diff --git a/.gitignore b/.gitignore index 3d4a2b98..6ed2917f 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ log.html output.xml report.html +chart/charts +chart/Chart.lock \ No newline at end of file diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 00000000..86218111 --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,38 @@ +apiVersion: v2 +name: kyoo +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "4.7.0" + +dependencies: +- condition: meilisearch.enabled + name: meilisearch + repository: https://meilisearch.github.io/meilisearch-kubernetes + version: 0.10.1 +- condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 15.5.34 +- condition: rabbitmq.enabled + name: rabbitmq + repository: https://charts.bitnami.com/bitnami + version: 15.0.0 \ No newline at end of file diff --git a/chart/README.md b/chart/README.md new file mode 100644 index 00000000..664487fe --- /dev/null +++ b/chart/README.md @@ -0,0 +1,87 @@ +# helm chart + +# Recomendations +This helm chart includes subcharts for Meilisearch, Postgres, and RabbitMQ. Those resources should be managed outside of this Helm release. + +## Postgres +Kyoo consists of multiple microservices. Best practice is for each microservice to use its own database. Kyoo workloads support best practices or sharing a single postgres database. Please see the `POSTGRES_SCHEMA` setting for additional information. + +Strongly recomended to use a Kubernetes operator for managing Postgres. + +## Storage +Kyoo currently uses storage volumes for media, backend-storage, and transcoder-storage. Media content tends to consume a large amount of space and Kubernetes storage interfaces tend to replicate across nodes. Consider hosting the data outside of Kubernetes or assigning one node to handle storage. + +Storage for backend and transcoder will eventually be moved into a datastore application. + +# Quickstart +Below provides an example for deploying Kyoo and its dependencies. This is a minimalist setup that is not intended for longterm use. This approach uses a single Postgres instance and initializes mutliple databases. + +```sh +helm upgrade kyoo . --install --values myvalues.yaml +``` +`myvaules.yaml` content +```yaml +kyoo: + address: https://kyoo.mydomain.com +meilisearch: + enabled: true +postgresql: + enabled: true +rabbitmq: + enabled: true +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: bigsecret + type: Opaque + stringData: + #KYOO + # The following value should be set to a random sequence of characters. + # You MUST change it when installing kyoo (for security) + # You can input multiple api keys separated by a , + kyoo_apikeys: yHXWGsjfjE6sy6UxavqmTUYxgCFYek + # Keep those empty to use kyoo's default api key. You can also specify a custom API key if you want. + # go to https://www.themoviedb.org/settings/api and copy the api key (not the read access token, the api key) + tmdb_apikey: "" + tvdb_apikey: "" + tvdb_pin: "" + #RESOURCES + # meilisearch does not allow mapping their key in yet. + MEILI_MASTER_KEY: barkLike8SuperDucks + postgres_user: kyoo_all + postgres_password: watchSomething4me + rabbitmq_user: kyoo_all + rabbitmq_password: youAreAmazing2 + rabbitmq_cookie: mmmGoodCookie + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: back-storage + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: media + spec: + accessModes: + - "ReadOnlyMany" + resources: + requests: + storage: "3Gi" + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: transcoder-storage + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" +``` \ No newline at end of file diff --git a/chart/templates/_common.tpl b/chart/templates/_common.tpl new file mode 100644 index 00000000..5f0b677d --- /dev/null +++ b/chart/templates/_common.tpl @@ -0,0 +1,72 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kyoo.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kyoo.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kyoo.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create Kyoo app version +*/}} +{{- define "kyoo.defaultTag" -}} +{{- default .Chart.AppVersion .Values.global.image.tag }} +{{- end -}} + +{{/* +Return valid version label +*/}} +{{- define "kyoo.versionLabelValue" -}} +{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "kyoo.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "kyoo.labels" -}} +helm.sh/chart: {{ include "kyoo.chart" .context }} +{{ include "kyoo.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: kyoo +app.kubernetes.io/version: {{ include "kyoo.versionLabelValue" .context }} +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kyoo.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "kyoo.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl new file mode 100644 index 00000000..86a16a6e --- /dev/null +++ b/chart/templates/_helpers.tpl @@ -0,0 +1,114 @@ +{{/* +Create kyoo ingress name +*/}} +{{- define "kyoo.ingress.