pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

funkwhale: Update to 1.3.0

Browse source 
Note that the upstream images have been renamed, the frontend no longer
runs a plain nginx container - and therefore no longer uses K8s-specific
templates, and image specification has been redone in an intentionally
backwards-incompatible manner as the required images are not the same
anymore.
This commit is contained in:
Alexander Olofsson 2023-06-01 21:08:48 +02:00
parent 303221e0fe
commit 155770d7a9
No known key found for this signature in database
GPG key ID: D439C9470CB04C73
7 changed files with 38 additions and 211 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/funkwhale/Chart.yaml
View file

@ -1,10 +1,10 @@
---
apiVersion: v2
appVersion: "1.2.10"
appVersion: "1.3.0"
description: A social platform to enjoy and share music
icon: https://funkwhale.audio/favicon.png
name: funkwhale
version: 1.0.1
version: 2.0.0
dependencies:
- name: postgresql

4
charts/funkwhale/templates/_helpers.tpl
View file

@ -56,8 +56,8 @@ Create chart name and version as used by the chart label.
{{/*
Create the correct image tag name
*/}}
{{- define "funkwhale.imageTag" -}}
{{- .Values.image.tag | default .Chart.AppVersion -}}
{{- define "funkwhale.imageUri" -}}
{{- printf "%s/%s:%s" (.Scope.registry | default .Values.image.registry | default "docker.io/funkwhale") (.Scope.image | default .Values.image.image) (.Scope.tag | default .Values.tag | default .Chart.AppVersion) -}}
{{- end -}}
{{- define "funkwhale.redis.host" -}}

148
charts/funkwhale/templates/configmap-front.yaml
View file

@ -1,148 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "funkwhale.fullname" . }}-front
labels:
app.kubernetes.io/name: {{ include "funkwhale.name" . }}
helm.sh/chart: {{ include "funkwhale.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
audio.funkwhale/component: front
data:
nginx.conf: |
upstream funkwhale-api {
server localhost:5000;
}
# Required for websocket support.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
charset utf-8;
server_name _;
add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Service-Worker-Allowed "/";
root /frontend;
# compression settings
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/javascript
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# end of compression settings
location / {
include /etc/nginx/funkwhale_proxy.conf;
# this is needed if you have file import via upload enabled
client_max_body_size ${NGINX_MAX_BODY_SIZE};
proxy_pass http://funkwhale-api/;
}
location /front/ {
alias /frontend/;
expires 1d;
}
location /front/embed.html {
add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
add_header Referrer-Policy "strict-origin-when-cross-origin";
alias /frontend/embed.html;
expires 1d;
}
location /federation/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api/federation/;
}
# You can comment this if you do not plan to use the Subsonic API
location /rest/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api/api/subsonic/rest/;
}
location /.well-known/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api/.well-known/;
}
location /media/ {
alias ${MEDIA_ROOT}/;
add_header Access-Control-Allow-Origin '*';
}
# this is an internal location that is used to serve
# audio files once correct permission / authentication
# has been checked on API side
location ~ /_protected/media/(.+) {
internal;
{{- if .Values.s3.enabled }}
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
proxy_set_header Authorization "";
proxy_pass $1;
{{- else }}
alias ${MEDIA_ROOT}/$1;
{{- end }}
add_header Access-Control-Allow-Origin '*';
}
location /_protected/music {
# this is an internal location that is used to serve
# audio files once correct permission / authentication
# has been checked on API side
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
internal;
alias ${MUSIC_DIRECTORY_SERVE_PATH}/;
add_header Access-Control-Allow-Origin '*';
}
location /staticfiles/ {
# django static files
alias ${STATIC_ROOT}/;
}
}
proxy.conf: |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

4
charts/funkwhale/templates/deployment-celerybeat.yaml
View file

@ -28,8 +28,8 @@ spec:
spec:
containers:
- name: celery-beat
image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.celery.image "Values" .Values "Chart" .Chart) | quote }}
imagePullPolicy: {{ .Values.celery.image.pullPolicy | default .Values.image.pullPolicy }}
command:
- sh
- -c

4
charts/funkwhale/templates/deployment-celeryworker.yaml
View file

@ -28,8 +28,8 @@ spec:
spec:
containers:
- name: worker
image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.celery.image "Values" .Values "Chart" .Chart) | quote }}
imagePullPolicy: {{ .Values.celery.image.pullPolicy | default .Values.image.pullPolicy }}
command:
- sh
- -c

