# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ganymede namespace: default spec: interval: 5m chart: spec: chart: app-template version: 3.1.0 sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system values: controllers: main: # pod: # securityContext: # runAsNonRoot: true # runAsUser: 10000 # runAsGroup: 10000 # fsGroup: 10000 # fsGroupChangePolicy: OnRootMismatch containers: api: image: repository: ghcr.io/zibbp/ganymede tag: 3.0.1 securityContext: #allowPrivilegeEscalation: false #capabilities: { drop: ["ALL"] } env: - name: PUID value: 555 - name: PGID value: 555 - name: TZ value: "America/New_York" # Set to your timezone - name: DB_HOST value: "postgresql.database" - name: DB_PORT value: "5432" - name: DB_USER value: "ganymede" - name: DB_PASS secretKeyRef: name: ganymede-env key: dbPassword - name: DB_NAME value: "ganymede" - name: DB_SSL value: "disable" - name: JWT_SECRET secretKeyRef: name: ganymede-env key: jwtSecret - name: JWT_REFRESH_SECRET secretKeyRef: name: ganymede-env key: jwtRefreshSecret - name: TWITCH_CLIENT_ID secretKeyRef: name: ganymede-env key: twitchClientId - name: TWITCH_CLIENT_SECRET secretKeyRef: name: ganymede-env key: twitchClientSecret - name: FRONTEND_HOST value: https://twvods.${SECRET_NEW_DOMAIN} - name: OAUTH_PROVIDER_URL value: "https://auth.${SECRET_NEW_DOMAIN}/application/o/ganymede/.well-known/openid-configuration" - name: OAUTH_CLIENT_ID secretKeyRef: name: ganymede-env key: oauthClientId - name: OAUTH_CLIENT_SECRET secretKeyRef: name: ganymede-env key: oauthClientSecret - name: OAUTH_REDIRECT_URL value: "https://twvods.${SECRET_NEW_DOMAIN}/api/v1/auth/oauth/callback" - name: TEMPORAL_URL value: "temporal:7233" # WORKER - name: MAX_CHAT_DOWNLOAD_EXECUTIONS value: "5" - name: MAX_CHAT_RENDER_EXECUTIONS value: "3" - name: MAX_VIDEO_DOWNLOAD_EXECUTIONS value: "5" - name: MAX_VIDEO_CONVERT_EXECUTIONS value: "3" frontend: image: repository: ghcr.io/zibbp/ganymede-frontend tag: 3.0.1 env: - name: API_URL # /api will be added to this value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the API service - name: CDN_URL # /vods will be added to this value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the CDN service - name: SHOW_SSO_LOGIN_BUTTON value: "true" # show/hide SSO login button on login page - name: FORCE_SSO_AUTH value: "false" # force SSO auth for all users (bypasses login page and redirects to SSO) - name: REQUIRE_LOGIN value: "false" # require login to view videos nginx: image: repository: nginxinc/nginx-unprivileged tag: 1.27.1-alpine securityContext: allowPrivilegeEscalation: false capabilities: { drop: ["ALL"] } service: app: controller: main ports: nginx: port: 8080 frontend: port: 3000 api: port: 4000 ingress: main: annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: twvods.${SECRET_NEW_DOMAIN} paths: - path: / service: identifier: app port: frontend - path: /api service: identifier: app port: api - path: /data/videos service: identifier: app port: nginx persistence: vods: type: persistentVolumeClaim size: 50Gi retain: true storageClass: mainpool-hostpath accessMode: ReadWriteOnce globalMounts: - path: /data/videos ganymede-data: type: persistentVolumeClaim size: 15Gi retain: true storageClass: mainpool-hostpath accessMode: ReadWriteOnce advancedMounts: main: # controller name api: # container name - path: /data/temp ganymede-logs: type: persistentVolumeClaim size: 5Gi retain: true storageClass: mainpool-hostpath accessMode: ReadWriteOnce advancedMounts: main: # controller name api: # container name - path: /data/logs nginx-conf: name: ganymede-nginx-conf type: configMap defaultMode: 0664 advancedMounts: main: # controller name nginx: # container name - path: /etc/nginx/nginx.conf subPath: nginx.conf ganymede-conf: name: ganymede-conf type: configMap defaultMode: 0777 advancedMounts: main: # controller name api: # container name - path: /data/config/config.json subPath: config.json