From 155770d7a9650f71a88631749d095433501dcf85 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Thu, 1 Jun 2023 21:08:48 +0200 Subject: [PATCH] funkwhale: Update to 1.3.0 Note that the upstream images have been renamed, the frontend no longer runs a plain nginx container - and therefore no longer uses K8s-specific templates, and image specification has been redone in an intentionally backwards-incompatible manner as the required images are not the same anymore. --- charts/funkwhale/Chart.yaml | 4 +- charts/funkwhale/templates/_helpers.tpl | 4 +- .../funkwhale/templates/configmap-front.yaml | 148 ------------------ .../templates/deployment-celerybeat.yaml | 4 +- .../templates/deployment-celeryworker.yaml | 4 +- charts/funkwhale/templates/deployment.yaml | 64 ++------ charts/funkwhale/values.yaml | 21 ++- 7 files changed, 38 insertions(+), 211 deletions(-) delete mode 100644 charts/funkwhale/templates/configmap-front.yaml diff --git a/charts/funkwhale/Chart.yaml b/charts/funkwhale/Chart.yaml index d1f3cbf..ea591f2 100644 --- a/charts/funkwhale/Chart.yaml +++ b/charts/funkwhale/Chart.yaml @@ -1,10 +1,10 @@ --- apiVersion: v2 -appVersion: "1.2.10" +appVersion: "1.3.0" description: A social platform to enjoy and share music icon: https://funkwhale.audio/favicon.png name: funkwhale -version: 1.0.1 +version: 2.0.0 dependencies: - name: postgresql diff --git a/charts/funkwhale/templates/_helpers.tpl b/charts/funkwhale/templates/_helpers.tpl index 473343e..ec46c4b 100644 --- a/charts/funkwhale/templates/_helpers.tpl +++ b/charts/funkwhale/templates/_helpers.tpl @@ -56,8 +56,8 @@ Create chart name and version as used by the chart label. {{/* Create the correct image tag name */}} -{{- define "funkwhale.imageTag" -}} -{{- .Values.image.tag | default .Chart.AppVersion -}} +{{- define "funkwhale.imageUri" -}} +{{- printf "%s/%s:%s" (.Scope.registry | default .Values.image.registry | default "docker.io/funkwhale") (.Scope.image | default .Values.image.image) (.Scope.tag | default .Values.tag | default .Chart.AppVersion) -}} {{- end -}} {{- define "funkwhale.redis.host" -}} diff --git a/charts/funkwhale/templates/configmap-front.yaml b/charts/funkwhale/templates/configmap-front.yaml deleted file mode 100644 index d84afbd..0000000 --- a/charts/funkwhale/templates/configmap-front.yaml +++ /dev/null @@ -1,148 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "funkwhale.fullname" . }}-front - labels: - app.kubernetes.io/name: {{ include "funkwhale.name" . }} - helm.sh/chart: {{ include "funkwhale.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - audio.funkwhale/component: front -data: - nginx.conf: | - upstream funkwhale-api { - server localhost:5000; - } - - # Required for websocket support. - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server { - listen 80; - listen [::]:80; - charset utf-8; - - server_name _; - - add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header Service-Worker-Allowed "/"; - - root /frontend; - - # compression settings - gzip on; - gzip_comp_level 5; - gzip_min_length 256; - gzip_proxied any; - gzip_vary on; - - gzip_types - application/javascript - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; - # end of compression settings - - location / { - include /etc/nginx/funkwhale_proxy.conf; - # this is needed if you have file import via upload enabled - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - proxy_pass http://funkwhale-api/; - } - - location /front/ { - alias /frontend/; - expires 1d; - } - - location /front/embed.html { - add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; - - alias /frontend/embed.html; - expires 1d; - } - - location /federation/ { - include /etc/nginx/funkwhale_proxy.conf; - proxy_pass http://funkwhale-api/federation/; - } - - # You can comment this if you do not plan to use the Subsonic API - location /rest/ { - include /etc/nginx/funkwhale_proxy.conf; - proxy_pass http://funkwhale-api/api/subsonic/rest/; - } - - location /.well-known/ { - include /etc/nginx/funkwhale_proxy.conf; - proxy_pass http://funkwhale-api/.well-known/; - } - - location /media/ { - alias ${MEDIA_ROOT}/; - add_header Access-Control-Allow-Origin '*'; - } - - # this is an internal location that is used to serve - # audio files once correct permission / authentication - # has been checked on API side - location ~ /_protected/media/(.+) { - internal; - {{- if .Values.s3.enabled }} - # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. - proxy_set_header Authorization ""; - proxy_pass $1; - {{- else }} - alias ${MEDIA_ROOT}/$1; - {{- end }} - add_header Access-Control-Allow-Origin '*'; - } - - location /_protected/music { - # this is an internal location that is used to serve - # audio files once correct permission / authentication - # has been checked on API side - # Set this to the same value as your MUSIC_DIRECTORY_PATH setting - internal; - alias ${MUSIC_DIRECTORY_SERVE_PATH}/; - add_header Access-Control-Allow-Origin '*'; - } - - location /staticfiles/ { - # django static files - alias ${STATIC_ROOT}/; - } - } - proxy.conf: | - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header X-Forwarded-Host $http_x_forwarded_host; - proxy_set_header X-Forwarded-Port $http_x_forwarded_port; - proxy_redirect off; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; diff --git a/charts/funkwhale/templates/deployment-celerybeat.yaml