diff --git a/chart/myvalues.yaml b/chart/myvalues.yaml new file mode 100644 index 00000000..58b8c41d --- /dev/null +++ b/chart/myvalues.yaml @@ -0,0 +1,67 @@ +global: + image: + tag: "edge" +kyoo: + address: https://kyootest.bitey.life + #middlewareRootURL: https://kyootest.bitey.life + # auth: + # apikeys: + # extra: + # - name: testme + # existingSecret: bigsecret + # apikeyKey: postgres_user + # claims: "role:internal" +media: + volumes: + - name: media + nfs: + server: "192.168.1.179" + path: /spin0/media/movies +postgres: + enabled: true +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: bigsecret + namespace: kyootest + type: Opaque + stringData: + postgres_user: kyoo_all + postgres_password: watchSomething4me + scanner_apikey: secretapikey +auth: + kyoo_auth: + image: + repository: ghcr.io/zoriya/keibi +# --- +# apiVersion: gateway.networking.k8s.io/v1 +# kind: HTTPRoute +# metadata: +# name: kyootest +# namespace: kyootest +# spec: +# parentRefs: +# - name: internal +# namespace: gateway +# sectionName: https +# hostnames: +# - "kyootest.bitey.life" +# rules: +# - backendRefs: +# - name: kyoo-traefik +# port: 80 +# --- +# apiVersion: externaldns.k8s.io/v1alpha1 +# kind: DNSEndpoint +# metadata: +# name: kyootest +# namespace: kyootest +# annotations: +# external-dns.custom/type: private +# spec: +# endpoints: +# - dnsName: kyootest.bitey.life +# recordType: CNAME +# targets: +# - intgw.bitey.life \ No newline at end of file diff --git a/chart/test.yaml b/chart/test.yaml new file mode 100644 index 00000000..65a98790 --- /dev/null +++ b/chart/test.yaml @@ -0,0 +1,1175 @@ +--- +# Source: kyoo/templates/api/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-api + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +--- +# Source: kyoo/templates/auth/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-auth + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +--- +# Source: kyoo/templates/front/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-front + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +--- +# Source: kyoo/templates/scanner/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-scanner + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +--- +# Source: kyoo/templates/traefikproxy/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-traefik + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-traefik + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: traefik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +--- +# Source: kyoo/templates/transcoder/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-transcoder + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +--- +# Source: kyoo/templates/extra-manifests.yaml +apiVersion: v1 +kind: Secret +metadata: + name: bigsecret + namespace: kyootest +stringData: + postgres_password: watchSomething4me + postgres_user: kyoo_all + scanner_apikey: secretapikey +type: Opaque +--- +# Source: kyoo/charts/postgres/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: kyoo-postgres + namespace: kyootest + labels: + helm.sh/chart: postgres-0.11.1 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.0.0" + app.kubernetes.io/managed-by: Helm +data: + pg_hba.conf: | + # Default pg_hba.conf configuration + # TYPE DATABASE USER ADDRESS METHOD + + # "local" is for Unix domain socket connections only + local all all trust + # IPv4 local connections: + host all all 127.0.0.1/32 trust + # IPv6 local connections: + host all all ::1/128 trust + # Allow replication connections from localhost, by a user with the + # replication privilege. + local replication all trust + host replication all 127.0.0.1/32 trust + host replication all ::1/128 trust + + # Allow connections from any host with password authentication + host all all all md5 + postgresql.conf: | + # PostgreSQL configuration file + + # Connection Settings + listen_addresses = '*' + max_connections = 100 + + # Memory Settings + shared_buffers = 128MB + effective_cache_size = 4GB + work_mem = 4MB + maintenance_work_mem = 64MB + + # WAL Settings + wal_buffers = 16MB + + # Checkpoint Settings + checkpoint_completion_target = 0.7 + + # Query Planner Settings + random_page_cost = 1.1 + + # Logging Settings + log_destination = 