From 20514d5d2af2d70277c72f22163ef892f0c9eeb6 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Tue, 12 Jul 2022 14:29:44 +0200 Subject: [PATCH] peertube: Cleaning up chart Now a default update strategy will be chosen based on the persistent storage access mode, as Recreate behaves better for RWO storage. The webadmin config folder is also created with an init container to better support non-standard images. --- charts/peertube/Chart.yaml | 2 +- charts/peertube/README.md | 24 +++++++++++++ charts/peertube/templates/NOTES.txt | 11 +++--- charts/peertube/templates/configuration.yaml | 7 +++- charts/peertube/templates/deployment.yaml | 36 +++++++++++++++----- charts/peertube/templates/secrets.yaml | 3 ++ charts/peertube/values.yaml | 19 +++++++---- 7 files changed, 81 insertions(+), 21 deletions(-) create mode 100644 charts/peertube/README.md diff --git a/charts/peertube/Chart.yaml b/charts/peertube/Chart.yaml index 3a81f85..0bfa895 100644 --- a/charts/peertube/Chart.yaml +++ b/charts/peertube/Chart.yaml @@ -5,7 +5,7 @@ description: Free software to take back control of your videos icon: https://upload.wikimedia.org/wikipedia/commons/2/2b/Logo_de_PeerTube.svg type: application -version: 0.1.0 +version: 0.1.1 appVersion: "4.2.2" maintainers: - name: Alexander Olofsson diff --git a/charts/peertube/README.md b/charts/peertube/README.md new file mode 100644 index 0000000..fc852bf --- /dev/null +++ b/charts/peertube/README.md @@ -0,0 +1,24 @@ +Peertube +======== + +[Peertube](https://joinpeertube.org/) is a federated video hosting platform for the open web. + +## Prerequisites + +- Non-EoL Kubernetes cluster +- Helm 3 +- SMTP server available + +## Installing + +Peertube will require three pieces of data to be installed; A server name, an admin contact email address, and an SMTP server configuration. + +For a simple install with an authentication-less SMPT server this could look like; + + helm install peertube ananace-charts/peertube --set config.serverName=videos.example.com,config.admin.email=admin@example.com,config.mail.hostname=smtp.example.com + +### Live-streaming / RTMP + +For the live-streaming functionality to work, you will need to make sure your ingress forwards TCP connections on the RTMP port. (1935 by default) + +With that in place, you can enable live-streaming support either with `extraConfig.live.enabled=true` or by having `config.webadminConfig=true` and activating it from inside the system itself. diff --git a/charts/peertube/templates/NOTES.txt b/charts/peertube/templates/NOTES.txt index f20de72..c0d396a 100644 --- a/charts/peertube/templates/NOTES.txt +++ b/charts/peertube/templates/NOTES.txt @@ -1,20 +1,21 @@ -1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} +1. Visit the application at the following URL +{{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $.Values.config.serverName }}{{ .path }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} +1. Get the application URL by running these commands: export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "peertube.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} +1. Get the application URL by running these commands: NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "peertube.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "peertube.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} +1. Get the application URL by running these commands: export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "peertube.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/peertube/templates/configuration.yaml b/charts/peertube/templates/configuration.yaml index d92af39..30347cd 100644 --- a/charts/peertube/templates/configuration.yaml +++ b/charts/peertube/templates/configuration.yaml @@ -12,10 +12,15 @@ data: port: 9000 webserver: - hostname: {{ .Values.config.serverName }} + hostname: {{ required "You need to specify a server name" .Values.config.serverName | quote }} port: 443 https: true + webadmin: + configuration: + edition: + allowed: {{ .Values.config.webadminConfig }} + admin: email: {{ required "You need to specify an admin email" .Values.config.admin.email | quote }} diff --git a/charts/peertube/templates/deployment.yaml b/charts/peertube/templates/deployment.yaml index a400baa..7026f13 100644 --- a/charts/peertube/templates/deployment.yaml +++ b/charts/peertube/templates/deployment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -21,6 +22,16 @@ spec: {{- end }} labels: {{- include "peertube.selectorLabels" . | nindent 8 }} + strategy: + {{- if .Values.strategy }} + {{- toYaml .Values.strategy | nindent 10 }} + {{- else }} + {{- if has "ReadWriteOnce" (.Values.config.persistence.accessModes | default (list "ReadWriteOnce")) }} + type: Recreate + {{- else }} + type: RollingUpdate + {{- end }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -29,18 +40,27 @@ spec: serviceAccountName: {{ include "peertube.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.config.webadminConfig }} + initContainers: + - name: config-ensure + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: busybox + imagePullPolicy: IfNotPresent + command: + - mkdir + - -p + - /data/config/ + volumeMounts: + - mountPath: /data + name: data + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ include "peertube.imageTag" . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - sh - - -c - - | - mkdir -p /data/config/ - exec node dist/server ports: - name: http containerPort: 9000 @@ -78,10 +98,10 @@ spec: valueFrom: secretKeyRef: {{- if .Values.redis.enabled }} - key: redis-password + key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }} name: {{ .Values.redis.auth.existingSecret | default (include "peertube.redis.fullname" .) }} {{- else }} - key: {{ .Values.externalRedis.existingSecretKey | default "redis-peassword" }} + key: {{ .Values.externalRedis.existingSecretKey | default "redis-password" }} name: {{ .Values.externalRedis.existingSecret }} {{- end }} {{- end }} diff --git a/charts/peertube/templates/secrets.yaml b/charts/peertube/templates/secrets.yaml index 90a9360..a82279f 100644 --- a/charts/peertube/templates/secrets.yaml +++ b/charts/peertube/templates/secrets.yaml @@ -1,3 +1,6 @@ +{{- if (and .Values.config.mail.password .Values.config.mail.existingSecret) -}} +{{- fail "Can't specify both direct password as well as existing secret for mail" -}} +{{- end -}} --- apiVersion: v1 kind: Secret diff --git a/charts/peertube/values.yaml b/charts/peertube/values.yaml index 1aa520a..8e5f271 100644 --- a/charts/peertube/values.yaml +++ b/charts/peertube/values.yaml @@ -12,12 +12,19 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +# strategy: +# type: RollingUpdate + ## Main Peertube configuration ## config: ## Public server name, will be used to configure both Peertube and the Ingress ## resource if enabled. - serverName: peertube.example.com + serverName: + + ## Should in-application configuration be possible, enabling this will + ## use an init-container to create a config folder in your persistent storage. + webadminConfig: true admin: email: @@ -59,7 +66,7 @@ config: # prefix: # base_url: - ## Main persistent store, will be used for uploads, processing, plugins, etc. + ## Main persistent storage, will be used for uploads, processing, plugins, etc persistence: enabled: true @@ -91,6 +98,7 @@ extraSecret: {} # PEERTUBE_INSTANCE_TERMS: "These are some very secret terms-of-service" ## Self-deployed PostgreSQL database +## See: https://github.com/bitnami/charts/tree/master/bitnami/postgresql ## postgresql: enabled: true @@ -100,7 +108,7 @@ postgresql: username: peertube # existingSecret: - secretKeys: {} + # secretKeys: # userPasswordKey: password persistence: @@ -121,6 +129,7 @@ externalPostgresql: # existingSecretKey: postgres-password ## Self-deployed Redis database +## See: https://github.com/bitnami/charts/tree/master/bitnami/redis ## redis: enabled: true @@ -130,10 +139,8 @@ redis: enabled: true # password: peertube - ## Or use existing secret with "redis-password" key - ## instead of static password - ## # existingSecret: redis-secret + # existingSecretPasswordKey: redis-password master: persistence: