funkwhale: Update to 1.3.0
Note that the upstream images have been renamed, the frontend no longer runs a plain nginx container - and therefore no longer uses K8s-specific templates, and image specification has been redone in an intentionally backwards-incompatible manner as the required images are not the same anymore.
This commit is contained in:
parent
303221e0fe
commit
155770d7a9
7 changed files with 38 additions and 211 deletions
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: "1.2.10"
|
appVersion: "1.3.0"
|
||||||
description: A social platform to enjoy and share music
|
description: A social platform to enjoy and share music
|
||||||
icon: https://funkwhale.audio/favicon.png
|
icon: https://funkwhale.audio/favicon.png
|
||||||
name: funkwhale
|
name: funkwhale
|
||||||
version: 1.0.1
|
version: 2.0.0
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
|
|
|
@ -56,8 +56,8 @@ Create chart name and version as used by the chart label.
|
||||||
{{/*
|
{{/*
|
||||||
Create the correct image tag name
|
Create the correct image tag name
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "funkwhale.imageTag" -}}
|
{{- define "funkwhale.imageUri" -}}
|
||||||
{{- .Values.image.tag | default .Chart.AppVersion -}}
|
{{- printf "%s/%s:%s" (.Scope.registry | default .Values.image.registry | default "docker.io/funkwhale") (.Scope.image | default .Values.image.image) (.Scope.tag | default .Values.tag | default .Chart.AppVersion) -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "funkwhale.redis.host" -}}
|
{{- define "funkwhale.redis.host" -}}
|
||||||
|
|
|
@ -1,148 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ include "funkwhale.fullname" . }}-front
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: {{ include "funkwhale.name" . }}
|
|
||||||
helm.sh/chart: {{ include "funkwhale.chart" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
audio.funkwhale/component: front
|
|
||||||
data:
|
|
||||||
nginx.conf: |
|
|
||||||
upstream funkwhale-api {
|
|
||||||
server localhost:5000;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Required for websocket support.
|
|
||||||
map $http_upgrade $connection_upgrade {
|
|
||||||
default upgrade;
|
|
||||||
'' close;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
charset utf-8;
|
|
||||||
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'";
|
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header Service-Worker-Allowed "/";
|
|
||||||
|
|
||||||
root /frontend;
|
|
||||||
|
|
||||||
# compression settings
|
|
||||||
gzip on;
|
|
||||||
gzip_comp_level 5;
|
|
||||||
gzip_min_length 256;
|
|
||||||
gzip_proxied any;
|
|
||||||
gzip_vary on;
|
|
||||||
|
|
||||||
gzip_types
|
|
||||||
application/javascript
|
|
||||||
application/vnd.geo+json
|
|
||||||
application/vnd.ms-fontobject
|
|
||||||
application/x-font-ttf
|
|
||||||
application/x-web-app-manifest+json
|
|
||||||
font/opentype
|
|
||||||
image/bmp
|
|
||||||
image/svg+xml
|
|
||||||
image/x-icon
|
|
||||||
text/cache-manifest
|
|
||||||
text/css
|
|
||||||
text/plain
|
|
||||||
text/vcard
|
|
||||||
text/vnd.rim.location.xloc
|
|
||||||
text/vtt
|
|
||||||
text/x-component
|
|
||||||
text/x-cross-domain-policy;
|
|
||||||
# end of compression settings
|
|
||||||
|
|
||||||
location / {
|
|
||||||
include /etc/nginx/funkwhale_proxy.conf;
|
|
||||||
# this is needed if you have file import via upload enabled
|
|
||||||
client_max_body_size ${NGINX_MAX_BODY_SIZE};
|
|
||||||
proxy_pass http://funkwhale-api/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /front/ {
|
|
||||||
alias /frontend/;
|
|
||||||
expires 1d;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /front/embed.html {
|
|
||||||
add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
|
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
|
||||||
|
|
||||||
alias /frontend/embed.html;
|
|
||||||
expires 1d;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /federation/ {
|
|
||||||
include /etc/nginx/funkwhale_proxy.conf;
|
|
||||||
proxy_pass http://funkwhale-api/federation/;
|
|
||||||
}
|
|
||||||
|
|
||||||
# You can comment this if you do not plan to use the Subsonic API
|
|
||||||
location /rest/ {
|
|
||||||
include /etc/nginx/funkwhale_proxy.conf;
|
|
||||||
proxy_pass http://funkwhale-api/api/subsonic/rest/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /.well-known/ {
|
|
||||||
include /etc/nginx/funkwhale_proxy.conf;
|
|
||||||
proxy_pass http://funkwhale-api/.well-known/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /media/ {
|
|
||||||
alias ${MEDIA_ROOT}/;
|
|
||||||
add_header Access-Control-Allow-Origin '*';
|
|
||||||
}
|
|
||||||
|
|
||||||
# this is an internal location that is used to serve
|
|
||||||
# audio files once correct permission / authentication
|
|
||||||
# has been checked on API side
|
|
||||||
location ~ /_protected/media/(.+) {
|
|
||||||
internal;
|
|
||||||
{{- if .Values.s3.enabled }}
|
|
||||||
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
|
|
||||||
proxy_set_header Authorization "";
|
|
||||||
proxy_pass $1;
|
|
||||||
{{- else }}
|
|
||||||
alias ${MEDIA_ROOT}/$1;
|
|
||||||
{{- end }}
|
|
||||||
add_header Access-Control-Allow-Origin '*';
|
|
||||||
}
|
|
||||||
|
|
||||||
location /_protected/music {
|
|
||||||
# this is an internal location that is used to serve
|
|
||||||
# audio files once correct permission / authentication
|
|
||||||
# has been checked on API side
|
|
||||||
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
|
|
||||||
internal;
|
|
||||||
alias ${MUSIC_DIRECTORY_SERVE_PATH}/;
|
|
||||||
add_header Access-Control-Allow-Origin '*';
|
|
||||||
}
|
|
||||||
|
|
||||||
location /staticfiles/ {
|
|
||||||
# django static files
|
|
||||||
alias ${STATIC_ROOT}/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
proxy.conf: |
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
|
|
||||||
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
|
|
||||||
proxy_redirect off;
|
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
|
@ -28,8 +28,8 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: celery-beat
|
- name: celery-beat
|
||||||
image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}"
|
image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.celery.image "Values" .Values "Chart" .Chart) | quote }}
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.celery.image.pullPolicy | default .Values.image.pullPolicy }}
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
|
|
|
@ -28,8 +28,8 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: worker
|
- name: worker
|
||||||
image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}"
|
image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.celery.image "Values" .Values "Chart" .Chart) | quote }}
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.celery.image.pullPolicy | default .Values.image.pullPolicy }}
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
|
|
|
@ -23,7 +23,6 @@ spec:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
|
checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||||
checksum/frontend: {{ include (print .Template.BasePath "/configmap-front.yaml") . | sha256sum }}
|
|
||||||
checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }}
|
checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "funkwhale.name" . }}
|
app.kubernetes.io/name: {{ include "funkwhale.name" . }}
|
||||||
|
@ -32,23 +31,8 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: funkwhale
|
- name: funkwhale
|
||||||
image: "{{ .Values.image.repository }}:{{ include "funkwhale.imageTag" . }}"
|
image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.api.image "Values" .Values "Chart" .Chart) | quote }}
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.api.image.pullPolicy | default .Values.image.pullPolicy }}
|
||||||
command:
|
|
||||||
- sh
|
|
||||||
- -c
|
|
||||||
- |-
|
|
||||||
# Copy frontend files for the front pod
|
|
||||||
cp -r frontend/* /srv/funkwhale/frontend/
|
|
||||||
|
|
||||||
# Apply any waiting migrations
|
|
||||||
/app/manage.py migrate
|
|
||||||
|
|
||||||
if [ -e compose/django/daphne.sh ]; then
|
|
||||||
compose/django/entrypoint.sh compose/django/daphne.sh
|
|
||||||
else
|
|
||||||
compose/django/entrypoint.sh compose/django/server.sh
|
|
||||||
fi
|
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
{{ toYaml .Values.api.readinessProbe | nindent 12 }}
|
{{ toYaml .Values.api.readinessProbe | nindent 12 }}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
|
@ -61,10 +45,8 @@ spec:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: {{ include "funkwhale.fullname" . }}
|
name: {{ include "funkwhale.fullname" . }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /srv/funkwhale/data/static/
|
- name: static
|
||||||
name: static
|
mountPath: /srv/funkwhale/data/static/
|
||||||
- mountPath: /srv/funkwhale/frontend
|
|
||||||
name: frontend
|
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /srv/funkwhale/data
