From ccdd6a870920c69137782153e5af22fe108257e0 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Thu, 11 Jul 2024 03:32:08 +0000 Subject: [PATCH 01/30] add helm chart --- .gitignore | 2 + chart/.helmignore | 23 ++ chart/Chart.yaml | 38 ++ chart/README.md | 85 +++++ chart/templates/_common.tpl | 72 ++++ chart/templates/_helpers.tpl | 107 ++++++ chart/templates/autosync/deployment.yaml | 101 +++++ chart/templates/autosync/service.yaml | 24 ++ chart/templates/autosync/serviceaccount.yaml | 13 + chart/templates/back/deployment.yaml | 171 +++++++++ chart/templates/back/service.yaml | 24 ++ chart/templates/back/serviceaccount.yaml | 13 + chart/templates/extra-manifests.yaml | 8 + chart/templates/front/deployment.yaml | 89 +++++ chart/templates/front/service.yaml | 24 ++ chart/templates/front/serviceaccount.yaml | 13 + chart/templates/matcher/deployment.yaml | 115 ++++++ chart/templates/matcher/service.yaml | 24 ++ chart/templates/matcher/serviceaccount.yaml | 13 + chart/templates/scanner/deployment.yaml | 123 ++++++ chart/templates/scanner/service.yaml | 24 ++ chart/templates/scanner/serviceaccount.yaml | 13 + chart/templates/transcoder/deployment.yaml | 111 ++++++ chart/templates/transcoder/service.yaml | 24 ++ .../templates/transcoder/serviceaccount.yaml | 13 + chart/values.yaml | 359 ++++++++++++++++++ shell.nix | 1 + 27 files changed, 1627 insertions(+) create mode 100644 chart/.helmignore create mode 100644 chart/Chart.yaml create mode 100644 chart/README.md create mode 100644 chart/templates/_common.tpl create mode 100644 chart/templates/_helpers.tpl create mode 100644 chart/templates/autosync/deployment.yaml create mode 100644 chart/templates/autosync/service.yaml create mode 100644 chart/templates/autosync/serviceaccount.yaml create mode 100644 chart/templates/back/deployment.yaml create mode 100644 chart/templates/back/service.yaml create mode 100644 chart/templates/back/serviceaccount.yaml create mode 100644 chart/templates/extra-manifests.yaml create mode 100644 chart/templates/front/deployment.yaml create mode 100644 chart/templates/front/service.yaml create mode 100644 chart/templates/front/serviceaccount.yaml create mode 100644 chart/templates/matcher/deployment.yaml create mode 100644 chart/templates/matcher/service.yaml create mode 100644 chart/templates/matcher/serviceaccount.yaml create mode 100644 chart/templates/scanner/deployment.yaml create mode 100644 chart/templates/scanner/service.yaml create mode 100644 chart/templates/scanner/serviceaccount.yaml create mode 100644 chart/templates/transcoder/deployment.yaml create mode 100644 chart/templates/transcoder/service.yaml create mode 100644 chart/templates/transcoder/serviceaccount.yaml create mode 100644 chart/values.yaml diff --git a/.gitignore b/.gitignore index 3d4a2b98..6ed2917f 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ log.html output.xml report.html +chart/charts +chart/Chart.lock \ No newline at end of file diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 00000000..266e497b --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,38 @@ +apiVersion: v2 +name: kyoo +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "4.6.0" + +dependencies: +- condition: meilisearch.enabled + name: meilisearch + repository: https://meilisearch.github.io/meilisearch-kubernetes + version: 0.8.0 +- condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 15.5.14 +- condition: rabbitmq.enabled + name: rabbitmq + repository: https://charts.bitnami.com/bitnami + version: 14.4.2 \ No newline at end of file diff --git a/chart/README.md b/chart/README.md new file mode 100644 index 00000000..60f4ac23 --- /dev/null +++ b/chart/README.md @@ -0,0 +1,85 @@ +# helm chart + +# Recomendations +This helm chart includes subcharts for Meilisearch, Postgres, and RabbitMQ. Those resources should be managed outside of this Helm release. + +# Example Deployment +```sh +helm upgrade kyoo . --install --values myvalues.yaml +``` +`myvaules.yaml` content +```yaml +# If the helm release has another name other than kyoo +# subchart resources will be named $releasename-$resource + +# have seen other charts use "{{ .Release.Name }}-postgresql", but having issues + +# global: +# meilisearch: +# host: kyoo-meilisearch +# rabbitmq: +# host: kyoo-rabbitmq +# postgres: +# host: kyoo-postgresql +kyoo: + address: https://kyoo.mydomain.com +meilisearch: + enabled: true +postgresql: + enabled: true +rabbitmq: + enabled: true +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: bigsecret + type: Opaque + stringData: + #KYOO + # The following value should be set to a random sequence of characters. + # You MUST change it when installing kyoo (for security) + # You can input multiple api keys separated by a , + kyoo_apikeys: yHXWGsjfjE6sy6UxavqmTUYxgCFYek + # Keep those empty to use kyoo's default api key. You can also specify a custom API key if you want. + # go to https://www.themoviedb.org/settings/api and copy the api key (not the read access token, the api key) + tmdb_apikey: "" + #RESOURCES + # meilisearch does not allow mapping their key in yet. + MEILI_MASTER_KEY: barkLike8SuperDucks + postgres_user: kyoo_back + postgres_password: watchSomething4me + rabbitmq_user: kyoo_all + rabbitmq_password: youAreAmazing2 + rabbitmq_cookie: mmmGoodCookie + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: back-storage + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: media + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: transcoder-storage + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" +``` \ No newline at end of file diff --git a/chart/templates/_common.tpl b/chart/templates/_common.tpl new file mode 100644 index 00000000..5f0b677d --- /dev/null +++ b/chart/templates/_common.tpl @@ -0,0 +1,72 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kyoo.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kyoo.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kyoo.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create Kyoo app version +*/}} +{{- define "kyoo.defaultTag" -}} +{{- default .Chart.AppVersion .Values.global.image.tag }} +{{- end -}} + +{{/* +Return valid version label +*/}} +{{- define "kyoo.versionLabelValue" -}} +{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "kyoo.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "kyoo.labels" -}} +helm.sh/chart: {{ include "kyoo.chart" .context }} +{{ include "kyoo.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: kyoo +app.kubernetes.io/version: {{ include "kyoo.versionLabelValue" .context }} +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kyoo.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "kyoo.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl new file mode 100644 index 00000000..7d7ab73f --- /dev/null +++ b/chart/templates/_helpers.tpl @@ -0,0 +1,107 @@ +{{/* +Create kyoo autosync name +*/}} +{{- define "kyoo.autosync.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.autosync.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the autosync service account to use +*/}} +{{- define "kyoo.autosync.serviceAccountName" -}} +{{- if .Values.autosync.serviceAccount.create -}} + {{ default (include "kyoo.autosync.fullname" .) .Values.autosync.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.autosync.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo back name +*/}} +{{- define "kyoo.back.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.back.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the back service account to use +*/}} +{{- define "kyoo.back.serviceAccountName" -}} +{{- if .Values.back.serviceAccount.create -}} + {{ default (include "kyoo.back.fullname" .) .Values.back.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.back.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo front name +*/}} +{{- define "kyoo.front.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.front.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the front service account to use +*/}} +{{- define "kyoo.front.serviceAccountName" -}} +{{- if .Values.front.serviceAccount.create -}} + {{ default (include "kyoo.front.fullname" .) .Values.front.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.front.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo matcher name +*/}} +{{- define "kyoo.matcher.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.matcher.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the matcher service account to use +*/}} +{{- define "kyoo.matcher.serviceAccountName" -}} +{{- if .Values.matcher.serviceAccount.create -}} + {{ default (include "kyoo.matcher.fullname" .) .Values.matcher.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.matcher.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo scanner name +*/}} +{{- define "kyoo.scanner.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.scanner.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the scanner service account to use +*/}} +{{- define "kyoo.scanner.serviceAccountName" -}} +{{- if .Values.scanner.serviceAccount.create -}} + {{ default (include "kyoo.scanner.fullname" .) .Values.scanner.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.scanner.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create kyoo transcoder name +*/}} +{{- define "kyoo.transcoder.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.transcoder.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the transcoder service account to use +*/}} +{{- define "kyoo.transcoder.serviceAccountName" -}} +{{- if .Values.transcoder.serviceAccount.create -}} + {{ default (include "kyoo.transcoder.fullname" .) .Values.transcoder.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.transcoder.serviceAccount.name }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/chart/templates/autosync/deployment.yaml b/chart/templates/autosync/deployment.yaml new file mode 100644 index 00000000..0921d249 --- /dev/null +++ b/chart/templates/autosync/deployment.yaml @@ -0,0 +1,101 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.autosync.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.autosync.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.autosync.name "name" .Values.autosync.name) | nindent 4 }} +spec: + replicas: {{ .Values.autosync.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.autosync.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.autosync.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.autosync.name "name" .Values.autosync.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.autosync.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.autosync.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.autosync.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.autosync.kyoo_autosync.image.repository | default (printf "%s/kyoo_autosync" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.autosync.kyoo_autosync.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.autosync.kyoo_autosync.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: RABBITMQ_HOST + value: {{ .Values.global.rabbitmq.host }} + - name: RABBITMQ_PORT + value: "{{ .Values.global.rabbitmq.port }}" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_autosync.userKey }} + name: {{ .Values.global.rabbitmq.kyoo_autosync.existingSecret }} + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_autosync.passwordKey }} + name: {{ .Values.global.rabbitmq.kyoo_autosync.existingSecret }} + {{- with (concat .Values.global.extraEnv .Values.autosync.kyoo_autosync.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 80 + protocol: TCP + {{- with .Values.autosync.kyoo_autosync.livenessProbe }} + livenessProbe: + {{- toYaml .Values.autosync.kyoo_autosync.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.readinessProbe }} + readinessProbe: + {{- toYaml .Values.autosync.kyoo_autosync.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.resources }} + resources: + {{- toYaml .Values.autosync.kyoo_autosync.resources | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.autosync.kyoo_autosync.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.autosync.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.autosync.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/autosync/service.yaml b/chart/templates/autosync/service.yaml new file mode 100644 index 00000000..7754b6af --- /dev/null +++ b/chart/templates/autosync/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.autosync.service.annotations }} + annotations: + {{- range $key, $value := .Values.autosync.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.autosync.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.autosync.name "name" .Values.autosync.name) | nindent 4 }} + {{- with .Values.autosync.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.autosync.service.type }} + ports: + - port: 80 + targetPort: http + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.autosync.name) | nindent 4 }} diff --git a/chart/templates/autosync/serviceaccount.yaml b/chart/templates/autosync/serviceaccount.yaml new file mode 100644 index 00000000..ef2dee88 --- /dev/null +++ b/chart/templates/autosync/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.autosync.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.autosync.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.autosync.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.autosync.name "name" .Values.autosync.name) | nindent 4 }} + {{- with .Values.autosync.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml new file mode 100644 index 00000000..1e446444 --- /dev/null +++ b/chart/templates/back/deployment.yaml @@ -0,0 +1,171 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.back.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.back.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.back.name "name" .Values.back.name) | nindent 4 }} +spec: + replicas: {{ .Values.back.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.back.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.back.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.back.name "name" .Values.back.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.back.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.back.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.back.serviceAccountName" . }} + initContainers: + - name: migrations + image: {{ .Values.back.kyoo_migrations.image.repository | default (printf "%s/kyoo_migrations" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.back.kyoo_migrations.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.back.kyoo_migrations.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_migrations.userKey }} + name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_migrations.passwordKey }} + name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }} + - name: POSTGRES_DB + value: {{ .Values.global.postgres.database }} + - name: POSTGRES_SERVER + value: {{ .Values.global.postgres.host }} + - name: POSTGRES_PORT + value: "{{ .Values.global.postgres.port }}" + {{- with .Values.back.extraInitContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + containers: + - name: main + image: {{ .Values.back.kyoo_back.image.repository | default (printf "%s/kyoo_back" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.back.kyoo_back.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.back.kyoo_back.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: TRANSCODER_URL + value: http://{{ include "kyoo.transcoder.fullname" . }}:7666 + - name: PUBLIC_URL + value: {{ .Values.kyoo.address }} + - name: UNLOGGED_PERMISSIONS + value: {{ .Values.kyoo.unloggedPermissions }} + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.apikey.apikeyKey }} + name: {{ .Values.kyoo.apikey.existingSecret }} + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_back.userKey }} + name: {{ .Values.global.postgres.kyoo_back.existingSecret }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_back.passwordKey }} + name: {{ .Values.global.postgres.kyoo_back.existingSecret }} + - name: POSTGRES_DB + value: {{ .Values.global.postgres.database }} + - name: POSTGRES_SERVER + value: {{ .Values.global.postgres.host }} + - name: POSTGRES_PORT + value: "{{ .Values.global.postgres.port }}" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_back.userKey }} + name: {{ .Values.global.rabbitmq.kyoo_back.existingSecret }} + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_back.passwordKey }} + name: {{ .Values.global.rabbitmq.kyoo_back.existingSecret }} + - name: RABBITMQ_HOST + value: {{ .Values.global.rabbitmq.host }} + - name: RABBITMQ_PORT + value: "{{ .Values.global.rabbitmq.port }}" + - name: MEILI_HOST + value: "{{ .Values.global.meilisearch.proto }}://{{ .Values.global.meilisearch.host }}:{{ .Values.global.meilisearch.port }}" + - name: MEILI_MASTER_KEY + valueFrom: + secretKeyRef: + key: {{ .Values.global.meilisearch.kyoo_back.masterkeyKey }} + name: {{ .Values.global.meilisearch.kyoo_back.existingSecret }} + {{- with (concat .Values.global.extraEnv .Values.back.kyoo_back.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 5000 + protocol: TCP + {{- with .Values.back.kyoo_back.livenessProbe }} + livenessProbe: + {{- toYaml .Values.back.kyoo_back.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.readinessProbe }} + readinessProbe: + {{- toYaml .Values.back.kyoo_back.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.resources }} + resources: + {{- toYaml .Values.back.kyoo_back.resources | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.media.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.back.kyoo_back.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + volumes: + {{- with .Values.media.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.back.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.back.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/back/service.yaml b/chart/templates/back/service.yaml new file mode 100644 index 00000000..e906b326 --- /dev/null +++ b/chart/templates/back/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.back.service.annotations }} + annotations: + {{- range $key, $value := .Values.back.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.back.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.back.name "name" .Values.back.name) | nindent 4 }} + {{- with .Values.back.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.back.service.type }} + ports: + - port: 5000 + targetPort: 5000 + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.back.name) | nindent 4 }} diff --git a/chart/templates/back/serviceaccount.yaml b/chart/templates/back/serviceaccount.yaml new file mode 100644 index 00000000..95e071f0 --- /dev/null +++ b/chart/templates/back/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.back.