Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-12-16 10:05:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

chart: update docs (#1162)

Browse Source
This commit is contained in:
acelinkio 2025-11-18 14:22:53 -08:00 committed by GitHub
commit 536b03b1ef
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
chart/README.md
View File

@ -23,7 +23,7 @@ extraObjects:
stringData:
postgres_user: kyoo_all
postgres_password: watchSomething4me
scanner_apikey: scanner-triquarter4u
scanner_apikey: triquarter4u
- kind: PersistentVolumeClaim
apiVersion: v1
metadata:
@ -43,14 +43,8 @@ values.yaml configuration
# specify external hosts for resources
global:
postgres:
kyoo_api:
host: postgres
kyoo_auth:
host: postgres
kyoo_transcoder:
host: postgres
kyoo_scanner:
host: postgres
shared:
host: postgres-cluster01.databases
# specify hardware resources
transcoder:
kyoo_transcoder:
@ -86,7 +80,7 @@ stringData:
tvdb_pin: ""
postgres_user: kyoo_all
postgres_password: watchSomething4me
scanner_apikey: scanner-triquarter4u
scanner_apikey: triquarter4u
```
# Additional Notes
@ -99,7 +93,7 @@ Subcharts are updated frequently and subject to changes. This chart includes su
# v5 Middleware Requirement
Starting with v5, Kyoo leverages middleware for offloading auth from the microservices onto a gateway. For additional reading, please see gateway-api sigs [documentation](https://gateway-api.sigs.k8s.io/geps/gep-1494/).
This Helm chart provides a few choices as most ingress/gatewayapi controllers do not currently support PhantomToken auth.
This Helm chart provides a few options as most ingress/gatewayapi controllers do not currently support ForwardAuth middleware.
## Add TraefikProxy (Default)
By default, this chart will deploy TraefikProxy behind the existing ingress/gateway resources. TraefikProxy hop is added and configured to handle ForwardAuth. This approach offers the most compatibility and requires the least amount of change from the user perspective.
@ -108,6 +102,6 @@ By default, this chart will deploy TraefikProxy behind the existing ingress/gate
Instead of using an additional hop, Traefik can be exposed via LoadBalancer. To do this securely, please be sure to mount and configuring the TLS certificate inside of Traefik.
## Ingress/GatewayApi (WIP)
Disable the integrated TraefikProxy and adopt a controller that supports PhantomToken auth. This option will offer the most Kubernetes native experience.
Disable the integrated TraefikProxy and adopt a controller that supports ForwardAuth middleware. This option will offer the most Kubernetes native experience.
This is a work in progress. One of the challenges is that microserice to microservice communication relies upon this middleware as well. Pointing microservices to Ingress/Gateway service address is not enough since those leverage Layer7 hosts for routing traffic--unless we create a dedicated one that routes all hosts to Kyoo.