|
mountPath: /srv/funkwhale/data
|
||||||
{{- with .Values.api.extraVolumeMounts }}
|
{{- with .Values.api.extraVolumeMounts }}
|
||||||
|
@ -77,20 +59,13 @@ spec:
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.api.resources | nindent 12 }}
|
{{- toYaml .Values.api.resources | nindent 12 }}
|
||||||
- name: nginx
|
- name: nginx
|
||||||
image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
|
image: {{ include "funkwhale.imageUri" (dict "Scope" .Values.front.image "Values" .Values "Chart" .Chart) | quote }}
|
||||||
imagePullPolicy: {{ .Values.front.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.front.image.pullPolicy | default .Values.image.pullPolicy }}
|
||||||
command:
|
env:
|
||||||
- sh
|
- name: FUNKWHALE_API_HOST
|
||||||
- -c
|
value: localhost
|
||||||
- |-
|
- name: FUNKWHALE_API_PORT
|
||||||
# Instantiate the nginx template
|
value: '5000'
|
||||||
envsubst "`env | awk -F = '{printf \" $%s\", $1}'`" < /etc/nginx/funkwhale.template > /etc/nginx/conf.d/default.conf
|
|
||||||
|
|
||||||
# Add a hardcoded resolver configuration to ease S3 usage
|
|
||||||
echo "resolver $(grep nameserver /etc/resolv.conf | head -n1 | awk '{print $2}');" > /etc/nginx/conf.d/resolver.conf
|
|
||||||
|
|
||||||
# Launch nginx
|
|
||||||
nginx -g 'daemon off;'
|
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
name: {{ include "funkwhale.fullname" . }}
|
name: {{ include "funkwhale.fullname" . }}
|
||||||
|
@ -107,16 +82,8 @@ spec:
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /srv/funkwhale/data
|
- mountPath: /srv/funkwhale/data
|
||||||
name: data
|
name: data
|
||||||
- mountPath: /frontend
|
- mountPath: /usr/share/nginx/html/staticfiles
|
||||||
name: frontend
|
name: static
|
||||||
readOnly: true
|
|
||||||
- mountPath: /etc/nginx/funkwhale_proxy.conf
|
|
||||||
name: config
|
|
||||||
subPath: proxy.conf
|
|
||||||
readOnly: true
|
|
||||||
- mountPath: /etc/nginx/funkwhale.template
|
|
||||||
name: config
|
|
||||||
subPath: nginx.conf
|
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{{- if .Values.front.extraVolumeMounts }}
|
{{- if .Values.front.extraVolumeMounts }}
|
||||||
{{ toYaml .Values.front.extraVolumeMounts | indent 12 }}
|
{{ toYaml .Values.front.extraVolumeMounts | indent 12 }}
|
||||||
|
@ -134,13 +101,8 @@ spec:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: frontend
|
|
||||||
emptyDir: {}
|
|
||||||
- name: static
|
- name: static
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: config
|
|
||||||
configMap:
|
|
||||||
name: {{ include "funkwhale.fullname" . }}-front
|
|
||||||
- name: data
|
- name: data
|
||||||
{{- if .Values.persistence.enabled }}
|
{{- if .Values.persistence.enabled }}
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# Declare variables to be passed into your templates.
|
# Declare variables to be passed into your templates.
|
||||||
---
|
---
|
||||||
image:
|
image:
|
||||||
repository: funkwhale/funkwhale
|
registry: docker.io/funkwhale
|
||||||
# tag:
|
# tag:
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
@ -145,6 +145,12 @@ s3:
|
||||||
|
|
||||||
## API server configuration
|
## API server configuration
|
||||||
api:
|
api:
|
||||||
|
image:
|
||||||
|
# registry:
|
||||||
|
image: api
|
||||||
|
# tag:
|
||||||
|
# pullPolicy:
|
||||||
|
|
||||||
## Additional mounts to add to the API container
|
## Additional mounts to add to the API container
|
||||||
## If using an external media mount it needs to be attached to both API and Front
|
## If using an external media mount it needs to be attached to both API and Front
|
||||||
extraVolumeMounts: []
|
extraVolumeMounts: []
|
||||||
|
@ -191,9 +197,10 @@ api:
|
||||||
## Web frontend and proxy
|
## Web frontend and proxy
|
||||||
front:
|
front:
|
||||||
image:
|
image:
|
||||||
repository: nginx
|
# registry:
|
||||||
tag: stable
|
image: front
|
||||||
pullPolicy: IfNotPresent
|
# tag:
|
||||||
|
# pullPolicy:
|
||||||
|
|
||||||
## Additional mounts to add to the frontend container
|
## Additional mounts to add to the frontend container
|
||||||
extraVolumeMounts: []
|
extraVolumeMounts: []
|
||||||
|
@ -236,6 +243,12 @@ front:
|
||||||
port: http
|
port: http
|
||||||
|
|
||||||
celery:
|
celery:
|
||||||
|
image:
|
||||||
|
# registry:
|
||||||
|
image: api
|
||||||
|
# tag:
|
||||||
|
# pullPolicy:
|
||||||
|
|
||||||
beat:
|
beat:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
|
|
Loading…
Reference in a new issue