'stderr' + logging_collector = off + log_min_messages = warning + log_min_error_statement = error + log_statement = 'none' + log_min_duration_statement = -1 + + # Shared Libraries + + # Locale and Formatting + datestyle = 'iso, mdy' + timezone = 'UTC' + lc_messages = 'en_US.utf8' + lc_monetary = 'en_US.utf8' + lc_numeric = 'en_US.utf8' + lc_time = 'en_US.utf8' + default_text_search_config = 'pg_catalog.english' + + # Set pg_hba.conf file to use + hba_file = '/etc/postgresql/pg_hba.conf' + + # Additional Configuration +--- +# Source: kyoo/charts/postgres/templates/initialization-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: kyoo-postgres-init-scripts + namespace: kyootest + labels: + helm.sh/chart: postgres-0.11.1 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.0.0" + app.kubernetes.io/managed-by: Helm +data: + kyoo_api.sql: "CREATE DATABASE kyoo_api WITH + OWNER kyoo_all; \n\\connect kyoo_api;\nREVOKE ALL ON SCHEMA public FROM PUBLIC;\nCREATE SCHEMA IF NOT EXISTS kyoo + AUTHORIZATION kyoo_all;\n" + kyoo_auth.sql: "CREATE DATABASE kyoo_auth WITH + OWNER kyoo_all; \n\\connect kyoo_auth;\nREVOKE ALL ON SCHEMA public FROM PUBLIC;\nCREATE SCHEMA IF NOT EXISTS keibi + AUTHORIZATION kyoo_all;\n" + kyoo_scanner.sql: | + CREATE DATABASE kyoo_scanner WITH OWNER kyoo_all; + \connect kyoo_scanner; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS scanner AUTHORIZATION kyoo_all; + kyoo_transcoder.sql: | + CREATE DATABASE kyoo_transcoder WITH OWNER kyoo_all; + \connect kyoo_transcoder; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS gocoder AUTHORIZATION kyoo_all; + user.sql: "ALTER ROLE kyoo_all \nIN DATABASE kyoo_api SET search_path TO \"$user\", kyoo;\nALTER ROLE kyoo_all\nIN DATABASE kyoo_auth SET search_path + TO \"$user\", keibi;\nALTER ROLE kyoo_all \nIN DATABASE + kyoo_scanner SET search_path TO \"$user\", + scanner;\nALTER ROLE kyoo_all \nIN DATABASE kyoo_transcoder SET search_path TO \"$user\", gocoder;\n" +--- +# Source: kyoo/templates/traefikproxy/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: kyoo-traefik + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-traefik + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: traefik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +data: + dynamic_config.yaml: | + http: + routers: + basepath: + entryPoints: + - web + service: front + rule: "PathPrefix(`/`)" + video: + entryPoints: + - web + middlewares: + - phantomtoken + service: transcoder + rule: "PathPrefix(`/video`)" + auth: + entryPoints: + - web + service: auth + rule: "PathPrefix(`/auth/`)" + wellknown: + entryPoints: + - web + service: auth + rule: "PathPrefix(`/.well-known/`)" + api: + entryPoints: + - web + middlewares: + - phantomtoken + service: api + rule: "PathPrefix(`/api/`)" + swagger: + entryPoints: + - web + service: api + rule: "PathPrefix(`/swagger`)" + scanner: + entryPoints: + - web + middlewares: + - phantomtoken + service: scanner + rule: "PathPrefix(`/scanner/`)" + middlewares: + phantomtoken: + forwardAuth: + address: "http://kyoo-auth:4568/auth/jwt" + authRequestHeaders: + - "Authorization" + - "X-Api-Key" + - "Cookie" + authResponseHeaders: + - Authorization + services: + api: + loadBalancer: + servers: + - url: http://kyoo-api:3567/ + front: + loadBalancer: + servers: + - url: http://kyoo-front:8901/ + transcoder: + loadBalancer: + servers: + - url: http://kyoo-transcoder:7666/ + auth: + loadBalancer: + servers: + - url: http://kyoo-auth:4568/ + scanner: + loadBalancer: + servers: + - url: http://kyoo-scanner:4389/ +--- +# Source: kyoo/templates/api/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-apimetadata + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi +--- +# Source: kyoo/templates/transcoder/pvc.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kyoo-transcodermetadata + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi +--- +# Source: kyoo/charts/postgres/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-postgres + namespace: kyootest + labels: + helm.sh/chart: postgres-0.11.1 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.0.