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) "ingress" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create kyoo autosync name +*/}} +{{- define "kyoo.autosync.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.autosync.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the autosync service account to use +*/}} +{{- define "kyoo.autosync.serviceAccountName" -}} +{{- if .Values.autosync.serviceAccount.create -}} + {{ default (include "kyoo.autosync.fullname" .) .Values.autosync.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.autosync.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo back name +*/}} +{{- define "kyoo.back.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.back.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the back service account to use +*/}} +{{- define "kyoo.back.serviceAccountName" -}} +{{- if .Values.back.serviceAccount.create -}} + {{ default (include "kyoo.back.fullname" .) .Values.back.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.back.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo front name +*/}} +{{- define "kyoo.front.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.front.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the front service account to use +*/}} +{{- define "kyoo.front.serviceAccountName" -}} +{{- if .Values.front.serviceAccount.create -}} + {{ default (include "kyoo.front.fullname" .) .Values.front.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.front.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo matcher name +*/}} +{{- define "kyoo.matcher.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.matcher.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the matcher service account to use +*/}} +{{- define "kyoo.matcher.serviceAccountName" -}} +{{- if .Values.matcher.serviceAccount.create -}} + {{ default (include "kyoo.matcher.fullname" .) .Values.matcher.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.matcher.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo scanner name +*/}} +{{- define "kyoo.scanner.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.scanner.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the scanner service account to use +*/}} +{{- define "kyoo.scanner.serviceAccountName" -}} +{{- if .Values.scanner.serviceAccount.create -}} + {{ default (include "kyoo.scanner.fullname" .) .Values.scanner.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.scanner.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo transcoder name +*/}} +{{- define "kyoo.transcoder.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.transcoder.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the transcoder service account to use +*/}} +{{- define "kyoo.transcoder.serviceAccountName" -}} +{{- if .Values.transcoder.serviceAccount.create -}} + {{ default (include "kyoo.transcoder.fullname" .) .Values.transcoder.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.transcoder.serviceAccount.name }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/chart/templates/autosync/deployment.yaml b/chart/templates/autosync/deployment.yaml new file mode 100644 index 00000000..1a793d24 --- /dev/null +++ b/chart/templates/autosync/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.autosync.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.autosync.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.autosync.name "name" .Values.autosync.name) | nindent 4 }} +spec: + replicas: {{ .Values.autosync.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.autosync.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.autosync.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.autosync.name "name" .Values.autosync.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.autosync.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.autosync.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.autosync.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.autosync.kyoo_autosync.image.repository | default (printf "%s/kyoo_autosync" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.autosync.kyoo_autosync.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.autosync.kyoo_autosync.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: RABBITMQ_HOST + value: {{ .Values.global.rabbitmq.host }} + - name: RABBITMQ_PORT + value: "{{ .Values.global.rabbitmq.port }}" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_autosync.userKey }} + name: {{ .Values.global.rabbitmq.kyoo_autosync.existingSecret }} + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_autosync.passwordKey }} + name: {{ .Values.global.rabbitmq.kyoo_autosync.existingSecret }} + {{- with (concat .Values.global.extraEnv .Values.autosync.kyoo_autosync.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.livenessProbe }} + livenessProbe: + {{- toYaml .Values.autosync.kyoo_autosync.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.readinessProbe }} + readinessProbe: + {{- toYaml .Values.autosync.kyoo_autosync.