# Kyoo consists of multiple services, please view diagrams for additional context # https://github.com/zoriya/Kyoo/blob/master/DIAGRAMS.md # global configures shared microservices and subcharts settings global: image: repositoryBase: "ghcr.io/zoriya" tag: "" imagePullPolicy: IfNotPresent imagePullSecrets: [] deploymentAnnotations: {} persistentVolumeClaimAnnotations: {} podAnnotations: {} podLabels: {} extraEnv: [] # kyoo connectivity & subchart settings for meilisearch # subchart configuration can be found at .meilisearch meilisearch: proto: http host: kyoo-meilisearch port: 7700 # subchart specific settings infra: # subchart does not support specifying keyname. # key must be named `MEILI_MASTER_KEY` existingSecret: bigsecret # kyoo_back workload specific settings kyoo_back: masterkeyKey: MEILI_MASTER_KEY existingSecret: bigsecret # kyoo connectivity & subchart settings for postgres # subchart configuration can be found at .postgresql postgres: # subchart specific settings infra: # subchart does not accept this global value in one place # if updating be sure to also update .postgresql.auth.username user: kyoo_all passwordKey: postgres_password existingSecret: bigsecret # kyoo settings for connecting to kyoo_back database kyoo_back: host: kyoo-postgresql port: 5432 database: kyoo_back # kyoo_migrations workload specific settings kyoo_migrations: userKey: postgres_user passwordKey: postgres_password existingSecret: bigsecret # kyoo_back workload specific settings kyoo_back: userKey: postgres_user passwordKey: postgres_password existingSecret: bigsecret # kyoo settings for connecting to kyoo_transcoder database kyoo_transcoder: host: kyoo-postgresql port: 5432 database: kyoo_transcoder # schema disabled means application will not create the schema # and will instead use the user's search path schema: disabled # sslmode valid options are 'require' or 'disable', 'prefer' is not supported sslmode: disable # kyoo_transcoder workload specific settings kyoo_transcoder: userKey: postgres_user passwordKey: postgres_password existingSecret: bigsecret # kyoo connectivity & subchart settings for rabbitmq # subchart configuration can be found at .rabbitmq rabbitmq: host: kyoo-rabbitmq port: 5672 # vhost is not used yet https://github.com/zoriya/Kyoo/issues/537 # vhost: "" # subchart specific settings infra: # user must be manually aligned via rabbitmq.auth.user passwordKey: rabbitmq_password keyErlangCookie: rabbitmq_cookie existingSecret: bigsecret # kyoo_autosync workload specific settings kyoo_autosync: userKey: rabbitmq_user passwordKey: rabbitmq_password existingSecret: bigsecret # kyoo_back workload specific settings kyoo_back: userKey: rabbitmq_user passwordKey: rabbitmq_password existingSecret: bigsecret # kyoo_matcher workload specific settings kyoo_matcher: userKey: rabbitmq_user passwordKey: rabbitmq_password existingSecret: bigsecret # kyoo_scanner workload specific settings kyoo_scanner: userKey: rabbitmq_user passwordKey: rabbitmq_password existingSecret: bigsecret # kyoo application settings kyoo: # The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance. address: "https://kyoo.mydomain.com" # If this is true, new accounts wont have any permissions before you approve them in your admin dashboard. requireAccountVerification: true # Specify permissions of new accounts. defaultPermissions: "overall.read,overall.play" # Specify permissions of guest accounts, default is no permissions. unloggedPermissions: "" # A pattern (regex) to ignore video files. libraryIgnorePattern: ".*/[dD]ownloads?/.*" languages: "en" # hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia) transcoderAcceleration: disabled # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels # warning: using vaapi hwaccel disable presets (they are not supported). transcoderPreset: fast apikey: existingSecret: bigsecret apikeyKey: kyoo_apikeys # oidc_providers is a list of oidc providers that you want to use for authentication. # see the example below for how to configure an oidc provider. oidc_providers: [] # - name: example # existingSecret: bigsecret # clientIdKey: clientId # clientSecretKey: clientSecret # logo: https://url-of-your-logo.com # authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth # tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token # profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo # scope: "email openid profile" # authMethod: ClientSecretBasic # configures workloads that require access to media media: # specifies the volumes to use volumes: # default volume configuration to allow for easier demo and testing # most setups will aim to leverage NFS to access media # - name: media # nfs: # server: mynasserver.mydomain.com # path: /spin0/media - name: media persistentVolumeClaim: claimName: media # specifies where to mount the volumes # note that this should align with .media.baseMountPath volumeMounts: - mountPath: /media name: media readOnly: true # configures kyoo workloads to search # note that this should align with .media.volumeMounts[].mountPath baseMountPath: "/media" # configures workloads that require access to contentdatabase contentdatabase: # TheMovieDB tmdb: apikeyKey: tmdb_apikey existingSecret: bigsecret # TVDatabase tvdb: apikeyKey: tvdb_apikey pinKey: tvdb_pin existingSecret: bigsecret # autosync deployment configuration autosync: name: autosync # kyoo_autosync container configuration kyoo_autosync: livenessProbe: {} readinessProbe: {} resources: {} containerSecurityContext: {} extraVolumeMounts: [] extraArgs: [] extraEnv: [] image: repository: ~ tag: ~ replicaCount: 1 updateStrategy: ~ podLabels: {} deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] serviceAccount: create: true automount: true annotations: {} name: ~ extraContainers: [] extraInitContainers: [] extraVolumes: [] # back deployment configuration back: name: back # kyoo_migrations init