Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2026-01-07 20:50:28 -05:00
Code Issues Packages Projects Releases Wiki Activity
Kyoo/chart/values.yaml
Arlan Lloyd 6238c8d9a0
fix default address
2025-11-09 20:13:20 +01:00

434 lines
12 KiB
YAML
Raw Blame History

# Kyoo consists of multiple services, please view diagrams for additional context
# https://github.com/zoriya/Kyoo/blob/master/DIAGRAMS.md
# global configures shared microservices and subcharts settings
global:
image:
repositoryBase: "ghcr.io/zoriya"
tag: ""
imagePullPolicy: IfNotPresent
imagePullSecrets: []
configmapAnnotations: {}
deploymentAnnotations: {}
persistentVolumeClaimAnnotations: {}
podAnnotations: {}
podLabels: {}
extraEnv: []
# kyoo connectivity & subchart settings for postgres
# subchart configuration can be found at .postgresql
postgres:
# subchart specific settings
infra:
# subchart does not accept setting username via secret, so defining here
user: kyoo_all
passwordKey: postgres_password
existingSecret: bigsecret
# kyoo settings for connecting to kyoo_api database
kyoo_api:
host: kyoo-postgres
port: 5432
database: kyoo_api
# kyoo_api workload specific settings
kyoo_api:
userKey: postgres_user
passwordKey: postgres_password
existingSecret: bigsecret
# kyoo settings for connecting to kyoo_auth database
kyoo_auth:
host: kyoo-postgres
port: 5432
database: kyoo_auth
# schema disabled means application will not create the schema
# and will instead use the user's search path
schema: disabled
sslmode: prefer
# kyoo_auth workload specific settings
kyoo_auth:
userKey: postgres_user
passwordKey: postgres_password
existingSecret: bigsecret
# kyoo settings for connecting to kyoo_transcoder database
kyoo_transcoder:
host: kyoo-postgres
port: 5432
database: kyoo_transcoder
# schema disabled means application will not create the schema
# and will instead use the user's search path
schema: disabled
# sslmode valid options are 'require' or 'disable', 'prefer' is not supported
sslmode: disable
# kyoo_transcoder workload specific settings
kyoo_transcoder:
userKey: postgres_user
passwordKey: postgres_password
existingSecret: bigsecret
# kyoo application settings
kyoo:
# The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance.
address: "https://kyoo.mydomain.com"
# new auth settings
extraClaims: '{"permissions": ["core.read"], "verified": false}'
firstUserClaims: '{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "scanner.trigger"], "verified": true}'
guestClaims: '{"permissions": ["users.read", "users.write", "apikeys.read", "apikeys.write", "users.delete", "core.read", "core.write", "scanner.trigger"], "verified": true}'
protectedClaims: "permissions,verified"
# If this is true, new accounts wont have any permissions before you approve them in your admin dashboard.
requireAccountVerification: true
# Specify permissions of new accounts.
defaultPermissions: "overall.read,overall.play"
# Specify permissions of guest accounts, default is no permissions.
unloggedPermissions: ""
# A pattern (regex) to ignore video files.
libraryIgnorePattern: ".*/[dD]ownloads?/.*"
languages: "en"
# hardware acceleration profile (valid values: disabled, vaapi, qsv, nvidia)
transcoderAcceleration: disabled
# the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels
# warning: using vaapi hwaccel disable presets (they are not supported).
transcoderPreset: fast
apikey:
existingSecret: bigsecret
apikeyKey: kyoo_apikeys
# oidc_providers is a list of oidc providers that you want to use for authentication.
# see the example below for how to configure an oidc provider.
oidc_providers: []
# - name: example
# existingSecret: bigsecret
# clientIdKey: clientId
# clientSecretKey: clientSecret
# logo: https://url-of-your-logo.com
# authorizationAddress: https://url-of-the-authorization-endpoint-of-the-oidc-service.com/auth
# tokenAddress: https://url-of-the-token-endpoint-of-the-oidc-service.com/token
# profileAddress: https://url-of-the-profile-endpoint-of-the-oidc-service.com/userinfo
# scope: "email openid profile"
# authMethod: ClientSecretBasic
# configures workloads that require access to media
media:
# specifies the volumes to use
volumes:
# default volume configuration to allow for easier demo and testing
# most setups will aim to leverage NFS to access media
# - name: media
# nfs:
# server: mynasserver.mydomain.com
# path: /spin0/media
- name: media
persistentVolumeClaim:
claimName: media
# specifies where to mount the volumes
# note that this should align with .media.baseMountPath
volumeMounts:
- mountPath: /media
name: media
readOnly: true
# configures kyoo workloads to search
# note that this should align with .media.volumeMounts[].mountPath
baseMountPath: "/media"
# configures workloads that require access to contentdatabase
# unused until autosync pulled into kyoo_api
contentdatabase:
# TheMovieDB
tmdb:
apikeyKey: tmdb_apikey
existingSecret: bigsecret
# TVDatabase
tvdb:
apikeyKey: tvdb_apikey
pinKey: tvdb_pin
existingSecret: bigsecret
# api deployment configuration
api:
name: api
# kyoo_api container configuration
kyoo_api:
livenessProbe: {}
readinessProbe: {}
resources: {}
containerSecurityContext: {}
extraVolumeMounts: []
extraArgs: []
extraEnv: []
image:
repository: ~
tag: ~
volumeMounts: []
volumes: []
replicaCount: 1
# default to recreate for better user experience with ReadWriteOnce volumes
updateStrategy:
type: Recreate
podLabels: {}
deploymentAnnotations: {}
podAnnotations: {}
imagePullSecrets: []
service:
annotations: {}
labels: {}
type: ClusterIP
serviceAccount:
create: true
automount: true
annotations: {}
name: ~
extraContainers: []
extraInitContainers: []
extraVolumes: []
# apimetadata
# user profile pictures
persistence:
enabled: true
size: 3Gi
annotations: {}
storageClass: ""
accessModes:
- ReadWriteOnce
existingClaim: ""
# auth deployment configuration
auth:
name: auth
# kyoo_auth container configuration
kyoo_auth:
livenessProbe: {}
readinessProbe: {}
resources: {}
containerSecurityContext: {}
extraVolumeMounts: []
extraArgs: []
extraEnv: []
image:
repository: ~
tag: ~
replicaCount: 1
updateStrategy: ~
podLabels: {}
deploymentAnnotations: {}
podAnnotations: {}
imagePullSecrets: []
service:
annotations: {}
labels: {}
type: ClusterIP
serviceAccount:
create: true
automount: true
annotations: {}
name: ~
extraContainers: []
extraInitContainers: []
extraVolumes: []
# front deployment configuration
front:
name: front
# kyoo_front container configuration
kyoo_front:
livenessProbe: {}
readinessProbe: {}
resources: {}
containerSecurityContext: {}
extraVolumeMounts: []
extraArgs: []
extraEnv: []
image:
repository: ~
tag: ~
replicaCount: 1
updateStrategy: ~
podLabels: {}
deploymentAnnotations: {}
podAnnotations: {}
imagePullSecrets: []
service:
annotations: {}
labels: {}
type: ClusterIP
serviceAccount:
create: true
automount: true
annotations: {}
name: ~
extraContainers: []
extraInitContainers: []
extraVolumes: []
# scanner deployment configuration
scanner:
name: scanner
# kyoo_scanner container configuration
kyoo_scanner:
livenessProbe: {}
readinessProbe: {}
resources: {}
containerSecurityContext: {}
extraVolumeMounts: []
extraArgs: []
extraEnv: []
image:
repository: ~
tag: ~
# scanner does not support multiple replicas
replicaCount: 1
