peertube: Cleaning up chart

Now a default update strategy will be chosen based on the persistent
storage access mode, as Recreate behaves better for RWO storage.
The webadmin config folder is also created with an init container to
better support non-standard images.

charts/peertube/Chart.yaml

@@ -5,7 +5,7 @@ description: Free software to take back control of your videos
 icon: https://upload.wikimedia.org/wikipedia/commons/2/2b/Logo_de_PeerTube.svg
 
 type: application
-version: 0.1.0
+version: 0.1.1
 appVersion: "4.2.2"
 maintainers:
   - name: Alexander Olofsson

charts/peertube/README.md

@@ -0,0 +1,24 @@
+Peertube
+========
+
+[Peertube](https://joinpeertube.org/) is a federated video hosting platform for the open web.
+
+## Prerequisites
+
+- Non-EoL Kubernetes cluster
+- Helm 3
+- SMTP server available
+
+## Installing
+
+Peertube will require three pieces of data to be installed; A server name, an admin contact email address, and an SMTP server configuration.
+
+For a simple install with an authentication-less SMPT server this could look like;
+
+    helm install peertube ananace-charts/peertube --set config.serverName=videos.example.com,config.admin.email=admin@example.com,config.mail.hostname=smtp.example.com
+
+### Live-streaming / RTMP
+
+For the live-streaming functionality to work, you will need to make sure your ingress forwards TCP connections on the RTMP port. (1935 by default)
+
+With that in place, you can enable live-streaming support either with `extraConfig.live.enabled=true` or by having `config.webadminConfig=true` and activating it from inside the system itself.

charts/peertube/templates/NOTES.txt

@@ -1,20 +1,21 @@
-1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
+1. Visit the application at the following URL
 {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $.Values.config.serverName }}{{ .path }}
-  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
+1. Get the application URL by running these commands:
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "peertube.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
+1. Get the application URL by running these commands:
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
            You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "peertube.fullname" . }}'
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "peertube.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
+1. Get the application URL by running these commands:
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "peertube.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   echo "Visit http://127.0.0.1:8080 to use your application"

charts/peertube/templates/configuration.yaml

@@ -12,10 +12,15 @@ data:
       port: 9000
 
     webserver:
-      hostname: {{ .Values.config.serverName }}
+      hostname: {{ required "You need to specify a server name" .Values.config.serverName | quote }}
       port: 443
       https: true
 
+    webadmin:
+      configuration:
+        edition:
+          allowed: {{ .Values.config.webadminConfig }}
+
     admin:
       email: {{ required "You need to specify an admin email" .Values.config.admin.email | quote }}
 

charts/peertube/templates/deployment.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -21,6 +22,16 @@ spec:
       {{- end }}
       labels:
         {{- include "peertube.selectorLabels" . | nindent 8 }}
+    strategy:
+    {{- if .Values.strategy }}
+      {{- toYaml .Values.strategy | nindent 10 }}
+    {{- else }}
+      {{- if has "ReadWriteOnce" (.Values.config.persistence.accessModes | default (list "ReadWriteOnce")) }}
+      type: Recreate
+      {{- else }}
+      type: RollingUpdate
+      {{- end }}
+    {{- end }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -29,18 +40,27 @@ spec:
       serviceAccountName: {{ include "peertube.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if .Values.config.webadminConfig }}
+      initContainers:
+        - name: config-ensure
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: busybox
+          imagePullPolicy: IfNotPresent
+          command:
+            - mkdir
+            - -p
+            - /data/config/
+          volumeMounts:
+            - mountPath: /data
+              name: data
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ include "peertube.imageTag" . }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command:
-            - sh
-            - -c
-            - |
-              mkdir -p /data/config/
-              exec node dist/server
           ports:
             - name: http
               containerPort: 9000
@@ -78,10 +98,10 @@ spec:
               valueFrom:
                 secretKeyRef:
                 {{- if .Values.redis.enabled }}
-                  key: redis-password
+                  key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }}
                   name: {{ .Values.redis.auth.existingSecret | default (include "peertube.redis.fullname" .) }}
                 {{- else }}
-                  key: {{ .Values.externalRedis.existingSecretKey | default "redis-peassword" }}
+                  key: {{ .Values.externalRedis.existingSecretKey | default "redis-password" }}
                   name: {{ .Values.externalRedis.existingSecret }}
                 {{- end }}
 {{- end }}

charts/peertube/templates/secrets.yaml

@@ -1,3 +1,6 @@
+{{- if (and .Values.config.mail.password .Values.config.mail.existingSecret) -}}
+{{- fail "Can't specify both direct password as well as existing secret for mail" -}}
+{{- end -}}
 ---
 apiVersion: v1
 kind: Secret

charts/peertube/values.yaml

@@ -12,12 +12,19 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+# strategy:
+#   type: RollingUpdate
+
 ## Main Peertube configuration
 ##
 config:
   ## Public server name, will be used to configure both Peertube and the Ingress
   ## resource if enabled.
-  serverName: peertube.example.com
+  serverName:
+
+  ## Should in-application configuration be possible, enabling this will
+  ## use an init-container to create a config folder in your persistent storage.
+  webadminConfig: true
 
   admin:
     email:
@@ -59,7 +66,7 @@ config:
       # prefix:
       # base_url:
 
-  ## Main persistent store, will be used for uploads, processing, plugins, etc.
+  ## Main persistent storage, will be used for uploads, processing, plugins, etc
   persistence:
     enabled: true
 
@@ -91,6 +98,7 @@ extraSecret: {}
   # PEERTUBE_INSTANCE_TERMS: "These are some very secret terms-of-service"
 
 ## Self-deployed PostgreSQL database
+## See: https://github.com/bitnami/charts/tree/master/bitnami/postgresql
 ##
 postgresql:
   enabled: true
@@ -100,7 +108,7 @@ postgresql:
     username: peertube
 
     # existingSecret:
-    secretKeys: {}
+    # secretKeys:
     #   userPasswordKey: password
 
   persistence:
@@ -121,6 +129,7 @@ externalPostgresql:
   # existingSecretKey: postgres-password
 
 ## Self-deployed Redis database
+## See: https://github.com/bitnami/charts/tree/master/bitnami/redis
 ##
 redis:
   enabled: true
@@ -130,10 +139,8 @@ redis:
     enabled: true
     # password: peertube
 
-    ## Or use existing secret with "redis-password" key
-    ## instead of static password
-    ##
     # existingSecret: redis-secret
+    # existingSecretPasswordKey: redis-password
 
   master:
     persistence: