mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-05-23 17:52:36 -04:00
490 lines
14 KiB
YAML
490 lines
14 KiB
YAML
# Kyoo consists of multiple services, please view diagrams for additional context
|
|
# https://github.com/zoriya/Kyoo/blob/master/DIAGRAMS.md
|
|
|
|
# global configures shared microservices and subcharts settings
|
|
global:
|
|
image:
|
|
repositoryBase: "ghcr.io/zoriya"
|
|
tag: ""
|
|
imagePullPolicy: IfNotPresent
|
|
imagePullSecrets: []
|
|
deploymentAnnotations: {}
|
|
persistentVolumeClaimAnnotations: {}
|
|
podAnnotations: {}
|
|
podLabels: {}
|
|
extraEnv: []
|
|
|
|
# kyoo connectivity & subchart settings for meilisearch
|
|
# subchart configuration can be found at .meilisearch
|
|
meilisearch:
|
|
proto: http
|
|
host: kyoo-meilisearch
|
|
port: 7700
|
|
# subchart specific settings
|
|
infra:
|
|
# subchart does not support specifying keyname.
|
|
# key must be named `MEILI_MASTER_KEY`
|
|
existingSecret: bigsecret
|
|
# kyoo_back workload specific settings
|
|
kyoo_back:
|
|
masterkeyKey: MEILI_MASTER_KEY
|
|
existingSecret: bigsecret
|
|
# kyoo connectivity & subchart settings for postgres
|
|
# subchart configuration can be found at .postgresql
|
|
postgres:
|
|
# subchart specific settings
|
|
infra:
|
|
# subchart does not accept this global value in one place
|
|
# if updating be sure to also update .postgresql.auth.username
|
|
user: kyoo_all
|
|
passwordKey: postgres_password
|
|
existingSecret: bigsecret
|
|
# kyoo settings for connecting to kyoo_back database
|
|
kyoo_back:
|
|
host: kyoo-postgresql
|
|
port: 5432
|
|
database: kyoo_back
|
|
# kyoo_migrations workload specific settings
|
|
kyoo_migrations:
|
|
userKey: postgres_user
|
|
passwordKey: postgres_password
|
|
existingSecret: bigsecret
|
|
# kyoo_back workload specific settings
|
|
kyoo_back:
|
|
userKey: postgres_user
|
|
passwordKey: postgres_password
|
|
existingSecret: bigsecret
|
|
# kyoo settings for connecting to kyoo_transcoder database
|
|
kyoo_transcoder:
|
|
host: kyoo-postgresql
|
|
port: 5432
|
|
database: kyoo_transcoder
|
|
# schema disabled means application will not create the schema
|
|
# and will instead use the user's search path
|
|
schema: disabled
|
|
# sslmode valid options are 'require' or 'disable', 'prefer' is not supported
|
|
sslmode: disable
|
|
# kyoo_transcoder workload specific settings
|
|
kyoo_transcoder:
|
|
userKey: postgres_user
|
|
passwordKey: postgres_password
|
|
existingSecret: bigsecret
|
|
# kyoo connectivity & subchart settings for rabbitmq
|
|
# subchart configuration can be found at .rabbitmq
|
|
rabbitmq:
|
|
host: kyoo-rabbitmq
|
|
port: 5672
|
|
# vhost is not used yet https://github.com/zoriya/Kyoo/issues/537
|
|
# vhost: ""
|
|
# subchart specific settings
|
|
infra:
|
|
# user must be manually aligned via rabbitmq.auth.user
|
|
passwordKey: rabbitmq_password
|
|
keyErlangCookie: rabbitmq_cookie
|
|
existingSecret: bigsecret
|
|
# kyoo_autosync workload specific settings
|
|
kyoo_autosync:
|
|
userKey: rabbitmq_user
|
|
passwordKey: rabbitmq_password
|
|
existingSecret: bigsecret
|
|
# kyoo_back workload specific settings
|
|
kyoo_back:
|
|
userKey: rabbitmq_user
|
|
passwordKey: rabbitmq_password
|
|
existingSecret: bigsecret
|
|
# kyoo_matcher workload specific settings
|
|
kyoo_matcher:
|
|
userKey: rabbitmq_user
|
|
passwordKey: rabbitmq_password
|
|
existingSecret: bigsecret
|
|
# kyoo_scanner workload specific settings
|
|
kyoo_scanner:
|
|
userKey: rabbitmq_user
|
|
passwordKey: rabbitmq_password
|
|
existingSecret: bigsecret
|
|
|
|
# kyoo application settings
|
|
kyoo:
