From 57c280705bc4ce81a8e7c622852c26d274f1fe30 Mon Sep 17 00:00:00 2001 From: JuniorJPDJ Date: Sat, 9 Mar 2024 04:05:14 +0100 Subject: [PATCH] feat: refactor kubernetes helm chart --- kubernetes/Chart.lock | 6 +- kubernetes/Chart.yaml | 38 ++++++---- kubernetes/templates/_helpers.tpl | 42 ++++++++++- kubernetes/templates/configmap.yaml | 11 --- kubernetes/templates/deployment.yaml | 106 ++++++++++++++++----------- kubernetes/templates/hpa.yaml | 4 +- kubernetes/templates/ingress.yaml | 61 +++++++++++++++ kubernetes/templates/secret.yaml | 9 +++ kubernetes/templates/service.yaml | 16 ++-- kubernetes/values.yaml | 62 ++++++++++++---- 10 files changed, 255 insertions(+), 100 deletions(-) delete mode 100644 kubernetes/templates/configmap.yaml create mode 100644 kubernetes/templates/ingress.yaml create mode 100644 kubernetes/templates/secret.yaml diff --git a/kubernetes/Chart.lock b/kubernetes/Chart.lock index ef12b0b6..0ae2731c 100644 --- a/kubernetes/Chart.lock +++ b/kubernetes/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami/ - version: 12.11.1 -digest: sha256:3c10008175c4f5c1cec38782f5a7316154b89074c77ebbd9bcc4be4f5ff21122 -generated: "2023-09-14T22:40:43.171275362Z" + version: 14.3.1 +digest: sha256:cd32cbb4ea4af17b1d9c6bcad0218b90df16c358b1e38490a27ccf758a5abb4d +generated: "2024-03-09T04:47:50.450209116+01:00" diff --git a/kubernetes/Chart.yaml b/kubernetes/Chart.yaml index d22f6254..895fea77 100644 --- a/kubernetes/Chart.yaml +++ b/kubernetes/Chart.yaml @@ -1,22 +1,32 @@ apiVersion: v2 name: invidious description: Invidious is an alternative front-end to YouTube -version: 1.1.1 -appVersion: 0.20.1 + +type: application + +version: 2.0.0 +appVersion: latest + +dependencies: + - name: postgresql + version: ~14.3.1 + repository: "https://charts.bitnami.com/bitnami/" + condition: postgresql.enabled + +engine: gotpl + keywords: -- youtube -- proxy -- video -- privacy + - youtube + - proxy + - video + - privacy + home: https://invidio.us/ icon: https://raw.githubusercontent.com/iv-org/invidious/05988c1c49851b7d0094fca16aeaf6382a7f64ab/assets/favicon-32x32.png + sources: -- https://github.com/iv-org/invidious + - https://github.com/iv-org/invidious + maintainers: -- name: Leon Klingele - email: mail@leonklingele.de -dependencies: -- name: postgresql - version: ~12.11.0 - repository: "https://charts.bitnami.com/bitnami/" -engine: gotpl + - name: Leon Klingele + email: mail@leonklingele.de diff --git a/kubernetes/templates/_helpers.tpl b/kubernetes/templates/_helpers.tpl index 52158b78..1a05abbb 100644 --- a/kubernetes/templates/_helpers.tpl +++ b/kubernetes/templates/_helpers.tpl @@ -9,8 +9,44 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} {{- define "invidious.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "invidious.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "invidious.labels" -}} +helm.sh/chart: {{ include "invidious.chart" . }} +{{ include "invidious.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "invidious.selectorLabels" -}} +app.kubernetes.io/name: {{ include "invidious.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/kubernetes/templates/configmap.yaml b/kubernetes/templates/configmap.yaml deleted file mode 100644 index 58542a31..00000000 --- a/kubernetes/templates/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "invidious.fullname" . }} - labels: - app: {{ template "invidious.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name }} -data: - INVIDIOUS_CONFIG: | -{{ toYaml .Values.config | indent 4 }} diff --git a/kubernetes/templates/deployment.yaml b/kubernetes/templates/deployment.yaml index bb0b832f..ce1dadca 100644 --- a/kubernetes/templates/deployment.yaml +++ b/kubernetes/templates/deployment.yaml @@ -3,59 +3,79 @@ kind: Deployment metadata: name: {{ template "invidious.fullname" . }} labels: - app: {{ template "invidious.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name }} + {{- include "invidious.labels" . | nindent 4 }} spec: + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} + {{- end }} selector: matchLabels: - app: {{ template "invidious.name" . }} - release: {{ .Release.Name }} + {{- include "invidious.selectorLabels" . | nindent 6 }} template: metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app: {{ template "invidious.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name }} + {{- include "invidious.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + enableServiceLinks: false securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} + {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: wait-for-postgresql - image: postgres - args: - - /bin/sh - - -c - - until pg_isready -h {{ .Values.config.db.host }} -p {{ .Values.config.db.port }} -U {{ .Values.config.db.user }}; do echo waiting for database; sleep 2; done; + image: actions/pg_isready + command: + - /bin/bash + - -c + - 'until pg_isready -h "{{ .Values.config.db.host }}" -p "{{ .Values.config.db.port }}" -U "{{ .Values.config.db.user }}"; do echo waiting for database; sleep 2; done' containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: 3000 - env: - - name: INVIDIOUS_CONFIG - valueFrom: - configMapKeyRef: - key: INVIDIOUS_CONFIG - name: {{ template "invidious.fullname" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }} - capabilities: - drop: - - ALL - resources: -{{ toYaml .Values.resources | indent 10 }} - readinessProbe: - httpGet: - port: 3000 - path: / - livenessProbe: - httpGet: - port: 3000 - path: / - initialDelaySeconds: 15 + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.config.port }} + protocol: TCP + envFrom: + - secretRef: + name: {{ template "invidious.fullname" . }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + readinessProbe: + httpGet: + port: http + path: / + livenessProbe: + httpGet: + port: http + path: / + startupProbe: + httpGet: + port: http + path: / + periodSeconds: 5 + failureThreshold: 30 restartPolicy: Always + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kubernetes/templates/hpa.yaml b/kubernetes/templates/hpa.yaml index c6fbefe2..f89a7535 100644 --- a/kubernetes/templates/hpa.yaml +++ b/kubernetes/templates/hpa.yaml @@ -4,9 +4,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ template "invidious.fullname" . }} labels: - app: {{ template "invidious.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name }} + {{- include "invidious.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/kubernetes/templates/ingress.yaml b/kubernetes/templates/ingress.yaml new file mode 100644 index 00000000..b17cd8db --- /dev/null +++ b/kubernetes/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "invidious.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "invidious.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/kubernetes/templates/secret.yaml b/kubernetes/templates/secret.yaml new file mode 100644 index 00000000..52742382 --- /dev/null +++ b/kubernetes/templates/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "invidious.fullname" . }} + labels: + {{- include "invidious.labels" . | nindent 4 }} +stringData: + INVIDIOUS_CONFIG: | + {{- toYaml .Values.config | nindent 4 }} diff --git a/kubernetes/templates/service.yaml b/kubernetes/templates/service.yaml index 01454d4e..ff48b9b2 100644 --- a/kubernetes/templates/service.yaml +++ b/kubernetes/templates/service.yaml @@ -3,18 +3,16 @@ kind: Service metadata: name: {{ template "invidious.fullname" . }} labels: - app: {{ template "invidious.name" . }} - chart: {{ .Chart.Name }} - release: {{ .Release.Name }} + {{- include "invidious.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} + {{- with .Values.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} ports: - name: http port: {{ .Values.service.port }} - targetPort: 3000 + targetPort: http + protocol: TCP selector: - app: {{ template "invidious.name" . }} - release: {{ .Release.Name }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} -{{- end }} + {{- include "invidious.selectorLabels" . | nindent 4 }} diff --git a/kubernetes/values.yaml b/kubernetes/values.yaml index 5000c2b6..e086b39e 100644 --- a/kubernetes/values.yaml +++ b/kubernetes/values.yaml @@ -5,6 +5,10 @@ image: tag: latest pullPolicy: Always +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + replicaCount: 1 autoscaling: @@ -16,26 +20,55 @@ autoscaling: service: type: ClusterIP port: 3000 - #loadBalancerIP: + # loadBalancerIP: + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local resources: {} - #requests: - # cpu: 100m - # memory: 64Mi - #limits: - # cpu: 800m - # memory: 512Mi + # requests: + # cpu: 100m + # memory: 64Mi + # limits: + # cpu: 800m + # memory: 512Mi -securityContext: - allowPrivilegeEscalation: false +podSecurityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + +nodeSelector: {} + +tolerations: [] + +affinity: {} + + # See https://github.com/bitnami/charts/tree/master/bitnami/postgresql postgresql: + enabled: true image: - tag: 13 + tag: 16 auth: username: kemal password: kemal @@ -48,14 +81,15 @@ postgresql: # Adapted from ../config/config.yml config: - channel_threads: 1 - feed_threads: 1 db: user: kemal password: kemal host: invidious-postgresql port: 5432 dbname: invidious - full_refresh: false + port: 3000 + domain: "" https_only: false - domain: + channel_threads: 1 + full_refresh: false + feed_threads: 1