219 lines
6.2 KiB
YAML
219 lines
6.2 KiB
YAML
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: ganymede
|
|
namespace: default
|
|
spec:
|
|
interval: 5m
|
|
chart:
|
|
spec:
|
|
chart: app-template
|
|
version: 3.4.0
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: bjws-charts
|
|
namespace: flux-system
|
|
|
|
values:
|
|
controllers:
|
|
main:
|
|
# pod:
|
|
# securityContext:
|
|
# runAsNonRoot: true
|
|
# runAsUser: 10000
|
|
# runAsGroup: 10000
|
|
# fsGroup: 10000
|
|
# fsGroupChangePolicy: OnRootMismatch
|
|
|
|
containers:
|
|
api:
|
|
image:
|
|
repository: ghcr.io/zibbp/ganymede
|
|
tag: 3.0.1
|
|
|
|
securityContext:
|
|
#allowPrivilegeEscalation: false
|
|
#capabilities: { drop: ["ALL"] }
|
|
|
|
env:
|
|
- name: PUID
|
|
value: 555
|
|
- name: PGID
|
|
value: 555
|
|
- name: TZ
|
|
value: "America/New_York" # Set to your timezone
|
|
- name: DB_HOST
|
|
value: "postgresql.database"
|
|
- name: DB_PORT
|
|
value: "5432"
|
|
- name: DB_USER
|
|
value: "ganymede"
|
|
- name: DB_PASS
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: dbPassword
|
|
- name: DB_NAME
|
|
value: "ganymede"
|
|
- name: DB_SSL
|
|
value: "disable"
|
|
- name: JWT_SECRET
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: jwtSecret
|
|
- name: JWT_REFRESH_SECRET
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: jwtRefreshSecret
|
|
- name: TWITCH_CLIENT_ID
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: twitchClientId
|
|
- name: TWITCH_CLIENT_SECRET
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: twitchClientSecret
|
|
- name: FRONTEND_HOST
|
|
value: https://twvods.${SECRET_NEW_DOMAIN}
|
|
- name: OAUTH_PROVIDER_URL
|
|
value: "https://auth.${SECRET_NEW_DOMAIN}/application/o/ganymede/.well-known/openid-configuration"
|
|
- name: OAUTH_CLIENT_ID
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: oauthClientId
|
|
- name: OAUTH_CLIENT_SECRET
|
|
secretKeyRef:
|
|
name: ganymede-env
|
|
key: oauthClientSecret
|
|
- name: OAUTH_REDIRECT_URL
|
|
value: "https://twvods.${SECRET_NEW_DOMAIN}/api/v1/auth/oauth/callback"
|
|
- name: TEMPORAL_URL
|
|
value: "temporal:7233"
|
|
|
|
# WORKER
|
|
- name: MAX_CHAT_DOWNLOAD_EXECUTIONS
|
|
value: "5"
|
|
- name: MAX_CHAT_RENDER_EXECUTIONS
|
|
value: "3"
|
|
- name: MAX_VIDEO_DOWNLOAD_EXECUTIONS
|
|
value: "5"
|
|
- name: MAX_VIDEO_CONVERT_EXECUTIONS
|
|
value: "3"
|
|
|
|
frontend:
|
|
image:
|
|
repository: ghcr.io/zibbp/ganymede-frontend
|
|
tag: 3.0.1
|
|
|
|
env:
|
|
- name: API_URL
|
|
# /api will be added to this
|
|
value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the API service
|
|
- name: CDN_URL
|
|
# /vods will be added to this
|
|
value: "https://twvods.${SECRET_NEW_DOMAIN}" # Points to the CDN service
|
|
- name: SHOW_SSO_LOGIN_BUTTON
|
|
value: "true" # show/hide SSO login button on login page
|
|
- name: FORCE_SSO_AUTH
|
|
value: "false" # force SSO auth for all users (bypasses login page and redirects to SSO)
|
|
- name: REQUIRE_LOGIN
|
|
value: "false" # require login to view videos
|
|
|
|
nginx:
|
|
image:
|
|
repository: nginxinc/nginx-unprivileged
|
|
tag: 1.27.1-alpine
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities: { drop: ["ALL"] }
|
|
|
|
service:
|
|
app:
|
|
controller: main
|
|
|
|
ports:
|
|
nginx:
|
|
port: 8080
|
|
|
|
frontend:
|
|
port: 3000
|
|
|
|
api:
|
|
port: 4000
|
|
|
|
ingress:
|
|
main:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
|
|
hosts:
|
|
- host: twvods.${SECRET_NEW_DOMAIN}
|
|
paths:
|
|
- path: /
|
|
service:
|
|
identifier: app
|
|
port: frontend
|
|
- path: /api
|
|
service:
|
|
identifier: app
|
|
port: api
|
|
- path: /data/videos
|
|
service:
|
|
identifier: app
|
|
port: nginx
|
|
|
|
persistence:
|
|
vods:
|
|
type: persistentVolumeClaim
|
|
size: 50Gi
|
|
retain: true
|
|
storageClass: mainpool-hostpath
|
|
accessMode: ReadWriteOnce
|
|
globalMounts:
|
|
- path: /data/videos
|
|
|
|
ganymede-data:
|
|
type: persistentVolumeClaim
|
|
size: 15Gi
|
|
retain: true
|
|
storageClass: mainpool-hostpath
|
|
accessMode: ReadWriteOnce
|
|
advancedMounts:
|
|
main: # controller name
|
|
api: # container name
|
|
- path: /data/temp
|
|
|
|
ganymede-logs:
|
|
type: persistentVolumeClaim
|
|
size: 5Gi
|
|
retain: true
|
|
storageClass: mainpool-hostpath
|
|
accessMode: ReadWriteOnce
|
|
advancedMounts:
|
|
main: # controller name
|
|
api: # container name
|
|
- path: /data/logs
|
|
|
|
nginx-conf:
|
|
name: ganymede-nginx-conf
|
|
type: configMap
|
|
defaultMode: 0664
|
|
advancedMounts:
|
|
main: # controller name
|
|
nginx: # container name
|
|
- path: /etc/nginx/nginx.conf
|
|
subPath: nginx.conf
|
|
|
|
ganymede-conf:
|
|
name: ganymede-conf
|
|
type: configMap
|
|
defaultMode: 0777
|
|
advancedMounts:
|
|
main: # controller name
|
|
api: # container name
|
|
- path: /data/config/config.json
|
|
subPath: config.json
|
|
|