container configuration kyoo_migrations: livenessProbe: {} readinessProbe: {} resources: {} containerSecurityContext: {} extraVolumeMounts: [] extraArgs: [] extraEnv: [] image: repository: ~ tag: ~ # kyoo_back container configuration kyoo_back: livenessProbe: {} readinessProbe: {} resources: {} containerSecurityContext: {} extraVolumeMounts: [] extraArgs: [] extraEnv: [] image: repository: ~ tag: ~ volumeMounts: [] volumes: [] replicaCount: 1 # default to recreate for better user experience with ReadWriteOnce volumes updateStrategy: type: Recreate podLabels: {} deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] service: annotations: {} labels: {} type: ClusterIP serviceAccount: create: true automount: true annotations: {} name: ~ extraContainers: [] extraInitContainers: [] extraVolumes: [] # backmetadata # user profile pictures persistence: enabled: true size: 3Gi annotations: {} storageClass: "" accessModes: - ReadWriteOnce existingClaim: "" # front deployment configuration front: name: front # kyoo_front container configuration kyoo_front: livenessProbe: {} readinessProbe: {} resources: {} containerSecurityContext: {} extraVolumeMounts: [] extraArgs: [] extraEnv: [] image: repository: ~ tag: ~ replicaCount: 1 updateStrategy: ~ podLabels: {} deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] service: annotations: {} labels: {} type: ClusterIP serviceAccount: create: true automount: true annotations: {} name: ~ extraContainers: [] extraInitContainers: [] extraVolumes: [] # matcher deployment configuration matcher: name: matcher # kyoo_matcher container configuration kyoo_matcher: livenessProbe: {} readinessProbe: {} resources: {} containerSecurityContext: {} extraVolumeMounts: [] # kyoo_matcher uses the same image as kyoo_scanner # requires an additional argument to function as matcher extraArgs: - matcher extraEnv: [] image: # kyoo_matcher uses the same image as kyoo_scanner repository: ghcr.io/zoriya/kyoo_scanner tag: ~ # matcher does not support multiple replicas replicaCount: 1 updateStrategy: ~ podLabels: {} deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] serviceAccount: create: true automount: true annotations: {} name: ~ extraContainers: [] extraInitContainers: [] extraVolumes: [] # scanner deployment configuration scanner: name: scanner # kyoo_scanner container configuration kyoo_scanner: livenessProbe: {} readinessProbe: {} resources: {} containerSecurityContext: {} extraVolumeMounts: [] extraArgs: [] extraEnv: [] image: repository: ~ tag: ~ # scanner does not support multiple replicas replicaCount: 1 updateStrategy: ~ podLabels: {} deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] serviceAccount: create: true automount: true annotations: {} name: ~ extraContainers: [] extraInitContainers: [] extraVolumes: [] # scanner deployment configuration transcoder: name: transcoder # kyoo_transcoder container configuration kyoo_transcoder: livenessProbe: {} readinessProbe: {} resources: {} containerSecurityContext: {} extraVolumeMounts: [] extraArgs: [] extraEnv: [] image: repository: ~ tag: ~ volumeMounts: - mountPath: /cache name: cache volumes: - name: cache emptyDir: {} replicaCount: 1 # default to recreate for better user experience with ReadWriteOnce volumes & hardware resources updateStrategy: type: Recreate podLabels: {} deploymentAnnotations: {} podAnnotations: {} imagePullSecrets: [] service: annotations: {} labels: {} type: ClusterIP serviceAccount: create: true automount: true annotations: {} name: ~ extraContainers: [] extraInitContainers: [] extraVolumes: [] # transcodermetadata # thumbnail images & subtiles persistence: enabled: true size: 3Gi annotations: {} storageClass: "" accessModes: - ReadWriteOnce existingClaim: "" ingress: enabled: false ingressClassName: ~ annotations: {} extraAnnotations: {} host: kyoo.mydomain.com tls: false tlsSecret: ~ # subchart settings meilisearch: enabled: false environment: MEILI_ENV: production auth: # subchart does not support specifying keyname. # key must be named `MEILI_MASTER_KEY` existingMasterKeySecret: "{{ .Values.global.meilisearch.infra.existingSecret }}" persistence: enabled: true size: 3Gi # subchart settings postgresql: enabled: false auth: # default user to be created by postgres subchart # subchart is unable to consume a secret for specifying user username: kyoo_all existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}" secretKeys: # set the postgres user password to the same as our user adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" primary: # create databases, schemas, and set search_path initdb: scripts: # kyoo_back still requires public schema # https://github.com/zoriya/Kyoo/issues/536 kyoo_back.sql: | CREATE DATABASE {{ .Values.global.postgres.kyoo_back.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; \connect {{ .Values.global.postgres.kyoo_back.database }}; CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; kyoo_transcoder.sql: | CREATE DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; \connect {{ .Values.global.postgres.kyoo_transcoder.database }}; REVOKE ALL ON SCHEMA public FROM PUBLIC; CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; user.sql: | ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public; ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data; persistence: size: 3Gi # subchart settings rabbitmq: enabled: false auth: # default user to be created by rabbitmq subchart # subchart is unable to consume a secret for specifying user username: kyoo_all existingPasswordSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}" existingSecretPasswordKey: "{{ .Values.global.rabbitmq.infra.passwordKey }}" existingErlangSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}" existingSecretErlangKey: "{{ .Values.global.rabbitmq.infra.keyErlangCookie }}" # allows for the creation of any additional kubernetes resources extraObjects: []