) - Follows best practices from production Kubernetes deployments - Users can override if they need more history Example usage: # Use default (3 revisions) revisionHistoryLimit: 3 # Increase for critical deployments revisionHistoryLimit: 10 # Use Kubernetes default (10) revisionHistoryLimit: null # Disable history (not recommended) revisionHistoryLimit: 0 See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Add helm-unittest tests for revisionHistoryLimit: - Default value (3) verification - Custom values support (0, 1, 5, 100) - Ability to disable revision history Add NOTES.txt with revisionHistoryLimit information: - Show configured revision history limit - Warning when disabled (0) - Note for minimal history (1) - Rollback command example for normal values This parameter controls how many old ReplicaSets are retained for rollback purposes, reducing etcd storage usage. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Automatically extract and format changelog from artifacthub.io/changes annotations in Chart.yaml and update GitHub release notes. Changes: - Install yq for YAML parsing - Add step to extract changelog from Chart.yaml - Format changelog with emojis based on change kind (added, fixed, etc.) - Build comprehensive release notes with: - Chart and app versions - Formatted changelog - Installation and upgrade instructions - Links to documentation - Update release notes after chart-releaser creates the release This addresses the issue where releases only contained "A Helm chart for Jellyfin Media Server" without any information about what changed. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Resolve conflicts by combining NetworkPolicy feature with all features from master-vnext integration branch: - NetworkPolicy support (this branch) - HTTPRoute support - envFrom support - Startup probe - Cache persistence - IPv6 dual-stack - revisionHistoryLimit - initContainers deprecation Updated version to 3.0.0 and merged all changelog entries. Regenerated README.md from template. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
Resolve conflicts by combining inotify troubleshooting documentation with all features from master-vnext integration branch: - inotify troubleshooting docs (this branch) - HTTPRoute support - envFrom support - Startup probe - Cache persistence - IPv6 dual-stack - revisionHistoryLimit - initContainers deprecation Updated version to 3.0.0 and merged all changelog entries. Regenerated README.md from template. Co-Authored-By: Claude <[email protected]> Signed-off-by: Aleksei Sviridkin <[email protected]>
20 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Integration branch containing all Phase 1 improvements for the v3.0.0 release.
Included changes (9 merged PRs):
Pending
This PR will be ready for merge once the above items are completed.
Breaking Changes
initContainersparameter is deprecated in favor ofextraInitContainers(backward compatible until 2030)