k3s-cluster/kubernetes/main/apps/default/ganymede/helm-release.yaml

219 lines
6.2 KiB
YAML

# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ganymede
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
main:
# pod:
# securityContext:
# runAsNonRoot: true
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: OnRootMismatch
containers:
api:
image:
repository: ghcr.io/zibbp/ganymede
tag: 3.0.2
securityContext:
#allowPrivilegeEscalation: false
#capabilities: { drop: ["ALL"] }
env:
- name: PUID
value: 10555
- name: PGID
value: 10555
- name: TZ
value: "America/New_York" # Set to your timezone
- name: DB_HOST
value: "postgres16-rw.database.svc"
- name: DB_PORT
value: "5432"
- name: DB_USER
value: "ganymede"
- name: DB_PASS
secretKeyRef:
name: ganymede-env
key: dbPassword
- name: DB_NAME
value: "ganymede"
- name: DB_SSL
value: "disable"
- name: JWT_SECRET
secretKeyRef:
name: ganymede-env
key: jwtSecret
- name: JWT_REFRESH_SECRET
secretKeyRef:
name: ganymede-env
key: jwtRefreshSecret
- name: TWITCH_CLIENT_ID
secretKeyRef:
name: ganymede-env
key: twitchClientId
- name: TWITCH_CLIENT_SECRET
secretKeyRef:
name: ganymede-env
key: twitchClientSecret
- name: FRONTEND_HOST
value: https://twvods.${SECRET_NEW_DOMAIN}
- name: OAUTH_PROVIDER_URL
value: "https://auth.${SECRET_NEW_DOMAIN}/application/o/ganymede/.well-known/openid-configuration"
- name: OAUTH_CLIENT_ID
secretKeyRef:
name: ganymede-env
key: oauthClientId
- name: OAUTH_CLIENT_SECRET
secretKeyRef:
name: ganymede-env
key: oauthClientSecret
- name: OAUTH_REDIRECT_URL
value: "https://twvods.${SECRET_NEW_DOMAIN}/api/v1/auth/oauth/callback"
- name: TEMPORAL_URL
value: "temporal:7233"
# WORKER
- name: MAX_CHAT_DOWNLOAD_EXECUTIONS
value: "5"
- name: MAX_CHAT_RENDER_EXECUTIONS
value: "3"
- name: MAX_VIDEO_DOWNLOAD_EXECUTIONS
value: "5"
- name: MAX_VIDEO_CONVERT_EXECUTIONS
value: "3"
frontend:
image:
repository: ghcr.io/zibbp/ganymede-frontend
tag: 3.0.1
env:
- name: API_URL
# /api will be added to this
value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the API service
- name: CDN_URL
# /vods will be added to this
value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the CDN service
- name: SHOW_SSO_LOGIN_BUTTON
value: "true" # show/hide SSO login button on login page
- name: FORCE_SSO_AUTH
value: "false" # force SSO auth for all users (bypasses login page and redirects to SSO)
- name: REQUIRE_LOGIN
value: "false" # require login to view videos
nginx:
image:
repository: nginxinc/nginx-unprivileged
tag: 1.27.1-alpine
securityContext:
allowPrivilegeEscalation: false
capabilities: { drop: ["ALL"] }
service:
app:
controller: main
ports:
nginx:
port: 8080
frontend:
port: 3000
api:
port: 4000
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: twvods.${SECRET_NEW_DOMAIN}
paths:
- path: /
service:
identifier: app
port: frontend
- path: /api
service:
identifier: app
port: api
- path: /data/videos
service:
identifier: app
port: nginx
persistence:
vods:
type: persistentVolumeClaim
size: 50Gi
retain: true
storageClass: mainpool-hostpath
accessMode: ReadWriteOnce
globalMounts:
- path: /data/videos
ganymede-data:
type: persistentVolumeClaim
size: 5Gi
retain: true
storageClass: mainpool-hostpath
accessMode: ReadWriteOnce
advancedMounts:
main: # controller name
api: # container name
- path: /data/temp
ganymede-logs:
type: persistentVolumeClaim
size: 5Gi
retain: true
storageClass: mainpool-hostpath
accessMode: ReadWriteOnce
advancedMounts:
main: # controller name
api: # container name
- path: /data/logs
nginx-conf:
name: ganymede-nginx-conf
type: configMap
defaultMode: 0664
advancedMounts:
main: # controller name
nginx: # container name
- path: /etc/nginx/nginx.conf
subPath: nginx.conf
ganymede-conf:
name: ganymede-conf
type: configMap
defaultMode: 0777
advancedMounts:
main: # controller name
api: # container name
- path: /data/config/config.json
subPath: config.json