From 1e602ec8e71d5776148ae81c6bd880223aa697c8 Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Sat, 14 Sep 2024 23:38:54 -0400 Subject: [PATCH] fix(ganymede): fix after update broke it --- .../apps/default/ganymede/helm-release.yaml | 62 +++++++++---------- .../apps/default/ganymede/nginx-conf.yaml | 6 +- 2 files changed, 32 insertions(+), 36 deletions(-) diff --git a/kubernetes/main/apps/default/ganymede/helm-release.yaml b/kubernetes/main/apps/default/ganymede/helm-release.yaml index 549803d..e28f93e 100644 --- a/kubernetes/main/apps/default/ganymede/helm-release.yaml +++ b/kubernetes/main/apps/default/ganymede/helm-release.yaml @@ -26,21 +26,21 @@ spec: # fsGroup: 10000 # fsGroupChangePolicy: OnRootMismatch - initContainers: - copy-config: - image: - repository: alpine - tag: 3.20 - - command: [ "sh", "-c", "cat /ganymede-config.json && cp -v /ganymede-config.json /data/config.json" ] - containers: api: image: repository: ghcr.io/zibbp/ganymede tag: 3.0.1 + securityContext: + #allowPrivilegeEscalation: false + #capabilities: { drop: ["ALL"] } + env: + - name: PUID + value: 555 + - name: PGID + value: 555 - name: TZ value: "America/New_York" # Set to your timezone - name: DB_HOST @@ -74,9 +74,9 @@ spec: name: ganymede-env key: twitchClientSecret - name: FRONTEND_HOST - value: https://twvods.${SECRET_NEW_DOMAIN} + value: https://twvods.seanomik.net - name: OAUTH_PROVIDER_URL - value: "https://auth.${SECRET_NEW_DOMAIN}/application/o/ganymede/.well-known/openid-configuration" + value: "https://auth.seanomik.net/application/o/ganymede/.well-known/openid-configuration" - name: OAUTH_CLIENT_ID secretKeyRef: name: ganymede-env @@ -86,7 +86,7 @@ spec: name: ganymede-env key: oauthClientSecret - name: OAUTH_REDIRECT_URL - value: "https://twvods.${SECRET_NEW_DOMAIN}/api/v1/auth/oauth/callback" + value: "https://twvods.seanomik.net/api/v1/auth/oauth/callback" - name: TEMPORAL_URL value: "temporal:7233" @@ -108,10 +108,10 @@ spec: env: - name: API_URL # /api will be added to this - value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the API service + value: "https://twvods.seanomik.net" # Points to the API service - name: CDN_URL # /vods will be added to this - value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the CDN service + value: "https://twvods.seanomik.net" # Points to the CDN service - name: SHOW_SSO_LOGIN_BUTTON value: "true" # show/hide SSO login button on login page - name: FORCE_SSO_AUTH @@ -124,6 +124,10 @@ spec: repository: nginxinc/nginx-unprivileged tag: 1.27.1-alpine + securityContext: + allowPrivilegeEscalation: false + capabilities: { drop: ["ALL"] } + service: app: controller: main @@ -145,7 +149,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: twvods.${SECRET_NEW_DOMAIN} + - host: twvods.seanomik.net paths: - path: / service: @@ -155,7 +159,7 @@ spec: service: identifier: app port: api - - path: /vods + - path: /data/videos service: identifier: app port: nginx @@ -168,18 +172,18 @@ spec: storageClass: mainpool-hostpath accessMode: ReadWriteOnce globalMounts: - - path: /vods + - path: /data/videos ganymede-data: type: persistentVolumeClaim - size: 5Gi + size: 15Gi retain: true storageClass: mainpool-hostpath accessMode: ReadWriteOnce advancedMounts: main: # controller name api: # container name - - path: /data + - path: /data/temp ganymede-logs: type: persistentVolumeClaim @@ -190,7 +194,7 @@ spec: advancedMounts: main: # controller name api: # container name - - path: /logs + - path: /data/logs nginx-conf: name: ganymede-nginx-conf @@ -199,17 +203,8 @@ spec: advancedMounts: main: # controller name nginx: # container name - - subPath: nginx.conf - path: /etc/nginx/nginx.conf - - ganymede-temp-conf: - type: emptyDir - advancedMounts: - main: # controller name - api: # container name - - path: /data - copy-config: # container name - - path: /data + - path: /etc/nginx/nginx.conf + subPath: nginx.conf ganymede-conf: name: ganymede-conf @@ -217,6 +212,7 @@ spec: defaultMode: 0777 advancedMounts: main: # controller name - copy-config: # container name - - subPath: config.json - path: /ganymede-config.json + api: # container name + - path: /data/config/config.json + subPath: config.json + diff --git a/kubernetes/main/apps/default/ganymede/nginx-conf.yaml b/kubernetes/main/apps/default/ganymede/nginx-conf.yaml index 6eaab73..7104e0f 100644 --- a/kubernetes/main/apps/default/ganymede/nginx-conf.yaml +++ b/kubernetes/main/apps/default/ganymede/nginx-conf.yaml @@ -26,16 +26,16 @@ data: server { listen 8080; - root /vods; + root /data/videos; add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; - location ^~ /vods { + location ^~ /data/videos { autoindex on; - alias /vods; + alias /data/videos; location ~* \.(ico|css|js|gif|jpeg|jpg|png|svg|webp)$ { expires 30d;