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.resources }} + resources: + {{- toYaml .Values.autosync.kyoo_autosync.resources | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.autosync.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.autosync.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/autosync/serviceaccount.yaml b/chart/templates/autosync/serviceaccount.yaml new file mode 100644 index 00000000..ef2dee88 --- /dev/null +++ b/chart/templates/autosync/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.autosync.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.autosync.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.autosync.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.autosync.name "name" .Values.autosync.name) | nindent 4 }} + {{- with .Values.autosync.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml new file mode 100644 index 00000000..b4d3659a --- /dev/null +++ b/chart/templates/back/deployment.yaml @@ -0,0 +1,195 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.back.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.back.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.back.name "name" .Values.back.name) | nindent 4 }} +spec: + replicas: {{ .Values.back.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.back.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.back.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.back.name "name" .Values.back.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.back.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.back.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.back.serviceAccountName" . }} + initContainers: + - name: migrations + image: {{ .Values.back.kyoo_migrations.image.repository | default (printf "%s/kyoo_migrations" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.back.kyoo_migrations.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.back.kyoo_migrations.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.userKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.passwordKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }} + - name: POSTGRES_DB + value: {{ .Values.global.postgres.kyoo_back.database }} + - name: POSTGRES_SERVER + value: {{ .Values.global.postgres.kyoo_back.host }} + - name: POSTGRES_PORT + value: "{{ .Values.global.postgres.kyoo_back.port }}" + {{- with .Values.back.extraInitContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + containers: + - name: main + image: {{ .Values.back.kyoo_back.image.repository | default (printf "%s/kyoo_back" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.back.kyoo_back.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.back.kyoo_back.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: TRANSCODER_URL + value: http://{{ include "kyoo.transcoder.fullname" . }}:7666 + - name: PUBLIC_URL + value: {{ .Values.kyoo.address }} + - name: REQUIRE_ACCOUNT_VERIFICATION + value: "{{ .Values.kyoo.requireAccountVerification }}" + - name: DEFAULT_PERMISSIONS + value: {{ .Values.kyoo.defaultPermissions }} + - name: UNLOGGED_PERMISSIONS + value: "{{ .Values.kyoo.unloggedPermissions }}" + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.apikey.apikeyKey }} + name: {{ .Values.kyoo.apikey.existingSecret }} + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_back.kyoo_back.userKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_back.kyoo_back.passwordKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }} + - name: POSTGRES_DB + value: {{ .Values.global.postgres.kyoo_back.database }} + - name: POSTGRES_SERVER + value: {{ .Values.global.postgres.kyoo_back.host }} + - name: POSTGRES_PORT + value: "{{ .Values.global.postgres.kyoo_back.port }}" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_back.userKey }} + name: {{ .Values.global.rabbitmq.kyoo_back.existingSecret }} + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_back.passwordKey }} + name: {{ .Values.global.rabbitmq.kyoo_back.existingSecret }} + - name: RABBITMQ_HOST + value: {{ .Values.global.rabbitmq.host }} + - name: RABBITMQ_PORT + value: "{{ .Values.global.rabbitmq.port }}" + - name: MEILI_HOST + value: "{{ .Values.global.meilisearch.proto }}://{{ .Values.global.meilisearch.host }}:{{ .Values.global.meilisearch.port }}" + - name: MEILI_MASTER_KEY + valueFrom: + secretKeyRef: + key: {{ .Values.global.meilisearch.kyoo_back.masterkeyKey }} + name: {{ .Values.global.meilisearch.kyoo_back.existingSecret }} + {{- if .Values.kyoo.oidc.enabled }} + - name: OIDC_SERVICE_NAME + value: {{ .Values.kyoo.oidc.name }} + - name: OIDC_SERVICE_LOGO + value: {{ .Values.kyoo.oidc.logo }} + - name: OIDC_SERVICE_CLIENTID + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.oidc.clientIdKey }} + name: {{ .Values.kyoo.oidc.existingSecret }} + - name: OIDC_SERVICE_SECRET + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.oidc.clientSecretKey }} + name: {{ .Values.kyoo.oidc.existingSecret }} + - name: OIDC_SERVICE_AUTHORIZATION + value: {{ .Values.kyoo.oidc.authorizationAddress }} + - name: OIDC_SERVICE_TOKEN + value: {{ .Values.kyoo.oidc.tokenAddress }} + - name: OIDC_SERVICE_PROFILE + value: {{ .Values.kyoo.oidc.profileAddress }} + - name: OIDC_SERVICE_SCOPE + value: {{ .Values.kyoo.oidc.scope }} + - name: OIDC_SERVICE_AUTHMETHOD + value: {{ .Values.kyoo.oidc.authMethod }} + {{- end }} + {{- with (concat .Values.global.extraEnv .Values.back.kyoo_back.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 5000 + protocol: TCP + {{- with .Values.back.kyoo_back.livenessProbe }} + livenessProbe: + {{- toYaml .Values.back.kyoo_back.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.readinessProbe }} + readinessProbe: + {{- toYaml .Values.back.kyoo_back.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.resources }} + resources: + {{- toYaml .Values.back.kyoo_back.resources | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.back.kyoo_back.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + volumes: + {{- with .Values.back.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.back.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/back/service.yaml b/chart/templates/back/service.yaml new file mode 100644 index 00000000..e906b326 --- /dev/null +++ b/chart/templates/back/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.back.service.annotations }} + annotations: + {{- range $key, $value := .Values.back.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.back.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.back.name "name" .Values.back.name) | nindent 4 }} + {{- with .Values.back.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.back.service.type }} + ports: + - port: 5000 + targetPort: 5000 + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.back.name) | nindent 4 }} diff --git a/chart/templates/back/serviceaccount.yaml b/chart/templates/back/serviceaccount.yaml new file mode 100644 index 00000000..95e071f0 --- /dev/null +++ b/chart/templates/back/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.back.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.back.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.back.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.back.name "name" .Values.back.name) | nindent 4 }} + {{- with .Values.back.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/extra-manifests.yaml b/chart/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/chart/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/chart/templates/front/deployment.yaml b/chart/templates/front/deployment.yaml new file mode 100644 index 00000000..608810bd --- /dev/null +++ b/chart/templates/front/deployment.yaml @@ -0,0 +1,89 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.front.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.front.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.front.name "name" .Values.front.name) | nindent 4 }} +spec: + replicas: {{ .Values.front.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.front.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.front.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.front.name "name" .Values.front.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.front.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.front.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.front.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.front.kyoo_front.image.repository | default (printf "%s/kyoo_front" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.front.kyoo_front.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.front.kyoo_front.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: KYOO_URL + value: http://{{ include "kyoo.back.fullname" . }}:5000 + {{- with (concat .Values.global.extraEnv .Values.front.kyoo_front.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 8901 + protocol: TCP + {{- with .Values.front.kyoo_front.livenessProbe }} + livenessProbe: + {{- toYaml .Values.front.kyoo_front.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.readinessProbe }} + readinessProbe: + {{- toYaml .Values.front.kyoo_front.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.resources }} + resources: + {{- toYaml .Values.front.kyoo_front.resources | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.front.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.front.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/front/service.yaml b/chart/templates/front/service.yaml new file mode 100644 index 00000000..c7a8ffbd --- /dev/null +++ b/chart/templates/front/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.front.service.annotations }} + annotations: + {{- range $key, $value := .Values.front.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.front.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.front.name "name" .Values.front.name) | nindent 4 }} + {{- with .Values.front.