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.back.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.back.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.back.name "name" .Values.back.name) | nindent 4 }} + {{- with .Values.back.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/extra-manifests.yaml b/chart/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/chart/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/chart/templates/front/deployment.yaml b/chart/templates/front/deployment.yaml new file mode 100644 index 00000000..608810bd --- /dev/null +++ b/chart/templates/front/deployment.yaml @@ -0,0 +1,89 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.front.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.front.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.front.name "name" .Values.front.name) | nindent 4 }} +spec: + replicas: {{ .Values.front.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.front.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.front.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.front.name "name" .Values.front.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.front.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.front.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.front.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.front.kyoo_front.image.repository | default (printf "%s/kyoo_front" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.front.kyoo_front.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.front.kyoo_front.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: KYOO_URL + value: http://{{ include "kyoo.back.fullname" . }}:5000 + {{- with (concat .Values.global.extraEnv .Values.front.kyoo_front.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 8901 + protocol: TCP + {{- with .Values.front.kyoo_front.livenessProbe }} + livenessProbe: + {{- toYaml .Values.front.kyoo_front.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.readinessProbe }} + readinessProbe: + {{- toYaml .Values.front.kyoo_front.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.resources }} + resources: + {{- toYaml .Values.front.kyoo_front.resources | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.front.kyoo_front.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.front.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.front.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/front/service.yaml b/chart/templates/front/service.yaml new file mode 100644 index 00000000..c7a8ffbd --- /dev/null +++ b/chart/templates/front/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.front.service.annotations }} + annotations: + {{- range $key, $value := .Values.front.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.front.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.front.name "name" .Values.front.name) | nindent 4 }} + {{- with .Values.front.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.front.service.type }} + ports: + - port: 8901 + targetPort: 8901 + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.front.name) | nindent 4 }} diff --git a/chart/templates/front/serviceaccount.yaml b/chart/templates/front/serviceaccount.yaml new file mode 100644 index 00000000..190f91f9 --- /dev/null +++ b/chart/templates/front/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.front.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.front.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.front.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.front.name "name" .Values.front.name) | nindent 4 }} + {{- with .Values.front.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/matcher/deployment.yaml b/chart/templates/matcher/deployment.yaml new file mode 100644 index 00000000..3b025f88 --- /dev/null +++ b/chart/templates/matcher/deployment.yaml @@ -0,0 +1,115 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.matcher.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.matcher.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.matcher.name "name" .Values.matcher.name) | nindent 4 }} +spec: + replicas: {{ .Values.matcher.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.matcher.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.matcher.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.matcher.name "name" .Values.matcher.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.matcher.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.matcher.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.matcher.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.matcher.kyoo_matcher.image.repository | default (printf "%s/kyoo_matcher" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.matcher.kyoo_matcher.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.matcher.kyoo_matcher.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.apikey.apikeyKey }} + name: {{ .Values.kyoo.apikey.existingSecret }} + - name: KYOO_URL + value: http://{{ include "kyoo.back.fullname" . }}:5000 + - name: LIBRARY_LANGUAGES + value: {{ .Values.kyoo.languages }} + - name: THEMOVIEDB_APIKEY + valueFrom: + secretKeyRef: + key: {{ .Values.contentdatabase.provider.tmdb.apikeyKey }} + name: {{ .Values.contentdatabase.provider.tmdb.existingSecret }} + - name: RABBITMQ_HOST + value: {{ .Values.global.rabbitmq.host }} + - name: RABBITMQ_PORT + value: "{{ .Values.global.rabbitmq.port }}" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_matcher.userKey }} + name: {{ .Values.global.rabbitmq.kyoo_matcher.existingSecret }} + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_matcher.passwordKey }} + name: {{ .Values.global.rabbitmq.kyoo_matcher.existingSecret }} + {{- with (concat .Values.global.extraEnv .Values.matcher.kyoo_matcher.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 80 + protocol: TCP + {{- with .Values.matcher.kyoo_matcher.livenessProbe }} + livenessProbe: + {{- toYaml .Values.matcher.kyoo_matcher.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.readinessProbe }} + readinessProbe: + {{- toYaml .Values.matcher.kyoo_matcher.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.resources }} + resources: + {{- toYaml .Values.matcher.kyoo_matcher.resources | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.matcher.kyoo_matcher.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.matcher.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.matcher.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/matcher/service.yaml b/chart/templates/matcher/service.yaml new file mode 100644 index 00000000..f0023d69 --- /dev/null +++ b/chart/templates/matcher/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.matcher.service.annotations }} + annotations: + {{- range $key, $value := .Values.matcher.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.matcher.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.matcher.name "name" .Values.matcher.name) | nindent 4 }} + {{- with .Values.matcher.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.matcher.service.type }} + ports: + - port: 80 + targetPort: http + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.matcher.name) | nindent 4 }} diff --git a/chart/templates/matcher/serviceaccount.yaml b/chart/templates/matcher/serviceaccount.yaml new file mode 100644 index 00000000..e3053836 --- /dev/null +++ b/chart/templates/matcher/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.matcher.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.matcher.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.matcher.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.matcher.name "name" .Values.matcher.name) | nindent 4 }} + {{- with .Values.matcher.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/scanner/deployment.yaml b/chart/templates/scanner/deployment.yaml new file mode 100644 index 00000000..9f4bef3d --- /dev/null +++ b/chart/templates/scanner/deployment.yaml @@ -0,0 +1,123 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.scanner.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.scanner.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.scanner.name "name" .Values.scanner.name) | nindent 4 }} +spec: + replicas: {{ .Values.scanner.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.scanner.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.scanner.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.scanner.name "name" .Values.scanner.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.scanner.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.scanner.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.scanner.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.scanner.kyoo_scanner.image.repository | default (printf "%s/kyoo_scanner" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.scanner.kyoo_scanner.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.scanner.kyoo_scanner.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: SCANNER_LIBRARY_ROOT + value: /data + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.apikey.apikeyKey }} + name: {{ .Values.kyoo.apikey.existingSecret }} + - name: KYOO_URL + value: http://{{ include "kyoo.back.fullname" . }}:5000 + - name: LIBRARY_LANGUAGES + value: {{ .Values.kyoo.languages }} + - name: THEMOVIEDB_APIKEY + valueFrom: + secretKeyRef: + key: {{ .Values.contentdatabase.provider.tmdb.apikeyKey }} + name: {{ .Values.contentdatabase.provider.tmdb.existingSecret }} + - name: RABBITMQ_HOST + value: {{ .Values.global.rabbitmq.host }} + - name: RABBITMQ_PORT + value: "{{ .Values.global.rabbitmq.port }}" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_scanner.userKey }} + name: {{ .Values.global.rabbitmq.kyoo_scanner.existingSecret }} + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: {{ .Values.global.rabbitmq.kyoo_scanner.passwordKey }} + name: {{ .Values.global.rabbitmq.kyoo_scanner.existingSecret }} + {{- with (concat .Values.global.extraEnv .Values.scanner.kyoo_scanner.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 80 + protocol: TCP + {{- with .Values.scanner.kyoo_scanner.livenessProbe }} + livenessProbe: + {{- toYaml .Values.scanner.kyoo_scanner.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.readinessProbe }} + readinessProbe: + {{- toYaml .Values.scanner.kyoo_scanner.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.resources }} + resources: + {{- toYaml .Values.scanner.kyoo_scanner.resources | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.media.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.scanner.kyoo_scanner.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.scanner.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + volumes: + {{- with .Values.media.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scanner.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/scanner/service.yaml b/chart/templates/scanner/service.yaml new file mode 100644 index 00000000..b67a299b --- /dev/null +++ b/chart/templates/scanner/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.scanner.service.annotations }} + annotations: + {{- range $key, $value := .Values.scanner.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.scanner.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.scanner.name "name" .Values.scanner.name) | nindent 4 }} + {{- with .Values.scanner.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.scanner.service.type }} + ports: + - port: 80 + targetPort: http + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.scanner.name) | nindent 4 }} diff --git a/chart/templates/scanner/serviceaccount.yaml b/chart/templates/scanner/serviceaccount.yaml new file mode 100644 index 00000000..1a9a113c --- /dev/null +++ b/chart/templates/scanner/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.scanner.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.scanner.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.scanner.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.scanner.name "name" .Values.scanner.name) | nindent 4 }} + {{- with .Values.scanner.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/templates/transcoder/deployment.yaml b/chart/templates/transcoder/deployment.yaml new file mode 100644 index 00000000..ab8a9b27 --- /dev/null +++ b/chart/templates/transcoder/deployment.yaml @@ -0,0 +1,111 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.transcoder.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "kyoo.transcoder.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.transcoder.name "name" .Values.transcoder.name) | nindent 4 }} +spec: + replicas: {{ .Values.transcoder.replicaCount }} + selector: + matchLabels: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.transcoder.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.transcoder.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.transcoder.name "name" .Values.transcoder.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.transcoder.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.transcoder.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kyoo.transcoder.serviceAccountName" . }} + containers: + - name: main + image: {{ .Values.transcoder.kyoo_transcoder.image.repository | default (printf "%s/kyoo_transcoder" .Values.global.image.repositoryBase) }}:{{ default (include "kyoo.defaultTag" .) .Values.transcoder.kyoo_transcoder.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy }} + args: + {{- with .Values.transcoder.kyoo_transcoder.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: GOCODER_HWACCEL + value: disabled + - name: GOCODER_PRESET + value: fast + - name: GOCODER_CACHE_ROOT + value: /cache + - name: GOCODER_METADATA_ROOT + value: /metadata + - name: GOCODER_PREFIX + value: /video + - name: GOCODER_SAFE_PATH + value: /data + {{- with (concat .Values.global.extraEnv .Values.transcoder.kyoo_transcoder.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: main + containerPort: 7666 + protocol: TCP + {{- with .Values.transcoder.kyoo_transcoder.livenessProbe }} + livenessProbe: + {{- toYaml .Values.transcoder.kyoo_transcoder.livenessProbe | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.readinessProbe }} + readinessProbe: + {{- toYaml .Values.transcoder.kyoo_transcoder.readinessProbe | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.resources }} + resources: + {{- toYaml .Values.transcoder.kyoo_transcoder.resources | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.media.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.transcoder.kyoo_transcoder.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.transcoder.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + volumes: + {{- with .Values.media.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.transcoder.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.transcoder.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/chart/templates/transcoder/service.yaml b/chart/templates/transcoder/service.yaml new file mode 100644 index 00000000..20aaf15a --- /dev/null +++ b/chart/templates/transcoder/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.transcoder.service.annotations }} + annotations: + {{- range $key, $value := .Values.transcoder.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ include "kyoo.transcoder.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.transcoder.name "name" .Values.transcoder.name) | nindent 4 }} + {{- with .Values.transcoder.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.transcoder.service.type }} + ports: + - port: 7666 + targetPort: 7666 + protocol: TCP + name: main + selector: + {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.transcoder.name) | nindent 4 }} diff --git a/chart/templates/transcoder/serviceaccount.yaml b/chart/templates/transcoder/serviceaccount.yaml new file mode 100644 index 00000000..eed03aab --- /dev/null +++ b/chart/templates/transcoder/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.transcoder.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.transcoder.serviceAccount.automount }} +metadata: + name: {{ include "kyoo.transcoder.serviceAccountName" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" .Values.transcoder.name "name" .Values.transcoder.name) | nindent 4 }} + {{- with .Values.transcoder.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 00000000..c4ce355b --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,359 @@ +# Default values for kyoo. +global: + image: + repositoryBase: "ghcr.io/zoriya" + tag: "" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + deploymentAnnotations: {} + podAnnotations: {} + podLabels: {} + extraEnv: [] + + meilisearch: + proto: http + host: kyoo-meilisearch + port: 7700 + #infra is only used by subchart deployment + infra: + # DOES NOT SUPPORT SPECIFYING KEY. MUST BE NAMED `MEILI_MASTER_KEY` + existingSecret: bigsecret + kyoo_back: + masterkeyKey: MEILI_MASTER_KEY + existingSecret: bigsecret + postgres: + host: kyoo-postgresql + port: 5432 + database: kyoo_back + #infra is only used by subchart deployment + infra: + # admin user is postgres + # default user is the database name + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_migrations: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_back: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + rabbitmq: + host: kyoo-rabbitmq + port: 5672 + # vhost is not used yet + # vhost: "" + #infra is only used by subchart deployment + infra: + # user must be manually aligned via rabbitmq.auth.user + passwordKey: rabbitmq_password + keyErlangCookie: rabbitmq_cookie + existingSecret: bigsecret + kyoo_autosync: + userKey: rabbitmq_user + passwordKey: rabbitmq_password + existingSecret: bigsecret + kyoo_back: + userKey: rabbitmq_user + passwordKey: rabbitmq_password + existingSecret: bigsecret + kyoo_matcher: + userKey: rabbitmq_user + passwordKey: rabbitmq_password + existingSecret: bigsecret + kyoo_scanner: + userKey: rabbitmq_user + passwordKey: rabbitmq_password + existingSecret: bigsecret + +kyoo: + address: "https://kyoo.mydomain.com" + unloggedPermissions: "overall.read,overall.play" + languages: "en" + apikey: + existingSecret: bigsecret + apikeyKey: kyoo_apikeys + +media: + volumes: + - name: media + persistentVolumeClaim: + claimName: media + # mounts should always be mounted to /data + volumeMounts: + - mountPath: /data + name: media + subPath: media + +contentdatabase: + provider: + tmdb: + apikeyKey: tmdb_apikey + existingSecret: bigsecret + +autosync: + name: autosync + kyoo_autosync: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +back: + name: back + kyoo_migrations: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + kyoo_back: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + volumeMounts: + - mountPath: /metadata + name: back-storage + volumes: + - name: back-storage + persistentVolumeClaim: + claimName: back-storage + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +front: + name: front + kyoo_front: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +matcher: + name: matcher + kyoo_matcher: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + # workaround until dedicated image is created + extraArgs: + - matcher + extraEnv: [] + image: + # workaround until dedicated image is created + repository: ghcr.io/zoriya/kyoo_scanner + tag: ~ + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +scanner: + name: scanner + kyoo_scanner: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +transcoder: + name: transcoder + kyoo_transcoder: + livenessProbe: {} + readinessProbe: {} + resources: {} + containerSecurityContext: {} + extraVolumeMounts: [] + extraArgs: [] + extraEnv: [] + image: + repository: ~ + tag: ~ + volumeMounts: + - mountPath: /metadata + name: transcoder-storage + - mountPath: /cache + name: cache + volumes: + - name: transcoder-storage + persistentVolumeClaim: + claimName: transcoder-storage + - name: cache + emptyDir: {} + replicaCount: 1 + podLabels: {} + deploymentAnnotations: {} + podAnnotations: {} + imagePullSecrets: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceAccount: + create: true + automount: true + annotations: {} + name: ~ + extraContainers: [] + extraInitContainers: [] + extraVolumes: [] + +# subchart settings +meilisearch: + enabled: false + environment: + MEILI_ENV: production + auth: + # DOES NOT SUPPORT SPECIFYING KEY. MUST BE NAMED `MEILI_MASTER_KEY` + existingMasterKeySecret: "{{ .Values.global.meilisearch.infra.existingSecret }}" + persistence: + enabled: true + size: 3Gi + # upstream set to -, disabling dynamic provisioning + # https://github.com/meilisearch/meilisearch-kubernetes/pull/235 + storageClass: ~ + +# subchart settings +postgresql: + enabled: false + auth: + # this does not read from a secret. not sure how to map + # just manually make the same + username: "kyoo_back" + database: "{{ .Values.global.postgres.database }}" + existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}" + secretKeys: + adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" + userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" + primary: + persistence: + size: 3Gi + +# subchart settings +rabbitmq: + enabled: false + auth: + # this does not read from a secret. not sure how to map + # just manually make the same + username: kyoo_all + existingPasswordSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}" + existingSecretPasswordKey: "{{ .Values.global.rabbitmq.infra.passwordKey }}" + existingErlangSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}" + existingSecretErlangKey: "{{ .Values.global.rabbitmq.infra.keyErlangCookie }}" + +# create extraObjects +# create secret bigsecret +# create pvc for each object +extraObjects: [] \ No newline at end of file diff --git a/shell.nix b/shell.nix index 62457365..c61f0250 100644 --- a/shell.nix +++ b/shell.nix @@ -36,6 +36,7 @@ in postgresql_15 pgformatter biome + kubernetes-helm ]; DOTNET_ROOT = "${dotnet}"; From 4a3a5bfa8d4686a23411a3c9a2ad2be782bded8f Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Thu, 11 Jul 2024 05:17:49 +0000 Subject: [PATCH 02/30] align to 63 + comment --- chart/templates/_helpers.tpl | 12 ++++++------ chart/values.yaml | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 7d7ab73f..551f7b18 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -2,7 +2,7 @@ Create kyoo autosync name */}} {{- define "kyoo.autosync.fullname" -}} -{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.autosync.name | trunc 52 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.autosync.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -20,7 +20,7 @@ Create the name of the autosync service account to use Create kyoo back name */}} {{- define "kyoo.back.fullname" -}} -{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.back.name | trunc 52 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.back.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -38,7 +38,7 @@ Create the name of the back service account to use Create kyoo front name */}} {{- define "kyoo.front.fullname" -}} -{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.front.name | trunc 52 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.front.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -56,7 +56,7 @@ Create the name of the front service account to use Create kyoo matcher name */}} {{- define "kyoo.matcher.fullname" -}} -{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.matcher.name | trunc 52 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.matcher.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -74,7 +74,7 @@ Create the name of the matcher service account to use Create kyoo scanner name */}} {{- define "kyoo.scanner.fullname" -}} -{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.scanner.name | trunc 52 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.scanner.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -92,7 +92,7 @@ Create the name of the scanner service account to use Create kyoo transcoder name */}} {{- define "kyoo.transcoder.fullname" -}} -{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.transcoder.name | trunc 52 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) .Values.transcoder.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* diff --git a/chart/values.yaml b/chart/values.yaml index c4ce355b..4df9f0ea 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -250,6 +250,7 @@ scanner: image: repository: ~ tag: ~ + # scanner does not support multiple replicas replicaCount: 1 podLabels: {} deploymentAnnotations: {} From 3cfd3ef3b08ff30d79f37b583229ac21853b12a1 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Thu, 11 Jul 2024 05:20:08 +0000 Subject: [PATCH 03/30] add comment --- chart/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/chart/values.yaml b/chart/values.yaml index 4df9f0ea..7761778f 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -219,6 +219,7 @@ matcher: # workaround until dedicated image is created repository: ghcr.io/zoriya/kyoo_scanner tag: ~ + # matcher does not support multiple replicas replicaCount: 1 podLabels: {} deploymentAnnotations: {} From 8e4bf1e1cd53b8545b3fcb13bde9157eba5eebe3 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Thu, 11 Jul 2024 05:32:10 +0000 Subject: [PATCH 04/30] remove unneeded setting --- chart/argotest.yaml | 129 ++ chart/manualtest.yaml | 1694 +++++++++++++++++++++++ chart/templates/scanner/deployment.yaml | 5 - chart/test.yaml | 61 + 4 files changed, 1884 insertions(+), 5 deletions(-) create mode 100644 chart/argotest.yaml create mode 100644 chart/manualtest.yaml create mode 100644 chart/test.yaml diff --git a/chart/argotest.yaml b/chart/argotest.yaml new file mode 100644 index 00000000..4a5f3a33 --- /dev/null +++ b/chart/argotest.yaml @@ -0,0 +1,129 @@ +--- +kind: Namespace +apiVersion: v1 +metadata: + name: kyoo +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kyoo + namespace: argocd +spec: + destination: + namespace: kyoo + server: https://kubernetes.default.svc + project: homelab + source: + path: chart/ + repoURL: https://github.com/acelinkio/Kyoo.git + targetRevision: feature/helmchart + helm: + valuesObject: + kyoo: + address: https://kyoo.acelink.io + meilisearch: + enabled: true + postgresql: + enabled: true + rabbitmq: + enabled: true + extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: bigsecret + type: Opaque + stringData: + kyoo_apikeys: yHXWGsjfjE6sy6UxavqmTUYxgCFYek + tmdb_apikey: "" + MEILI_MASTER_KEY: barkLike8SuperDucks + postgres_user: kyoo_back + postgres_password: watchSomething4me + rabbitmq_user: kyoo_all + rabbitmq_password: youAreAmazing2 + rabbitmq_cookie: mmmGoodCookie + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: back-storage + spec: + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "3Gi" + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: media + spec: + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "3Gi" + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: transcoder-storage + spec: + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "3Gi" +--- +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: kyoo + namespace: kyoo + annotations: + external-dns.custom/type: private +spec: + endpoints: + - dnsName: kyoo.acelink.io + recordType: CNAME + targets: + - intgw.acelink.io + providerSpecific: + - name: external-dns.alpha.kubernetes.io/cloudflare-proxied + value: "false" +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: kyoo + namespace: kyoo +spec: + parentRefs: + - name: internal + namespace: gateway + sectionName: https + - name: external + namespace: gateway + sectionName: https + hostnames: + - "kyoo.acelink.io" + rules: + - matches: + - path: + type: PathPrefix + value: /api + backendRefs: + - name: kyoo-back + port: 5000 + filters: + - type: URLRewrite + urlRewrite: + path: + type: ReplacePrefixMatch + replacePrefixMatch: / + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: kyoo-front + port: 8901 \ No newline at end of file diff --git a/chart/manualtest.yaml b/chart/manualtest.yaml new file mode 100644 index 00000000..19ad5b01 --- /dev/null +++ b/chart/manualtest.yaml @@ -0,0 +1,1694 @@ +--- +# Source: kyoo/charts/postgresql/templates/primary/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: kyoo-postgresql + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.14 + app.kubernetes.io/component: primary +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + - ports: + - port: 5432 +--- +# Source: kyoo/charts/rabbitmq/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: kyoo-rabbitmq + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: rabbitmq + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + # Allow inbound connections to RabbitMQ + - ports: + - port: 4369 + - port: 5672 + - port: 5671 + - port: 25672 + - port: 15672 +--- +# Source: kyoo/charts/postgresql/templates/primary/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: kyoo-postgresql + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.14 + app.kubernetes.io/component: primary +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: kyoo/charts/rabbitmq/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: kyoo-rabbitmq + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: rabbitmq +--- +# Source: kyoo/charts/meilisearch/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kyoo-meilisearch + labels: + helm.sh/chart: meilisearch-0.8.0 + app.kubernetes.io/name: meilisearch + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "v1.9.0" + app.kubernetes.io/component: search-engine + app.kubernetes.io/part-of: meilisearch + app.kubernetes.io/managed-by: Helm +--- +# Source: kyoo/charts/postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kyoo-postgresql + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.14 +automountServiceAccountToken: false +--- +# Source: kyoo/charts/rabbitmq/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kyoo-rabbitmq + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +automountServiceAccountToken: false +secrets: + - name: bigsecret +--- +# Source: kyoo/templates/autosync/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-autosync + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-autosync + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: autosync + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +--- +# Source: kyoo/templates/back/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-back + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-back + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: back + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +--- +# Source: kyoo/templates/front/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-front + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +--- +# Source: kyoo/templates/matcher/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-matcher + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-matcher + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: matcher + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +--- +# Source: kyoo/templates/scanner/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-scanner + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +--- +# Source: kyoo/templates/transcoder/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: kyoo-transcoder + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +--- +# Source: kyoo/charts/rabbitmq/templates/config-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: kyoo-rabbitmq-config + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +type: Opaque +data: + rabbitmq.conf: |- + IyMgVXNlcm5hbWUgYW5kIHBhc3N3b3JkCmRlZmF1bHRfdXNlciA9IGt5b29fYWxsCiMjIENsdXN0ZXJpbmcKIyMKY2x1c3Rlcl9uYW1lID0ga3lvby1yYWJiaXRtcQpjbHVzdGVyX2Zvcm1hdGlvbi5wZWVyX2Rpc2NvdmVyeV9iYWNrZW5kICA9IHJhYmJpdF9wZWVyX2Rpc2NvdmVyeV9rOHMKY2x1c3Rlcl9mb3JtYXRpb24uazhzLmhvc3QgPSBrdWJlcm5ldGVzLmRlZmF1bHQKY2x1c3Rlcl9mb3JtYXRpb24uazhzLmFkZHJlc3NfdHlwZSA9IGhvc3RuYW1lCmNsdXN0ZXJfZm9ybWF0aW9uLms4cy5zZXJ2aWNlX25hbWUgPSBreW9vLXJhYmJpdG1xLWhlYWRsZXNzCmNsdXN0ZXJfZm9ybWF0aW9uLms4cy5ob3N0bmFtZV9zdWZmaXggPSAua3lvby1yYWJiaXRtcS1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsCmNsdXN0ZXJfZm9ybWF0aW9uLm5vZGVfY2xlYW51cC5pbnRlcnZhbCA9IDEwCmNsdXN0ZXJfZm9ybWF0aW9uLm5vZGVfY2xlYW51cC5vbmx5X2xvZ193YXJuaW5nID0gdHJ1ZQpjbHVzdGVyX3BhcnRpdGlvbl9oYW5kbGluZyA9IGF1dG9oZWFsCgojIHF1ZXVlIG1hc3RlciBsb2NhdG9yCnF1ZXVlX21hc3Rlcl9sb2NhdG9yID0gbWluLW1hc3RlcnMKIyBlbmFibGUgbG9vcGJhY2sgdXNlcgpsb29wYmFja191c2Vycy5reW9vX2FsbCA9IGZhbHNlCiNkZWZhdWx0X3Zob3N0ID0gZGVmYXVsdC12aG9zdAojZGlza19mcmVlX2xpbWl0LmFic29sdXRlID0gNTBNQgojIyBQcm9tZXRoZXVzIG1ldHJpY3MKIyMKcHJvbWV0aGV1cy50Y3AucG9ydCA9IDk0MTk= +--- +# Source: kyoo/templates/extra-manifests.yaml +apiVersion: v1 +kind: Secret +metadata: + name: bigsecret +stringData: + MEILI_MASTER_KEY: barkLike8SuperDucks + kyoo_apikeys: yHXWGsjfjE6sy6UxavqmTUYxgCFYek + postgres_password: watchSomething4me + postgres_user: kyoo_back + rabbitmq_cookie: mmmGoodCookie + rabbitmq_password: youAreAmazing2 + rabbitmq_user: kyoo_all + tmdb_apikey: "" +type: Opaque +--- +# Source: kyoo/charts/meilisearch/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: kyoo-meilisearch-environment + labels: + helm.sh/chart: meilisearch-0.8.0 + app.kubernetes.io/name: meilisearch + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "v1.9.0" + app.kubernetes.io/component: search-engine + app.kubernetes.io/part-of: meilisearch + app.kubernetes.io/managed-by: Helm +data: + MEILI_ENV: "production" + MEILI_NO_ANALYTICS: "true" +--- +# Source: kyoo/charts/meilisearch/templates/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: kyoo-meilisearch + labels: + helm.sh/chart: meilisearch-0.8.0 + app.kubernetes.io/name: meilisearch + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "v1.9.0" + app.kubernetes.io/component: search-engine + app.kubernetes.io/part-of: meilisearch + app.kubernetes.io/managed-by: Helm +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" +--- +# Source: kyoo/templates/extra-manifests.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: back-storage +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi +--- +# Source: kyoo/templates/extra-manifests.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: media +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi +--- +# Source: kyoo/templates/extra-manifests.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: transcoder-storage +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi +--- +# Source: kyoo/charts/rabbitmq/templates/role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kyoo-rabbitmq-endpoint-reader + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] +--- +# Source: kyoo/charts/rabbitmq/templates/rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kyoo-rabbitmq-endpoint-reader + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +subjects: + - kind: ServiceAccount + name: kyoo-rabbitmq +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kyoo-rabbitmq-endpoint-reader +--- +# Source: kyoo/charts/meilisearch/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-meilisearch + labels: + helm.sh/chart: meilisearch-0.8.0 + app.kubernetes.io/name: meilisearch + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "v1.9.0" + app.kubernetes.io/component: search-engine + app.kubernetes.io/part-of: meilisearch + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 7700 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: meilisearch + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/charts/postgresql/templates/primary/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-postgresql-hl + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.14 + app.kubernetes.io/component: primary + annotations: +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: kyoo/charts/postgresql/templates/primary/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-postgresql + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.14 + app.kubernetes.io/component: primary +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + nodePort: null + selector: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: kyoo/charts/rabbitmq/templates/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-rabbitmq-headless + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +spec: + clusterIP: None + ports: + - name: epmd + port: 4369 + targetPort: epmd + - name: amqp + port: 5672 + targetPort: amqp + - name: dist + port: 25672 + targetPort: dist + - name: http-stats + port: 15672 + targetPort: stats + selector: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: rabbitmq + publishNotReadyAddresses: true +--- +# Source: kyoo/charts/rabbitmq/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-rabbitmq + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: amqp + port: 5672 + targetPort: amqp + nodePort: null + - name: epmd + port: 4369 + targetPort: epmd + nodePort: null + - name: dist + port: 25672 + targetPort: dist + nodePort: null + - name: http-stats + port: 15672 + targetPort: stats + nodePort: null + selector: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: rabbitmq +--- +# Source: kyoo/templates/autosync/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-autosync + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-autosync + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: autosync + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-autosync + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/back/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-back + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-back + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: back + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + type: ClusterIP + ports: + - port: 5000 + targetPort: 5000 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-back + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/front/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-front + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + type: ClusterIP + ports: + - port: 8901 + targetPort: 8901 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/matcher/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-matcher + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-matcher + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: matcher + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-matcher + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/scanner/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-scanner + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/transcoder/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: kyoo-transcoder + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + type: ClusterIP + ports: + - port: 7666 + targetPort: 7666 + protocol: TCP + name: main + selector: + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo +--- +# Source: kyoo/templates/autosync/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-autosync + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-autosync + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: autosync + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-autosync + app.kubernetes.io/instance: kyoo + template: + metadata: + annotations: + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-autosync + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: autosync + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" + spec: + serviceAccountName: kyoo-autosync + containers: + - name: main + image: ghcr.io/zoriya/kyoo_autosync:4.6.0 + imagePullPolicy: IfNotPresent + args: + env: + - name: RABBITMQ_HOST + value: kyoo-rabbitmq + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: rabbitmq_user + name: bigsecret + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: rabbitmq_password + name: bigsecret + ports: + - name: main + containerPort: 80 + protocol: TCP +--- +# Source: kyoo/templates/back/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-back + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-back + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: back + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-back + app.kubernetes.io/instance: kyoo + template: + metadata: + annotations: + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-back + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: back + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" + spec: + serviceAccountName: kyoo-back + initContainers: + - name: migrations + image: ghcr.io/zoriya/kyoo_migrations:4.6.0 + imagePullPolicy: IfNotPresent + args: + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: postgres_user + name: bigsecret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres_password + name: bigsecret + - name: POSTGRES_DB + value: kyoo_back + - name: POSTGRES_SERVER + value: kyoo-postgresql + - name: POSTGRES_PORT + value: "5432" + containers: + - name: main + image: ghcr.io/zoriya/kyoo_back:4.6.0 + imagePullPolicy: IfNotPresent + args: + env: + - name: TRANSCODER_URL + value: http://kyoo-transcoder:7666 + - name: PUBLIC_URL + value: https://kyoo.acelink.io + - name: UNLOGGED_PERMISSIONS + value: overall.read,overall.play + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: kyoo_apikeys + name: bigsecret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: postgres_user + name: bigsecret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres_password + name: bigsecret + - name: POSTGRES_DB + value: kyoo_back + - name: POSTGRES_SERVER + value: kyoo-postgresql + - name: POSTGRES_PORT + value: "5432" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: rabbitmq_user + name: bigsecret + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: rabbitmq_password + name: bigsecret + - name: RABBITMQ_HOST + value: kyoo-rabbitmq + - name: RABBITMQ_PORT + value: "5672" + - name: MEILI_HOST + value: "http://kyoo-meilisearch:7700" + - name: MEILI_MASTER_KEY + valueFrom: + secretKeyRef: + key: MEILI_MASTER_KEY + name: bigsecret + ports: + - name: main + containerPort: 5000 + protocol: TCP + volumeMounts: + - mountPath: /data + name: media + subPath: media + - mountPath: /metadata + name: back-storage + volumes: + - name: media + persistentVolumeClaim: + claimName: media + - name: back-storage + persistentVolumeClaim: + claimName: back-storage +--- +# Source: kyoo/templates/front/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-front + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + template: + metadata: + annotations: + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-front + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: front + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" + spec: + serviceAccountName: kyoo-front + containers: + - name: main + image: ghcr.io/zoriya/kyoo_front:4.6.0 + imagePullPolicy: IfNotPresent + args: + env: + - name: KYOO_URL + value: http://kyoo-back:5000 + ports: + - name: main + containerPort: 8901 + protocol: TCP +--- +# Source: kyoo/templates/matcher/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-matcher + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-matcher + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: matcher + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-matcher + app.kubernetes.io/instance: kyoo + template: + metadata: + annotations: + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-matcher + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: matcher + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" + spec: + serviceAccountName: kyoo-matcher + containers: + - name: main + image: ghcr.io/zoriya/kyoo_scanner:4.6.0 + imagePullPolicy: IfNotPresent + args: + - matcher + env: + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: kyoo_apikeys + name: bigsecret + - name: KYOO_URL + value: http://kyoo-back:5000 + - name: LIBRARY_LANGUAGES + value: en + - name: THEMOVIEDB_APIKEY + valueFrom: + secretKeyRef: + key: tmdb_apikey + name: bigsecret + - name: RABBITMQ_HOST + value: kyoo-rabbitmq + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: rabbitmq_user + name: bigsecret + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: rabbitmq_password + name: bigsecret + ports: + - name: main + containerPort: 80 + protocol: TCP +--- +# Source: kyoo/templates/scanner/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-scanner + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + template: + metadata: + annotations: + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-scanner + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: scanner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" + spec: + serviceAccountName: kyoo-scanner + containers: + - name: main + image: ghcr.io/zoriya/kyoo_scanner:4.6.0 + imagePullPolicy: IfNotPresent + args: + env: + - name: SCANNER_LIBRARY_ROOT + value: /data + - name: KYOO_APIKEYS + valueFrom: + secretKeyRef: + key: kyoo_apikeys + name: bigsecret + - name: KYOO_URL + value: http://kyoo-back:5000 + - name: LIBRARY_LANGUAGES + value: en + - name: THEMOVIEDB_APIKEY + valueFrom: + secretKeyRef: + key: tmdb_apikey + name: bigsecret + - name: RABBITMQ_HOST + value: kyoo-rabbitmq + - name: RABBITMQ_PORT + value: "5672" + - name: RABBITMQ_DEFAULT_USER + valueFrom: + secretKeyRef: + key: rabbitmq_user + name: bigsecret + - name: RABBITMQ_DEFAULT_PASS + valueFrom: + secretKeyRef: + key: rabbitmq_password + name: bigsecret + ports: + - name: main + containerPort: 80 + protocol: TCP + volumeMounts: + - mountPath: /data + name: media + subPath: media + volumes: + - name: media + persistentVolumeClaim: + claimName: media +--- +# Source: kyoo/templates/transcoder/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kyoo-transcoder + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + template: + metadata: + annotations: + labels: + helm.sh/chart: kyoo-0.1.0 + app.kubernetes.io/name: kyoo-transcoder + app.kubernetes.io/instance: kyoo + app.kubernetes.io/component: transcoder + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kyoo + app.kubernetes.io/version: "4.6.0" + spec: + serviceAccountName: kyoo-transcoder + containers: + - name: main + image: ghcr.io/zoriya/kyoo_transcoder:4.6.0 + imagePullPolicy: IfNotPresent + args: + env: + - name: GOCODER_HWACCEL + value: disabled + - name: GOCODER_PRESET + value: fast + - name: GOCODER_CACHE_ROOT + value: /cache + - name: GOCODER_METADATA_ROOT + value: /metadata + - name: GOCODER_PREFIX + value: /video + - name: GOCODER_SAFE_PATH + value: /data + ports: + - name: main + containerPort: 7666 + protocol: TCP + volumeMounts: + - mountPath: /data + name: media + subPath: media + - mountPath: /metadata + name: transcoder-storage + - mountPath: /cache + name: cache + volumes: + - name: media + persistentVolumeClaim: + claimName: media + - name: transcoder-storage + persistentVolumeClaim: + claimName: transcoder-storage + - emptyDir: {} + name: cache +--- +# Source: kyoo/charts/meilisearch/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kyoo-meilisearch + labels: + helm.sh/chart: meilisearch-0.8.0 + app.kubernetes.io/name: meilisearch + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "v1.9.0" + app.kubernetes.io/component: search-engine + app.kubernetes.io/part-of: meilisearch + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + serviceName: kyoo-meilisearch + selector: + matchLabels: + app.kubernetes.io/name: meilisearch + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: meilisearch-0.8.0 + app.kubernetes.io/name: meilisearch + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "v1.9.0" + app.kubernetes.io/component: search-engine + app.kubernetes.io/part-of: meilisearch + app.kubernetes.io/managed-by: Helm + annotations: + checksum/config: a223d94e2a4d666aa80b9fbd42d2edf4151fd626716414b411f985771893b74d + spec: + serviceAccountName: kyoo-meilisearch + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumes: + - name: tmp + emptyDir: {} + - name: data + persistentVolumeClaim: + claimName: kyoo-meilisearch + + + + containers: + - name: meilisearch + image: "getmeili/meilisearch:v1.9.0" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - name: tmp + mountPath: /tmp + - name: data + mountPath: /meili_data + envFrom: + - configMapRef: + name: kyoo-meilisearch-environment + - secretRef: + name: bigsecret + ports: + - name: http + containerPort: 7700 + protocol: TCP + startupProbe: + httpGet: + path: /health + port: http + periodSeconds: 1 + initialDelaySeconds: 1 + failureThreshold: 60 + livenessProbe: + httpGet: + path: /health + port: http + periodSeconds: 10 + initialDelaySeconds: 0 + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 10 + initialDelaySeconds: 0 + resources: + {} +--- +# Source: kyoo/charts/postgresql/templates/primary/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kyoo-postgresql + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.14 + app.kubernetes.io/component: primary +spec: + replicas: 1 + serviceName: kyoo-postgresql-hl + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + template: + metadata: + name: kyoo-postgresql + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.14 + app.kubernetes.io/component: primary + spec: + serviceAccountName: kyoo-postgresql + + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + hostNetwork: false + hostIPC: false + containers: + - name: postgresql + image: docker.io/bitnami/postgresql:16.3.0-debian-12-r19 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + # Authentication + - name: POSTGRES_USER + value: "kyoo_back" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: bigsecret + key: postgres_password + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: bigsecret + key: postgres_password + - name: POSTGRES_DATABASE + value: "kyoo_back" + # Replication + # Initdb + # Standby + # LDAP + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: "no" + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "kyoo_back" -d "dbname=kyoo_back" -h 127.0.0.1 -p 5432 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "kyoo_back" -d "dbname=kyoo_back" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + resources: + limits: + cpu: 150m + ephemeral-storage: 1024Mi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/tmp + subPath: app-tmp-dir + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + volumes: + - name: empty-dir + emptyDir: {} + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" +--- +# Source: kyoo/charts/rabbitmq/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kyoo-rabbitmq + namespace: "default" + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 +spec: + serviceName: kyoo-rabbitmq-headless + podManagementPolicy: OrderedReady + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: rabbitmq + template: + metadata: + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rabbitmq + app.kubernetes.io/version: 3.13.3 + helm.sh/chart: rabbitmq-14.4.2 + annotations: + checksum/config: 2419573798a19b5532d4ebf7ab51e6b9a6b5ccd231ccd154995938830b8d4fee + spec: + + serviceAccountName: kyoo-rabbitmq + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: rabbitmq + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + automountServiceAccountToken: true + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + terminationGracePeriodSeconds: 120 + enableServiceLinks: true + initContainers: + - name: prepare-plugins-dir + image: docker.io/bitnami/rabbitmq:3.13.3-debian-12-r0 + imagePullPolicy: "IfNotPresent" + resources: + limits: + cpu: 375m + ephemeral-storage: 1024Mi + memory: 384Mi + requests: + cpu: 250m + ephemeral-storage: 50Mi + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + args: + - -ec + - | + #!/bin/bash + + . /opt/bitnami/scripts/liblog.sh + + info "Copying plugins dir to empty dir" + # In order to not break the possibility of installing custom plugins, we need + # to make the plugins directory writable, so we need to copy it to an empty dir volume + cp -r --preserve=mode /opt/bitnami/rabbitmq/plugins/ /emptydir/app-plugins-dir + volumeMounts: + - name: empty-dir + mountPath: /emptydir + containers: + - name: rabbitmq + image: docker.io/bitnami/rabbitmq:3.13.3-debian-12-r0 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -ec + - | + if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then + /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" + else + rabbitmqctl stop_app + fi + env: + - name: BITNAMI_DEBUG + value: "false" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RABBITMQ_FORCE_BOOT + value: "no" + - name: RABBITMQ_NODE_NAME + value: "rabbit@$(MY_POD_NAME).kyoo-rabbitmq-headless.$(MY_POD_NAMESPACE).svc.cluster.local" + - name: RABBITMQ_MNESIA_DIR + value: "/opt/bitnami/rabbitmq/.rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)" + - name: RABBITMQ_LDAP_ENABLE + value: "no" + - name: RABBITMQ_LOGS + value: "-" + - name: RABBITMQ_ULIMIT_NOFILES + value: "65535" + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: RABBITMQ_ERL_COOKIE + valueFrom: + secretKeyRef: + name: bigsecret + key: rabbitmq_cookie + - name: RABBITMQ_LOAD_DEFINITIONS + value: "no" + - name: RABBITMQ_DEFINITIONS_FILE + value: "/app/load_definition.json" + - name: RABBITMQ_SECURE_PASSWORD + value: "yes" + - name: RABBITMQ_USERNAME + value: "kyoo_all" + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: bigsecret + key: rabbitmq_password + - name: RABBITMQ_PLUGINS + value: "rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap" + envFrom: + ports: + - name: amqp + containerPort: 5672 + - name: dist + containerPort: 25672 + - name: stats + containerPort: 15672 + - name: epmd + containerPort: 4369 + - name: metrics + containerPort: 9419 + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 120 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 20 + exec: + command: + - sh + - -ec + - curl -f --user kyoo_all:$RABBITMQ_PASSWORD 127.0.0.1:15672/api/health/checks/virtual-hosts + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 20 + exec: + command: + - sh + - -ec + - curl -f --user kyoo_all:$RABBITMQ_PASSWORD 127.0.0.1:15672/api/health/checks/local-alarms + resources: + limits: + cpu: 375m + ephemeral-storage: 1024Mi + memory: 384Mi + requests: + cpu: 250m + ephemeral-storage: 50Mi + memory: 256Mi + volumeMounts: + - name: configuration + mountPath: /bitnami/rabbitmq/conf + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/rabbitmq/etc/rabbitmq + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/rabbitmq/var/lib/rabbitmq + subPath: app-tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/rabbitmq/.rabbitmq/ + subPath: app-erlang-cookie + - name: empty-dir + mountPath: /opt/bitnami/rabbitmq/var/log/rabbitmq + subPath: app-logs-dir + - name: empty-dir + mountPath: /opt/bitnami/rabbitmq/plugins + subPath: app-plugins-dir + - name: data + mountPath: /opt/bitnami/rabbitmq/.rabbitmq/mnesia + volumes: + - name: empty-dir + emptyDir: {} + - name: configuration + projected: + sources: + - secret: + name: kyoo-rabbitmq-config + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + labels: + app.kubernetes.io/instance: kyoo + app.kubernetes.io/name: rabbitmq + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "8Gi" +--- +# Source: kyoo/charts/meilisearch/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: kyoo-meilisearch-test-connection + labels: + app.kubernetes.io/name: meilisearch + helm.sh/chart: meilisearch-0.8.0 + app.kubernetes.io/instance: kyoo + app.kubernetes.io/managed-by: Helm + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['kyoo-meilisearch:7700'] + restartPolicy: Never diff --git a/chart/templates/scanner/deployment.yaml b/chart/templates/scanner/deployment.yaml index 9f4bef3d..6f7a5b19 100644 --- a/chart/templates/scanner/deployment.yaml +++ b/chart/templates/scanner/deployment.yaml @@ -58,11 +58,6 @@ spec: value: http://{{ include "kyoo.back.fullname" . }}:5000 - name: LIBRARY_LANGUAGES value: {{ .Values.kyoo.languages }} - - name: THEMOVIEDB_APIKEY - valueFrom: - secretKeyRef: - key: {{ .Values.contentdatabase.provider.tmdb.apikeyKey }} - name: {{ .Values.contentdatabase.provider.tmdb.existingSecret }} - name: RABBITMQ_HOST value: {{ .Values.global.rabbitmq.host }} - name: RABBITMQ_PORT diff --git a/chart/test.yaml b/chart/test.yaml new file mode 100644 index 00000000..1604cf4c --- /dev/null +++ b/chart/test.yaml @@ -0,0 +1,61 @@ +kyoo: + address: https://kyoo.acelink.io +meilisearch: + enabled: true +postgresql: + enabled: true +rabbitmq: + enabled: true +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: bigsecret + type: Opaque + stringData: + #KYOO + # The following value should be set to a random sequence of characters. + # You MUST change it when installing kyoo (for security) + # You can input multiple api keys separated by a , + kyoo_apikeys: yHXWGsjfjE6sy6UxavqmTUYxgCFYek + # Keep those empty to use kyoo's default api key. You can also specify a custom API key if you want. + # go to https://www.themoviedb.org/settings/api and copy the api key (not the read access token, the api key) + tmdb_apikey: "" + #RESOURCES + # meilisearch does not allow mapping their key in yet. + MEILI_MASTER_KEY: barkLike8SuperDucks + postgres_user: kyoo_back + postgres_password: watchSomething4me + rabbitmq_user: kyoo_all + rabbitmq_password: youAreAmazing2 + rabbitmq_cookie: mmmGoodCookie + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: back-storage + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: media + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: transcoder-storage + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" \ No newline at end of file From b13affb84be4d191f7f2a2966353295242b49f3e Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Sun, 14 Jul 2024 15:23:33 +0000 Subject: [PATCH 05/30] Remove test files --- chart/argotest.yaml | 129 -------------------------------------------- chart/test.yaml | 61 --------------------- 2 files changed, 190 deletions(-) delete mode 100644 chart/argotest.yaml delete mode 100644 chart/test.yaml diff --git a/chart/argotest.yaml b/chart/argotest.yaml deleted file mode 100644 index 4a5f3a33..00000000 --- a/chart/argotest.yaml +++ /dev/null @@ -1,129 +0,0 @@ ---- -kind: Namespace -apiVersion: v1 -metadata: - name: kyoo ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kyoo - namespace: argocd -spec: - destination: - namespace: kyoo - server: https://kubernetes.default.svc - project: homelab - source: - path: chart/ - repoURL: https://github.com/acelinkio/Kyoo.git - targetRevision: feature/helmchart - helm: - valuesObject: - kyoo: - address: https://kyoo.acelink.io - meilisearch: - enabled: true - postgresql: - enabled: true - rabbitmq: - enabled: true - extraObjects: - - apiVersion: v1 - kind: Secret - metadata: - name: bigsecret - type: Opaque - stringData: - kyoo_apikeys: yHXWGsjfjE6sy6UxavqmTUYxgCFYek - tmdb_apikey: "" - MEILI_MASTER_KEY: barkLike8SuperDucks - postgres_user: kyoo_back - postgres_password: watchSomething4me - rabbitmq_user: kyoo_all - rabbitmq_password: youAreAmazing2 - rabbitmq_cookie: mmmGoodCookie - - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: back-storage - spec: - accessModes: - - "ReadWriteMany" - resources: - requests: - storage: "3Gi" - - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: media - spec: - accessModes: - - "ReadWriteMany" - resources: - requests: - storage: "3Gi" - - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: transcoder-storage - spec: - accessModes: - - "ReadWriteMany" - resources: - requests: - storage: "3Gi" ---- -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: kyoo - namespace: kyoo - annotations: - external-dns.custom/type: private -spec: - endpoints: - - dnsName: kyoo.acelink.io - recordType: CNAME - targets: - - intgw.acelink.io - providerSpecific: - - name: external-dns.alpha.kubernetes.io/cloudflare-proxied - value: "false" ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: kyoo - namespace: kyoo -spec: - parentRefs: - - name: internal - namespace: gateway - sectionName: https - - name: external - namespace: gateway - sectionName: https - hostnames: - - "kyoo.acelink.io" - rules: - - matches: - - path: - type: PathPrefix - value: /api - backendRefs: - - name: kyoo-back - port: 5000 - filters: - - type: URLRewrite - urlRewrite: - path: - type: ReplacePrefixMatch - replacePrefixMatch: / - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: kyoo-front - port: 8901 \ No newline at end of file diff --git a/chart/test.yaml b/chart/test.yaml deleted file mode 100644 index 1604cf4c..00000000 --- a/chart/test.yaml +++ /dev/null @@ -1,61 +0,0 @@ -kyoo: - address: https://kyoo.acelink.io -meilisearch: - enabled: true -postgresql: - enabled: true -rabbitmq: - enabled: true -extraObjects: - - apiVersion: v1 - kind: Secret - metadata: - name: bigsecret - type: Opaque - stringData: - #KYOO - # The following value should be set to a random sequence of characters. - # You MUST change it when installing kyoo (for security) - # You can input multiple api keys separated by a , - kyoo_apikeys: yHXWGsjfjE6sy6UxavqmTUYxgCFYek - # Keep those empty to use kyoo's default api key. You can also specify a custom API key if you want. - # go to https://www.themoviedb.org/settings/api and copy the api key (not the read access token, the api key) - tmdb_apikey: "" - #RESOURCES - # meilisearch does not allow mapping their key in yet. - MEILI_MASTER_KEY: barkLike8SuperDucks - postgres_user: kyoo_back - postgres_password: watchSomething4me - rabbitmq_user: kyoo_all - rabbitmq_password: youAreAmazing2 - rabbitmq_cookie: mmmGoodCookie - - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: back-storage - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "3Gi" - - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: media - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "3Gi" - - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: transcoder-storage - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "3Gi" \ No newline at end of file From d98319996969c8ab872aa9a3dae5d1913a052ce0 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Sun, 14 Jul 2024 15:25:28 +0000 Subject: [PATCH 06/30] remove unneeded services/ports --- chart/templates/autosync/deployment.yaml | 4 ---- chart/templates/autosync/service.yaml | 24 ------------------------ chart/templates/matcher/deployment.yaml | 4 ---- chart/templates/matcher/service.yaml | 24 ------------------------ chart/templates/scanner/deployment.yaml | 4 ---- chart/templates/scanner/service.yaml | 24 ------------------------ chart/values.yaml | 12 ------------ 7 files changed, 96 deletions(-) delete mode 100644 chart/templates/autosync/service.yaml delete mode 100644 chart/templates/matcher/service.yaml delete mode 100644 chart/templates/scanner/service.yaml diff --git a/chart/templates/autosync/deployment.yaml b/chart/templates/autosync/deployment.yaml index 0921d249..1a793d24 100644 --- a/chart/templates/autosync/deployment.yaml +++ b/chart/templates/autosync/deployment.yaml @@ -64,10 +64,6 @@ spec: {{- with (concat .Values.global.extraEnv .Values.autosync.kyoo_autosync.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} - ports: - - name: main - containerPort: 80 - protocol: TCP {{- with .Values.autosync.kyoo_autosync.livenessProbe }} livenessProbe: {{- toYaml .Values.autosync.kyoo_autosync.livenessProbe | nindent 12 }} diff --git a/chart/templates/autosync/service.yaml b/chart/templates/autosync/service.yaml deleted file mode 100644 index 7754b6af..00000000 --- a/chart/templates/autosync/service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.autosync.service.annotations }} - annotations: - {{- range $key, $value := .Values.autosync.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ include "kyoo.autosync.fullname" . }} - labels: - {{- include "kyoo.labels" (dict "context" . "component" .Values.autosync.name "name" .Values.autosync.name) | nindent 4 }} - {{- with .Values.autosync.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.autosync.service.type }} - ports: - - port: 80 - targetPort: http - protocol: TCP - name: main - selector: - {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.autosync.name) | nindent 4 }} diff --git a/chart/templates/matcher/deployment.yaml b/chart/templates/matcher/deployment.yaml index 3b025f88..5fa4bf62 100644 --- a/chart/templates/matcher/deployment.yaml +++ b/chart/templates/matcher/deployment.yaml @@ -78,10 +78,6 @@ spec: {{- with (concat .Values.global.extraEnv .Values.matcher.kyoo_matcher.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} - ports: - - name: main - containerPort: 80 - protocol: TCP {{- with .Values.matcher.kyoo_matcher.livenessProbe }} livenessProbe: {{- toYaml .Values.matcher.kyoo_matcher.livenessProbe | nindent 12 }} diff --git a/chart/templates/matcher/service.yaml b/chart/templates/matcher/service.yaml deleted file mode 100644 index f0023d69..00000000 --- a/chart/templates/matcher/service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.matcher.service.annotations }} - annotations: - {{- range $key, $value := .Values.matcher.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ include "kyoo.matcher.fullname" . }} - labels: - {{- include "kyoo.labels" (dict "context" . "component" .Values.matcher.name "name" .Values.matcher.name) | nindent 4 }} - {{- with .Values.matcher.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.matcher.service.type }} - ports: - - port: 80 - targetPort: http - protocol: TCP - name: main - selector: - {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.matcher.name) | nindent 4 }} diff --git a/chart/templates/scanner/deployment.yaml b/chart/templates/scanner/deployment.yaml index 6f7a5b19..e30bed80 100644 --- a/chart/templates/scanner/deployment.yaml +++ b/chart/templates/scanner/deployment.yaml @@ -75,10 +75,6 @@ spec: {{- with (concat .Values.global.extraEnv .Values.scanner.kyoo_scanner.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} - ports: - - name: main - containerPort: 80 - protocol: TCP {{- with .Values.scanner.kyoo_scanner.livenessProbe }} livenessProbe: {{- toYaml .Values.scanner.kyoo_scanner.livenessProbe | nindent 12 }} diff --git a/chart/templates/scanner/service.yaml b/chart/templates/scanner/service.yaml deleted file mode 100644 index b67a299b..00000000 --- a/chart/templates/scanner/service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.scanner.service.annotations }} - annotations: - {{- range $key, $value := .Values.scanner.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ include "kyoo.scanner.fullname" . }} - labels: - {{- include "kyoo.labels" (dict "context" . "component" .Values.scanner.name "name" .Values.scanner.name) | nindent 4 }} - {{- with .Values.scanner.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.scanner.service.type }} - ports: - - port: 80 - targetPort: http - protocol: TCP - name: main - selector: - {{- include "kyoo.selectorLabels" (dict "context" . "name" .Values.scanner.name) | nindent 4 }} diff --git a/chart/values.yaml b/chart/values.yaml index 7761778f..4b96cf6b 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -110,10 +110,6 @@ autosync: deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] - service: - annotations: {} - labels: {} - type: ClusterIP serviceAccount: create: true automount: true @@ -225,10 +221,6 @@ matcher: deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] - service: - annotations: {} - labels: {} - type: ClusterIP serviceAccount: create: true automount: true @@ -257,10 +249,6 @@ scanner: deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] - service: - annotations: {} - labels: {} - type: ClusterIP serviceAccount: create: true automount: true From 365749307313a846a01a145ddd3b5c2a420afab2 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Sun, 14 Jul 2024 15:28:31 +0000 Subject: [PATCH 07/30] remove backend media mount --- chart/templates/back/deployment.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml index 1e446444..a2dac8e4 100644 --- a/chart/templates/back/deployment.yaml +++ b/chart/templates/back/deployment.yaml @@ -147,9 +147,6 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - {{- with .Values.media.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} {{- with .Values.back.kyoo_back.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} From 79d586dfcaa5b581fd0f95b5c64539aad574b8bd Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Mon, 15 Jul 2024 01:05:02 +0000 Subject: [PATCH 08/30] remove test resource --- chart/manualtest.yaml | 1694 ----------------------------------------- 1 file changed, 1694 deletions(-) delete mode 100644 chart/manualtest.yaml diff --git a/chart/manualtest.yaml b/chart/manualtest.yaml deleted file mode 100644 index 19ad5b01..00000000 --- a/chart/manualtest.yaml +++ /dev/null @@ -1,1694 +0,0 @@ ---- -# Source: kyoo/charts/postgresql/templates/primary/networkpolicy.yaml -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: kyoo-postgresql - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 16.3.0 - helm.sh/chart: postgresql-15.5.14 - app.kubernetes.io/component: primary -spec: - podSelector: - matchLabels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: postgresql - app.kubernetes.io/component: primary - policyTypes: - - Ingress - - Egress - egress: - - {} - ingress: - - ports: - - port: 5432 ---- -# Source: kyoo/charts/rabbitmq/templates/networkpolicy.yaml -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: kyoo-rabbitmq - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -spec: - podSelector: - matchLabels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: rabbitmq - policyTypes: - - Ingress - - Egress - egress: - - {} - ingress: - # Allow inbound connections to RabbitMQ - - ports: - - port: 4369 - - port: 5672 - - port: 5671 - - port: 25672 - - port: 15672 ---- -# Source: kyoo/charts/postgresql/templates/primary/pdb.yaml -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: kyoo-postgresql - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 16.3.0 - helm.sh/chart: postgresql-15.5.14 - app.kubernetes.io/component: primary -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: postgresql - app.kubernetes.io/component: primary ---- -# Source: kyoo/charts/rabbitmq/templates/pdb.yaml -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: kyoo-rabbitmq - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: rabbitmq ---- -# Source: kyoo/charts/meilisearch/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kyoo-meilisearch - labels: - helm.sh/chart: meilisearch-0.8.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: kyoo - app.kubernetes.io/version: "v1.9.0" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm ---- -# Source: kyoo/charts/postgresql/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kyoo-postgresql - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 16.3.0 - helm.sh/chart: postgresql-15.5.14 -automountServiceAccountToken: false ---- -# Source: kyoo/charts/rabbitmq/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kyoo-rabbitmq - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -automountServiceAccountToken: false -secrets: - - name: bigsecret ---- -# Source: kyoo/templates/autosync/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: kyoo-autosync - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-autosync - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: autosync - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" ---- -# Source: kyoo/templates/back/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: kyoo-back - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-back - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: back - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" ---- -# Source: kyoo/templates/front/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: kyoo-front - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-front - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: front - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" ---- -# Source: kyoo/templates/matcher/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: kyoo-matcher - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-matcher - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: matcher - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" ---- -# Source: kyoo/templates/scanner/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: kyoo-scanner - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-scanner - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: scanner - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" ---- -# Source: kyoo/templates/transcoder/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: kyoo-transcoder - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-transcoder - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: transcoder - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" ---- -# Source: kyoo/charts/rabbitmq/templates/config-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: kyoo-rabbitmq-config - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -type: Opaque -data: - rabbitmq.conf: |- - IyMgVXNlcm5hbWUgYW5kIHBhc3N3b3JkCmRlZmF1bHRfdXNlciA9IGt5b29fYWxsCiMjIENsdXN0ZXJpbmcKIyMKY2x1c3Rlcl9uYW1lID0ga3lvby1yYWJiaXRtcQpjbHVzdGVyX2Zvcm1hdGlvbi5wZWVyX2Rpc2NvdmVyeV9iYWNrZW5kICA9IHJhYmJpdF9wZWVyX2Rpc2NvdmVyeV9rOHMKY2x1c3Rlcl9mb3JtYXRpb24uazhzLmhvc3QgPSBrdWJlcm5ldGVzLmRlZmF1bHQKY2x1c3Rlcl9mb3JtYXRpb24uazhzLmFkZHJlc3NfdHlwZSA9IGhvc3RuYW1lCmNsdXN0ZXJfZm9ybWF0aW9uLms4cy5zZXJ2aWNlX25hbWUgPSBreW9vLXJhYmJpdG1xLWhlYWRsZXNzCmNsdXN0ZXJfZm9ybWF0aW9uLms4cy5ob3N0bmFtZV9zdWZmaXggPSAua3lvby1yYWJiaXRtcS1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsCmNsdXN0ZXJfZm9ybWF0aW9uLm5vZGVfY2xlYW51cC5pbnRlcnZhbCA9IDEwCmNsdXN0ZXJfZm9ybWF0aW9uLm5vZGVfY2xlYW51cC5vbmx5X2xvZ193YXJuaW5nID0gdHJ1ZQpjbHVzdGVyX3BhcnRpdGlvbl9oYW5kbGluZyA9IGF1dG9oZWFsCgojIHF1ZXVlIG1hc3RlciBsb2NhdG9yCnF1ZXVlX21hc3Rlcl9sb2NhdG9yID0gbWluLW1hc3RlcnMKIyBlbmFibGUgbG9vcGJhY2sgdXNlcgpsb29wYmFja191c2Vycy5reW9vX2FsbCA9IGZhbHNlCiNkZWZhdWx0X3Zob3N0ID0gZGVmYXVsdC12aG9zdAojZGlza19mcmVlX2xpbWl0LmFic29sdXRlID0gNTBNQgojIyBQcm9tZXRoZXVzIG1ldHJpY3MKIyMKcHJvbWV0aGV1cy50Y3AucG9ydCA9IDk0MTk= ---- -# Source: kyoo/templates/extra-manifests.yaml -apiVersion: v1 -kind: Secret -metadata: - name: bigsecret -stringData: - MEILI_MASTER_KEY: barkLike8SuperDucks - kyoo_apikeys: yHXWGsjfjE6sy6UxavqmTUYxgCFYek - postgres_password: watchSomething4me - postgres_user: kyoo_back - rabbitmq_cookie: mmmGoodCookie - rabbitmq_password: youAreAmazing2 - rabbitmq_user: kyoo_all - tmdb_apikey: "" -type: Opaque ---- -# Source: kyoo/charts/meilisearch/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: kyoo-meilisearch-environment - labels: - helm.sh/chart: meilisearch-0.8.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: kyoo - app.kubernetes.io/version: "v1.9.0" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -data: - MEILI_ENV: "production" - MEILI_NO_ANALYTICS: "true" ---- -# Source: kyoo/charts/meilisearch/templates/pvc.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: kyoo-meilisearch - labels: - helm.sh/chart: meilisearch-0.8.