updateStrategy: ~
podLabels: {}
deploymentAnnotations: {}
podAnnotations: {}
imagePullSecrets: []
serviceAccount:
create: true
automount: true
annotations: {}
name: ~
extraContainers: []
extraInitContainers: []
extraVolumes: []
# scanner deployment configuration
transcoder:
name: transcoder
# can be used if you have a gpu runtime class
runtimeClass: ""
# kyoo_transcoder container configuration
kyoo_transcoder:
livenessProbe: {}
readinessProbe: {}
resources: {}
containerSecurityContext: {}
extraVolumeMounts: []
extraArgs: []
extraEnv: []
image:
repository: ~
tag: ~
volumeMounts:
- mountPath: /cache
name: cache
volumes:
- name: cache
emptyDir: {}
replicaCount: 1
# default to recreate for better user experience with ReadWriteOnce volumes & hardware resources
updateStrategy:
type: Recreate
podLabels: {}
deploymentAnnotations: {}
podAnnotations: {}
imagePullSecrets: []
service:
annotations: {}
labels: {}
type: ClusterIP
serviceAccount:
create: true
automount: true
annotations: {}
name: ~
extraContainers: []
extraInitContainers: []
extraVolumes: []
# transcodermetadata
# thumbnail images & subtiles
persistence:
enabled: true
size: 3Gi
annotations: {}
storageClass: ""
accessModes:
- ReadWriteOnce
existingClaim: ""
ingress:
enabled: false
ingressClassName: ~
annotations: {}
extraAnnotations: {}
host: kyoo.mydomain.com
tls: false
tlsSecret: ~
# traefikproxy deployment configuration
traefikproxy:
enabled: true
defaultConfigmap: true
name: traefik
# traefik container configuration
traefik:
livenessProbe: {}
readinessProbe: {}
resources: {}
containerSecurityContext: {}
extraVolumeMounts: []
extraArgs: []
extraEnv: []
image:
repository: ~
tag: ~
replicaCount: 1
updateStrategy: ~
podLabels: {}
configmapAnnotations: {}
deploymentAnnotations: {}
podAnnotations: {}
imagePullSecrets: []
service:
annotations: {}
labels: {}
type: ClusterIP
serviceAccount:
create: true
automount: true
annotations: {}
name: ~
extraContainers: []
extraInitContainers: []
extraVolumes: []
# subchart settings
postgresql:
enabled: false
auth:
# default user to be created by postgres subchart
# subchart is unable to consume a secret for specifying user
username: "{{ .Values.global.postgres.infra.user }}"
existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}"
secretKeys:
# set the postgres user password to the same as our user
passwordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
initdb:
scripts:
kyoo_api.sql: |
CREATE DATABASE {{ .Values.global.postgres.kyoo_api.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
\connect {{ .Values.global.postgres.kyoo_api.database }};
REVOKE ALL ON SCHEMA public FROM PUBLIC;
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
kyoo_auth.sql: |
CREATE DATABASE {{ .Values.global.postgres.kyoo_auth.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
\connect {{ .Values.global.postgres.kyoo_auth.database }};
REVOKE ALL ON SCHEMA public FROM PUBLIC;
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
kyoo_transcoder.sql: |
CREATE DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
\connect {{ .Values.global.postgres.kyoo_transcoder.database }};
REVOKE ALL ON SCHEMA public FROM PUBLIC;
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
user.sql: |
ALTER ROLE {{ .Values.global.postgres.infra.user }}
IN DATABASE {{ .Values.global.postgres.kyoo_auth.database }} SET search_path TO "$user", data;
ALTER ROLE {{ .Values.global.postgres.infra.user }}
IN DATABASE {{ .Values.global.postgres.kyoo_api.database }} SET search_path TO "$user", data;
ALTER ROLE {{ .Values.global.postgres.infra.user }}
IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data;
persistence:
enabled: true
size: 3Gi
# allows for the creation of any additional kubernetes resources
extraObjects: []
Reference in New Issue View Git Blame Copy Permalink