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.front.service.type }} + ports: + - port: 8901 + targetPort: 8901 + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.front.name) | nindent 4 }} diff --git a/chart/templates/front/serviceaccount.yaml b/chart/templates/front/serviceaccount.yaml new file mode 100644 index 00000000..190f91f9 --- /dev/null +++ b/chart/templates/front/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.front.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.front.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.front.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.front.name "name" .Values.front.name) | nindent 4 }} + {{- with .Values.front.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml new file mode 100644 index 00000000..512abc98 --- /dev/null +++ b/chart/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "kyoo.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" "ingress" "name" "ingress") | nindent 4 }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- range $key, $value := .Values.ingress.extraAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: "/" + pathType: Prefix + backend: + service: + name: {{ include "kyoo.front.fullname" . }} + port: + number: 8901 + - path: "/api" + pathType: Prefix + backend: + service: + name: {{ include "kyoo.back.fullname" . }} + port: + number: 5000 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/chart/templates/matcher/deployment.yaml b/chart/templates/matcher/deployment.yaml new file mode 100644 index 00000000..086f660c --- /dev/null +++ b/chart/templates/matcher/deployment.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.matcher.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.matcher.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.matcher.name "name" .Values.matcher.name) | nindent 4 }} +spec: + replicas: {{ .Values.matcher.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.matcher.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.matcher.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.matcher.name "name" .Values.matcher.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.matcher.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.matcher.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.matcher.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.matcher.kyoo_matcher.image.repository | default (printf "%s/kyoo_matcher" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.matcher.kyoo_matcher.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.matcher.kyoo_matcher.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.apikey.apikeyKey }} + name: {{ .Values.kyoo.apikey.existingSecret }} + - name: KYOO_URL + value: http://{{ include "kyoo.back.fullname" . }}:5000 + - name: LIBRARY_LANGUAGES + value: {{ .Values.kyoo.languages }} + - name: THEMOVIEDB_APIKEY + valueFrom: + secretKeyRef: + key: {{ .Values.contentdatabase.tmdb.apikeyKey }} + name: {{ .Values.contentdatabase.tmdb.existingSecret }} + - name: TVDB_APIKEY + valueFrom: + secretKeyRef: + key: {{ .Values.contentdatabase.tvdb.apikeyKey }} + name: {{ .Values.contentdatabase.tvdb.existingSecret }} + - name: TVDB_PIN + valueFrom: + secretKeyRef: + key: {{ .Values.contentdatabase.tvdb.pinKey }} + name: {{ .Values.contentdatabase.tvdb.existingSecret }} + - name: RABBITMQ_HOST + value: {{ .Values.global.rabbitmq.host }} + - name: RABBITMQ_PORT + value: "{{ .Values.global.rabbitmq.port }}" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_matcher.userKey }} + name: {{ .Values.global.rabbitmq.kyoo_matcher.existingSecret }} + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_matcher.passwordKey }} + name: {{ .Values.global.rabbitmq.kyoo_matcher.existingSecret }} + {{- with (concat .Values.global.extraEnv .Values.matcher.kyoo_matcher.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.livenessProbe }} + livenessProbe: + {{- toYaml .Values.matcher.kyoo_matcher.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.readinessProbe }} + readinessProbe: + {{- toYaml .Values.matcher.kyoo_matcher.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.resources }} + resources: + {{- toYaml .Values.matcher.kyoo_matcher.resources | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.matcher.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.matcher.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/matcher/serviceaccount.yaml b/chart/templates/matcher/serviceaccount.yaml new file mode 100644 index 00000000..e3053836 --- /dev/null +++ b/chart/templates/matcher/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.matcher.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.matcher.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.matcher.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.matcher.name "name" .Values.matcher.name) | nindent 4 }} + {{- with .Values.matcher.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/scanner/deployment.yaml b/chart/templates/scanner/deployment.yaml new file mode 100644 index 00000000..27862105 --- /dev/null +++ b/chart/templates/scanner/deployment.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.scanner.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.scanner.