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: kyoo - app.kubernetes.io/version: "v1.9.0" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "3Gi" ---- -# Source: kyoo/templates/extra-manifests.yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: back-storage -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 3Gi ---- -# Source: kyoo/templates/extra-manifests.yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: media -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 3Gi ---- -# Source: kyoo/templates/extra-manifests.yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: transcoder-storage -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 3Gi ---- -# Source: kyoo/charts/rabbitmq/templates/role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kyoo-rabbitmq-endpoint-reader - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] ---- -# Source: kyoo/charts/rabbitmq/templates/rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kyoo-rabbitmq-endpoint-reader - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -subjects: - - kind: ServiceAccount - name: kyoo-rabbitmq -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kyoo-rabbitmq-endpoint-reader ---- -# Source: kyoo/charts/meilisearch/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-meilisearch - labels: - helm.sh/chart: meilisearch-0.8.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: kyoo - app.kubernetes.io/version: "v1.9.0" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - ports: - - port: 7700 - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: kyoo ---- -# Source: kyoo/charts/postgresql/templates/primary/svc-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-postgresql-hl - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 16.3.0 - helm.sh/chart: postgresql-15.5.14 - app.kubernetes.io/component: primary - annotations: -spec: - type: ClusterIP - clusterIP: None - # We want all pods in the StatefulSet to have their addresses published for - # the sake of the other Postgresql pods even before they're ready, since they - # have to be able to talk to each other in order to become ready. - publishNotReadyAddresses: true - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: postgresql - app.kubernetes.io/component: primary ---- -# Source: kyoo/charts/postgresql/templates/primary/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-postgresql - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 16.3.0 - helm.sh/chart: postgresql-15.5.14 - app.kubernetes.io/component: primary -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - nodePort: null - selector: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: postgresql - app.kubernetes.io/component: primary ---- -# Source: kyoo/charts/rabbitmq/templates/svc-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-rabbitmq-headless - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -spec: - clusterIP: None - ports: - - name: epmd - port: 4369 - targetPort: epmd - - name: amqp - port: 5672 - targetPort: amqp - - name: dist - port: 25672 - targetPort: dist - - name: http-stats - port: 15672 - targetPort: stats - selector: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: rabbitmq - publishNotReadyAddresses: true ---- -# Source: kyoo/charts/rabbitmq/templates/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-rabbitmq - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: amqp - port: 5672 - targetPort: amqp - nodePort: null - - name: epmd - port: 4369 - targetPort: epmd - nodePort: null - - name: dist - port: 25672 - targetPort: dist - nodePort: null - - name: http-stats - port: 15672 - targetPort: stats - nodePort: null - selector: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: rabbitmq ---- -# Source: kyoo/templates/autosync/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-autosync - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-autosync - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: autosync - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: main - selector: - app.kubernetes.io/name: kyoo-autosync - app.kubernetes.io/instance: kyoo ---- -# Source: kyoo/templates/back/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-back - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-back - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: back - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - type: ClusterIP - ports: - - port: 5000 - targetPort: 5000 - protocol: TCP - name: main - selector: - app.kubernetes.io/name: kyoo-back - app.kubernetes.io/instance: kyoo ---- -# Source: kyoo/templates/front/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-front - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-front - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: front - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - type: ClusterIP - ports: - - port: 8901 - targetPort: 8901 - protocol: TCP - name: main - selector: - app.kubernetes.io/name: kyoo-front - app.kubernetes.io/instance: kyoo ---- -# Source: kyoo/templates/matcher/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-matcher - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-matcher - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: matcher - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: main - selector: - app.kubernetes.io/name: kyoo-matcher - app.kubernetes.io/instance: kyoo ---- -# Source: kyoo/templates/scanner/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-scanner - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-scanner - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: scanner - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: main - selector: - app.kubernetes.io/name: kyoo-scanner - app.kubernetes.io/instance: kyoo ---- -# Source: kyoo/templates/transcoder/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: kyoo-transcoder - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-transcoder - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: transcoder - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - type: ClusterIP - ports: - - port: 7666 - targetPort: 7666 - protocol: TCP - name: main - selector: - app.kubernetes.io/name: kyoo-transcoder - app.kubernetes.io/instance: kyoo ---- -# Source: kyoo/templates/autosync/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kyoo-autosync - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-autosync - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: autosync - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: kyoo-autosync - app.kubernetes.io/instance: kyoo - template: - metadata: - annotations: - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-autosync - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: autosync - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" - spec: - serviceAccountName: kyoo-autosync - containers: - - name: main - image: ghcr.io/zoriya/kyoo_autosync:4.6.0 - imagePullPolicy: IfNotPresent - args: - env: - - name: RABBITMQ_HOST - value: kyoo-rabbitmq - - name: RABBITMQ_PORT - value: "5672" - - name: RABBITMQ_DEFAULT_USER - valueFrom: - secretKeyRef: - key: rabbitmq_user - name: bigsecret - - name: RABBITMQ_DEFAULT_PASS - valueFrom: - secretKeyRef: - key: rabbitmq_password - name: bigsecret - ports: - - name: main - containerPort: 80 - protocol: TCP ---- -# Source: kyoo/templates/back/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kyoo-back - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-back - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: back - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: kyoo-back - app.kubernetes.io/instance: kyoo - template: - metadata: - annotations: - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-back - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: back - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" - spec: - serviceAccountName: kyoo-back - initContainers: - - name: migrations - image: ghcr.io/zoriya/kyoo_migrations:4.6.0 - imagePullPolicy: IfNotPresent - args: - env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - key: postgres_user - name: bigsecret - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres_password - name: bigsecret - - name: POSTGRES_DB - value: kyoo_back - - name: POSTGRES_SERVER - value: kyoo-postgresql - - name: POSTGRES_PORT - value: "5432" - containers: - - name: main - image: ghcr.io/zoriya/kyoo_back:4.6.0 - imagePullPolicy: IfNotPresent - args: - env: - - name: TRANSCODER_URL - value: http://kyoo-transcoder:7666 - - name: PUBLIC_URL - value: https://kyoo.acelink.io - - name: UNLOGGED_PERMISSIONS - value: overall.read,overall.play - - name: KYOO_APIKEYS - valueFrom: - secretKeyRef: - key: kyoo_apikeys - name: bigsecret - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - key: postgres_user - name: bigsecret - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres_password - name: bigsecret - - name: POSTGRES_DB - value: kyoo_back - - name: POSTGRES_SERVER - value: kyoo-postgresql - - name: POSTGRES_PORT - value: "5432" - - name: RABBITMQ_DEFAULT_USER - valueFrom: - secretKeyRef: - key: rabbitmq_user - name: bigsecret - - name: RABBITMQ_DEFAULT_PASS - valueFrom: - secretKeyRef: - key: rabbitmq_password - name: bigsecret - - name: RABBITMQ_HOST - value: kyoo-rabbitmq - - name: RABBITMQ_PORT - value: "5672" - - name: MEILI_HOST - value: "http://kyoo-meilisearch:7700" - - name: MEILI_MASTER_KEY - valueFrom: - secretKeyRef: - key: MEILI_MASTER_KEY - name: bigsecret - ports: - - name: main - containerPort: 5000 - protocol: TCP - volumeMounts: - - mountPath: /data - name: media - subPath: media - - mountPath: /metadata - name: back-storage - volumes: - - name: media - persistentVolumeClaim: - claimName: media - - name: back-storage - persistentVolumeClaim: - claimName: back-storage ---- -# Source: kyoo/templates/front/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kyoo-front - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-front - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: front - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: kyoo-front - app.kubernetes.io/instance: kyoo - template: - metadata: - annotations: - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-front - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: front - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" - spec: - serviceAccountName: kyoo-front - containers: - - name: main - image: ghcr.io/zoriya/kyoo_front:4.6.0 - imagePullPolicy: IfNotPresent - args: - env: - - name: KYOO_URL - value: http://kyoo-back:5000 - ports: - - name: main - containerPort: 8901 - protocol: TCP ---- -# Source: kyoo/templates/matcher/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kyoo-matcher - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-matcher - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: matcher - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: kyoo-matcher - app.kubernetes.io/instance: kyoo - template: - metadata: - annotations: - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-matcher - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: matcher - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" - spec: - serviceAccountName: kyoo-matcher - containers: - - name: main - image: ghcr.io/zoriya/kyoo_scanner:4.6.0 - imagePullPolicy: IfNotPresent - args: - - matcher - env: - - name: KYOO_APIKEYS - valueFrom: - secretKeyRef: - key: kyoo_apikeys - name: bigsecret - - name: KYOO_URL - value: http://kyoo-back:5000 - - name: LIBRARY_LANGUAGES - value: en - - name: THEMOVIEDB_APIKEY - valueFrom: - secretKeyRef: - key: tmdb_apikey - name: bigsecret - - name: RABBITMQ_HOST - value: kyoo-rabbitmq - - name: RABBITMQ_PORT - value: "5672" - - name: RABBITMQ_DEFAULT_USER - valueFrom: - secretKeyRef: - key: rabbitmq_user - name: bigsecret - - name: RABBITMQ_DEFAULT_PASS - valueFrom: - secretKeyRef: - key: rabbitmq_password - name: bigsecret - ports: - - name: main - containerPort: 80 - protocol: TCP ---- -# Source: kyoo/templates/scanner/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kyoo-scanner - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-scanner - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: scanner - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: kyoo-scanner - app.kubernetes.io/instance: kyoo - template: - metadata: - annotations: - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-scanner - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: scanner - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" - spec: - serviceAccountName: kyoo-scanner - containers: - - name: main - image: ghcr.io/zoriya/kyoo_scanner:4.6.0 - imagePullPolicy: IfNotPresent - args: - env: - - name: SCANNER_LIBRARY_ROOT - value: /data - - name: KYOO_APIKEYS - valueFrom: - secretKeyRef: - key: kyoo_apikeys - name: bigsecret - - name: KYOO_URL - value: http://kyoo-back:5000 - - name: LIBRARY_LANGUAGES - value: en - - name: THEMOVIEDB_APIKEY - valueFrom: - secretKeyRef: - key: tmdb_apikey - name: bigsecret - - name: RABBITMQ_HOST - value: kyoo-rabbitmq - - name: RABBITMQ_PORT - value: "5672" - - name: RABBITMQ_DEFAULT_USER - valueFrom: - secretKeyRef: - key: rabbitmq_user - name: bigsecret - - name: RABBITMQ_DEFAULT_PASS - valueFrom: - secretKeyRef: - key: rabbitmq_password - name: bigsecret - ports: - - name: main - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /data - name: media - subPath: media - volumes: - - name: media - persistentVolumeClaim: - claimName: media ---- -# Source: kyoo/templates/transcoder/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kyoo-transcoder - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-transcoder - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: transcoder - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: kyoo-transcoder - app.kubernetes.io/instance: kyoo - template: - metadata: - annotations: - labels: - helm.sh/chart: kyoo-0.1.0 - app.kubernetes.io/name: kyoo-transcoder - app.kubernetes.io/instance: kyoo - app.kubernetes.io/component: transcoder - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "4.6.0" - spec: - serviceAccountName: kyoo-transcoder - containers: - - name: main - image: ghcr.io/zoriya/kyoo_transcoder:4.6.0 - imagePullPolicy: IfNotPresent - args: - env: - - name: GOCODER_HWACCEL - value: disabled - - name: GOCODER_PRESET - value: fast - - name: GOCODER_CACHE_ROOT - value: /cache - - name: GOCODER_METADATA_ROOT - value: /metadata - - name: GOCODER_PREFIX - value: /video - - name: GOCODER_SAFE_PATH - value: /data - ports: - - name: main - containerPort: 7666 - protocol: TCP - volumeMounts: - - mountPath: /data - name: media - subPath: media - - mountPath: /metadata - name: transcoder-storage - - mountPath: /cache - name: cache - volumes: - - name: media - persistentVolumeClaim: - claimName: media - - name: transcoder-storage - persistentVolumeClaim: - claimName: transcoder-storage - - emptyDir: {} - name: cache ---- -# Source: kyoo/charts/meilisearch/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kyoo-meilisearch - labels: - helm.sh/chart: meilisearch-0.8.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: kyoo - app.kubernetes.io/version: "v1.9.0" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - serviceName: kyoo-meilisearch - selector: - matchLabels: - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: kyoo - template: - metadata: - labels: - helm.sh/chart: meilisearch-0.8.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: kyoo - app.kubernetes.io/version: "v1.9.0" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm - annotations: - checksum/config: a223d94e2a4d666aa80b9fbd42d2edf4151fd626716414b411f985771893b74d - spec: - serviceAccountName: kyoo-meilisearch - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - volumes: - - name: tmp - emptyDir: {} - - name: data - persistentVolumeClaim: - claimName: kyoo-meilisearch - - - - containers: - - name: meilisearch - image: "getmeili/meilisearch:v1.9.0" - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - name: tmp - mountPath: /tmp - - name: data - mountPath: /meili_data - envFrom: - - configMapRef: - name: kyoo-meilisearch-environment - - secretRef: - name: bigsecret - ports: - - name: http - containerPort: 7700 - protocol: TCP - startupProbe: - httpGet: - path: /health - port: http - periodSeconds: 1 - initialDelaySeconds: 1 - failureThreshold: 60 - livenessProbe: - httpGet: - path: /health - port: http - periodSeconds: 10 - initialDelaySeconds: 0 - readinessProbe: - httpGet: - path: /health - port: http - periodSeconds: 10 - initialDelaySeconds: 0 - resources: - {} ---- -# Source: kyoo/charts/postgresql/templates/primary/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kyoo-postgresql - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 16.3.0 - helm.sh/chart: postgresql-15.5.14 - app.kubernetes.io/component: primary -spec: - replicas: 1 - serviceName: kyoo-postgresql-hl - updateStrategy: - rollingUpdate: {} - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: postgresql - app.kubernetes.io/component: primary - template: - metadata: - name: kyoo-postgresql - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 16.3.0 - helm.sh/chart: postgresql-15.5.14 - app.kubernetes.io/component: primary - spec: - serviceAccountName: kyoo-postgresql - - automountServiceAccountToken: false - affinity: - podAffinity: - - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: postgresql - app.kubernetes.io/component: primary - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - securityContext: - fsGroup: 1001 - fsGroupChangePolicy: Always - supplementalGroups: [] - sysctls: [] - hostNetwork: false - hostIPC: false - containers: - - name: postgresql - image: docker.io/bitnami/postgresql:16.3.0-debian-12-r19 - imagePullPolicy: "IfNotPresent" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - seLinuxOptions: {} - seccompProfile: - type: RuntimeDefault - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: "/bitnami/postgresql" - - name: PGDATA - value: "/bitnami/postgresql/data" - # Authentication - - name: POSTGRES_USER - value: "kyoo_back" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: bigsecret - key: postgres_password - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: bigsecret - key: postgres_password - - name: POSTGRES_DATABASE - value: "kyoo_back" - # Replication - # Initdb - # Standby - # LDAP - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - # TLS - - name: POSTGRESQL_ENABLE_TLS - value: "no" - # Audit - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - # Others - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: "error" - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: "pgaudit" - ports: - - name: tcp-postgresql - containerPort: 5432 - livenessProbe: - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "kyoo_back" -d "dbname=kyoo_back" -h 127.0.0.1 -p 5432 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "kyoo_back" -d "dbname=kyoo_back" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - resources: - limits: - cpu: 150m - ephemeral-storage: 1024Mi - memory: 192Mi - requests: - cpu: 100m - ephemeral-storage: 50Mi - memory: 128Mi - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/postgresql/conf - subPath: app-conf-dir - - name: empty-dir - mountPath: /opt/bitnami/postgresql/tmp - subPath: app-tmp-dir - - name: dshm - mountPath: /dev/shm - - name: data - mountPath: /bitnami/postgresql - volumes: - - name: empty-dir - emptyDir: {} - - name: dshm - emptyDir: - medium: Memory - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "3Gi" ---- -# Source: kyoo/charts/rabbitmq/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kyoo-rabbitmq - namespace: "default" - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 -spec: - serviceName: kyoo-rabbitmq-headless - podManagementPolicy: OrderedReady - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: rabbitmq - template: - metadata: - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rabbitmq - app.kubernetes.io/version: 3.13.3 - helm.sh/chart: rabbitmq-14.4.2 - annotations: - checksum/config: 2419573798a19b5532d4ebf7ab51e6b9a6b5ccd231ccd154995938830b8d4fee - spec: - - serviceAccountName: kyoo-rabbitmq - affinity: - podAffinity: - - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: rabbitmq - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - automountServiceAccountToken: true - securityContext: - fsGroup: 1001 - fsGroupChangePolicy: Always - supplementalGroups: [] - sysctls: [] - terminationGracePeriodSeconds: 120 - enableServiceLinks: true - initContainers: - - name: prepare-plugins-dir - image: docker.io/bitnami/rabbitmq:3.13.3-debian-12-r0 - imagePullPolicy: "IfNotPresent" - resources: - limits: - cpu: 375m - ephemeral-storage: 1024Mi - memory: 384Mi - requests: - cpu: 250m - ephemeral-storage: 50Mi - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - command: - - /bin/bash - args: - - -ec - - | - #!