|
|
# The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance.
|
|
address: "https://kyoo.mydomain.com"
|
|
# If this is true, new accounts wont have any permissions before you approve them in your admin dashboard.
|
|
requireAccountVerification: true
|
|
# Specify permissions of new accounts.
|
|
defaultPermissions: "overall.read,overall.play"
|
|
# Specify permissions of guest accounts, default is no permissions.
|
|
unloggedPermissions: ""
|
|
# A pattern (regex) to ignore video files.
|
|
libraryIgnorePattern: ".*/[dD]ownloads?/.*"
|
|
languages: "en"
|
|
# hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia)
|
|
transcoderAcceleration: disabled
|
|
# the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels
|
|
# warning: using vaapi hwaccel disable presets (they are not supported).
|
|
transcoderPreset: fast
|
|
apikey:
|
|
existingSecret: bigsecret
|
|
apikeyKey: kyoo_apikeys
|
|
# oidc_providers is a list of oidc providers that you want to use for authentication.
|
|
# see the example below for how to configure an oidc provider.
|
|
oidc_providers: []
|
|
# - name: example
|
|
# existingSecret: bigsecret
|
|
# clientIdKey: clientId
|
|
# clientSecretKey: clientSecret
|
|
# logo: https://url-of-your-logo.com
|
|
# authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth
|
|
# tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token
|
|
# profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo
|
|
# scope: "email openid profile"
|
|
# authMethod: ClientSecretBasic
|
|
|
|
# configures workloads that require access to media
|
|
media:
|
|
# specifies the volumes to use
|
|
volumes:
|
|
# default volume configuration to allow for easier demo and testing
|
|
# most setups will aim to leverage NFS to access media
|
|
# - name: media
|
|
# nfs:
|
|
# server: mynasserver.mydomain.com
|
|
# path: /spin0/media
|
|
- name: media
|
|
persistentVolumeClaim:
|
|
claimName: media
|
|
|
|
# specifies where to mount the volumes
|
|
# note that this should align with .media.baseMountPath
|
|
volumeMounts:
|
|
- mountPath: /media
|
|
name: media
|
|
readOnly: true
|
|
# configures kyoo workloads to search
|
|
# note that this should align with .media.volumeMounts[].mountPath
|
|
baseMountPath: "/media"
|
|
|
|
# configures workloads that require access to contentdatabase
|
|
contentdatabase:
|
|
# TheMovieDB
|
|
tmdb:
|
|
apikeyKey: tmdb_apikey
|
|
existingSecret: bigsecret
|
|
# TVDatabase
|
|
tvdb:
|
|
apikeyKey: tvdb_apikey
|
|
pinKey: tvdb_pin
|
|
existingSecret: bigsecret
|
|
|
|
# autosync deployment configuration
|
|
autosync:
|
|
name: autosync
|
|
# kyoo_autosync container configuration
|
|
kyoo_autosync:
|
|
livenessProbe: {}
|
|
readinessProbe: {}
|
|
resources: {}
|
|
containerSecurityContext: {}
|
|
extraVolumeMounts: []
|
|
extraArgs: []
|
|
extraEnv: []
|
|
image:
|
|
repository: ~
|
|
tag: ~
|
|
replicaCount: 1
|
|
updateStrategy: ~
|
|
podLabels: {}
|
|
deploymentAnnotations: {}
|
|
podAnnotations: {}
|
|
imagePullSecrets: []
|
|
serviceAccount:
|
|
create: true
|
|
automount: true
|
|
annotations: {}
|
|
name: ~
|
|
extraContainers: []
|
|
extraInitContainers: []
|
|
extraVolumes: []
|
|
|
|
# back deployment configuration
|
|
back:
|
|
name: back
|
|
# kyoo_migrations init container configuration
|
|
kyoo_migrations:
|
|
livenessProbe: {}
|
|
readinessProbe: {}
|
|
resources: {}
|
|
containerSecurityContext: {}
|
|
extraVolumeMounts: []
|
|
extraArgs: []
|
|
extraEnv: []
|
|
image:
|
|
repository: ~
|
|