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.scanner.name "name" .Values.scanner.name) | nindent 4 }} +spec: + replicas: {{ .Values.scanner.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.scanner.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.scanner.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.scanner.name "name" .Values.scanner.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.scanner.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.scanner.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.scanner.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.scanner.kyoo_scanner.image.repository | default (printf "%s/kyoo_scanner" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.scanner.kyoo_scanner.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.scanner.kyoo_scanner.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: SCANNER_LIBRARY_ROOT + value: /data + - name: LIBRARY_IGNORE_PATTERN + value: "{{ .Values.kyoo.libraryIgnorePattern }}" + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.apikey.apikeyKey }} + name: {{ .Values.kyoo.apikey.existingSecret }} + - name: KYOO_URL + value: http://{{ include "kyoo.back.fullname" . }}:5000 + - name: LIBRARY_LANGUAGES + value: {{ .Values.kyoo.languages }} + - name: RABBITMQ_HOST + value: {{ .Values.global.rabbitmq.host }} + - name: RABBITMQ_PORT + value: "{{ .Values.global.rabbitmq.port }}" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_scanner.userKey }} + name: {{ .Values.global.rabbitmq.kyoo_scanner.existingSecret }} + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_scanner.passwordKey }} + name: {{ .Values.global.rabbitmq.kyoo_scanner.existingSecret }} + {{- with (concat .Values.global.extraEnv .Values.scanner.kyoo_scanner.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.livenessProbe }} + livenessProbe: + {{- toYaml .Values.scanner.kyoo_scanner.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.readinessProbe }} + readinessProbe: + {{- toYaml .Values.scanner.kyoo_scanner.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.resources }} + resources: + {{- toYaml .Values.scanner.kyoo_scanner.resources | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.media.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.scanner.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + volumes: + {{- with .Values.media.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scanner.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/scanner/serviceaccount.yaml b/chart/templates/scanner/serviceaccount.yaml new file mode 100644 index 00000000..1a9a113c --- /dev/null +++ b/chart/templates/scanner/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.scanner.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.scanner.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.scanner.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.scanner.name "name" .Values.scanner.name) | nindent 4 }} + {{- with .Values.scanner.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/transcoder/deployment.yaml b/chart/templates/transcoder/deployment.yaml new file mode 100644 index 00000000..530e1151 --- /dev/null +++ b/chart/templates/transcoder/deployment.yaml @@ -0,0 +1,129 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.transcoder.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.transcoder.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.transcoder.name "name" .Values.transcoder.name) | nindent 4 }} +spec: + replicas: {{ .Values.transcoder.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.transcoder.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.transcoder.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.transcoder.name "name" .Values.transcoder.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.transcoder.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.transcoder.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.transcoder.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.transcoder.kyoo_transcoder.image.repository | default (printf "%s/kyoo_transcoder" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.transcoder.kyoo_transcoder.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.transcoder.kyoo_transcoder.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: GOCODER_HWACCEL + value: {{ .Values.kyoo.transcoderAcceleration }} + - name: GOCODER_PRESET + value: {{ .Values.kyoo.transcoderPreset }} + - name: GOCODER_CACHE_ROOT + value: /cache + - name: GOCODER_METADATA_ROOT + value: /metadata + - name: GOCODER_PREFIX + value: /video + - name: GOCODER_SAFE_PATH + value: /data + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.userKey }} + name: {{ .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.existingSecret }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.passwordKey }} + name: {{ .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.existingSecret }} + - name: POSTGRES_DB + value: {{ .Values.global.postgres.kyoo_transcoder.database }} + - name: POSTGRES_SERVER + value: {{ .Values.global.postgres.kyoo_transcoder.host }} + - name: POSTGRES_PORT + value: "{{ .Values.global.postgres.kyoo_transcoder.port }}" + - name: POSTGRES_SCHEMA + value: "{{ .Values.global.postgres.kyoo_transcoder.schema }}" + {{- with (concat .Values.global.extraEnv .Values.transcoder.kyoo_transcoder.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 7666 + protocol: TCP + {{- with .Values.transcoder.kyoo_transcoder.livenessProbe }} + livenessProbe: + {{- toYaml .Values.transcoder.kyoo_transcoder.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.readinessProbe }} + readinessProbe: + {{- toYaml .Values.transcoder.kyoo_transcoder.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.resources }} + resources: + {{- toYaml .Values.transcoder.kyoo_transcoder.resources | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.media.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.transcoder.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + volumes: + {{- with .Values.media.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.transcoder.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.transcoder.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/transcoder/service.yaml b/chart/templates/transcoder/service.yaml new file mode 100644 index 00000000..20aaf15a --- /dev/null +++ b/chart/templates/transcoder/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.transcoder.service.annotations }} + annotations: + {{- range $key, $value := .Values.transcoder.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.transcoder.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.transcoder.name "name" .Values.transcoder.name) | nindent 4 }} + {{- with .Values.transcoder.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.transcoder.service.type }} + ports: + - port: 7666 + targetPort: 7666 + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.transcoder.name) | nindent 4 }} diff --git a/chart/templates/transcoder/serviceaccount.yaml b/chart/templates/transcoder/serviceaccount.yaml new file mode 100644 index 00000000..eed03aab --- /dev/null +++ b/chart/templates/transcoder/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.transcoder.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.transcoder.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.transcoder.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.transcoder.name "name" .Values.transcoder.name) | nindent 4 }} + {{- with .Values.transcoder.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 00000000..9464e459 --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,410 @@ +# Default values for kyoo. +global: + image: + repositoryBase: "ghcr.io/zoriya" + tag: "" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + deploymentAnnotations: {} + podAnnotations: {} + podLabels: {} + extraEnv: [] + + meilisearch: + proto: http + host: kyoo-meilisearch + port: 7700 + #infra is only used by subchart deployment + infra: + # DOES NOT SUPPORT SPECIFYING KEY. MUST BE NAMED `MEILI_MASTER_KEY` + existingSecret: bigsecret + kyoo_back: + masterkeyKey: MEILI_MASTER_KEY + existingSecret: bigsecret + postgres: + #infra is only used by subchart deployment + infra: + # subchart does not accept this global value in one place + # if updating be sure to also update postgresql.auth.username + user: kyoo_all + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_back: + host: kyoo-postgresql + port: 5432 + database: kyoo_back + kyoo_migrations: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_back: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_transcoder: + host: kyoo-postgresql + port: 5432 + database: kyoo_transcoder + # POSTGRES_SCHEMA disabled means application will not create the schema + # and will instead use the user's search path + schema: disabled + kyoo_transcoder: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + rabbitmq: + host: kyoo-rabbitmq + port: 5672 + # vhost is not used yet + # vhost: "" + #infra is only used by subchart deployment + infra: + # user must be manually aligned via rabbitmq.auth.user + passwordKey: rabbitmq_password + keyErlangCookie: rabbitmq_cookie + existingSecret: bigsecret + kyoo_autosync: + userKey: rabbitmq_user + passwordKey: rabbitmq_password + existingSecret: bigsecret + kyoo_back: + userKey: rabbitmq_user + passwordKey: rabbitmq_password + existingSecret: bigsecret + kyoo_matcher: + userKey: rabbitmq_user + passwordKey: rabbitmq_password + existingSecret: bigsecret + kyoo_scanner: + userKey: rabbitmq_user + passwordKey: rabbitmq_password + existingSecret: bigsecret + +kyoo: + address: "https://kyoo.mydomain.com" + requireAccountVerification: true + defaultPermissions: "overall.read,overall.play" + unloggedPermissions: "" + libraryIgnorePattern: ".*/[dD]ownloads?/.