/bin/bash - - . /opt/bitnami/scripts/liblog.sh - - info "Copying plugins dir to empty dir" - # In order to not break the possibility of installing custom plugins, we need - # to make the plugins directory writable, so we need to copy it to an empty dir volume - cp -r --preserve=mode /opt/bitnami/rabbitmq/plugins/ /emptydir/app-plugins-dir - volumeMounts: - - name: empty-dir - mountPath: /emptydir - containers: - - name: rabbitmq - image: docker.io/bitnami/rabbitmq:3.13.3-debian-12-r0 - imagePullPolicy: "IfNotPresent" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -ec - - | - if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then - /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" - else - rabbitmqctl stop_app - fi - env: - - name: BITNAMI_DEBUG - value: "false" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: RABBITMQ_FORCE_BOOT - value: "no" - - name: RABBITMQ_NODE_NAME - value: "rabbit@$(MY_POD_NAME).kyoo-rabbitmq-headless.$(MY_POD_NAMESPACE).svc.cluster.local" - - name: RABBITMQ_MNESIA_DIR - value: "/opt/bitnami/rabbitmq/.rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)" - - name: RABBITMQ_LDAP_ENABLE - value: "no" - - name: RABBITMQ_LOGS - value: "-" - - name: RABBITMQ_ULIMIT_NOFILES - value: "65535" - - name: RABBITMQ_USE_LONGNAME - value: "true" - - name: RABBITMQ_ERL_COOKIE - valueFrom: - secretKeyRef: - name: bigsecret - key: rabbitmq_cookie - - name: RABBITMQ_LOAD_DEFINITIONS - value: "no" - - name: RABBITMQ_DEFINITIONS_FILE - value: "/app/load_definition.json" - - name: RABBITMQ_SECURE_PASSWORD - value: "yes" - - name: RABBITMQ_USERNAME - value: "kyoo_all" - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: bigsecret - key: rabbitmq_password - - name: RABBITMQ_PLUGINS - value: "rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap" - envFrom: - ports: - - name: amqp - containerPort: 5672 - - name: dist - containerPort: 25672 - - name: stats - containerPort: 15672 - - name: epmd - containerPort: 4369 - - name: metrics - containerPort: 9419 - livenessProbe: - failureThreshold: 6 - initialDelaySeconds: 120 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 20 - exec: - command: - - sh - - -ec - - curl -f --user kyoo_all:$RABBITMQ_PASSWORD 127.0.0.1:15672/api/health/checks/virtual-hosts - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 20 - exec: - command: - - sh - - -ec - - curl -f --user kyoo_all:$RABBITMQ_PASSWORD 127.0.0.1:15672/api/health/checks/local-alarms - resources: - limits: - cpu: 375m - ephemeral-storage: 1024Mi - memory: 384Mi - requests: - cpu: 250m - ephemeral-storage: 50Mi - memory: 256Mi - volumeMounts: - - name: configuration - mountPath: /bitnami/rabbitmq/conf - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/rabbitmq/etc/rabbitmq - subPath: app-conf-dir - - name: empty-dir - mountPath: /opt/bitnami/rabbitmq/var/lib/rabbitmq - subPath: app-tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/rabbitmq/.rabbitmq/ - subPath: app-erlang-cookie - - name: empty-dir - mountPath: /opt/bitnami/rabbitmq/var/log/rabbitmq - subPath: app-logs-dir - - name: empty-dir - mountPath: /opt/bitnami/rabbitmq/plugins - subPath: app-plugins-dir - - name: data - mountPath: /opt/bitnami/rabbitmq/.rabbitmq/mnesia - volumes: - - name: empty-dir - emptyDir: {} - - name: configuration - projected: - sources: - - secret: - name: kyoo-rabbitmq-config - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: data - labels: - app.kubernetes.io/instance: kyoo - app.kubernetes.io/name: rabbitmq - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" ---- -# Source: kyoo/charts/meilisearch/templates/tests/test-connection.yaml -apiVersion: v1 -kind: Pod -metadata: - name: kyoo-meilisearch-test-connection - labels: - app.kubernetes.io/name: meilisearch - helm.sh/chart: meilisearch-0.8.0 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['kyoo-meilisearch:7700'] - restartPolicy: Never From 9657648e0dfdc01f4acbaf4eb90c7a99046c9665 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Wed, 14 Aug 2024 05:30:38 +0000 Subject: [PATCH 09/30] prepare multi-tenant postgres --- chart/README.md | 2 +- chart/templates/back/deployment.yaml | 28 +++++++------- chart/values.yaml | 56 ++++++++++++++++++++-------- 3 files changed, 55 insertions(+), 31 deletions(-) diff --git a/chart/README.md b/chart/README.md index 60f4ac23..a354ed59 100644 --- a/chart/README.md +++ b/chart/README.md @@ -47,7 +47,7 @@ extraObjects: #RESOURCES # meilisearch does not allow mapping their key in yet. MEILI_MASTER_KEY: barkLike8SuperDucks - postgres_user: kyoo_back + postgres_user: kyoo_all postgres_password: watchSomething4me rabbitmq_user: kyoo_all rabbitmq_password: youAreAmazing2 diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml index a2dac8e4..693ed4f5 100644 --- a/chart/templates/back/deployment.yaml +++ b/chart/templates/back/deployment.yaml @@ -50,19 +50,19 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: - key: {{ .Values.global.postgres.kyoo_migrations.userKey }} - name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }} + key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.userKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: {{ .Values.global.postgres.kyoo_migrations.passwordKey }} - name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }} + key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.passwordKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }} - name: POSTGRES_DB - value: {{ .Values.global.postgres.database }} + value: {{ .Values.global.postgres.kyoo_back.database }} - name: POSTGRES_SERVER - value: {{ .Values.global.postgres.host }} + value: {{ .Values.global.postgres.kyoo_back.host }} - name: POSTGRES_PORT - value: "{{ .Values.global.postgres.port }}" + value: "{{ .Values.global.postgres.kyoo_back.port }}" {{- with .Values.back.extraInitContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -89,19 +89,19 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: - key: {{ .Values.global.postgres.kyoo_back.userKey }} - name: {{ .Values.global.postgres.kyoo_back.existingSecret }} + key: {{ .Values.global.postgres.kyoo_back.kyoo_back.userKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: {{ .Values.global.postgres.kyoo_back.passwordKey }} - name: {{ .Values.global.postgres.kyoo_back.existingSecret }} + key: {{ .Values.global.postgres.kyoo_back.kyoo_back.passwordKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }} - name: POSTGRES_DB - value: {{ .Values.global.postgres.database }} + value: {{ .Values.global.postgres.kyoo_back.database }} - name: POSTGRES_SERVER - value: {{ .Values.global.postgres.host }} + value: {{ .Values.global.postgres.kyoo_back.host }} - name: POSTGRES_PORT - value: "{{ .Values.global.postgres.port }}" + value: "{{ .Values.global.postgres.kyoo_back.port }}" - name: RABBITMQ_DEFAULT_USER valueFrom: secretKeyRef: diff --git a/chart/values.yaml b/chart/values.yaml index 4b96cf6b..d0be57d3 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -22,23 +22,31 @@ global: masterkeyKey: MEILI_MASTER_KEY existingSecret: bigsecret postgres: - host: kyoo-postgresql - port: 5432 - database: kyoo_back #infra is only used by subchart deployment infra: - # admin user is postgres - # default user is the database name - passwordKey: postgres_password - existingSecret: bigsecret - kyoo_migrations: - userKey: postgres_user + user: kyoo_all passwordKey: postgres_password existingSecret: bigsecret kyoo_back: - userKey: postgres_user - passwordKey: postgres_password - existingSecret: bigsecret + host: kyoo-postgresql + port: 5432 + database: kyoo_back + kyoo_migrations: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_back: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_transcoder: + host: kyoo-postgresql + port: 5432 + database: kyoo_transcoder + kyoo_transcoder: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret rabbitmq: host: kyoo-rabbitmq port: 5672 @@ -319,15 +327,31 @@ meilisearch: postgresql: enabled: false auth: - # this does not read from a secret. not sure how to map - # just manually make the same - username: "kyoo_back" - database: "{{ .Values.global.postgres.database }}" + # create a user + username: "{{ .Values.global.postgres.infra.user }}" existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}" secretKeys: + # set the postgres user password to the same as our user adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" primary: + # create databases, schemas, and set search_path + initdb: + scripts: + # kyoo_back still requires public schema + # https://github.com/zoriya/Kyoo/issues/536 + kyoo_back.sql: | + CREATE DATABASE {{ .Values.global.postgres.kyoo_back.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; + \connect {{ .Values.global.postgres.kyoo_back.database }}; + CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; + kyoo_transcoder.sql: | + CREATE DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; + \connect {{ .Values.global.postgres.kyoo_transcoder.database }}; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; + user.sql: | + ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public; + ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data; persistence: size: 3Gi From e96a5921731741b1e1b7c34f2dbeb0ba5ab6b665 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Wed, 14 Aug 2024 05:41:28 +0000 Subject: [PATCH 10/30] add in env variables --- chart/templates/transcoder/deployment.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/chart/templates/transcoder/deployment.yaml b/chart/templates/transcoder/deployment.yaml index ab8a9b27..8004e7c7 100644 --- a/chart/templates/transcoder/deployment.yaml +++ b/chart/templates/transcoder/deployment.yaml @@ -59,6 +59,22 @@ spec: value: /video - name: GOCODER_SAFE_PATH value: /data + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.userKey }} + name: {{ .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.existingSecret }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.passwordKey }} + name: {{ .Values.global.postgres.kyoo_transcoder.kyoo_transcoder.existingSecret }} + - name: POSTGRES_DB + value: {{ .Values.global.postgres.kyoo_transcoder.database }} + - name: POSTGRES_SERVER + value: {{ .Values.global.postgres.kyoo_transcoder.host }} + - name: POSTGRES_PORT + value: "{{ .Values.global.postgres.kyoo_transcoder.port }}" {{- with (concat .Values.global.extraEnv .Values.transcoder.kyoo_transcoder.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} From dc4aa237fb673d743535eb054fc2d941274a9f4a Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Wed, 14 Aug 2024 06:11:41 +0000 Subject: [PATCH 11/30] try slightly different format --- bitnami.yaml | 44 ++++++++++++++++++++++++++++++++++++++++++++ chart/values.yaml | 6 ++++-- 2 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 bitnami.yaml diff --git a/bitnami.yaml b/bitnami.yaml new file mode 100644 index 00000000..e596f7cc --- /dev/null +++ b/bitnami.yaml @@ -0,0 +1,44 @@ +# postgresql: +# enabled: false +# auth: +# # this does not read from a secret. not sure how to map +# # just manually make the same +# username: "kyoo_back" +# database: "{{ .Values.global.postgres.database }}" +# existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}" +# secretKeys: +# adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" +# userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" +# primary: +# persistence: +# size: 3Gi + + +### TEST + # scripts: + # initdb.sql: | + # CREATE USER kyoo_back WITH PASSWORD 'password1'; + # CREATE DATABASE kyoo_back; + # GRANT ALL PRIVILEGES ON DATABASE kyoo_back TO kyoo_back; + + +# helm template bitnami/postgresql -f bitnami.yaml + +auth: + username: "kyoo_all" + password: "password1" +primary: + initdb: + scripts: + kyoo_back.sql: | + CREATE DATABASE kyoo_back WITH OWNER kyoo_all; + \connect kyoo_back; + CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION kyoo_all; + kyoo_transcoder.sql: | + CREATE DATABASE kyoo_transcoder WITH OWNER kyoo_all; + \connect kyoo_transcoder; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION kyoo_all; + user.sql: | + ALTER ROLE kyoo_all IN DATABASE kyoo_back SET search_path TO "$user", public; + ALTER ROLE kyoo_all IN DATABASE kyoo_transcoder SET search_path TO "$user", data; \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index d0be57d3..c90af0d3 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -350,8 +350,10 @@ postgresql: REVOKE ALL ON SCHEMA public FROM PUBLIC; CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; user.sql: | - ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public; - ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data; + ALTER ROLE {{ .Values.global.postgres.infra.user }} + IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public; + ALTER ROLE {{ .Values.global.postgres.infra.user }} + IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data; persistence: size: 3Gi From 3e864999b9e0428e0338a555671994f1ecdce816 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Wed, 14 Aug 2024 06:24:29 +0000 Subject: [PATCH 12/30] update username --- chart/values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index c90af0d3..7f695558 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -24,6 +24,8 @@ global: postgres: #infra is only used by subchart deployment infra: + # subchart does not accept this global value in one place + # if updating be sure to also update postgresql.auth.username user: kyoo_all passwordKey: postgres_password existingSecret: bigsecret @@ -327,8 +329,8 @@ meilisearch: postgresql: enabled: false auth: - # create a user - username: "{{ .Values.global.postgres.infra.user }}" + # username is unable to reference global value + username: kyoo_all existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}" secretKeys: # set the postgres user password to the same as our user From 5f5de45be64e035386703562a8ac9b02cd58557b Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Wed, 14 Aug 2024 06:46:05 +0000 Subject: [PATCH 13/30] remove dev file --- bitnami.yaml | 44 -------------------------------------------- 1 file changed, 44 deletions(-) delete mode 100644 bitnami.yaml diff --git a/bitnami.yaml b/bitnami.yaml deleted file mode 100644 index e596f7cc..00000000 --- a/bitnami.