Add Invidious

2022-05-11 11:18:49 +02:00 · 2022-05-11 11:18:49 +02:00 · c5a2b6b7a9
parent 025bc425d8
commit c5a2b6b7a9
11 changed files with 184 additions and 0 deletions
--- a/deploy/base/deploy-invidious.yaml
+++ b/deploy/base/deploy-invidious.yaml
@ -0,0 +1,104 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: invidious
+  labels:
+    app.kubernetes.io/name: invidious
+    app.kubernetes.io/instance: invidious
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: invidious
+      app.kubernetes.io/instance: invidious
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: invidious
+        app.kubernetes.io/instance: invidious
+    spec:
+      initContainers:
+      - image: alpine/git:latest
+        imagePullPolicy: IfNotPresent
+        name: init-invidious-repo
+        volumeMounts:
+        - mountPath: /repo
+          name: repo
+        command: ["git", "clone", "--depth", "1", "https://github.com/iv-org/invidious.git", "/repo"]
+      - image: jbergknoff/postgresql-client:latest
+        imagePullPolicy: IfNotPresent
+        name: init-invidious-db
+        volumeMounts:
+        - mountPath: /repo
+          name: repo
+        env:
+        - name: PGHOST
+          valueFrom:
+            secretKeyRef:
+              name: invidious-credentials
+              key: database-host
+              optional: false
+        - name: PGPORT
+          valueFrom:
+            secretKeyRef:
+              name: invidious-credentials
+              key: database-port
+              optional: false
+        # See init-invidious-db.sh:
+        - name: POSTGRES_DB
+          valueFrom:
+            secretKeyRef:
+              name: invidious-credentials
+              key: database-name
+              optional: false
+        # See init-invidious-db.sh:
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: invidious-credentials
+              key: database-user
+              optional: false
+        - name: PGPASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: invidious-credentials
+              key: database-password
+              optional: false
+        workingDir: /repo
+        command: ["sh", "/repo/docker/init-invidious-db.sh"]
+      containers:
+      - image: quay.io/invidious/invidious:latest
+        imagePullPolicy: IfNotPresent
+        name: invidious
+        ports:
+        - name: http
+          protocol: TCP
+          containerPort: 3000
+        env:
+        - name: INVIDIOUS_CONFIG_FILE
+          value: /invidious/config/config.yml
+        - name: INVIDIOUS_DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: invidious-credentials
+              key: database-url
+              optional: false
+        volumeMounts:
+        - mountPath: /invidious/config/config.yml
+          subPath: config.yml
+          name: config
+        livenessProbe:
+          failureThreshold: 10
+          httpGet:
+            path: /api/v1/comments/jNQXAC9IVRw
+            port: 3000
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 10
+      volumes:
+      - name: repo
+        emptyDir: {}
+      - name: config
+        configMap:
+          name: invidious-config
--- a/deploy/base/ingress.yaml
+++ b/deploy/base/ingress.yaml
@ -16,3 +16,13 @@ spec:
            name: grafana
            port:
              name: service
+  - host: invidious
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: invidious
+            port:
+              name: http
--- a/deploy/base/kustomization.yaml
+++ b/deploy/base/kustomization.yaml
@ -61,3 +61,6 @@ resources:
 - inflated/grafana/templates/clusterrolebinding.yaml

 - ingress.yaml
+
+- deploy-invidious.yaml
+- svc-invidious.yaml
--- a/deploy/base/svc-invidious.yaml
+++ b/deploy/base/svc-invidious.yaml
@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: invidious
+    app.kubernetes.io/name: invidious
+  name: invidious
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 3000
+  selector:
+    app.kubernetes.io/instance: invidious
+    app.kubernetes.io/name: invidious
+  type: ClusterIP
--- a/deploy/dev/ingress.yaml
+++ b/deploy/dev/ingress.yaml
@ -13,3 +13,6 @@
 - op: replace
  path: /spec/rules/0/host
  value: grafana.local
+- op: replace
+  path: /spec/rules/1/host
+  value: invidious.local
--- a/deploy/dev/invidious-config.yaml
+++ b/deploy/dev/invidious-config.yaml
@ -0,0 +1,6 @@
+domain: localhost:3000
+channel_threads: 1
+feed_threads: 1
+registration_enabled: true
+default_user_preferences:
+  dark_mode: true
--- a/deploy/dev/kustomization.yaml
+++ b/deploy/dev/kustomization.yaml
@ -26,12 +26,24 @@ configMapGenerator:
  files:
  - grafana.ini
  - datasources.yaml=grafana-datasources.yaml
+- name: invidious-config
+  files:
+  - config.yml=invidious-config.yaml

 secretGenerator:
 - name: grafana-credentials
  literals:
  - admin-user=rob
  - admin-password=testme
+- name: invidious-credentials
+  literals:
+  - database-url=postgresql://kemal:testme@dev-db:5432/invidious
+  # Individual keys required by init-invidious-db:
+  - database-host=dev-db
+  - database-port=5432
+  - database-name=invidious
+  - database-user=kemal
+  - database-password=testme

 patches:
 # Patch the ingress-nginx deployment to allow it to use a service with a
--- a/deploy/prod/ingress.yaml
+++ b/deploy/prod/ingress.yaml
@ -10,7 +10,11 @@
  value:
    - hosts:
      - grafana.netflux.io
+      - tube.netflux.io
      secretName: prod-ingress-tls
 - op: replace
  path: /spec/rules/0/host
  value: grafana.netflux.io
+- op: replace
+  path: /spec/rules/1/host
+  value: tube.netflux.io
--- a/deploy/prod/invidious-config.yaml
+++ b/deploy/prod/invidious-config.yaml
@ -0,0 +1,8 @@
+domain: tube.netflux.io
+channel_threads: 2
+feed_threads: 2
+registration_enabled: false
+default_user_preferences:
+  dark_mode: true
+popular_enabled: false
+https_only: true
--- a/deploy/prod/kustomization.yaml
+++ b/deploy/prod/kustomization.yaml
@ -14,6 +14,9 @@ configMapGenerator:
  files:
  - grafana.ini
  - datasources.yaml=grafana-datasources.yaml
+- name: invidious-config
+  files:
+  - config.yml=invidious-config.yaml

 secretGenerator:
 - name: prometheus-credentials
@ -23,6 +26,16 @@ secretGenerator:
  files:
  - admin-user=secrets/grafana-admin-user
  - admin-password=secrets/grafana-admin-password
+- name: invidious-credentials
+  literals:
+  # Individual keys required by init-invidious-db:
+  - database-host=prod-db
+  - database-port=5432
+  - database-name=invidious
+  - database-user=kemal
+  files:
+  - database-url=secrets/invidious-database-url
+  - database-password=secrets/invidious-database-password

 patches:
 # Patch the ingress-nginx deployment to allow it to use a service with a
--- a/deploy/prod/secrets/README.md
+++ b/deploy/prod/secrets/README.md
@ -9,3 +9,7 @@ The basic auth password required to access node-exporter endpoints. See ansible-
 ### grafana-admin-user, grafana-admin-password

 The credentials used to create the Grafana admin user. See 1password.
+
+### invidious-database-url, invidious-database-password
+
+The credentials for the invidious database. See ansible-vault.