*" + languages: "en" + # hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia) + transcoderAcceleration: disabled + # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels + # warning: using vaapi hwaccel disable presets (they are not supported). + transcoderPreset: fast + apikey: + existingSecret: bigsecret + apikeyKey: kyoo_apikeys + oidc: + enabled: false + existingSecret: bigsecret + clientIdKey: clientId + clientSecretKey: clientSecret + name: YourPrettyName + logo: https://url-of-your-logo.com + authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth + tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token + profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo + scope: "email openid profile" + authMethod: ClientSecretBasic + +media: + volumes: + - name: media + persistentVolumeClaim: + claimName: media + # mounts should always be mounted to /data + volumeMounts: + - mountPath: /data + name: media + subPath: media + +contentdatabase: + # TheMovieDB + tmdb: + apikeyKey: tmdb_apikey + existingSecret: bigsecret + # TVDatabase + tvdb: + apikeyKey: tvdb_apikey + pinKey: tvdb_pin + existingSecret: bigsecret + +ingress: + enabled: false + ingressClassName: ~ + annotations: {} + extraAnnotations: {} + host: kyoo.mydomain.com + tls: false + tlsSecret: ~ + +autosync: + name: autosync + kyoo_autosync: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +back: + name: back + kyoo_migrations: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + kyoo_back: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + volumeMounts: + - mountPath: /metadata + name: back-storage + volumes: + - name: back-storage + persistentVolumeClaim: + claimName: back-storage + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +front: + name: front + kyoo_front: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +matcher: + name: matcher + kyoo_matcher: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + # workaround until dedicated image is created + extraArgs: + - matcher + extraEnv: [] + image: + # workaround until dedicated image is created + repository: ghcr.io/zoriya/kyoo_scanner + tag: ~ + # matcher does not support multiple replicas + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +scanner: + name: scanner + kyoo_scanner: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + # scanner does not support multiple replicas + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +transcoder: + name: transcoder + kyoo_transcoder: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + volumeMounts: + - mountPath: /metadata + name: transcoder-storage + - mountPath: /cache + name: cache + volumes: + - name: transcoder-storage + persistentVolumeClaim: + claimName: transcoder-storage + - name: cache + emptyDir: {} + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +# subchart settings +meilisearch: + enabled: false + environment: + MEILI_ENV: production + auth: + # DOES NOT SUPPORT SPECIFYING KEY. MUST BE NAMED `MEILI_MASTER_KEY` + existingMasterKeySecret: "{{ .Values.global.meilisearch.infra.existingSecret }}" + persistence: + enabled: true + size: 3Gi + +# subchart settings +postgresql: + enabled: false + auth: + # username is unable to reference global value + username: kyoo_all + existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}" + secretKeys: + # set the postgres user password to the same as our user + adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" + userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" + primary: + # create databases, schemas, and set search_path + initdb: + scripts: + # kyoo_back still requires public schema + # https://github.com/zoriya/Kyoo/issues/536 + kyoo_back.sql: | + CREATE DATABASE {{ .Values.global.postgres.kyoo_back.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; + \connect {{ .Values.global.postgres.kyoo_back.database }}; + CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; + kyoo_transcoder.sql: | + CREATE DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; + \connect {{ .Values.global.postgres.kyoo_transcoder.database }}; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; + user.sql: | + ALTER ROLE {{ .Values.global.postgres.infra.user }} + IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public; + ALTER ROLE {{ .Values.global.postgres.infra.user }} + IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data; + persistence: + size: 3Gi + +# subchart settings +rabbitmq: + enabled: false + auth: + # this will not read from a secret. just manually make the same + username: kyoo_all + existingPasswordSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}" + existingSecretPasswordKey: "{{ .Values.global.rabbitmq.infra.passwordKey }}" + existingErlangSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}" + existingSecretErlangKey: "{{ .Values.global.rabbitmq.infra.keyErlangCookie }}" + +# create extraObjects +# create secret bigsecret +# create pvc for each object +extraObjects: [] \ No newline at end of file diff --git a/shell.nix b/shell.nix index 6af174cf..0e91c3ba 100644 --- a/shell.nix +++ b/shell.nix @@ -36,6 +36,7 @@ in postgresql_15 pgformatter biome + kubernetes-helm go-migrate ];