tag: ~
|
|
# kyoo_back container configuration
|
|
kyoo_back:
|
|
livenessProbe: {}
|
|
readinessProbe: {}
|
|
resources: {}
|
|
containerSecurityContext: {}
|
|
extraVolumeMounts: []
|
|
extraArgs: []
|
|
extraEnv: []
|
|
image:
|
|
repository: ~
|
|
tag: ~
|
|
volumeMounts: []
|
|
volumes: []
|
|
replicaCount: 1
|
|
# default to recreate for better user experience with ReadWriteOnce volumes
|
|
updateStrategy:
|
|
type: Recreate
|
|
podLabels: {}
|
|
deploymentAnnotations: {}
|
|
podAnnotations: {}
|
|
imagePullSecrets: []
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
type: ClusterIP
|
|
serviceAccount:
|
|
create: true
|
|
automount: true
|
|
annotations: {}
|
|
name: ~
|
|
extraContainers: []
|
|
extraInitContainers: []
|
|
extraVolumes: []
|
|
# backmetadata
|
|
# user profile pictures
|
|
persistence:
|
|
enabled: true
|
|
size: 3Gi
|
|
annotations: {}
|
|
storageClass: ""
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
existingClaim: ""
|
|
|
|
# front deployment configuration
|
|
front:
|
|
name: front
|
|
# kyoo_front container configuration
|
|
kyoo_front:
|
|
livenessProbe: {}
|
|
readinessProbe: {}
|
|
resources: {}
|
|
containerSecurityContext: {}
|
|
extraVolumeMounts: []
|
|
extraArgs: []
|
|
extraEnv: []
|
|
image:
|
|
repository: ~
|
|
tag: ~
|
|
replicaCount: 1
|
|
updateStrategy: ~
|
|
podLabels: {}
|
|
deploymentAnnotations: {}
|
|
podAnnotations: {}
|
|
imagePullSecrets: []
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
type: ClusterIP
|
|
serviceAccount:
|
|
create: true
|
|
automount: true
|
|
annotations: {}
|
|
name: ~
|
|
extraContainers: []
|
|
extraInitContainers: []
|
|
extraVolumes: []
|
|
|
|
# matcher deployment configuration
|
|
matcher:
|
|
name: matcher
|
|
# kyoo_matcher container configuration
|
|
kyoo_matcher:
|
|
livenessProbe: {}
|
|
readinessProbe: {}
|
|
resources: {}
|
|
containerSecurityContext: {}
|
|
extraVolumeMounts: []
|
|
# kyoo_matcher uses the same image as kyoo_scanner
|
|
# requires an additional argument to function as matcher
|
|
extraArgs:
|
|
- matcher
|
|
extraEnv: []
|
|
image:
|
|
# kyoo_matcher uses the same image as kyoo_scanner
|
|
repository: ghcr.io/zoriya/kyoo_scanner
|
|
tag: ~
|
|
# matcher does not support multiple replicas
|
|
replicaCount: 1
|
|
updateStrategy: ~
|
|
podLabels: {}
|
|
deploymentAnnotations: {}
|
|
podAnnotations: {}
|
|
imagePullSecrets: []
|
|
serviceAccount:
|
|
create: true
|
|
automount: true
|
|
annotations: {}
|
|
name: ~
|
|
extraContainers: []
|
|
extraInitContainers: []
|
|
extraVolumes: []
|
|
|
|
# scanner deployment configuration
|
|
scanner:
|
|
name: scanner
|
|
# kyoo_scanner container configuration
|
|
kyoo_scanner:
|
|
livenessProbe: {}
|
|
readinessProbe: {}
|
|
resources: {}
|
|
containerSecurityContext: {}
|
|
extraVolumeMounts: []
|
|
extraArgs: []
|
|
extraEnv: []
|
|
image:
|
|
repository: ~
|
|
tag: ~
|
|
# scanner does not support multiple replicas
|
|
replicaCount: 1
|
|
updateStrategy: ~
|
|
podLabels: {}
|
|
deploymentAnnotations: {}
|
|
podAnnotations: {}
|
|
imagePullSecrets: []
|
|
serviceAccount:
|
|
create: true
|
|
automount: true
|
|
annotations: {}
|
|
name: ~
|
|
extraContainers: []
|
|
extraInitContainers: []
|
|
extraVolumes: []
|
|
|
|
# scanner deployment configuration
|
|
transcoder:
|
|
name: transcoder
|
|
# kyoo_transcoder container configuration
|
|
kyoo_transcoder:
|
|
livenessProbe: {}
|
|
readinessProbe: {}
|
|
resources: {}
|
|
containerSecurityContext: {}
|
|
extraVolumeMounts: []
|
|
extraArgs: []
|
|
extraEnv: []
|
|
image:
|
|
repository: ~
|
|
tag: ~
|
|
volumeMounts:
|
|
- mountPath: /cache
|
|
name: cache
|
|
volumes:
|
|
- name: cache
|
|
emptyDir: {}
|
|
replicaCount: 1
|
|
# default to recreate for better user experience with ReadWriteOnce volumes & hardware resources
|
|
updateStrategy:
|
|
type: Recreate
|
|
podLabels: {}
|
|
deploymentAnnotations: {}
|
|
podAnnotations: {}
|
|
imagePullSecrets: []
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
type: ClusterIP
|
|
serviceAccount:
|
|
create: true
|
|
automount: true
|
|
annotations: {}
|
|
name: ~
|
|
extraContainers: []
|
|
extraInitContainers: []
|
|
extraVolumes: []
|
|
# transcodermetadata
|
|
# thumbnail images & subtiles
|
|
persistence:
|
|
enabled: true
|
|
size: 3Gi
|
|
annotations: {}
|
|
storageClass: ""
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
existingClaim: ""
|
|
|
|
ingress:
|
|
enabled: false
|
|
ingressClassName: ~
|
|
annotations: {}
|
|
extraAnnotations: {}
|
|
host: kyoo.mydomain.com
|
|
tls: false
|
|
tlsSecret: ~
|
|
|
|
# subchart settings
|
|
meilisearch:
|
|
enabled: false
|
|
environment:
|
|
MEILI_ENV: production
|
|
auth:
|
|
# subchart does not support specifying keyname.
|
|
# key must be named `MEILI_MASTER_KEY`
|
|
existingMasterKeySecret: "{{ .Values.global.meilisearch.infra.existingSecret }}"
|
|
persistence:
|
|
enabled: true
|
|
size: 3Gi
|
|
|
|
# subchart settings
|
|
postgresql:
|
|
enabled: false
|
|
auth:
|
|
# default user to be created by postgres subchart
|
|
# subchart is unable to consume a secret for specifying user
|
|
username: kyoo_all
|
|
existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}"
|
|
secretKeys:
|
|
# set the postgres user password to the same as our user
|
|
adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
|
|
userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
|
|
primary:
|
|
# create databases, schemas, and set search_path
|
|
initdb:
|
|
scripts:
|
|
# kyoo_back still requires public schema
|
|
# https://github.com/zoriya/Kyoo/issues/536
|
|
kyoo_back.sql: |
|
|
CREATE DATABASE {{ .Values.global.postgres.kyoo_back.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
|
|
\connect {{ .Values.global.postgres.kyoo_back.database }};
|
|
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
|
|
kyoo_transcoder.sql: |
|
|
CREATE DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
|
|
\connect {{ .Values.global.postgres.kyoo_transcoder.database }};
|
|
REVOKE ALL ON SCHEMA public FROM PUBLIC;
|
|
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
|
|
user.sql: |
|
|
ALTER ROLE {{ .Values.global.postgres.infra.user }}
|
|
IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public;
|
|
ALTER ROLE {{ .Values.global.postgres.infra.user }}
|
|
IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data;
|
|
persistence:
|
|
size: 3Gi
|
|
|
|
# subchart settings
|
|
rabbitmq:
|
|
enabled: false
|
|
auth:
|
|
# default user to be created by rabbitmq subchart
|
|
# subchart is unable to consume a secret for specifying user
|
|
username: kyoo_all
|
|
existingPasswordSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}"
|
|
existingSecretPasswordKey: "{{ .Values.global.rabbitmq.infra.passwordKey }}"
|
|
existingErlangSecret: "{{ .Values.global.rabbitmq.infra.existingSecret }}"
|
|
existingSecretErlangKey: "{{ .Values.global.rabbitmq.infra.keyErlangCookie }}"
|
|
|
|
# allows for the creation of any additional kubernetes resources
|
|
extraObjects: []
|