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# postgresql: -# enabled: false -# auth: -# # this does not read from a secret. not sure how to map -# # just manually make the same -# username: "kyoo_back" -# database: "{{ .Values.global.postgres.database }}" -# existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}" -# secretKeys: -# adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" -# userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" -# primary: -# persistence: -# size: 3Gi - - -### TEST - # scripts: - # initdb.sql: | - # CREATE USER kyoo_back WITH PASSWORD 'password1'; - # CREATE DATABASE kyoo_back; - # GRANT ALL PRIVILEGES ON DATABASE kyoo_back TO kyoo_back; - - -# helm template bitnami/postgresql -f bitnami.yaml - -auth: - username: "kyoo_all" - password: "password1" -primary: - initdb: - scripts: - kyoo_back.sql: | - CREATE DATABASE kyoo_back WITH OWNER kyoo_all; - \connect kyoo_back; - CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION kyoo_all; - kyoo_transcoder.sql: | - CREATE DATABASE kyoo_transcoder WITH OWNER kyoo_all; - \connect kyoo_transcoder; - REVOKE ALL ON SCHEMA public FROM PUBLIC; - CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION kyoo_all; - user.sql: | - ALTER ROLE kyoo_all IN DATABASE kyoo_back SET search_path TO "$user", public; - ALTER ROLE kyoo_all IN DATABASE kyoo_transcoder SET search_path TO "$user", data; \ No newline at end of file From cdd2c3c457ebfc5a8047173c4cbaeba11ad2dc10 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Fri, 16 Aug 2024 03:42:31 +0000 Subject: [PATCH 14/30] update to support other contentdatabases --- chart/README.md | 2 ++ chart/templates/matcher/deployment.yaml | 14 ++++++++++++-- chart/values.yaml | 15 +++++++++++---- 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/chart/README.md b/chart/README.md index a354ed59..acdabd67 100644 --- a/chart/README.md +++ b/chart/README.md @@ -44,6 +44,8 @@ extraObjects: # Keep those empty to use kyoo's default api key. You can also specify a custom API key if you want. # go to https://www.themoviedb.org/settings/api and copy the api key (not the read access token, the api key) tmdb_apikey: "" + tvdb_apikey: "" + tvdb_pin: "" #RESOURCES # meilisearch does not allow mapping their key in yet. MEILI_MASTER_KEY: barkLike8SuperDucks diff --git a/chart/templates/matcher/deployment.yaml b/chart/templates/matcher/deployment.yaml index 5fa4bf62..086f660c 100644 --- a/chart/templates/matcher/deployment.yaml +++ b/chart/templates/matcher/deployment.yaml @@ -59,8 +59,18 @@ spec: - name: THEMOVIEDB_APIKEY valueFrom: secretKeyRef: - key: {{ .Values.contentdatabase.provider.tmdb.apikeyKey }} - name: {{ .Values.contentdatabase.provider.tmdb.existingSecret }} + key: {{ .Values.contentdatabase.tmdb.apikeyKey }} + name: {{ .Values.contentdatabase.tmdb.existingSecret }} + - name: TVDB_APIKEY + valueFrom: + secretKeyRef: + key: {{ .Values.contentdatabase.tvdb.apikeyKey }} + name: {{ .Values.contentdatabase.tvdb.existingSecret }} + - name: TVDB_PIN + valueFrom: + secretKeyRef: + key: {{ .Values.contentdatabase.tvdb.pinKey }} + name: {{ .Values.contentdatabase.tvdb.existingSecret }} - name: RABBITMQ_HOST value: {{ .Values.global.rabbitmq.host }} - name: RABBITMQ_PORT diff --git a/chart/values.yaml b/chart/values.yaml index 7f695558..f0274f15 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -97,10 +97,17 @@ media: subPath: media contentdatabase: - provider: - tmdb: - apikeyKey: tmdb_apikey - existingSecret: bigsecret + # TheMovieDB + tmdb: + enabled: true + apikeyKey: tmdb_apikey + existingSecret: bigsecret + # TVDatabase + tvdb: + enabled: true + apikeyKey: tvdb_apikey + pinKey: tvdb_pin + existingSecret: bigsecret autosync: name: autosync From db7c77383d159d1d54ca1943f184459661e07ad8 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Fri, 16 Aug 2024 03:47:46 +0000 Subject: [PATCH 15/30] update comments --- chart/values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index f0274f15..3ace2f1e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -370,8 +370,7 @@ postgresql: rabbitmq: enabled: false auth: - # this does not read from a secret. not sure how to map - # just manually make the same + # this will not read from a secret. just manually make the same username: kyoo_all existingPasswordSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}" existingSecretPasswordKey: "{{ .Values.global.rabbitmq.infra.passwordKey }}" From 464bdf201e54a8d0a209c2153abec785f4dc147c Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Fri, 16 Aug 2024 04:26:17 +0000 Subject: [PATCH 16/30] add ingress --- chart/templates/_helpers.tpl | 7 ++++++ chart/templates/ingress.yaml | 43 ++++++++++++++++++++++++++++++++++++ chart/values.yaml | 9 ++++++++ 3 files changed, 59 insertions(+) create mode 100644 chart/templates/ingress.yaml diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 551f7b18..86a16a6e 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -1,3 +1,10 @@ +{{/* +Create kyoo ingress name +*/}} +{{- define "kyoo.ingress.fullname" -}} +{{- printf "%s-%s" (include "kyoo.fullname" .) "ingress" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create kyoo autosync name */}} diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml new file mode 100644 index 00000000..512abc98 --- /dev/null +++ b/chart/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "kyoo.fullname" . }} + labels: + {{- include "kyoo.labels" (dict "context" . "component" "ingress" "name" "ingress") | nindent 4 }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- range $key, $value := .Values.ingress.extraAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: "/" + pathType: Prefix + backend: + service: + name: {{ include "kyoo.front.fullname" . }} + port: + number: 8901 + - path: "/api" + pathType: Prefix + backend: + service: + name: {{ include "kyoo.back.fullname" . }} + port: + number: 5000 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index 3ace2f1e..1284c901 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -109,6 +109,15 @@ contentdatabase: pinKey: tvdb_pin existingSecret: bigsecret +ingress: + enabled: false + ingressClassName: ~ + annotations: {} + extraAnnotations: {} + host: kyoo.mydomain.com + tls: false + tlsSecret: ~ + autosync: name: autosync kyoo_autosync: From 9c98f9e03fe36e6741702c8a0a2a5757863895af Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Fri, 16 Aug 2024 04:36:12 +0000 Subject: [PATCH 17/30] add missing settings --- chart/templates/back/deployment.yaml | 4 ++++ chart/values.yaml | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml index 693ed4f5..2fe04bd4 100644 --- a/chart/templates/back/deployment.yaml +++ b/chart/templates/back/deployment.yaml @@ -79,6 +79,10 @@ spec: value: http://{{ include "kyoo.transcoder.fullname" . }}:7666 - name: PUBLIC_URL value: {{ .Values.kyoo.address }} + - name: REQUIRE_ACCOUNT_VERIFICATION + value: {{ .Values.kyoo.requireAccountVerification }} + - name: DEFAULT_PERMISSIONS + value: {{ .Values.kyoo.defaultPermissions }} - name: UNLOGGED_PERMISSIONS value: {{ .Values.kyoo.unloggedPermissions }} - name: KYOO_APIKEYS diff --git a/chart/values.yaml b/chart/values.yaml index 1284c901..a7ded948 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -79,7 +79,9 @@ global: kyoo: address: "https://kyoo.mydomain.com" - unloggedPermissions: "overall.read,overall.play" + requireAccountVerification: true + defaultPermissions: "overall.read,overall.play" + unloggedPermissions: "" languages: "en" apikey: existingSecret: bigsecret From b6c52614991aac4c89a2954e3782dad7eb0aabe1 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Fri, 16 Aug 2024 04:40:25 +0000 Subject: [PATCH 18/30] add missing setting --- chart/templates/scanner/deployment.yaml | 2 ++ chart/values.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/chart/templates/scanner/deployment.yaml b/chart/templates/scanner/deployment.yaml index e30bed80..27862105 100644 --- a/chart/templates/scanner/deployment.yaml +++ b/chart/templates/scanner/deployment.yaml @@ -49,6 +49,8 @@ spec: env: - name: SCANNER_LIBRARY_ROOT value: /data + - name: LIBRARY_IGNORE_PATTERN + value: "{{ .Values.kyoo.libraryIgnorePattern }}" - name: KYOO_APIKEYS valueFrom: secretKeyRef: diff --git a/chart/values.yaml b/chart/values.yaml index a7ded948..2d5b74ed 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -82,6 +82,7 @@ kyoo: requireAccountVerification: true defaultPermissions: "overall.read,overall.play" unloggedPermissions: "" + libraryIgnorePattern: ".*/[dD]ownloads?/.*" languages: "en" apikey: existingSecret: bigsecret From 839548cb44cb2696bed27e210353d8f451be44ad Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Fri, 16 Aug 2024 04:44:28 +0000 Subject: [PATCH 19/30] remove unused settings --- chart/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 2d5b74ed..01815e5d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -102,12 +102,10 @@ media: contentdatabase: # TheMovieDB tmdb: - enabled: true apikeyKey: tmdb_apikey existingSecret: bigsecret # TVDatabase tvdb: - enabled: true apikeyKey: tvdb_apikey pinKey: tvdb_pin existingSecret: bigsecret From 8e61244e7b5d12774d35fb45d733de5f05575668 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Fri, 16 Aug 2024 04:51:46 +0000 Subject: [PATCH 20/30] variablize transcoder settings --- chart/templates/transcoder/deployment.yaml | 4 ++-- chart/values.yaml | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/chart/templates/transcoder/deployment.yaml b/chart/templates/transcoder/deployment.yaml index 8004e7c7..acc015c1 100644 --- a/chart/templates/transcoder/deployment.yaml +++ b/chart/templates/transcoder/deployment.yaml @@ -48,9 +48,9 @@ spec: {{- end }} env: - name: GOCODER_HWACCEL - value: disabled + value: {{ .Values.kyoo.transcoderAcceleration }} - name: GOCODER_PRESET - value: fast + value: {{ .Values.kyoo.transcoderPreset }} - name: GOCODER_CACHE_ROOT value: /cache - name: GOCODER_METADATA_ROOT diff --git a/chart/values.yaml b/chart/values.yaml index 01815e5d..4a29c2b6 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -84,6 +84,11 @@ kyoo: unloggedPermissions: "" libraryIgnorePattern: ".*/[dD]ownloads?/.*" languages: "en" + # hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia) + transcoderAcceleration: disabled + # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels + # warning: using vaapi hwaccel disable presets (they are not supported). + transcoderPreset: fast apikey: existingSecret: bigsecret apikeyKey: kyoo_apikeys From 7441a3a3b1d20a0764c3eafb7c8d18b3aadea699 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Sat, 17 Aug 2024 06:46:16 +0000 Subject: [PATCH 21/30] remove uneeded notes --- chart/README.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/chart/README.md b/chart/README.md index acdabd67..11c56b73 100644 --- a/chart/README.md +++ b/chart/README.md @@ -9,18 +9,6 @@ helm upgrade kyoo . --install --values myvalues.yaml ``` `myvaules.yaml` content ```yaml -# If the helm release has another name other than kyoo -# subchart resources will be named $releasename-$resource - -# have seen other charts use "{{ .Release.Name }}-postgresql", but having issues - -# global: -# meilisearch: -# host: kyoo-meilisearch -# rabbitmq: -# host: kyoo-rabbitmq -# postgres: -# host: kyoo-postgresql kyoo: address: https://kyoo.mydomain.com meilisearch: From 5ea78f081795e43207337091035e59ab354872ad Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Tue, 24 Sep 2024 14:16:07 +0000 Subject: [PATCH 22/30] Update readme --- chart/README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/chart/README.md b/chart/README.md index 11c56b73..9ae5ac21 100644 --- a/chart/README.md +++ b/chart/README.md @@ -3,7 +3,19 @@ # Recomendations This helm chart includes subcharts for Meilisearch, Postgres, and RabbitMQ. Those resources should be managed outside of this Helm release. -# Example Deployment +## Postgres +Kyoo consists of multiple microservices. Best practice is for each microservice to use its own database. Kyoo workloads support best practices or sharing a single postgres database. Please see the `POSTGRES_SCHEMA` setting for additional information. + +Strongly recomended to use a Kubernetes operator for managing Postgres. + +## Storage +Kyoo currently uses storage volumes for media, backend-storage, and transcoder-storage. Media content tends to consume a large amount of space and Kubernetes storage interfaces tend to replicate across nodes. Consider hosting the data outside of Kubernetes or assigning one node to handle storage. + +Storage for backend and transcoder will eventually be moved into a datastore application. + +# Quickstart +Below provides an example for deploying Kyoo and its dependencies. This is a minimalist setup that is not intended for longterm use. This approach uses a single Postgres instance and initializes mutliple databases. + ```sh helm upgrade kyoo . --install --values myvalues.yaml ``` From 37fe57fdf40cb8353b297290b4b5944f45b0489d Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Tue, 24 Sep 2024 14:35:23 +0000 Subject: [PATCH 23/30] fix typos in new settings --- chart/templates/back/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml index 2fe04bd4..fc6b1f5f 100644 --- a/chart/templates/back/deployment.yaml +++ b/chart/templates/back/deployment.yaml @@ -80,11 +80,11 @@ spec: - name: PUBLIC_URL value: {{ .Values.kyoo.address }} - name: REQUIRE_ACCOUNT_VERIFICATION - value: {{ .Values.kyoo.requireAccountVerification }} + value: "{{ .Values.kyoo.requireAccountVerification }}" - name: DEFAULT_PERMISSIONS value: {{ .Values.kyoo.defaultPermissions }} - name: UNLOGGED_PERMISSIONS - value: {{ .Values.kyoo.unloggedPermissions }} + value: "{{ .Values.kyoo.unloggedPermissions }}" - name: KYOO_APIKEYS valueFrom: secretKeyRef: From 77794fa6f6e7ed052f50a642d8002a96c52c4ff7 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Tue, 24 Sep 2024 15:44:45 +0000 Subject: [PATCH 24/30] update schema settings --- chart/templates/transcoder/deployment.yaml | 2 ++ chart/values.yaml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/chart/templates/transcoder/deployment.yaml b/chart/templates/transcoder/deployment.yaml index acc015c1..530e1151 100644 --- a/chart/templates/transcoder/deployment.yaml +++ b/chart/templates/transcoder/deployment.yaml @@ -75,6 +75,8 @@ spec: value: {{ .Values.global.postgres.kyoo_transcoder.host }} - name: POSTGRES_PORT value: "{{ .Values.global.postgres.kyoo_transcoder.port }}" + - name: POSTGRES_SCHEMA + value: "{{ .Values.global.postgres.kyoo_transcoder.schema }}" {{- with (concat .Values.global.extraEnv .Values.transcoder.kyoo_transcoder.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index 4a29c2b6..56b54c73 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -45,6 +45,9 @@ global: host: kyoo-postgresql port: 5432 database: kyoo_transcoder + # POSTGRES_SCHEMA disabled means application will not create the schema + # and will instead use the user's search path + schema: disabled kyoo_transcoder: userKey: postgres_user passwordKey: postgres_password From 9fab7b4df4f2f80d35eab91dd134d9d5d6083a0d Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Tue, 24 Sep 2024 15:50:03 +0000 Subject: [PATCH 25/30] update versions --- chart/Chart.yaml | 8 ++++---- chart/values.yaml | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 266e497b..7d2e5fe7 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -21,18 +21,18 @@ version: 0.1.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "4.6.0" +appVersion: "4.7.0" dependencies: - condition: meilisearch.enabled name: meilisearch repository: https://meilisearch.github.io/meilisearch-kubernetes - version: 0.8.0 + version: 0.10.1 - condition: postgresql.enabled name: postgresql repository: https://charts.bitnami.com/bitnami - version: 15.5.14 + version: 15.5.34 - condition: rabbitmq.enabled name: rabbitmq repository: https://charts.bitnami.com/bitnami - version: 14.4.2 \ No newline at end of file + version: 15.0.0 \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index 56b54c73..1ec31623 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -346,9 +346,6 @@ meilisearch: persistence: enabled: true size: 3Gi - # upstream set to -, disabling dynamic provisioning - # https://github.com/meilisearch/meilisearch-kubernetes/pull/235 - storageClass: ~ # subchart settings postgresql: From 861bea46f7c3b1d7ca7001ba87a6b6c2433e3fa2 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Tue, 24 Sep 2024 19:03:03 +0000 Subject: [PATCH 26/30] update example to ReadOnlyMany --- chart/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/README.md b/chart/README.md index 9ae5ac21..664487fe 100644 --- a/chart/README.md +++ b/chart/README.md @@ -70,7 +70,7 @@ extraObjects: name: media spec: accessModes: - - "ReadWriteOnce" + - "ReadOnlyMany" resources: requests: storage: "3Gi" From 9ed4e7570df5d961d15be4dee12af73b0bd0db85 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Tue, 24 Sep 2024 20:23:29 +0000 Subject: [PATCH 27/30] remove media volume --- chart/templates/back/deployment.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml index fc6b1f5f..19e7fdf1 100644 --- a/chart/templates/back/deployment.yaml +++ b/chart/templates/back/deployment.yaml @@ -161,9 +161,6 @@ spec: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} volumes: - {{- with .Values.media.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.back.volumes }} {{- toYaml . | nindent 8 }} {{- end }} From 88f997011e1aeb511ef54154af7c2ee9175f0567 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Sat, 28 Sep 2024 14:14:10 +0000 Subject: [PATCH 28/30] add oidc settings --- chart/templates/back/deployment.yaml | 26 ++++++++++++++++++++++++++ chart/values.yaml | 12 ++++++++++++ 2 files changed, 38 insertions(+) diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml index 19e7fdf1..2c190e2f 100644 --- a/chart/templates/back/deployment.yaml +++ b/chart/templates/back/deployment.yaml @@ -127,6 +127,32 @@ spec: secretKeyRef: key: {{ .Values.global.meilisearch.kyoo_back.masterkeyKey }} name: {{ .Values.global.meilisearch.kyoo_back.existingSecret }} + {{- if .Values.kyoo.oidc.enabled }} + - name: OIDC_SERVICE_NAME + value: {{ .Values.kyoo.oidc.name }} + - name: OIDC_SERVICE_LOGO + value: {{ .Values.kyoo.oidc.logo }} + - name: OIDC_SERVICE_CLIENTID + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.oidc.clientIDkey }} + name: {{ .Values.kyoo.oidc.existingSecret }} + - name: OIDC_SERVICE_SECRET + valueFrom: + secretKeyRef: + key: {{ .Values.kyoo.oidc.clientSecretKey }} + name: {{ .Values.kyoo.oidc.existingSecret }} + - name: OIDC_SERVICE_AUTHORIZATION + value: {{ .Values.kyoo.oidc.authorizationAddress }} + - name: OIDC_SERVICE_TOKEN + value: {{ .Values.kyoo.oidc.tokenAddress }} + - name: OIDC_SERVICE_PROFILE + value: {{ .Values.kyoo.oidc.profileAddress }} + - name: OIDC_SERVICE_SCOPE + value: {{ .Values.kyoo.oidc.scope }} + - name: OIDC_SERVICE_AUTHMETHOD + value: {{ .Values.kyoo.oidc.authMethod }} + {{- end }} {{- with (concat .Values.global.extraEnv .Values.back.kyoo_back.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index 1ec31623..74f27177 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -95,6 +95,18 @@ kyoo: apikey: existingSecret: bigsecret apikeyKey: kyoo_apikeys + oidc: + enabled: false + existingSecret: bigsecret + clientIDkey: clientID + clientSecretKey: clientSecret + name: YourPrettyName + logo: https://url-of-your-logo.com + authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth + tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token + profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo + scope: "email openid profile" + authMethod: ClientSecretBasic media: volumes: From 7c61ba39bc0be6ecb1ca5858800670daee90bff6 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Sat, 28 Sep 2024 14:16:33 +0000 Subject: [PATCH 29/30] have pipeline publish version --- chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 7d2e5fe7..86218111 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From ebb87ef2bb13d30029d2908caf00cd1ac61e8bc3 Mon Sep 17 00:00:00 2001 From: Arlan Lloyd Date: Sat, 28 Sep 2024 16:53:22 +0000 Subject: [PATCH 30/30] fix casing on key --- chart/templates/back/deployment.yaml | 2 +- chart/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml index 2c190e2f..b4d3659a 100644 --- a/chart/templates/back/deployment.yaml +++ b/chart/templates/back/deployment.yaml @@ -135,7 +135,7 @@ spec: - name: OIDC_SERVICE_CLIENTID valueFrom: secretKeyRef: - key: {{ .Values.kyoo.oidc.clientIDkey }} + key: {{ .Values.kyoo.oidc.clientIdKey }} name: {{ .Values.kyoo.oidc.existingSecret }} - name: OIDC_SERVICE_SECRET valueFrom: diff --git a/chart/values.yaml b/chart/values.yaml index 74f27177..9464e459 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -98,7 +98,7 @@ kyoo: oidc: enabled: false existingSecret: bigsecret - clientIDkey: clientID + clientIdKey: clientId clientSecretKey: clientSecret name: YourPrettyName logo: https://url-of-your-logo.com