64
charts/funkwhale/templates/deployment.yaml
View file

@ -23,7 +23,6 @@ spec:
metadata:
annotations:
checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/frontend: {{ include (print .Template.BasePath "/configmap-front.yaml") . | sha256sum }}
checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }}
labels:
app.kubernetes.io/name: {{ include "funkwhale.name" . }}
@ -32,23 +31,8 @@ spec:
spec:
containers:
- name: funkwhale
image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- |-
# Copy frontend files for the front pod
cp -r frontend/* /srv/funkwhale/frontend/
# Apply any waiting migrations
/app/manage.py migrate
if [ -e compose/django/daphne.sh ]; then
compose/django/entrypoint.sh compose/django/daphne.sh
else
compose/django/entrypoint.sh compose/django/server.sh
fi
image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.api.image "Values" .Values "Chart" .Chart) | quote }}
imagePullPolicy: {{ .Values.api.image.pullPolicy | default .Values.image.pullPolicy }}
readinessProbe:
{{ toYaml .Values.api.readinessProbe | nindent 12 }}
livenessProbe:
@ -61,10 +45,8 @@ spec:
- secretRef:
name: {{ include "funkwhale.fullname" . }}
volumeMounts:
- mountPath: /srv/funkwhale/data/static/
name: static
- mountPath: /srv/funkwhale/frontend
name: frontend
- name: static
mountPath: /srv/funkwhale/data/static/
- name: data
mountPath: /srv/funkwhale/data
{{- with .Values.api.extraVolumeMounts }}
@ -77,20 +59,13 @@ spec:
resources:
{{- toYaml .Values.api.resources | nindent 12 }}
- name: nginx
image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
imagePullPolicy: {{ .Values.front.image.pullPolicy }}
command:
- sh
- -c
- |-
# Instantiate the nginx template
envsubst "`env | awk -F = '{printf \" $%s\", $1}'`" < /etc/nginx/funkwhale.template > /etc/nginx/conf.d/default.conf
# Add a hardcoded resolver configuration to ease S3 usage
echo "resolver $(grep nameserver /etc/resolv.conf | head -n1 | awk '{print $2}');" > /etc/nginx/conf.d/resolver.conf
# Launch nginx
nginx -g 'daemon off;'
image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.front.image "Values" .Values "Chart" .Chart) | quote }}
imagePullPolicy: {{ .Values.front.image.pullPolicy | default .Values.image.pullPolicy }}
env:
- name: FUNKWHALE_API_HOST
value: localhost
- name: FUNKWHALE_API_PORT
value: '5000'
envFrom:
- configMapRef:
name: {{ include "funkwhale.fullname" . }}
@ -107,16 +82,8 @@ spec:
volumeMounts:
- mountPath: /srv/funkwhale/data
name: data
- mountPath: /frontend
name: frontend
readOnly: true
- mountPath: /etc/nginx/funkwhale_proxy.conf
name: config
subPath: proxy.conf
readOnly: true
- mountPath: /etc/nginx/funkwhale.template
name: config
subPath: nginx.conf
- mountPath: /usr/share/nginx/html/staticfiles
name: static
readOnly: true
{{- if .Values.front.extraVolumeMounts }}
{{ toYaml .Values.front.extraVolumeMounts | indent 12 }}
@ -134,13 +101,8 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: frontend
emptyDir: {}
- name: static
emptyDir: {}
- name: config
configMap:
name: {{ include "funkwhale.fullname" . }}-front
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:

21
charts/funkwhale/values.yaml
View file

@ -3,7 +3,7 @@
# Declare variables to be passed into your templates.
---
image:
repository: funkwhale/funkwhale
registry: docker.io/funkwhale
# tag:
pullPolicy: IfNotPresent
@ -145,6 +145,12 @@ s3:
## API server configuration
api:
image:
# registry:
image: api
# tag:
# pullPolicy:
## Additional mounts to add to the API container
## If using an external media mount it needs to be attached to both API and Front
extraVolumeMounts: []
@ -191,9 +197,10 @@ api:
## Web frontend and proxy
front:
image:
repository: nginx
tag: stable
pullPolicy: IfNotPresent
# registry:
image: front
# tag:
# pullPolicy:
## Additional mounts to add to the frontend container
extraVolumeMounts: []
@ -236,6 +243,12 @@ front:
port: http
celery:
image:
# registry:
image: api
# tag:
# pullPolicy:
beat:
resources:
limits: