diff --git a/deploy/base/deploy-invidious.yaml b/deploy/base/deploy-invidious.yaml new file mode 100644 index 0000000..1f240c5 --- /dev/null +++ b/deploy/base/deploy-invidious.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious + labels: + app.kubernetes.io/name: invidious + app.kubernetes.io/instance: invidious +spec: + selector: + matchLabels: + app.kubernetes.io/name: invidious + app.kubernetes.io/instance: invidious + template: + metadata: + labels: + app.kubernetes.io/name: invidious + app.kubernetes.io/instance: invidious + spec: + initContainers: + - image: alpine/git:latest + imagePullPolicy: IfNotPresent + name: init-invidious-repo + volumeMounts: + - mountPath: /repo + name: repo + command: ["git", "clone", "--depth", "1", "https://github.com/iv-org/invidious.git", "/repo"] + - image: jbergknoff/postgresql-client:latest + imagePullPolicy: IfNotPresent + name: init-invidious-db + volumeMounts: + - mountPath: /repo + name: repo + env: + - name: PGHOST + valueFrom: + secretKeyRef: + name: invidious-credentials + key: database-host + optional: false + - name: PGPORT + valueFrom: + secretKeyRef: + name: invidious-credentials + key: database-port + optional: false + # See init-invidious-db.sh: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: invidious-credentials + key: database-name + optional: false + # See init-invidious-db.sh: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: invidious-credentials + key: database-user + optional: false + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: invidious-credentials + key: database-password + optional: false + workingDir: /repo + command: ["sh", "/repo/docker/init-invidious-db.sh"] + containers: + - image: quay.io/invidious/invidious:latest + imagePullPolicy: IfNotPresent + name: invidious + ports: + - name: http + protocol: TCP + containerPort: 3000 + env: + - name: INVIDIOUS_CONFIG_FILE + value: /invidious/config/config.yml + - name: INVIDIOUS_DATABASE_URL + valueFrom: + secretKeyRef: + name: invidious-credentials + key: database-url + optional: false + volumeMounts: + - mountPath: /invidious/config/config.yml + subPath: config.yml + name: config + livenessProbe: + failureThreshold: 10 + httpGet: + path: /api/v1/comments/jNQXAC9IVRw + port: 3000 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + volumes: + - name: repo + emptyDir: {} + - name: config + configMap: + name: invidious-config diff --git a/deploy/base/ingress.yaml b/deploy/base/ingress.yaml index 1acead4..dd05fd6 100644 --- a/deploy/base/ingress.yaml +++ b/deploy/base/ingress.yaml @@ -16,3 +16,13 @@ spec: name: grafana port: name: service + - host: invidious + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: invidious + port: + name: http diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index 66a0a44..0304f37 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -61,3 +61,6 @@ resources: - inflated/grafana/templates/clusterrolebinding.yaml - ingress.yaml + +- deploy-invidious.yaml +- svc-invidious.yaml diff --git a/deploy/base/svc-invidious.yaml b/deploy/base/svc-invidious.yaml new file mode 100644 index 0000000..d0df992 --- /dev/null +++ b/deploy/base/svc-invidious.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: invidious + app.kubernetes.io/name: invidious + name: invidious +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app.kubernetes.io/instance: invidious + app.kubernetes.io/name: invidious + type: ClusterIP diff --git a/deploy/dev/ingress.yaml b/deploy/dev/ingress.yaml index fe8b452..62ce7ea 100644 --- a/deploy/dev/ingress.yaml +++ b/deploy/dev/ingress.yaml @@ -13,3 +13,6 @@ - op: replace path: /spec/rules/0/host value: grafana.local +- op: replace + path: /spec/rules/1/host + value: invidious.local diff --git a/deploy/dev/invidious-config.yaml b/deploy/dev/invidious-config.yaml new file mode 100644 index 0000000..0b4ce8c --- /dev/null +++ b/deploy/dev/invidious-config.yaml @@ -0,0 +1,6 @@ +domain: localhost:3000 +channel_threads: 1 +feed_threads: 1 +registration_enabled: true +default_user_preferences: + dark_mode: true diff --git a/deploy/dev/kustomization.yaml b/deploy/dev/kustomization.yaml index 1a6463b..03ee0f6 100644 --- a/deploy/dev/kustomization.yaml +++ b/deploy/dev/kustomization.yaml @@ -26,12 +26,24 @@ configMapGenerator: files: - grafana.ini - datasources.yaml=grafana-datasources.yaml +- name: invidious-config + files: + - config.yml=invidious-config.yaml secretGenerator: - name: grafana-credentials literals: - admin-user=rob - admin-password=testme +- name: invidious-credentials + literals: + - database-url=postgresql://kemal:testme@dev-db:5432/invidious + # Individual keys required by init-invidious-db: + - database-host=dev-db + - database-port=5432 + - database-name=invidious + - database-user=kemal + - database-password=testme patches: # Patch the ingress-nginx deployment to allow it to use a service with a diff --git a/deploy/prod/ingress.yaml b/deploy/prod/ingress.yaml index 1938783..8fae950 100644 --- a/deploy/prod/ingress.yaml +++ b/deploy/prod/ingress.yaml @@ -10,7 +10,11 @@ value: - hosts: - grafana.netflux.io + - tube.netflux.io secretName: prod-ingress-tls - op: replace path: /spec/rules/0/host value: grafana.netflux.io +- op: replace + path: /spec/rules/1/host + value: tube.netflux.io diff --git a/deploy/prod/invidious-config.yaml b/deploy/prod/invidious-config.yaml new file mode 100644 index 0000000..8908449 --- /dev/null +++ b/deploy/prod/invidious-config.yaml @@ -0,0 +1,8 @@ +domain: tube.netflux.io +channel_threads: 2 +feed_threads: 2 +registration_enabled: false +default_user_preferences: + dark_mode: true +popular_enabled: false +https_only: true diff --git a/deploy/prod/kustomization.yaml b/deploy/prod/kustomization.yaml index 26a6d00..b94573b 100644 --- a/deploy/prod/kustomization.yaml +++ b/deploy/prod/kustomization.yaml @@ -14,6 +14,9 @@ configMapGenerator: files: - grafana.ini - datasources.yaml=grafana-datasources.yaml +- name: invidious-config + files: + - config.yml=invidious-config.yaml secretGenerator: - name: prometheus-credentials @@ -23,6 +26,16 @@ secretGenerator: files: - admin-user=secrets/grafana-admin-user - admin-password=secrets/grafana-admin-password +- name: invidious-credentials + literals: + # Individual keys required by init-invidious-db: + - database-host=prod-db + - database-port=5432 + - database-name=invidious + - database-user=kemal + files: + - database-url=secrets/invidious-database-url + - database-password=secrets/invidious-database-password patches: # Patch the ingress-nginx deployment to allow it to use a service with a diff --git a/deploy/prod/secrets/README.md b/deploy/prod/secrets/README.md index 76686d8..769d456 100644 --- a/deploy/prod/secrets/README.md +++ b/deploy/prod/secrets/README.md @@ -9,3 +9,7 @@ The basic auth password required to access node-exporter endpoints. See ansible- ### grafana-admin-user, grafana-admin-password The credentials used to create the Grafana admin user. See 1password. + +### invidious-database-url, invidious-database-password + +The credentials for the invidious database. See ansible-vault.