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP + name: postgresql + selector: + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/charts/postgres/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-postgres-headless + namespace: "kyootest" + labels: + helm.sh/chart: postgres-0.11.1 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.0.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + clusterIP: None + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP + name: postgresql + selector: + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/api/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-api + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + type: ClusterIP + ports: + - port: 3567 + targetPort: 3567 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/auth/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-auth + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + type: ClusterIP + ports: + - port: 4568 + targetPort: 4568 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/front/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-front + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + type: ClusterIP + ports: + - port: 8901 + targetPort: 8901 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/scanner/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-scanner + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + type: ClusterIP + ports: + - port: 4389 + targetPort: 4389 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/traefikproxy/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-traefik + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-traefik + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: traefik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: web + - port: 443 + targetPort: 443 + protocol: TCP + name: websecure + selector: + app.kubernetes.io/name: kyoo-traefik + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/transcoder/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-transcoder + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + type: ClusterIP + ports: + - port: 7666 + targetPort: 7666 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/api/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-api + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-api + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: api + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" + spec: + serviceAccountName: kyoo-api + initContainers: + containers: + - name: main + image: ghcr.io/zoriya/kyoo_api:edge + imagePullPolicy: IfNotPresent + args: + env: + - name: JWT_ISSUER + value: "https://kyootest.bitey.life" + - name: AUTH_SERVER + value: "http://kyoo-auth:4568" + - name: IMAGES_PATH + value: "/images" + - name: PGUSER + valueFrom: + secretKeyRef: + key: postgres_user + name: bigsecret + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: postgres_password + name: bigsecret + - name: PGDATABASE + value: kyoo_api + - name: PGHOST + value: "kyoo-postgres" + - name: PGPORT + value: "5432" + ports: + - name: main + containerPort: 3567 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: main + readinessProbe: + httpGet: + path: /ready + port: main + volumeMounts: + - name: apiimagedata + mountPath: /images + volumes: + - name: apiimagedata + persistentVolumeClaim: + claimName: kyoo-apimetadata +--- +# Source: kyoo/templates/auth/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-auth + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-auth + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: auth + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" + spec: + serviceAccountName: kyoo-auth + containers: + - name: main + image: ghcr.io/zoriya/keibi:edge + imagePullPolicy: IfNotPresent + args: + env: + - name: EXTRA_CLAIMS + value: "{\"permissions\": [\"core.read\"], \"verified\": false}" + - name: FIRST_USER_CLAIMS + value: "{\"permissions\": [\"users.read\", \"users.write\", \"apikeys.read\", \"apikeys.write\", \"users.delete\", \"core.read\", \"core.write\", \"scanner.trigger\"], \"verified\": true}" + - name: GUEST_CLAIMS + value: "{\"permissions\": [\"users.read\", \"users.write\", \"apikeys.read\", \"apikeys.write\", \"users.delete\", \"core.read\", \"core.write\", \"scanner.trigger\"], \"verified\": true}" + - name: PROTECTED_CLAIMS + value: "permissions,verified" + - name: PUBLIC_URL + value: "https://kyootest.bitey.life" + - name: KEIBI_APIKEY_SCANNER + valueFrom: + secretKeyRef: + key: scanner_apikey + name: bigsecret + - name: KEIBI_APIKEY_SCANNER_CLAIMS + value: "{\"permissions\": [\"core.write\"]}" + - name: PGUSER + valueFrom: + secretKeyRef: + key: postgres_user + name: bigsecret + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: postgres_password + name: bigsecret + - name: PGDATABASE + value: kyoo_auth + - name: PGHOST + value: "kyoo-postgres" + - name: PGPORT + value: "5432" + - name: PGSSLMODE + value: "prefer" + ports: + - name: main + containerPort: 4568 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: main + readinessProbe: + httpGet: + path: /ready + port: main +--- +# Source: kyoo/templates/front/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-front + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" + spec: + serviceAccountName: kyoo-front + containers: + - name: main + image: ghcr.io/zoriya/kyoo_front:edge + imagePullPolicy: IfNotPresent + args: + env: + - name: KYOO_URL + value: "http://kyoo-api:5000/api" + ports: + - name: main + containerPort: 8901 + protocol: TCP +--- +# Source: kyoo/templates/scanner/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-scanner + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" + spec: + serviceAccountName: kyoo-scanner + containers: + - name: main + image: ghcr.io/zoriya/kyoo_scanner:edge + imagePullPolicy: IfNotPresent + args: + env: + - name: SCANNER_LIBRARY_ROOT + value: "/media" + - name: LIBRARY_IGNORE_PATTERN + value: ".*/[dD]ownloads?/.*" + - name: KYOO_URL + value: "http://kyoo-traefik/api" + - name: JWKS_URL + value: "http://kyoo-auth:4568/.well-known/jwks.json" + - name: JWT_ISSUER + value: "https://kyootest.bitey.life" + - name: KYOO_APIKEY + valueFrom: + secretKeyRef: + key: scanner_apikey + name: bigsecret + - name: THEMOVIEDB_API_ACCESS_TOKEN + valueFrom: + secretKeyRef: + key: tmdb_apikey + name: bigsecret + optional: true + - name: PGUSER + valueFrom: + secretKeyRef: + key: postgres_user + name: bigsecret + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: postgres_password + name: bigsecret + - name: PGDATABASE + value: kyoo_scanner + - name: PGHOST + value: "kyoo-postgres" + - name: PGPORT + value: "5432" + ports: + - name: main + containerPort: 4389 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: main + readinessProbe: + httpGet: + path: /ready + port: main + volumeMounts: + - mountPath: /media + name: media + readOnly: true + volumes: + - name: media + nfs: + path: /spin0/media/movies + server: 192.168.1.179 +--- +# Source: kyoo/templates/traefikproxy/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-traefik + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-traefik + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: traefik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-traefik + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-traefik + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: traefik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" + spec: + serviceAccountName: kyoo-traefik + containers: + - name: main + image: docker.io/traefik:v3.5.3 + imagePullPolicy: IfNotPresent + args: + - --entryPoints.web.address=:80/tcp + - --entryPoints.websecure.address=:443/tcp + - --api.dashboard=true + - --api.insecure=true + - --log.level=INFO + - --providers.file.filename=/dynamic_config/dynamic_config.yaml + env: + ports: + - name: web + containerPort: 80 + protocol: TCP + - name: websecure + containerPort: 443 + protocol: TCP + - name: traefik + containerPort: 8080 + protocol: TCP + volumeMounts: + - name: config + mountPath: /dynamic_config + readOnly: true + volumes: + - name: config + configMap: + name: kyoo-traefik + items: + - key: dynamic_config.yaml + path: dynamic_config.yaml +--- +# Source: kyoo/templates/transcoder/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-transcoder + namespace: kyootest + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: kyoo-0.0.