b/charts/funkwhale/templates/deployment-celerybeat.yaml index 9b438fc..2732667 100644 --- a/charts/funkwhale/templates/deployment-celerybeat.yaml +++ b/charts/funkwhale/templates/deployment-celerybeat.yaml @@ -28,8 +28,8 @@ spec: spec: containers: - name: celery-beat - image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.celery.image "Values" .Values "Chart" .Chart) | quote }} + imagePullPolicy: {{ .Values.celery.image.pullPolicy | default .Values.image.pullPolicy }} command: - sh - -c diff --git a/charts/funkwhale/templates/deployment-celeryworker.yaml b/charts/funkwhale/templates/deployment-celeryworker.yaml index e7b557c..791d751 100644 --- a/charts/funkwhale/templates/deployment-celeryworker.yaml +++ b/charts/funkwhale/templates/deployment-celeryworker.yaml @@ -28,8 +28,8 @@ spec: spec: containers: - name: worker - image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.celery.image "Values" .Values "Chart" .Chart) | quote }} + imagePullPolicy: {{ .Values.celery.image.pullPolicy | default .Values.image.pullPolicy }} command: - sh - -c diff --git a/charts/funkwhale/templates/deployment.yaml b/charts/funkwhale/templates/deployment.yaml index 3159d96..6a8afac 100644 --- a/charts/funkwhale/templates/deployment.yaml +++ b/charts/funkwhale/templates/deployment.yaml @@ -23,7 +23,6 @@ spec: metadata: annotations: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/frontend: {{ include (print .Template.BasePath "/configmap-front.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/name: {{ include "funkwhale.name" . }} @@ -32,23 +31,8 @@ spec: spec: containers: - name: funkwhale - image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - sh - - -c - - |- - # Copy frontend files for the front pod - cp -r frontend/* /srv/funkwhale/frontend/ - - # Apply any waiting migrations - /app/manage.py migrate - - if [ -e compose/django/daphne.sh ]; then - compose/django/entrypoint.sh compose/django/daphne.sh - else - compose/django/entrypoint.sh compose/django/server.sh - fi + image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.api.image "Values" .Values "Chart" .Chart) | quote }} + imagePullPolicy: {{ .Values.api.image.pullPolicy | default .Values.image.pullPolicy }} readinessProbe: {{ toYaml .Values.api.readinessProbe | nindent 12 }} livenessProbe: @@ -61,10 +45,8 @@ spec: - secretRef: name: {{ include "funkwhale.fullname" . }} volumeMounts: - - mountPath: /srv/funkwhale/data/static/ - name: static - - mountPath: /srv/funkwhale/frontend - name: frontend + - name: static + mountPath: /srv/funkwhale/data/static/ - name: data mountPath: /srv/funkwhale/data {{- with .Values.api.extraVolumeMounts }} @@ -77,20 +59,13 @@ spec: resources: {{- toYaml .Values.api.resources | nindent 12 }} - name: nginx - image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}" - imagePullPolicy: {{ .Values.front.image.pullPolicy }} - command: - - sh - - -c - - |- - # Instantiate the nginx template - envsubst "`env | awk -F = '{printf \" $%s\", $1}'`" < /etc/nginx/funkwhale.template > /etc/nginx/conf.d/default.conf - - # Add a hardcoded resolver configuration to ease S3 usage - echo "resolver $(grep nameserver /etc/resolv.conf | head -n1 | awk '{print $2}');" > /etc/nginx/conf.d/resolver.conf - - # Launch nginx - nginx -g 'daemon off;' + image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.front.image "Values" .Values "Chart" .Chart) | quote }} + imagePullPolicy: {{ .Values.front.image.pullPolicy | default .Values.image.pullPolicy }} + env: + - name: FUNKWHALE_API_HOST + value: localhost + - name: FUNKWHALE_API_PORT + value: '5000' envFrom: - configMapRef: name: {{ include "funkwhale.fullname" . }} @@ -107,16 +82,8 @@ spec: volumeMounts: - mountPath: /srv/funkwhale/data name: data - - mountPath: /frontend - name: frontend - readOnly: true - - mountPath: /etc/nginx/funkwhale_proxy.conf - name: config - subPath: proxy.conf - readOnly: true - - mountPath: /etc/nginx/funkwhale.template - name: config - subPath: nginx.conf + - mountPath: /usr/share/nginx/html/staticfiles + name: static readOnly: true {{- if .Values.front.extraVolumeMounts }} {{ toYaml .Values.front.extraVolumeMounts | indent 12 }} @@ -134,13 +101,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - - name: frontend - emptyDir: {} - name: static emptyDir: {} - - name: config - configMap: - name: {{ include "funkwhale.fullname" . }}-front - name: data {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/charts/funkwhale/values.yaml b/charts/funkwhale/values.yaml index 83ff4c3..a3c7588 100644 --- a/charts/funkwhale/values.yaml +++ b/charts/funkwhale/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. --- image: - repository: funkwhale/funkwhale + registry: docker.io/funkwhale # tag: pullPolicy: IfNotPresent @@ -145,6 +145,12 @@ s3: ## API server configuration api: + image: + # registry: + image: api + # tag: + # pullPolicy: + ## Additional mounts to add to the API container ## If using an external media mount it needs to be attached to both API and Front extraVolumeMounts: [] @@ -191,9 +197,10 @@ api: ## Web frontend and proxy front: image: - repository: nginx - tag: stable - pullPolicy: IfNotPresent + # registry: + image: front + # tag: + # pullPolicy: ## Additional mounts to add to the frontend container extraVolumeMounts: [] @@ -236,6 +243,12 @@ front: port: http celery: + image: + # registry: + image: api + # tag: + # pullPolicy: + beat: resources: limits: