210 lines
6.3 KiB
YAML
210 lines
6.3 KiB
YAML
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: ganymede
|
|
namespace: default
|
|
spec:
|
|
interval: 5m
|
|
chart:
|
|
spec:
|
|
chart: app-template
|
|
version: 3.5.1
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: bjws-charts
|
|
namespace: flux-system
|
|
values:
|
|
controllers:
|
|
main:
|
|
containers:
|
|
api:
|
|
image:
|
|
repository: ghcr.io/zibbp/ganymede
|
|
tag: 3.1.0
|
|
env:
|
|
- name: PUID
|
|
value: 10555
|
|
- name: PGID
|
|
value: 10555
|
|
- name: TZ
|
|
value: "America/New_York" # Set to your timezone
|
|
- name: DB_HOST
|
|
value: "postgres16-rw.database.svc"
|
|
- name: DB_PORT
|
|
value: "5432"
|
|
- name: DB_USER
|
|
value: "ganymede"
|
|
- name: DB_PASS
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: dbPassword
|
|
- name: DB_NAME
|
|
value: "ganymede"
|
|
- name: DB_SSL
|
|
value: "disable"
|
|
- name: JWT_SECRET
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: jwtSecret
|
|
- name: JWT_REFRESH_SECRET
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: jwtRefreshSecret
|
|
- name: TWITCH_CLIENT_ID
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: twitchClientId
|
|
- name: TWITCH_CLIENT_SECRET
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: twitchClientSecret
|
|
- name: FRONTEND_HOST
|
|
value: https://twvods.${SECRET_NEW_DOMAIN}
|
|
- name: OAUTH_PROVIDER_URL
|
|
value: "https://auth.${SECRET_NEW_DOMAIN}/application/o/ganymede/.well-known/openid-configuration"
|
|
- name: OAUTH_CLIENT_ID
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: oauthClientId
|
|
- name: OAUTH_CLIENT_SECRET
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: oauthClientSecret
|
|
- name: OAUTH_REDIRECT_URL
|
|
value: "https://twvods.${SECRET_NEW_DOMAIN}/api/v1/auth/oauth/callback"
|
|
- name: TEMPORAL_URL
|
|
value: "temporal:7233"
|
|
# WORKER
|
|
- name: MAX_CHAT_DOWNLOAD_EXECUTIONS
|
|
value: "5"
|
|
- name: MAX_CHAT_RENDER_EXECUTIONS
|
|
value: "3"
|
|
- name: MAX_VIDEO_DOWNLOAD_EXECUTIONS
|
|
value: "5"
|
|
- name: MAX_VIDEO_CONVERT_EXECUTIONS
|
|
value: "3"
|
|
|
|
frontend:
|
|
image:
|
|
repository: ghcr.io/zibbp/ganymede-frontend
|
|
tag: 3.1.0
|
|
env:
|
|
- name: API_URL
|
|
# /api will be added to this
|
|
value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the API service
|
|
- name: CDN_URL
|
|
# /vods will be added to this
|
|
value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the CDN service
|
|
- name: SHOW_SSO_LOGIN_BUTTON
|
|
value: "true" # show/hide SSO login button on login page
|
|
- name: FORCE_SSO_AUTH
|
|
value: "false" # force SSO auth for all users (bypasses login page and redirects to SSO)
|
|
- name: REQUIRE_LOGIN
|
|
value: "false" # require login to view videos
|
|
|
|
nginx:
|
|
image:
|
|
repository: nginxinc/nginx-unprivileged
|
|
tag: 1.27.3-alpine
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities: { drop: ["ALL"] }
|
|
|
|
service:
|
|
app:
|
|
controller: main
|
|
ports:
|
|
nginx:
|
|
port: 8080
|
|
frontend:
|
|
port: 3000
|
|
api:
|
|
port: 4000
|
|
|
|
serviceMonitor:
|
|
app:
|
|
labels:
|
|
release: kube-prometheus-stack
|
|
serviceName: ganymede
|
|
endpoints:
|
|
- port: api
|
|
interval: 1m
|
|
scrapeTimeout: 5s
|
|
path: /metrics
|
|
metricRelabelings:
|
|
- sourceLabels: ["__name__"]
|
|
targetLabel: "__name__"
|
|
regex: "(.*)"
|
|
replacement: "ganymede_$${1}"
|
|
action: replace
|
|
|
|
ingress:
|
|
main:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
hosts:
|
|
- host: twvods.${SECRET_NEW_DOMAIN}
|
|
paths:
|
|
- path: /
|
|
service:
|
|
identifier: app
|
|
port: frontend
|
|
- path: /api
|
|
service:
|
|
identifier: app
|
|
port: api
|
|
- path: /data/videos
|
|
service:
|
|
identifier: app
|
|
port: nginx
|
|
|
|
persistence:
|
|
vods:
|
|
type: persistentVolumeClaim
|
|
size: 50Gi
|
|
retain: true
|
|
storageClass: mainpool-hostpath
|
|
accessMode: ReadWriteOnce
|
|
globalMounts:
|
|
- path: /data/videos
|
|
ganymede-data:
|
|
type: persistentVolumeClaim
|
|
size: 5Gi
|
|
retain: true
|
|
storageClass: mainpool-hostpath
|
|
accessMode: ReadWriteOnce
|
|
advancedMounts:
|
|
main: # controller name
|
|
api: # container name
|
|
- path: /data/temp
|
|
ganymede-logs:
|
|
type: persistentVolumeClaim
|
|
size: 5Gi
|
|
retain: true
|
|
storageClass: mainpool-hostpath
|
|
accessMode: ReadWriteOnce
|
|
advancedMounts:
|
|
main: # controller name
|
|
api: # container name
|
|
- path: /data/logs
|
|
nginx-conf:
|
|
name: ganymede-nginx-conf
|
|
type: configMap
|
|
defaultMode: 0664
|
|
advancedMounts:
|
|
main: # controller name
|
|
nginx: # container name
|
|
- path: /etc/nginx/nginx.conf
|
|
subPath: nginx.conf
|
|
ganymede-conf:
|
|
name: ganymede-conf
|
|
type: configMap
|
|
defaultMode: 0777
|
|
advancedMounts:
|
|
main: # controller name
|
|
api: # container name
|
|
- path: /data/config/config.json
|
|
subPath: config.json
|
|
|