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "edge" + spec: + serviceAccountName: kyoo-transcoder + containers: + - name: main + image: ghcr.io/zoriya/kyoo_transcoder:edge + imagePullPolicy: IfNotPresent + args: + env: + - name: JWKS_URL + value: "http://kyoo-auth:4568/.well-known/jwks.json" + - name: GOCODER_HWACCEL + value: "disabled" + - name: GOCODER_PRESET + value: "fast" + - name: GOCODER_CACHE_ROOT + value: "/cache" + - name: GOCODER_METADATA_ROOT + value: "/metadata" + # the vaapi device path (only used with GOCODER_HWACCEL=vaapi) + - name: GOCODER_VAAPI_RENDERER + value: "/dev/dri/renderD128" + # the qsv device path (only used with GOCODER_HWACCEL=qsv) + - name: GOCODER_QSV_RENDERER + value: "/dev/dri/renderD128" + - name: GOCODER_SAFE_PATH + value: "/media" + - name: PGUSER + valueFrom: + secretKeyRef: + key: postgres_user + name: bigsecret + - name: PGPASSWORD + valueFrom: + secretKeyRef: + key: postgres_password + name: bigsecret + - name: PGDATABASE + value: "kyoo_transcoder" + - name: PGHOST + value: "kyoo-postgres" + - name: PGPORT + value: "5432" + - name: PGSSLMODE + value: "disable" + ports: + - name: main + containerPort: 7666 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: main + readinessProbe: + httpGet: + path: /ready + port: main + volumeMounts: + - mountPath: /media + name: media + readOnly: true + - name: transcodermetadata + mountPath: /metadata + - mountPath: /cache + name: cache + volumes: + - name: media + nfs: + path: /spin0/media/movies + server: 192.168.1.179 + - name: transcodermetadata + persistentVolumeClaim: + claimName: kyoo-transcodermetadata + - emptyDir: {} + name: cache +--- +# Source: kyoo/charts/postgres/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kyoo-postgres + namespace: kyootest + labels: + helm.sh/chart: postgres-0.11.1 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + serviceName: kyoo-postgres-headless + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: postgres-0.11.1 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.0.0" + app.kubernetes.io/managed-by: Helm + spec: + serviceAccountName: default + automountServiceAccountToken: false + securityContext: + fsGroup: 999 + containers: + - name: postgres + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + image: docker.io/postgres:18.0@sha256:1ffc019dae94eca6b09a49ca67d37398951346de3c3d0cfe23d8d4ca33da83fb + imagePullPolicy: Always + args: + - -c + - 'config_file=/etc/postgresql/postgresql.conf' + env: + - name: PGDATA + value: /var/lib/postgresql/18/docker + - name: POSTGRES_USER + value: kyoo_all + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: bigsecret + key: "postgres_password" + - name: POSTGRES_MAX_CONNECTIONS + value: "100" + ports: + - name: postgresql + containerPort: 5432 + protocol: TCP + livenessProbe: + exec: + command: + - /bin/bash + - -c + - | + pg_isready -U kyoo_all -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - /bin/bash + - -c + - | + pg_isready -U kyoo_all -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + startupProbe: + exec: + command: + - /bin/bash + - -c + - | + pg_isready -U kyoo_all -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + resources: + {} + volumeMounts: + - name: data + mountPath: /var/lib/postgresql + - name: config + mountPath: /etc/postgresql + - name: run + mountPath: /var/run/postgresql + - name: tmp + mountPath: /tmp + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + volumes: + - name: config + configMap: + name: kyoo-postgres + optional: true + - name: run + emptyDir: {} + - name: tmp + emptyDir: {} + - name: custom-init-scripts + configMap: + name: kyoo-postgres-init-scripts + defaultMode: 0755 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" diff --git a/chart/values.yaml b/chart/values.yaml index 214d7b09..2b9d496a 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -460,6 +460,10 @@ postgres: \connect {{ .Values.global.postgres.kyoo_api.database }}; REVOKE ALL ON SCHEMA public FROM PUBLIC; CREATE SCHEMA IF NOT EXISTS kyoo AUTHORIZATION {{ .Values.global.postgres.infra.user }}; + + CREATE EXTENSION IF NOT EXISTS pg_trgm SCHEMA kyoo; + SET pg_trgm.word_similarity_threshold = 0.4; + ALTER DATABASE {{ .Values.global.postgres.kyoo_api.database }} SET pg_trgm.word_similarity_threshold = 0.4; kyoo_auth.sql: | CREATE DATABASE {{ .Values.global.postgres.kyoo_auth.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; \connect {{ .Values.global.postgres.kyoo_auth.database }};